summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2011-12-07 16:58:12 -0500
committerAde Lee <alee@redhat.com>2011-12-07 16:58:12 -0500
commit32150d3ee32f8ac27118af7c792794b538c78a2f (patch)
tree52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms
parentf05d58a46795553beb8881039cc922974b40db34 (diff)
downloadpki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz
pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz
pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms')
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java346
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java134
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java762
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/Crypt.java328
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/DNPattern.java78
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java367
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java241
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java71
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java307
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java99
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java160
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java2
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java109
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java122
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java145
-rw-r--r--pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java294
-rw-r--r--pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java367
-rw-r--r--pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java97
-rw-r--r--pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java172
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java166
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java97
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java51
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java42
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java97
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java50
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java119
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java80
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java48
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java136
-rw-r--r--pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java182
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java56
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java26
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java47
-rw-r--r--pki/base/common/src/com/netscape/cms/jobs/AJobBase.java96
-rw-r--r--pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java263
-rw-r--r--pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java480
-rw-r--r--pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java122
-rw-r--r--pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java253
-rw-r--r--pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java178
-rw-r--r--pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java192
-rw-r--r--pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java49
-rw-r--r--pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java108
-rw-r--r--pki/base/common/src/com/netscape/cms/logging/LogEntry.java13
-rw-r--r--pki/base/common/src/com/netscape/cms/logging/LogFile.java787
-rw-r--r--pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java252
-rw-r--r--pki/base/common/src/com/netscape/cms/notification/MailNotification.java46
-rw-r--r--pki/base/common/src/com/netscape/cms/ocsp/DefStore.java448
-rw-r--r--pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java257
-rw-r--r--pki/base/common/src/com/netscape/cms/password/PasswordChecker.java14
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/APolicyRule.java180
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java68
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java217
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java131
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java45
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java121
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java98
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java44
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java141
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java158
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java201
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java113
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java235
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java111
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java6
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java179
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java198
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java266
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java348
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java361
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java193
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java416
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java109
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java207
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java114
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java492
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java98
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java222
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java151
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java305
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java277
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java78
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java206
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java302
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java37
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java111
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java49
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java210
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java174
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java194
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java246
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java444
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java107
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java140
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java748
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java29
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java100
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java122
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java131
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java9
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java54
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java52
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java74
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java75
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java546
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java171
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java133
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java19
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java172
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java69
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java63
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java371
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java112
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java114
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java207
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java62
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java91
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java37
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java189
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java48
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java225
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java295
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java535
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java121
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java453
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java10
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java138
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java249
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java126
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java34
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java133
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java185
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java350
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java112
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java269
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java319
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java19
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java93
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java174
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java219
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java197
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java129
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java356
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java272
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java204
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java114
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java81
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java58
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java105
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java59
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java61
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java76
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java161
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java134
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java433
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java153
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java336
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java56
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java109
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java92
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java106
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java86
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java91
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java19
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java110
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java24
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java58
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java264
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java27
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java119
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java63
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java102
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java43
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java31
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java97
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java43
-rw-r--r--pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java119
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java334
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java253
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java99
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java104
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java185
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java79
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java246
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java458
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java211
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java470
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java91
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java106
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java35
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java238
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java277
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java180
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java167
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java226
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java143
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java173
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java213
-rw-r--r--pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java26
-rw-r--r--pki/base/common/src/com/netscape/cms/request/RequestScheduler.java15
-rw-r--r--pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java93
-rw-r--r--pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java198
-rw-r--r--pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java202
-rw-r--r--pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java170
-rw-r--r--pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java191
-rw-r--r--pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java219
-rw-r--r--pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java217
-rw-r--r--pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java192
-rw-r--r--pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java210
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java534
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java698
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java1074
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java38
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java721
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java2079
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java592
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java482
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java1485
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java230
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java605
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java1176
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java2008
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java246
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java148
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java1406
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java1246
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java31
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java109
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java90
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java37
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java9
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java307
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java87
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java19
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java748
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java435
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java61
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java77
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java38
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java267
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java277
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java64
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java809
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java592
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java442
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java376
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java40
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java1342
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java147
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java499
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java283
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java226
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java46
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java115
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java836
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java171
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java519
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java115
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java118
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java146
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java362
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java202
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java38
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java247
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java285
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java471
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java3831
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java192
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java188
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java38
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java836
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java61
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java155
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java14
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java84
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java212
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java4
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java50
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java160
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java26
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java23
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java23
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java27
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java34
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java25
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java3
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java23
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java3
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/common/Utils.java22
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java411
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java705
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java165
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java203
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java92
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java225
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java76
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java58
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java132
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java49
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java115
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java68
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java440
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java327
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java11
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java59
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java10
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java9
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java9
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java24
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java142
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java52
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java9
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java51
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java43
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java71
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java795
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java5
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java78
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java5
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java384
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java27
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java27
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java53
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java149
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java130
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java22
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java29
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java25
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java56
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java51
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java124
-rwxr-xr-xpki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java60
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java142
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java12
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java42
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java89
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java19
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java788
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java232
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java327
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java31
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java18
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java263
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java24
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java28
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java494
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java22
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java65
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java315
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java115
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java69
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java55
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java5
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java982
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java87
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java85
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java87
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java138
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java64
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java58
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java78
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java39
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java117
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java92
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java98
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java99
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java92
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java119
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java36
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java319
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java114
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java132
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java169
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java378
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java82
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java58
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java64
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java174
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java137
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java196
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java177
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java7
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java46
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java170
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java190
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java260
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java54
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java425
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java151
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java135
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java179
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java448
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java1063
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java5
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java597
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java418
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java13
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java16
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java1651
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java151
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java623
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java30
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java94
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java1343
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java23
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java414
-rw-r--r--pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java93
-rw-r--r--pki/base/common/src/com/netscape/cms/shares/OldShare.java58
419 files changed, 43965 insertions, 45275 deletions
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
index e0a37eb4..1b76f77a 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
import java.io.IOException;
import java.io.PushbackReader;
import java.io.StringReader;
@@ -36,24 +35,27 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.EAuthException;
import com.netscape.certsrv.authentication.ECompSyntaxErr;
-
/**
- * class for parsing a DN pattern used to construct a certificate
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate subject name
+ * from ldap attributes and dn.
+ * <p>
+ *
+ * dnpattern is a string representing a subject name pattern to formulate from
+ * the directory attributes and entry dn. If empty or not set, the ldap entry DN
+ * will be used as the certificate subject name.
+ * <p>
*
- * dnpattern is a string representing a subject name pattern to formulate from
- * the directory attributes and entry dn. If empty or not set, the
- * ldap entry DN will be used as the certificate subject name. <p>
+ * The syntax is
*
- * The syntax is
* <pre>
- * dnPattern := rdnPattern *[ "," rdnPattern ]
- * rdnPattern := avaPattern *[ "+" avaPattern ]
+ * dnPattern := rdnPattern *[ "," rdnPattern ]
+ * rdnPattern := avaPattern *[ "+" avaPattern ]
* avaPattern := name "=" value |
- * name "=" "$attr" "." attrName [ "." attrNumber ] |
- * name "=" "$dn" "." attrName [ "." attrNumber ] |
- * "$dn" "." "$rdn" "." number
+ * name "=" "$attr" "." attrName [ "." attrNumber ] |
+ * name "=" "$dn" "." attrName [ "." attrNumber ] |
+ * "$dn" "." "$rdn" "." number
* </pre>
+ *
* <pre>
* Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
* Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org
@@ -80,11 +82,12 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr;
* E = the first 'mail' ldap attribute value in user's entry. <br>
* CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
* OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- * in a RDN in this example. <br>
+ * in a RDN in this example. <br>
* O = the (first) 'o' value in the user's entry DN. <br>
* C = the string "US"
* <p>
* </pre>
+ *
* <pre>
* Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
* Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org
@@ -109,15 +112,16 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr;
* <p>
* CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
* OU = the second 'ou' value in the user's entry DN followed by the
- * first 'ou' value in the user's entry. note multiple AVAs
- * in a RDN in this example. <br>
+ * first 'ou' value in the user's entry. note multiple AVAs
+ * in a RDN in this example. <br>
* O = the (first) 'o' value in the user's entry DN. <br>
* C = the string "US"
* <p>
* </pre>
- * If an attribute or subject DN component does not exist the attribute
- * is skipped.
- *
+ *
+ * If an attribute or subject DN component does not exist the attribute is
+ * skipped.
+ *
* @version $Revision$, $Date$
*/
class AVAPattern {
@@ -130,8 +134,7 @@ class AVAPattern {
private static final char[] endChars = new char[] { '+', ',' };
- private static final LdapV3DNStrConverter mLdapDNStrConverter =
- new LdapV3DNStrConverter();
+ private static final LdapV3DNStrConverter mLdapDNStrConverter = new LdapV3DNStrConverter();
/* ldap attributes needed by this AVA (to retrieve from ldap) */
protected String[] mLdapAttrs = null;
@@ -140,7 +143,7 @@ class AVAPattern {
protected String mType = null;
/* the attribute in the AVA pair */
- protected String mAttr = null;
+ protected String mAttr = null;
/* value - could be name of an ldap attribute or entry dn attribute. */
protected String mValue = null;
@@ -150,262 +153,288 @@ class AVAPattern {
protected String mTestDN = null;
- public AVAPattern(String component)
- throws EAuthException {
- if (component == null || component.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
+ public AVAPattern(String component) throws EAuthException {
+ if (component == null || component.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
parse(new PushbackReader(new StringReader(component)));
}
- public AVAPattern(PushbackReader in)
- throws EAuthException {
+ public AVAPattern(PushbackReader in) throws EAuthException {
parse(in);
}
- private void parse(PushbackReader in)
- throws EAuthException {
+ private void parse(PushbackReader in) throws EAuthException {
int c;
// mark ava beginning.
// skip spaces
- //System.out.println("============ AVAPattern Begin ===========");
- //System.out.println("skip spaces");
+ // System.out.println("============ AVAPattern Begin ===========");
+ // System.out.println("skip spaces");
try {
- while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c);
+ while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c);
;
}
} catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
}
- if (c == -1)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
+ if (c == -1)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
- // $rdn "." number syntax.
+ // $rdn "." number syntax.
if (c == '$') {
- //System.out.println("$rdn syntax");
+ // System.out.println("$rdn syntax");
mType = TYPE_RDN;
try {
- if (in.read() != 'r' ||
- in.read() != 'd' ||
- in.read() != 'n' ||
- in.read() != '.')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
+ if (in.read() != 'r' || in.read() != 'd' || in.read() != 'n'
+ || in.read() != '.')
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid $ syntax, expecting $rdn"));
} catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid $ syntax, expecting $rdn"));
}
StringBuffer rdnNumberBuf = new StringBuffer();
try {
while ((c = in.read()) != ',' && c != -1 && c != '+') {
- //System.out.println("rdnNumber read "+(char)c);
+ // System.out.println("rdnNumber read "+(char)c);
rdnNumberBuf.append((char) c);
}
if (c != -1) // either ',' or '+'
in.unread(c);
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
String rdnNumber = rdnNumberBuf.toString().trim();
- if (rdnNumber.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern"));
+ if (rdnNumber.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "$rdn number not set in ava pattern"));
try {
mElement = Integer.parseInt(rdnNumber) - 1;
} catch (NumberFormatException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $rdn number in ava pattern"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid $rdn number in ava pattern"));
}
return;
}
- // name "=" ... syntax.
+ // name "=" ... syntax.
- // read name
- //System.out.println("reading name");
+ // read name
+ // System.out.println("reading name");
- StringBuffer attrBuf = new StringBuffer();
+ StringBuffer attrBuf = new StringBuffer();
try {
while (c != '=' && c != -1 && c != ',' && c != '+') {
attrBuf.append((char) c);
c = in.read();
- //System.out.println("name read "+(char)c);
- }
- if (c == ',' || c == '+')
+ // System.out.println("name read "+(char)c);
+ }
+ if (c == ',' || c == '+')
in.unread(c);
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
if (c != '=')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Missing \"=\" in ava pattern"));
- // read value
- //System.out.println("reading value");
+ // read value
+ // System.out.println("reading value");
- // skip spaces
- //System.out.println("skip spaces for value");
+ // skip spaces
+ // System.out.println("skip spaces for value");
try {
- while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c);
+ while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces2 read "+(char)c);
;
}
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
- if (c == -1)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern"));
+ if (c == -1)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "no value after = in ava pattern"));
if (c == '$') {
- // check for $dn or $attr
+ // check for $dn or $attr
try {
c = in.read();
- //System.out.println("check $dn or $attr read "+(char)c);
+ // System.out.println("check $dn or $attr read "+(char)c);
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
- if (c == -1)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $dn or $attr in ava pattern"));
+ if (c == -1)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $dn or $attr in ava pattern"));
if (c == 'a') {
try {
- if (in.read() != 't' ||
- in.read() != 't' ||
- in.read() != 'r' ||
- in.read() != '.')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $attr in ava pattern"));
+ if (in.read() != 't' || in.read() != 't'
+ || in.read() != 'r' || in.read() != '.')
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $attr in ava pattern"));
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
mType = TYPE_ATTR;
- //System.out.println("---- mtype $attr");
+ // System.out.println("---- mtype $attr");
} else if (c == 'd') {
try {
- if (in.read() != 'n' ||
- in.read() != '.')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $dn in ava pattern"));
+ if (in.read() != 'n' || in.read() != '.')
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $dn in ava pattern"));
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
mType = TYPE_DN;
- //System.out.println("----- mtype $dn");
+ // System.out.println("----- mtype $dn");
} else {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "unknown keyword. expecting $dn or $attr."));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "unknown keyword. expecting $dn or $attr."));
}
- // get attr name of dn pattern from above.
+ // get attr name of dn pattern from above.
String attrName = attrBuf.toString().trim();
- //System.out.println("----- attrName "+attrName);
- if (attrName.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected"));
- try {
- ObjectIdentifier attrOid =
- mLdapDNStrConverter.parseAVAKeyword(attrName);
+ // System.out.println("----- attrName "+attrName);
+ if (attrName.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "attribute name expected"));
+ try {
+ ObjectIdentifier attrOid = mLdapDNStrConverter
+ .parseAVAKeyword(attrName);
- mAttr = mLdapDNStrConverter.encodeOID(attrOid);
- //System.out.println("----- mAttr "+mAttr);
+ mAttr = mLdapDNStrConverter.encodeOID(attrOid);
+ // System.out.println("----- mAttr "+mAttr);
} catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
}
// get dn or attribute from ldap search.
StringBuffer valueBuf = new StringBuffer();
try {
- while ((c = in.read()) != ',' &&
- c != -1 && c != '.' && c != '+') {
- //System.out.println("mValue read "+(char)c);
+ while ((c = in.read()) != ',' && c != -1 && c != '.'
+ && c != '+') {
+ // System.out.println("mValue read "+(char)c);
valueBuf.append((char) c);
}
if (c == '+' || c == ',') // either ',' or '+'
- in.unread(c); // pushback last , or +
+ in.unread(c); // pushback last , or +
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
mValue = valueBuf.toString().trim();
- if (mValue.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "$dn or $attr attribute name expected"));
- //System.out.println("----- mValue "+mValue);
+ if (mValue.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "$dn or $attr attribute name expected"));
+ // System.out.println("----- mValue "+mValue);
- // get nth dn or attribute from ldap search.
+ // get nth dn or attribute from ldap search.
if (c == '.') {
StringBuffer attrNumberBuf = new StringBuffer();
try {
while ((c = in.read()) != ',' && c != -1 && c != '+') {
- //System.out.println("mElement read "+(char)c);
+ // System.out.println("mElement read "+(char)c);
attrNumberBuf.append((char) c);
}
if (c != -1) // either ',' or '+'
- in.unread(c); // pushback last , or +
+ in.unread(c); // pushback last , or +
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
String attrNumber = attrNumberBuf.toString().trim();
- if (attrNumber.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "nth element $dn or $attr expected"));
+ if (attrNumber.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "nth element $dn or $attr expected"));
try {
mElement = Integer.parseInt(attrNumber) - 1;
} catch (NumberFormatException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "Invalid format in nth element $dn or $attr"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid format in nth element $dn or $attr"));
}
}
- //System.out.println("----- mElement "+mElement);
+ // System.out.println("----- mElement "+mElement);
} else {
// value is constant. treat as regular ava.
mType = TYPE_CONSTANT;
- //System.out.println("----- mType constant");
- // parse ava value.
+ // System.out.println("----- mType constant");
+ // parse ava value.
StringBuffer valueBuf = new StringBuffer();
valueBuf.append((char) c);
try {
- while ((c = in.read()) != ',' &&
- c != -1) {
+ while ((c = in.read()) != ',' && c != -1) {
valueBuf.append((char) c);
}
if (c == '+' || c == ',') { // either ',' or '+'
in.unread(c); // pushback last , or +
}
} catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
}
- try {
- AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
+ try {
+ AVA ava = mLdapDNStrConverter
+ .parseAVA(attrBuf + "=" + valueBuf);
mValue = ava.toLdapDNString();
- //System.out.println("----- mValue "+mValue);
+ // System.out.println("----- mValue "+mValue);
} catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
}
}
}
- public String formAVA(LDAPEntry entry)
- throws EAuthException {
- if (mType == TYPE_CONSTANT)
+ public String formAVA(LDAPEntry entry) throws EAuthException {
+ if (mType == TYPE_CONSTANT)
return mValue;
if (mType == TYPE_RDN) {
String dn = entry.getDN();
- if (mTestDN != null)
+ if (mTestDN != null)
dn = mTestDN;
- //System.out.println("AVAPattern Using dn "+mTestDN);
+ // System.out.println("AVAPattern Using dn "+mTestDN);
String[] rdns = LDAPDN.explodeDN(dn, false);
- if (mElement >= rdns.length)
+ if (mElement >= rdns.length)
return null;
return rdns[mElement];
}
@@ -413,9 +442,9 @@ class AVAPattern {
if (mType == TYPE_DN) {
String dn = entry.getDN();
- if (mTestDN != null)
+ if (mTestDN != null)
dn = mTestDN;
- //System.out.println("AVAPattern Using dn "+mTestDN);
+ // System.out.println("AVAPattern Using dn "+mTestDN);
String[] rdns = LDAPDN.explodeDN(dn, false);
String value = null;
int nFound = -1;
@@ -426,14 +455,14 @@ class AVAPattern {
for (int j = 0; j < avas.length; j++) {
String[] exploded = explodeAVA(avas[j]);
- if (exploded[0].equalsIgnoreCase(mValue) &&
- ++nFound == mElement) {
+ if (exploded[0].equalsIgnoreCase(mValue)
+ && ++nFound == mElement) {
value = exploded[1];
break;
}
}
}
- if (value == null)
+ if (value == null)
return null;
return mAttr + "=" + value;
}
@@ -441,7 +470,7 @@ class AVAPattern {
if (mType == TYPE_ATTR) {
LDAPAttribute ldapAttr = entry.getAttribute(mValue);
- if (ldapAttr == null)
+ if (ldapAttr == null)
return null;
String value = null;
Enumeration ldapValues = ldapAttr.getStringValues();
@@ -454,7 +483,7 @@ class AVAPattern {
break;
}
}
- if (value == null)
+ if (value == null)
return null;
String v = escapeLdapString(value);
@@ -474,8 +503,8 @@ class AVAPattern {
for (int i = 0; i < c.length; i++) {
// escape special characters that directory does not.
- if ((c[i] == ',' || c[i] == '=' || c[i] == '+' || c[i] == '<' ||
- c[i] == '>' || c[i] == '#' || c[i] == ';')) {
+ if ((c[i] == ',' || c[i] == '=' || c[i] == '+' || c[i] == '<'
+ || c[i] == '>' || c[i] == '#' || c[i] == ';')) {
if (i == 0 || c[i - 1] != '\\') {
newc[j++] = '\\';
newc[j++] = c[i];
@@ -484,17 +513,17 @@ class AVAPattern {
else if (c[i] == '\\') {
int k = i + 1;
- if (i == len - 1 ||
- (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' ||
- c[k] == '>' || c[k] == '#' || c[k] == ';')) {
+ if (i == len - 1
+ || (c[k] == ',' || c[k] == '=' || c[k] == '+'
+ || c[k] == '<' || c[k] == '>' || c[k] == '#' || c[k] == ';')) {
newc[j++] = '\\';
newc[j++] = c[i];
}
} // escape QUOTATION
else if (c[i] == '"') {
- if ((i == 0 && c[len - 1] != '"') ||
- (i == len - 1 && c[0] != '"') ||
- (i > 0 && i < len - 1)) {
+ if ((i == 0 && c[len - 1] != '"')
+ || (i == len - 1 && c[0] != '"')
+ || (i > 0 && i < len - 1)) {
newc[j++] = '\\';
newc[j++] = c[i];
}
@@ -512,20 +541,19 @@ class AVAPattern {
}
/**
- * Explode RDN into AVAs.
- * Does not handle escaped '+'
- * Java ldap library does not yet support multiple avas per rdn.
- * If RDN is malformed returns empty array.
+ * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does
+ * not yet support multiple avas per rdn. If RDN is malformed returns empty
+ * array.
*/
public static String[] explodeRDN(String rdn) {
int plus = rdn.indexOf('+');
- if (plus == -1)
+ if (plus == -1)
return new String[] { rdn };
Vector avas = new Vector();
StringTokenizer token = new StringTokenizer(rdn, "+");
- while (token.hasMoreTokens())
+ while (token.hasMoreTokens())
avas.addElement(token.nextToken());
String[] theAvas = new String[avas.size()];
@@ -534,17 +562,15 @@ class AVAPattern {
}
/**
- * Explode AVA into name and value.
- * Does not handle escaped '='
- * If AVA is malformed empty array is returned.
+ * Explode AVA into name and value. Does not handle escaped '=' If AVA is
+ * malformed empty array is returned.
*/
public static String[] explodeAVA(String ava) {
int equals = ava.indexOf('=');
- if (equals == -1)
+ if (equals == -1)
return null;
- return new String[] {
- ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()};
+ return new String[] { ava.substring(0, equals).trim(),
+ ava.substring(equals + 1).trim() };
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
index 0b8bad8f..23bc2b23 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
@@ -48,16 +47,14 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
-
/**
- * Certificate server agent authentication.
- * Maps a SSL client authenticate certificate to a user (agent) entry in the
- * internal database.
+ * Certificate server agent authentication. Maps a SSL client authenticate
+ * certificate to a user (agent) entry in the internal database.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
-public class AgentCertAuthentication implements IAuthManager,
+public class AgentCertAuthentication implements IAuthManager,
IProfileAuthenticator {
/* result auth token attributes */
@@ -91,14 +88,15 @@ public class AgentCertAuthentication implements IAuthManager,
/**
* initializes the CertUserDBAuthentication auth manager
* <p>
- * called by AuthSubsystem init() method, when initializing
- * all available authentication managers.
+ * called by AuthSubsystem init() method, when initializing all available
+ * authentication managers.
+ *
* @param name The name of this authentication manager instance.
* @param implName The name of the authentication manager plugin.
* @param config The configuration store for this authentication manager.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -106,7 +104,7 @@ public class AgentCertAuthentication implements IAuthManager,
mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
mCULocator = mUGSub.getCertUserLocator();
}
-
+
/**
* Gets the name of this authentication manager.
*/
@@ -120,7 +118,7 @@ public class AgentCertAuthentication implements IAuthManager,
public String getImplName() {
return mImplName;
}
-
+
public boolean isSSLClientRequired() {
return true;
}
@@ -128,33 +126,35 @@ public class AgentCertAuthentication implements IAuthManager,
/**
* authenticates user(agent) by certificate
* <p>
- * called by other subsystems or their servlets to authenticate
- * users (agents)
- * @param authCred - authentication credential that contains
- * an usrgrp.Certificates of the user (agent)
+ * called by other subsystems or their servlets to authenticate users
+ * (agents)
+ *
+ * @param authCred - authentication credential that contains an
+ * usrgrp.Certificates of the user (agent)
* @return the authentication token that contains the following
- *
+ *
* @exception EMissingCredential If a required credential for this
- * authentication manager is missing.
+ * authentication manager is missing.
* @exception EInvalidCredentials If credentials cannot be authenticated.
* @exception EBaseException If an internal error occurred.
* @see com.netscape.certsrv.authentication.AuthToken
* @see com.netscape.certsrv.usrgrp.Certificates
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
-
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
+
CMS.debug("AgentCertAuthentication: start");
- CMS.debug("authenticator instance name is "+getName());
+ CMS.debug("authenticator instance name is " + getName());
// force SSL handshake
SessionContext context = SessionContext.getExistingContext();
- ISSLClientCertProvider provider = (ISSLClientCertProvider)
- context.get("sslClientCertProvider");
+ ISSLClientCertProvider provider = (ISSLClientCertProvider) context
+ .get("sslClientCertProvider");
if (provider == null) {
CMS.debug("AgentCertAuthentication: No SSL Client Cert Provider Found");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
CMS.debug("AgentCertAuthenticator: got provider");
CMS.debug("AgentCertAuthenticator: retrieving client certificate");
@@ -162,7 +162,8 @@ public class AgentCertAuthentication implements IAuthManager,
if (allCerts == null) {
CMS.debug("AgentCertAuthentication: No SSL Client Certs Found");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
CMS.debug("AgentCertAuthenticator: got certificates");
@@ -185,15 +186,16 @@ public class AgentCertAuthentication implements IAuthManager,
// check if certificate(s) is revoked
boolean checkRevocation = true;
try {
- checkRevocation = mConfig.getBoolean("checkRevocation", true);
+ checkRevocation = mConfig.getBoolean("checkRevocation", true);
} catch (EBaseException e) {
- // do nothing; default to true
+ // do nothing; default to true
}
if (checkRevocation) {
- if (CMS.isRevoked(ci)) {
- CMS.debug("AgentCertAuthentication: certificate revoked");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
- }
+ if (CMS.isRevoked(ci)) {
+ CMS.debug("AgentCertAuthentication: certificate revoked");
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ }
}
// map cert to user
@@ -203,33 +205,39 @@ public class AgentCertAuthentication implements IAuthManager,
try {
user = (IUser) mCULocator.locateUser(certs);
} catch (EUsrGrpException e) {
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
} catch (netscape.ldap.LDAPException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
- // any unexpected error occurs like internal db down,
+ // any unexpected error occurs like internal db down,
// UGSubsystem only returns null for user.
if (user == null) {
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// get group name from configuration file
IConfigStore sconfig = CMS.getConfigStore();
String groupname = "";
try {
- groupname = sconfig.getString("auths.instance."+ getName() +".agentGroup",
- "");
+ groupname = sconfig.getString("auths.instance." + getName()
+ + ".agentGroup", "");
} catch (EBaseException ee) {
}
if (!groupname.equals("")) {
- CMS.debug("check if "+user.getUserID()+" is in group "+groupname);
- IUGSubsystem uggroup = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+ CMS.debug("check if " + user.getUserID() + " is in group "
+ + groupname);
+ IUGSubsystem uggroup = (IUGSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_UG);
if (!uggroup.isMemberOf(user, groupname)) {
- CMS.debug(user.getUserID()+" is not in this group "+groupname);
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHORIZATION_ERROR"));
+ CMS.debug(user.getUserID() + " is not in this group "
+ + groupname);
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHORIZATION_ERROR"));
}
}
authToken.set(TOKEN_USERDN, user.getUserDN());
@@ -237,7 +245,7 @@ public class AgentCertAuthentication implements IAuthManager,
authToken.set(TOKEN_USERID, user.getUserID());
authToken.set(TOKEN_UID, user.getUserID());
authToken.set(TOKEN_GROUP, groupname);
- authToken.set(CRED_CERT, certs);
+ authToken.set(CRED_CERT, certs);
CMS.debug("AgentCertAuthentication: authenticated " + user.getUserDN());
@@ -245,11 +253,12 @@ public class AgentCertAuthentication implements IAuthManager,
}
/**
- * get the list of authentication credential attribute names
- * required by this authentication manager. Generally used by
- * the servlets that handle agent operations to authenticate its
- * users. It calls this method to know which are the
- * required credentials from the user (e.g. Javascript form data)
+ * get the list of authentication credential attribute names required by
+ * this authentication manager. Generally used by the servlets that handle
+ * agent operations to authenticate its users. It calls this method to know
+ * which are the required credentials from the user (e.g. Javascript form
+ * data)
+ *
* @return attribute names in Vector
*/
public String[] getRequiredCreds() {
@@ -257,15 +266,15 @@ public class AgentCertAuthentication implements IAuthManager,
}
/**
- * get the list of configuration parameter names
- * required by this authentication manager. Generally used by
- * the Certificate Server Console to display the table for
- * configuration purposes. CertUserDBAuthentication is currently not
- * exposed in this case, so this method is not to be used.
- * @return configuration parameter names in Hashtable of Vectors
- * where each hashtable entry's key is the substore name, value is a
- * Vector of parameter names. If no substore, the parameter name
- * is the Hashtable key itself, with value same as key.
+ * get the list of configuration parameter names required by this
+ * authentication manager. Generally used by the Certificate Server Console
+ * to display the table for configuration purposes. CertUserDBAuthentication
+ * is currently not exposed in this case, so this method is not to be used.
+ *
+ * @return configuration parameter names in Hashtable of Vectors where each
+ * hashtable entry's key is the substore name, value is a Vector of
+ * parameter names. If no substore, the parameter name is the
+ * Hashtable key itself, with value same as key.
*/
public String[] getConfigParams() {
return (mConfigParams);
@@ -278,8 +287,8 @@ public class AgentCertAuthentication implements IAuthManager,
}
/**
- * gets the configuretion substore used by this authentication
- * manager
+ * gets the configuretion substore used by this authentication manager
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -289,7 +298,7 @@ public class AgentCertAuthentication implements IAuthManager,
// Profile-related methods
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
}
/**
@@ -318,14 +327,13 @@ public class AgentCertAuthentication implements IAuthManager,
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
return null;
}
public void populate(IAuthToken token, IRequest request)
- throws EProfileException {
+ throws EProfileException {
}
}
diff --git a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
index fef68c1c..f61d0a89 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
@@ -20,7 +20,6 @@
package com.netscape.cms.authentication;
-
///////////////////////
// import statements //
///////////////////////
@@ -101,157 +100,150 @@ import com.netscape.cmsutil.util.Utils;
/**
* UID/CMC authentication plug-in
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
IProfileAuthenticator {
- ////////////////////////
+ // //////////////////////
// default parameters //
- ////////////////////////
-
-
-
- /////////////////////////////
+ // //////////////////////
+
+ // ///////////////////////////
// IAuthManager parameters //
- /////////////////////////////
-
+ // ///////////////////////////
+
/* authentication plug-in configuration store */
private IConfigStore mConfig;
private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
- public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke";
+ public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke";
public static final String REASON_CODE = "reasonCode";
/* authentication plug-in name */
private String mImplName = null;
-
+
/* authentication plug-in instance name */
private String mName = null;
-
+
/* authentication plug-in fields */
-
-
-
- /* Holds authentication plug-in fields accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+
+ /*
+ * Holds authentication plug-in fields accepted by this implementation. This
+ * list is passed to the configuration console so configuration for
+ * instances of this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] {};
-
+ protected static String[] mConfigParams = new String[] {};
+
/* authentication plug-in values */
-
+
/* authentication plug-in properties */
-
-
+
/* required credentials to authenticate. UID and CMC are strings. */
public static final String CRED_CMC = "cmcRequest";
-
+
protected static String[] mRequiredCreds = {};
-
- ////////////////////////////////////
+
+ // //////////////////////////////////
// IExtendedPluginInfo parameters //
- ////////////////////////////////////
-
+ // //////////////////////////////////
+
/* Vector of extendedPluginInfo strings */
protected static Vector mExtendedPluginInfo = null;
- //public static final String AGENT_AUTHMGR_ID = "agentAuthMgr";
- //public static final String AGENT_PLUGIN_ID = "agentAuthPlugin";
-
-
+ // public static final String AGENT_AUTHMGR_ID = "agentAuthMgr";
+ // public static final String AGENT_PLUGIN_ID = "agentAuthPlugin";
+
/* actual help messages */
static {
mExtendedPluginInfo = new Vector();
-
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
- ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\"");
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-authentication");
+
+ mExtendedPluginInfo
+ .add(IExtendedPluginInfo.HELP_TEXT
+ + ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\"");
+ mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-authentication");
}
-
- ///////////////////////
+
+ // /////////////////////
// Logger parameters //
- ///////////////////////
-
+ // /////////////////////
+
/* the system's logger */
private ILogger mLogger = CMS.getLogger();
-
+
/* signed audit parameters */
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
- private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE =
- "enrollment";
- private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE =
- "revocation";
- private final static String
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY =
- "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5";
-
- /////////////////////
+ private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE = "enrollment";
+ private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE = "revocation";
+ private final static String LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY = "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5";
+
+ // ///////////////////
// default methods //
- /////////////////////
-
+ // ///////////////////
+
/**
* Default constructor, initialization must follow.
*/
public CMCAuth() {
}
-
- //////////////////////////
+
+ // ////////////////////////
// IAuthManager methods //
- //////////////////////////
-
+ // ////////////////////////
+
/**
* Initializes the CMCAuth authentication plug-in.
* <p>
+ *
* @param name The name for this authentication plug-in instance.
* @param implName The name of the authentication plug-in.
* @param config - The configuration store for this instance.
* @exception EBaseException If an error occurs during initialization.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
-
+
log(ILogger.LL_INFO, "Initialization complete!");
}
-
+
/**
- * Authenticates user by their CMC;
- * resulting AuthToken sets a TOKEN_SUBJECT for the subject name.
+ * Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT
+ * for the subject name.
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY
- * used when CMC (agent-pre-signed) cert requests or revocation requests
- * are submitted and signature is verified
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used
+ * when CMC (agent-pre-signed) cert requests or revocation requests are
+ * submitted and signature is verified
* </ul>
+ *
* @param authCred Authentication credentials, CRED_UID and CRED_CMC.
* @return an AuthToken
- * @exception com.netscape.certsrv.authentication.EMissingCredential
- * If a required authentication credential is missing.
- * @exception com.netscape.certsrv.authentication.EInvalidCredentials
- * If credentials failed authentication.
- * @exception com.netscape.certsrv.base.EBaseException
- * If an internal error occurred.
+ * @exception com.netscape.certsrv.authentication.EMissingCredential If a
+ * required authentication credential is missing.
+ * @exception com.netscape.certsrv.authentication.EInvalidCredentials If
+ * credentials failed authentication.
+ * @exception com.netscape.certsrv.base.EBaseException If an internal error
+ * occurred.
* @see com.netscape.certsrv.authentication.AuthToken
*/
- public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException {
+ public IAuthToken authenticate(IAuthCredentials authCred)
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditReqType = ILogger.UNIDENTIFIED;
String auditCertSubject = ILogger.UNIDENTIFIED;
String auditSignerInfo = ILogger.UNIDENTIFIED;
-
+
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
try {
// get the CMC.
- Object argblock = (Object)(authCred.getArgBlock());
+ Object argblock = (Object) (authCred.getArgBlock());
Object returnVal = null;
if (argblock == null) {
returnVal = authCred.get("cert_request");
@@ -266,140 +258,125 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
if (cmc == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID, ILogger.FAILURE, auditReqType,
+ auditCertSubject, auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
throw new EMissingCredential(CMS.getUserMessage(
- "CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_CMC));
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
}
if (cmc.equals("")) {
- log(ILogger.LL_FAILURE,
- "cmc : attempted login with empty CMC.");
+ log(ILogger.LL_FAILURE, "cmc : attempted login with empty CMC.");
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID, ILogger.FAILURE, auditReqType,
+ auditCertSubject, auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
- throw new EInvalidCredentials(CMS.getUserMessage(
- "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
-
+
// authenticate by checking CMC.
-
+
// everything OK.
// now formulate the certificate info.
// set the subject name at a minimum.
// set anything else like version, extensions, etc.
// if nothing except subject name is set the rest of
// cert info will be filled in by policies and CA defaults.
-
+
AuthToken authToken = new AuthToken(this);
-
+
try {
String asciiBASE64Blob;
-
+
int startIndex = cmc.indexOf(HEADER);
int endIndex = cmc.indexOf(TRAILER);
- if (startIndex!= -1 && endIndex!=-1) {
+ if (startIndex != -1 && endIndex != -1) {
startIndex = startIndex + HEADER.length();
- asciiBASE64Blob=cmc.substring(startIndex, endIndex);
- }else
+ asciiBASE64Blob = cmc.substring(startIndex, endIndex);
+ } else
asciiBASE64Blob = cmc;
-
byte[] cmcBlob = CMS.AtoB(asciiBASE64Blob);
- ByteArrayInputStream cmcBlobIn= new
- ByteArrayInputStream(cmcBlob);
-
- org.mozilla.jss.pkix.cms.ContentInfo cmcReq =
- (org.mozilla.jss.pkix.cms.ContentInfo)
- org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(
- cmcBlobIn);
-
- if(!cmcReq.getContentType().equals(
- org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) ||
- !cmcReq.hasContent()) {
+ ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(
+ cmcBlob);
+
+ org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo
+ .getTemplate().decode(cmcBlobIn);
+
+ if (!cmcReq.getContentType().equals(
+ org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA)
+ || !cmcReq.hasContent()) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID, ILogger.FAILURE, auditReqType,
+ auditCertSubject, auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
// throw new ECMSGWException(CMSGWResources.NO_CMC_CONTENT);
throw new EBaseException("NO_CMC_CONTENT");
}
-
- SignedData cmcFullReq = (SignedData)
- cmcReq.getInterpretedContent();
-
+
+ SignedData cmcFullReq = (SignedData) cmcReq
+ .getInterpretedContent();
+
IConfigStore cmc_config = CMS.getConfigStore();
- boolean checkSignerInfo =
- cmc_config.getBoolean("cmc.signerInfo.verify", true);
+ boolean checkSignerInfo = cmc_config.getBoolean(
+ "cmc.signerInfo.verify", true);
String userid = "defUser";
String uid = "defUser";
if (checkSignerInfo) {
- IAuthToken agentToken = verifySignerInfo(authToken,cmcFullReq);
+ IAuthToken agentToken = verifySignerInfo(authToken,
+ cmcFullReq);
userid = agentToken.getInString("userid");
uid = agentToken.getInString("cn");
} else {
CMS.debug("CMCAuth: authenticate() signerInfo verification bypassed");
}
// reset value of auditSignerInfo
- if( uid != null ) {
+ if (uid != null) {
auditSignerInfo = uid.trim();
}
EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
-
+
OBJECT_IDENTIFIER id = ci.getContentType();
- if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) ||
- !ci.hasContent()) {
+ if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData)
+ || !ci.hasContent()) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID, ILogger.FAILURE, auditReqType,
+ auditCertSubject, auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
- // throw new ECMSGWException(
+ // throw new ECMSGWException(
// CMSGWResources.NO_PKIDATA);
throw new EBaseException("NO_PKIDATA");
}
-
+
OCTET_STRING content = ci.getContent();
-
- ByteArrayInputStream s = new
- ByteArrayInputStream(content.toByteArray());
+
+ ByteArrayInputStream s = new ByteArrayInputStream(
+ content.toByteArray());
PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-
+
SEQUENCE reqSequence = pkiData.getReqSequence();
-
+
int numReqs = reqSequence.size();
if (numReqs == 0) {
@@ -413,15 +390,14 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
if (controlSize > 0) {
for (int i = 0; i < controlSize; i++) {
- TaggedAttribute taggedAttribute =
- (TaggedAttribute) controlSequence.elementAt(i);
+ TaggedAttribute taggedAttribute = (TaggedAttribute) controlSequence
+ .elementAt(i);
OBJECT_IDENTIFIER type = taggedAttribute.getType();
- if( type.equals(
- OBJECT_IDENTIFIER.id_cmc_revokeRequest)) {
+ if (type.equals(OBJECT_IDENTIFIER.id_cmc_revokeRequest)) {
// if( i ==1 ) {
- // taggedAttribute.getType() ==
- // OBJECT_IDENTIFIER.id_cmc_revokeRequest
+ // taggedAttribute.getType() ==
+ // OBJECT_IDENTIFIER.id_cmc_revokeRequest
// }
SET values = taggedAttribute.getValues();
@@ -430,50 +406,49 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
bigIntArray = new BigInteger[numVals];
for (int j = 0; j < numVals; j++) {
- // serialNumber INTEGER
-
+ // serialNumber INTEGER
+
// SEQUENCE RevRequest = (SEQUENCE)
- // values.elementAt(j);
- byte[] encoded = ASN1Util.encode(
- values.elementAt(j));
- org.mozilla.jss.asn1.ASN1Template
- template = new
- org.mozilla.jss.pkix.cmmf.RevRequest.Template();
- org.mozilla.jss.pkix.cmmf.RevRequest
- revRequest =
- (org.mozilla.jss.pkix.cmmf.RevRequest)
- ASN1Util.decode(template, encoded);
-
+ // values.elementAt(j);
+ byte[] encoded = ASN1Util.encode(values
+ .elementAt(j));
+ org.mozilla.jss.asn1.ASN1Template template = new org.mozilla.jss.pkix.cmmf.RevRequest.Template();
+ org.mozilla.jss.pkix.cmmf.RevRequest revRequest = (org.mozilla.jss.pkix.cmmf.RevRequest) ASN1Util
+ .decode(template, encoded);
+
// SEQUENCE RevRequest = (SEQUENCE)
- // ASN1Util.decode(
- // SEQUENCE.getTemplate(),
- // ASN1Util.encode(
- // values.elementAt(j)));
+ // ASN1Util.decode(
+ // SEQUENCE.getTemplate(),
+ // ASN1Util.encode(
+ // values.elementAt(j)));
// SEQUENCE RevRequest =
- // values.elementAt(j);
+ // values.elementAt(j);
// int revReqSize = RevRequest.size();
// if( revReqSize > 3 ) {
- // INTEGER serialNumber =
- // new INTEGER((long)0);
+ // INTEGER serialNumber =
+ // new INTEGER((long)0);
// }
INTEGER temp = revRequest.getSerialNumber();
int temp2 = temp.intValue();
-
+
bigIntArray[j] = temp;
- authToken.set(TOKEN_CERT_SERIAL,bigIntArray);
-
- long reasonCode = revRequest.getReason().getValue();
- Integer IntObject = Integer.valueOf((int)reasonCode);
- authToken.set(REASON_CODE,IntObject);
-
- authToken.set("uid",uid);
- authToken.set("userid",userid);
+ authToken.set(TOKEN_CERT_SERIAL,
+ bigIntArray);
+
+ long reasonCode = revRequest.getReason()
+ .getValue();
+ Integer IntObject = Integer
+ .valueOf((int) reasonCode);
+ authToken.set(REASON_CODE, IntObject);
+
+ authToken.set("uid", uid);
+ authToken.set("userid", userid);
}
}
}
-
+
}
} else {
// enrollment request
@@ -486,52 +461,50 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
for (int i = 0; i < numReqs; i++) {
// decode message.
- TaggedRequest taggedRequest =
- (TaggedRequest) reqSequence.elementAt(i);
+ TaggedRequest taggedRequest = (TaggedRequest) reqSequence
+ .elementAt(i);
TaggedRequest.Type type = taggedRequest.getType();
if (type.equals(TaggedRequest.PKCS10)) {
CMS.debug("CMCAuth: in PKCS10");
- TaggedCertificationRequest tcr =
- taggedRequest.getTcr();
+ TaggedCertificationRequest tcr = taggedRequest
+ .getTcr();
int p10Id = tcr.getBodyPartID().intValue();
reqIdArray[i] = String.valueOf(p10Id);
- CertificationRequest p10 =
- tcr.getCertificationRequest();
+ CertificationRequest p10 = tcr
+ .getCertificationRequest();
// transfer to sun class
- ByteArrayOutputStream ostream =
- new ByteArrayOutputStream();
+ ByteArrayOutputStream ostream = new ByteArrayOutputStream();
p10.encode(ostream);
try {
- PKCS10 pkcs10 =
- new PKCS10(ostream.toByteArray());
+ PKCS10 pkcs10 = new PKCS10(
+ ostream.toByteArray());
// xxx do we need to do anything else?
- X509CertInfo certInfo =
- CMS.getDefaultX509CertInfo();
+ X509CertInfo certInfo = CMS
+ .getDefaultX509CertInfo();
// fillPKCS10(certInfo,pkcs10,authToken,null);
// authToken.set(
- // pkcs10.getSubjectPublicKeyInfo());
+ // pkcs10.getSubjectPublicKeyInfo());
X500Name tempName = pkcs10.getSubjectName();
// reset value of auditCertSubject
- if( tempName != null ) {
- auditCertSubject =
- tempName.toString().trim();
- if( auditCertSubject.equals( "" ) ) {
- auditCertSubject =
- ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+ if (tempName != null) {
+ auditCertSubject = tempName.toString()
+ .trim();
+ if (auditCertSubject.equals("")) {
+ auditCertSubject = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
- tempName.toString());
+ tempName.toString());
}
authToken.set("uid", uid);
@@ -540,67 +513,67 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
certInfoArray[i] = certInfo;
} catch (Exception e) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID,
+ ILogger.FAILURE, auditReqType,
+ auditCertSubject,
+ auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
- //throw new ECMSGWException(
- //CMSGWResources.ERROR_PKCS101, e.toString());
+ // throw new ECMSGWException(
+ // CMSGWResources.ERROR_PKCS101, e.toString());
- e.printStackTrace();
+ e.printStackTrace();
throw new EBaseException(e.toString());
}
} else if (type.equals(TaggedRequest.CRMF)) {
CMS.debug("CMCAuth: in CRMF");
try {
- CertReqMsg crm =
- taggedRequest.getCrm();
+ CertReqMsg crm = taggedRequest.getCrm();
CertRequest certReq = crm.getCertReq();
INTEGER reqID = certReq.getCertReqId();
reqIdArray[i] = reqID.toString();
- CertTemplate template = certReq.getCertTemplate();
+ CertTemplate template = certReq
+ .getCertTemplate();
Name name = template.getSubject();
// xxx do we need to do anything else?
- X509CertInfo certInfo =
- CMS.getDefaultX509CertInfo();
+ X509CertInfo certInfo = CMS
+ .getDefaultX509CertInfo();
// reset value of auditCertSubject
- if( name != null ) {
+ if (name != null) {
String ss = name.getRFC1485();
auditCertSubject = ss;
- if( auditCertSubject.equals( "" ) ) {
- auditCertSubject =
- ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+ if (auditCertSubject.equals("")) {
+ auditCertSubject = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
- authToken.set(AuthToken.TOKEN_CERT_SUBJECT, ss);
+ authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
+ ss);
authToken.set("uid", uid);
authToken.set("userid", userid);
}
certInfoArray[i] = certInfo;
} catch (Exception e) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID,
+ ILogger.FAILURE, auditReqType,
+ auditCertSubject,
+ auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
- //throw new ECMSGWException(
- //CMSGWResources.ERROR_PKCS101, e.toString());
+ // throw new ECMSGWException(
+ // CMSGWResources.ERROR_PKCS101, e.toString());
e.printStackTrace();
throw new EBaseException(e.toString());
@@ -608,141 +581,129 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
}
// authToken.set(AgentAuthentication.CRED_CERT, new
- // com.netscape.certsrv.usrgrp.Certificates(
- // x509Certs));
+ // com.netscape.certsrv.usrgrp.Certificates(
+ // x509Certs));
}
}
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID, ILogger.FAILURE, auditReqType,
+ auditCertSubject, auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
- //Debug.printStackTrace(e);
- throw new EInvalidCredentials(CMS.getUserMessage(
- "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ // Debug.printStackTrace(e);
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
-
+
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID, ILogger.SUCCESS, auditReqType,
+ auditCertSubject, auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
return authToken;
- } catch( EMissingCredential eAudit1 ) {
+ } catch (EMissingCredential eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID, ILogger.FAILURE, auditReqType,
+ auditCertSubject, auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
- } catch( EInvalidCredentials eAudit2 ) {
+ } catch (EInvalidCredentials eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID, ILogger.FAILURE, auditReqType,
+ auditCertSubject, auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- } catch( EBaseException eAudit3 ) {
+ } catch (EBaseException eAudit3) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
- auditSubjectID,
- ILogger.FAILURE,
- auditReqType,
- auditCertSubject,
- auditSignerInfo );
+ LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+ auditSubjectID, ILogger.FAILURE, auditReqType,
+ auditCertSubject, auditSignerInfo);
- audit( auditMessage );
+ audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit3;
}
}
-
+
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
* <p>
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
return (mConfigParams);
}
-
+
/**
- * gets the configuration substore used by this authentication
- * plug-in
+ * gets the configuration substore used by this authentication plug-in
* <p>
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
return mConfig;
}
-
+
/**
* gets the plug-in name of this authentication plug-in.
*/
public String getImplName() {
return mImplName;
}
-
+
/**
* gets the name of this authentication plug-in instance
*/
public String getName() {
return mName;
}
-
+
/**
* get the list of required credentials.
* <p>
+ *
* @return list of required credentials as strings.
*/
public String[] getRequiredCreds() {
return (mRequiredCreds);
}
-
+
/**
* prepares for shutdown.
*/
public void shutdown() {
}
-
- /////////////////////////////////
+
+ // ///////////////////////////////
// IExtendedPluginInfo methods //
- /////////////////////////////////
-
+ // ///////////////////////////////
+
/**
* Activate the help system.
* <p>
+ *
* @return help messages
*/
public String[] getExtendedPluginInfo() {
@@ -755,14 +716,15 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
}
return s;
}
-
- ////////////////////
+
+ // //////////////////
// Logger methods //
- ////////////////////
-
+ // //////////////////
+
/**
* Logs a message for this class in the system log file.
* <p>
+ *
* @param level The log level.
* @param msg The message to log.
* @see com.netscape.certsrv.logging.ILogger
@@ -770,46 +732,48 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
protected void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
- level, "CMC Authentication: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
+ "CMC Authentication: " + msg);
}
-
- protected IAuthToken verifySignerInfo(AuthToken authToken,SignedData cmcFullReq) throws EInvalidCredentials {
-
+
+ protected IAuthToken verifySignerInfo(AuthToken authToken,
+ SignedData cmcFullReq) throws EInvalidCredentials {
+
EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
OBJECT_IDENTIFIER id = ci.getContentType();
OCTET_STRING content = ci.getContent();
-
+
try {
- ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
+ ByteArrayInputStream s = new ByteArrayInputStream(
+ content.toByteArray());
PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-
+
SET dais = cmcFullReq.getDigestAlgorithmIdentifiers();
int numDig = dais.size();
Hashtable digs = new Hashtable();
- //if request key is used for signing, there MUST be only one signerInfo
- //object in the signedData object.
+ // if request key is used for signing, there MUST be only one
+ // signerInfo
+ // object in the signedData object.
for (int i = 0; i < numDig; i++) {
- AlgorithmIdentifier dai =
- (AlgorithmIdentifier) dais.elementAt(i);
- String name =
- DigestAlgorithm.fromOID(dai.getOID()).toString();
-
- MessageDigest md =
- MessageDigest.getInstance(name);
-
+ AlgorithmIdentifier dai = (AlgorithmIdentifier) dais
+ .elementAt(i);
+ String name = DigestAlgorithm.fromOID(dai.getOID()).toString();
+
+ MessageDigest md = MessageDigest.getInstance(name);
+
byte[] digest = md.digest(content.toByteArray());
digs.put(name, digest);
}
-
+
SET sis = cmcFullReq.getSignerInfos();
int numSis = sis.size();
-
+
for (int i = 0; i < numSis; i++) {
- org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i);
-
+ org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis
+ .elementAt(i);
+
String name = si.getDigestAlgorithm().toString();
byte[] digest = (byte[]) digs.get(name);
@@ -819,13 +783,15 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
pkiData.encode((OutputStream) ostream);
digest = md.digest(ostream.toByteArray());
-
+
}
- // signed by previously certified signature key
+ // signed by previously certified signature key
SignerIdentifier sid = si.getSignerIdentifier();
- if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
- IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber();
+ if (sid.getType().equals(
+ SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
+ IssuerAndSerialNumber issuerAndSerialNumber = sid
+ .getIssuerAndSerialNumber();
// find from the certs in the signedData
java.security.cert.X509Certificate cert = null;
@@ -833,30 +799,37 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
SET certs = cmcFullReq.getCertificates();
int numCerts = certs.size();
java.security.cert.X509Certificate[] x509Certs = new java.security.cert.X509Certificate[1];
- byte[] certByteArray = new byte[0];
- for (int j = 0; j < numCerts; j++) {
- Certificate certJss = (Certificate) certs.elementAt(j);
+ byte[] certByteArray = new byte[0];
+ for (int j = 0; j < numCerts; j++) {
+ Certificate certJss = (Certificate) certs
+ .elementAt(j);
CertificateInfo certI = certJss.getInfo();
Name issuer = certI.getIssuer();
-
+
byte[] issuerB = ASN1Util.encode(issuer);
- INTEGER sn = certI.getSerialNumber();
- // if this cert is the signer cert, not a cert in the chain
- if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
- && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString()) )
- {
- ByteArrayOutputStream os = new
- ByteArrayOutputStream();
+ INTEGER sn = certI.getSerialNumber();
+ // if this cert is the signer cert, not a cert in
+ // the chain
+ if (new String(issuerB)
+ .equals(new String(ASN1Util
+ .encode(issuerAndSerialNumber
+ .getIssuer())))
+ && sn.toString().equals(
+ issuerAndSerialNumber
+ .getSerialNumber()
+ .toString())) {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
certJss.encode(os);
- certByteArray = os.toByteArray();
-
- X509CertImpl tempcert = new X509CertImpl(os.toByteArray());
+ certByteArray = os.toByteArray();
+
+ X509CertImpl tempcert = new X509CertImpl(
+ os.toByteArray());
cert = tempcert;
x509Certs[0] = cert;
- // xxx validate the cert length
-
+ // xxx validate the cert length
+
}
}
CMS.debug("CMCAuth: start checking signature");
@@ -874,52 +847,63 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
} else if (alg.equals("DSA")) {
keyType = PrivateKey.DSA;
}
- PK11PubKey pubK = PK11PubKey.fromRaw(keyType, ((X509Key) signKey).getKey());
+ PK11PubKey pubK = PK11PubKey.fromRaw(keyType,
+ ((X509Key) signKey).getKey());
CMS.debug("CMCAuth: verifying signature with public key");
si.verify(digest, id, pubK);
}
CMS.debug("CMCAuth: finished checking signature");
- // verify signer's certificate using the revocator
- CryptoManager cm = CryptoManager.getInstance();
- if( ! cm.isCertValid( certByteArray, true,CryptoManager.CertUsage.SSLClient) )
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-
- // authenticate signer's certificate using the userdb
- IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-
- IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);//AGENT_AUTHMGR_ID);
- IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials();
-
- agentCred.set(IAuthManager.CRED_SSL_CLIENT_CERT, x509Certs);
-
- IAuthToken tempToken = agentAuth.authenticate(agentCred);
- netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN();
- String CN = (String) tempPrincipal.getCommonName();//tempToken.get("userid");
-
- BigInteger agentCertSerial = x509Certs[0].getSerialNumber();
- authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT,agentCertSerial.toString());
- tempToken.set("cn",CN);
+ // verify signer's certificate using the revocator
+ CryptoManager cm = CryptoManager.getInstance();
+ if (!cm.isCertValid(certByteArray, true,
+ CryptoManager.CertUsage.SSLClient))
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+
+ // authenticate signer's certificate using the userdb
+ IAuthSubsystem authSS = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
+
+ IAuthManager agentAuth = authSS
+ .getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);// AGENT_AUTHMGR_ID);
+ IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials();
+
+ agentCred.set(IAuthManager.CRED_SSL_CLIENT_CERT,
+ x509Certs);
+
+ IAuthToken tempToken = agentAuth
+ .authenticate(agentCred);
+ netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0]
+ .getSubjectDN();
+ String CN = (String) tempPrincipal.getCommonName();// tempToken.get("userid");
+
+ BigInteger agentCertSerial = x509Certs[0]
+ .getSerialNumber();
+ authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT,
+ agentCertSerial.toString());
+ tempToken.set("cn", CN);
return tempToken;
-
+
}
// find from internaldb if it's ca. (ra does not have that.)
// find from internaldb usrgrp info
-
+
// find from certDB
- si.verify(digest, id);
-
- } //
+ si.verify(digest, id);
+
+ } //
}
- }catch (InvalidBERException e) {
+ } catch (InvalidBERException e) {
CMS.debug("CMCAuth: " + e.toString());
} catch (IOException e) {
CMS.debug("CMCAuth: " + e.toString());
} catch (Exception e) {
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
return (IAuthToken) null;
-
+
}
public String[] getExtendedPluginInfo(Locale locale) {
@@ -929,22 +913,20 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
// Profile-related methods
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
}
/**
* Retrieves the localizable name of this policy.
*/
- public String getName(Locale locale)
- {
+ public String getName(Locale locale) {
return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_NAME");
}
/**
* Retrieves the localizable description of this policy.
*/
- public String getText(Locale locale)
- {
+ public String getText(Locale locale) {
return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_TEXT");
}
@@ -962,19 +944,18 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(CRED_CMC)) {
return new Descriptor(IDescriptor.STRING_LIST, null, null,
- "CMC request");
+ "CMC request");
}
return null;
}
public void populate(IAuthToken token, IRequest request)
- throws EProfileException {
+ throws EProfileException {
request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
token.getInString(AuthToken.TOKEN_CERT_SUBJECT));
}
@@ -985,10 +966,10 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
/**
* Signed Audit Log
- *
+ *
* This method is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
private void audit(String msg) {
@@ -999,20 +980,17 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is called to obtain the "SubjectID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "SubjectID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
private String auditSubjectID() {
@@ -1027,8 +1005,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String)
- auditContext.get(SessionContext.USER_ID);
+ subjectID = (String) auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
@@ -1042,4 +1019,3 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
return subjectID;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java
index 95012039..975a81da 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java
@@ -17,151 +17,92 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
public class Crypt {
// Static data:
- static byte[]
- IP = // Initial permutation
- {
- 58, 50, 42, 34, 26, 18, 10, 2,
- 60, 52, 44, 36, 28, 20, 12, 4,
- 62, 54, 46, 38, 30, 22, 14, 6,
- 64, 56, 48, 40, 32, 24, 16, 8,
- 57, 49, 41, 33, 25, 17, 9, 1,
- 59, 51, 43, 35, 27, 19, 11, 3,
- 61, 53, 45, 37, 29, 21, 13, 5,
- 63, 55, 47, 39, 31, 23, 15, 7
- },
- FP = // Final permutation, FP = IP^(-1)
- {
- 40, 8, 48, 16, 56, 24, 64, 32,
- 39, 7, 47, 15, 55, 23, 63, 31,
- 38, 6, 46, 14, 54, 22, 62, 30,
- 37, 5, 45, 13, 53, 21, 61, 29,
- 36, 4, 44, 12, 52, 20, 60, 28,
- 35, 3, 43, 11, 51, 19, 59, 27,
- 34, 2, 42, 10, 50, 18, 58, 26,
- 33, 1, 41, 9, 49, 17, 57, 25
- },
- // Permuted-choice 1 from the key bits to yield C and D.
- // Note that bits 8,16... are left out:
- // They are intended for a parity check.
- PC1_C =
- {
- 57, 49, 41, 33, 25, 17, 9,
- 1, 58, 50, 42, 34, 26, 18,
- 10, 2, 59, 51, 43, 35, 27,
- 19, 11, 3, 60, 52, 44, 36
- },
- PC1_D =
- {
- 63, 55, 47, 39, 31, 23, 15,
- 7, 62, 54, 46, 38, 30, 22,
- 14, 6, 61, 53, 45, 37, 29,
- 21, 13, 5, 28, 20, 12, 4
- },
- shifts = // Sequence of shifts used for the key schedule.
- {
- 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
- },
- // Permuted-choice 2, to pick out the bits from
- // the CD array that generate the key schedule.
- PC2_C =
- {
- 14, 17, 11, 24, 1, 5,
- 3, 28, 15, 6, 21, 10,
- 23, 19, 12, 4, 26, 8,
- 16, 7, 27, 20, 13, 2
- },
- PC2_D =
- {
- 41, 52, 31, 37, 47, 55,
- 30, 40, 51, 45, 33, 48,
- 44, 49, 39, 56, 34, 53,
- 46, 42, 50, 36, 29, 32
- },
- e2 = // The E-bit selection table. (see E below)
- {
- 32, 1, 2, 3, 4, 5,
- 4, 5, 6, 7, 8, 9,
- 8, 9, 10, 11, 12, 13,
- 12, 13, 14, 15, 16, 17,
- 16, 17, 18, 19, 20, 21,
- 20, 21, 22, 23, 24, 25,
- 24, 25, 26, 27, 28, 29,
- 28, 29, 30, 31, 32, 1
- },
- // P is a permutation on the selected combination of
- // the current L and key.
- P =
- {
- 16, 7, 20, 21,
- 29, 12, 28, 17,
- 1, 15, 23, 26,
- 5, 18, 31, 10,
- 2, 8, 24, 14,
- 32, 27, 3, 9,
- 19, 13, 30, 6,
- 22, 11, 4, 25
- };
- // The 8 selection functions. For some reason, they gave a 0-origin
+ static byte[] IP = // Initial permutation
+ { 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 62, 54, 46,
+ 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 57, 49, 41, 33,
+ 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 61, 53, 45, 37, 29,
+ 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 },
+ FP = // Final permutation, FP = IP^(-1)
+ { 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 38,
+ 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
+ 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59,
+ 27, 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17,
+ 57, 25 },
+ // Permuted-choice 1 from the key bits to yield C and D.
+ // Note that bits 8,16... are left out:
+ // They are intended for a parity check.
+ PC1_C = { 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 10,
+ 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36 },
+ PC1_D = { 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
+ 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 },
+ shifts = // Sequence of shifts used for the key schedule.
+ { 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 },
+ // Permuted-choice 2, to pick out the bits from
+ // the CD array that generate the key schedule.
+ PC2_C = { 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 23, 19, 12,
+ 4, 26, 8, 16, 7, 27, 20, 13, 2 }, PC2_D = { 41, 52, 31, 37,
+ 47, 55, 30, 40, 51, 45, 33, 48, 44, 49, 39, 56, 34, 53, 46,
+ 42, 50, 36, 29, 32 }, e2 = // The E-bit selection table.
+ // (see E below)
+ { 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 8, 9, 10, 11, 12, 13, 12,
+ 13, 14, 15, 16, 17, 16, 17, 18, 19, 20, 21, 20, 21, 22, 23,
+ 24, 25, 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 },
+ // P is a permutation on the selected combination of
+ // the current L and key.
+ P = { 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
+ 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 };
+ // The 8 selection functions. For some reason, they gave a 0-origin
// index, unlike everything else.
- static byte[][] S =
- {
- {
- 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
- 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
- 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
- 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
- }, {
- 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
- 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
- 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
- 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
- }, {
- 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
- 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
- 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
- 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
- }, {
- 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
- 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
- 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
- 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
- }, {
- 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
- 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
- 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
- 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
- }, {
- 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
- 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
- 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
- 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
- }, {
- 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
- 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
- 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
- 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
- }, {
- 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
- 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
- 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
- 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
- }
- };
+ static byte[][] S = {
+ { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 0, 15, 7,
+ 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 4, 1, 14, 8,
+ 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 15, 12, 8, 2, 4,
+ 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 },
+ { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 3, 13, 4,
+ 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 0, 14, 7, 11,
+ 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 13, 8, 10, 1, 3,
+ 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 },
+ { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 13, 7, 0,
+ 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 13, 6, 4, 9, 8,
+ 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 1, 10, 13, 0, 6, 9,
+ 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 },
+ { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 13, 8, 11,
+ 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 10, 6, 9, 0, 12,
+ 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 3, 15, 0, 6, 10, 1,
+ 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 },
+ { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 14, 11, 2,
+ 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 4, 2, 1, 11, 10,
+ 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 11, 8, 12, 7, 1, 14,
+ 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 },
+ { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 10, 15, 4,
+ 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 9, 14, 15, 5, 2,
+ 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 4, 3, 2, 12, 9, 5, 15,
+ 10, 11, 14, 1, 7, 6, 0, 8, 13 },
+ { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 13, 0, 11,
+ 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 1, 4, 11, 13,
+ 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 6, 11, 13, 8, 1, 4,
+ 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 },
+ { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 1, 15, 13,
+ 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 7, 11, 4, 1, 9,
+ 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 2, 1, 14, 7, 4, 10,
+ 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 } };
// Dynamic data:
- byte[] C = new byte[28], // The C and D arrays used to
- D = new byte[28], // calculate the key schedule.
- E = new byte[48], // The E bit-selection table.
- L = new byte[32], // The current block,
- R = new byte[32], // divided into two halves.
- tempL = new byte[32],
- f = new byte[32],
- preS = new byte[48]; // The combination of the key and
+ byte[] C = new byte[28], // The C and D arrays used to
+ D = new byte[28], // calculate the key schedule.
+ E = new byte[48], // The E bit-selection table.
+ L = new byte[32], // The current block,
+ R = new byte[32], // divided into two halves.
+ tempL = new byte[32], f = new byte[32], preS = new byte[48]; // The
+ // combination
+ // of
+ // the
+ // key
+ // and
// the input, before selection.
- // The key schedule. Generated from the key.
+ // The key schedule. Generated from the key.
byte[][] KS = new byte[16][48];
// Object fields:
@@ -169,17 +110,17 @@ public class Crypt {
// Public methods:
/**
- * Create Crypt object with no passwd or salt set. Must use setPasswd()
- * and setSalt() before getEncryptedPasswd().
+ * Create Crypt object with no passwd or salt set. Must use setPasswd() and
+ * setSalt() before getEncryptedPasswd().
*/
public Crypt() {
Passwd = Salt = Encrypt = "";
}
/**
- * Create a Crypt object with specified salt. Use setPasswd() before
+ * Create a Crypt object with specified salt. Use setPasswd() before
* getEncryptedPasswd().
- *
+ *
* @param salt the salt string for encryption
*/
public Crypt(String salt) {
@@ -189,10 +130,9 @@ public class Crypt {
}
/**
- * Create a Crypt object with specified passwd and salt (often the
- * already encypted passwd). Get the encrypted result with
- * getEncryptedPasswd().
- *
+ * Create a Crypt object with specified passwd and salt (often the already
+ * encypted passwd). Get the encrypted result with getEncryptedPasswd().
+ *
* @param passwd the passwd to encrypt
* @param salt the salt string for encryption
*/
@@ -204,7 +144,7 @@ public class Crypt {
/**
* Retrieve the passwd string currently being encrypted.
- *
+ *
* @return the current passwd string
*/
public String getPasswd() {
@@ -213,7 +153,7 @@ public class Crypt {
/**
* Retrieve the salt string currently being used for encryption.
- *
+ *
* @return the current salt string
*/
public String getSalt() {
@@ -221,9 +161,9 @@ public class Crypt {
}
/**
- * Retrieve the resulting encrypted string from the current passwd and
- * salt settings.
- *
+ * Retrieve the resulting encrypted string from the current passwd and salt
+ * settings.
+ *
* @return the encrypted passwd
*/
public String getEncryptedPasswd() {
@@ -231,9 +171,9 @@ public class Crypt {
}
/**
- * Set a new passwd string for encryption. Use getEncryptedPasswd() to
+ * Set a new passwd string for encryption. Use getEncryptedPasswd() to
* retrieve the new result.
- *
+ *
* @param passwd the new passwd string
*/
public void setPasswd(String passwd) {
@@ -242,9 +182,9 @@ public class Crypt {
}
/**
- * Set a new salt string for encryption. Use getEncryptedPasswd() to
+ * Set a new salt string for encryption. Use getEncryptedPasswd() to
* retrieve the new result.
- *
+ *
* @param salt the new salt string
*/
public void setSalt(String salt) {
@@ -254,19 +194,18 @@ public class Crypt {
// Internal crypt methods:
String crypt() {
- if (Salt.length() == 0) return "";
+ if (Salt.length() == 0)
+ return "";
int i, j, pwi;
byte c, temp;
- byte[] block = new byte[66],
- iobuf = new byte[16],
- salt = new byte[2],
- pw = Passwd.getBytes(), //jdk1.1
- saltbytes = Salt.getBytes(); //jdk1.1
+ byte[] block = new byte[66], iobuf = new byte[16], salt = new byte[2], pw = Passwd
+ .getBytes(), // jdk1.1
+ saltbytes = Salt.getBytes(); // jdk1.1
- // pw = new byte[Passwd.length()], //jdk1.0.2
- // saltbytes = new byte[Salt.length()]; //jdk1.0.2
- //Passwd.getBytes(0,Passwd.length(),pw,0); //jdk1.0.2
- //Salt.getBytes(0,Salt.length(),saltbytes,0); //jdk1.0.2
+ // pw = new byte[Passwd.length()], //jdk1.0.2
+ // saltbytes = new byte[Salt.length()]; //jdk1.0.2
+ // Passwd.getBytes(0,Passwd.length(),pw,0); //jdk1.0.2
+ // Salt.getBytes(0,Salt.length(),saltbytes,0); //jdk1.0.2
salt[0] = saltbytes[0];
salt[1] = (saltbytes.length > 1) ? saltbytes[1] : 0;
@@ -288,8 +227,10 @@ public class Crypt {
for (i = 0; i < 2; i++) {
c = salt[i];
iobuf[i] = c;
- if (c > 'Z') c -= 6;
- if (c > '9') c -= 7;
+ if (c > 'Z')
+ c -= 6;
+ if (c > '9')
+ c -= 7;
c -= '.';
for (j = 0; j < 6; j++) {
if (((c >> j) & 1) != 0) {
@@ -311,8 +252,10 @@ public class Crypt {
c |= block[6 * i + j];
}
c += '.';
- if (c > '9') c += 7;
- if (c > 'Z') c += 6;
+ if (c > '9')
+ c += 7;
+ if (c > 'Z')
+ c += 6;
iobuf[i + 2] = c;
}
@@ -320,16 +263,16 @@ public class Crypt {
if (iobuf[1] == 0)
iobuf[1] = iobuf[0];
- return new String(iobuf); //jdk1.1
- //return new String(iobuf,0); //jdk1.0.2
+ return new String(iobuf); // jdk1.1
+ // return new String(iobuf,0); //jdk1.0.2
}
- void setkey(byte[] key) // Set up the key schedule from the key.
+ void setkey(byte[] key) // Set up the key schedule from the key.
{
int i, j, k;
byte t;
- // First, generate C and D by permuting the key. The low order bit
+ // First, generate C and D by permuting the key. The low order bit
// of each 8-bit char is not used, so C and D are only 28 bits apiece.
for (i = 0; i < 28; i++) {
C[i] = key[PC1_C[i] - 1];
@@ -369,41 +312,38 @@ public class Crypt {
byte k;
// First, permute the bits in the input
- //for (j = 0; j < 64; j++)
- //{
- // L[j] = block[IP[j]-1];
- //}
+ // for (j = 0; j < 64; j++)
+ // {
+ // L[j] = block[IP[j]-1];
+ // }
for (j = 0; j < 32; j++)
L[j] = block[IP[j] - 1];
for (j = 32; j < 64; j++)
R[j - 32] = block[IP[j] - 1];
- // Perform an encryption operation 16 times.
+ // Perform an encryption operation 16 times.
for (ii = 0; ii < 16; ii++) {
i = ii;
// Save the R array, which will be the new L.
for (j = 0; j < 32; j++)
tempL[j] = R[j];
- // Expand R to 48 bits using the E selector;
- // exclusive-or with the current key bits.
+ // Expand R to 48 bits using the E selector;
+ // exclusive-or with the current key bits.
for (j = 0; j < 48; j++)
preS[j] = (byte) (R[E[j] - 1] ^ KS[i][j]);
- // The pre-select bits are now considered in 8 groups of
- // 6 bits each. The 8 selection functions map these 6-bit
- // quantities into 4-bit quantities and the results permuted
- // to make an f(R, K). The indexing into the selection functions
- // is peculiar; it could be simplified by rewriting the tables.
+ // The pre-select bits are now considered in 8 groups of
+ // 6 bits each. The 8 selection functions map these 6-bit
+ // quantities into 4-bit quantities and the results permuted
+ // to make an f(R, K). The indexing into the selection functions
+ // is peculiar; it could be simplified by rewriting the tables.
for (j = 0; j < 8; j++) {
t = 6 * j;
- k = S[j][ (preS[t ] << 5) +
- (preS[t + 1] << 3) +
- (preS[t + 2] << 2) +
- (preS[t + 3] << 1) +
- (preS[t + 4]) +
- (preS[t + 5] << 4) ];
+ k = S[j][(preS[t] << 5) + (preS[t + 1] << 3)
+ + (preS[t + 2] << 2) + (preS[t + 3] << 1)
+ + (preS[t + 4]) + (preS[t + 5] << 4)];
t = 4 * j;
- f[t ] = (byte) ((k >> 3) & 1);
+ f[t] = (byte) ((k >> 3) & 1);
f[t + 1] = (byte) ((k >> 2) & 1);
f[t + 2] = (byte) ((k >> 1) & 1);
f[t + 3] = (byte) ((k) & 1);
@@ -430,7 +370,7 @@ public class Crypt {
// The final output gets the inverse permutation of the very original.
for (j = 0; j < 64; j++) {
- //block[j] = L[FP[j]-1];
+ // block[j] = L[FP[j]-1];
block[j] = (FP[j] > 32) ? R[FP[j] - 33] : L[FP[j] - 1];
}
}
diff --git a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
index 1f2eb69a..a00cc376 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
import java.io.IOException;
import java.io.PushbackReader;
import java.io.StringReader;
@@ -28,24 +27,27 @@ import netscape.ldap.LDAPEntry;
import com.netscape.certsrv.authentication.EAuthException;
import com.netscape.certsrv.base.EBaseException;
-
/**
- * class for parsing a DN pattern used to construct a certificate
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate subject name
+ * from ldap attributes and dn.
+ * <p>
*
- * dnpattern is a string representing a subject name pattern to formulate from
- * the directory attributes and entry dn. If empty or not set, the
- * ldap entry DN will be used as the certificate subject name. <p>
+ * dnpattern is a string representing a subject name pattern to formulate from
+ * the directory attributes and entry dn. If empty or not set, the ldap entry DN
+ * will be used as the certificate subject name.
+ * <p>
+ *
+ * The syntax is
*
- * The syntax is
* <pre>
- * dnPattern := rdnPattern *[ "," rdnPattern ]
- * rdnPattern := avaPattern *[ "+" avaPattern ]
+ * dnPattern := rdnPattern *[ "," rdnPattern ]
+ * rdnPattern := avaPattern *[ "+" avaPattern ]
* avaPattern := name "=" value |
- * name "=" "$attr" "." attrName [ "." attrNumber ] |
- * name "=" "$dn" "." attrName [ "." attrNumber ] |
- * "$dn" "." "$rdn" "." number
+ * name "=" "$attr" "." attrName [ "." attrNumber ] |
+ * name "=" "$dn" "." attrName [ "." attrNumber ] |
+ * "$dn" "." "$rdn" "." number
* </pre>
+ *
* <pre>
* Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
* Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org
@@ -72,11 +74,12 @@ import com.netscape.certsrv.base.EBaseException;
* E = the first 'mail' ldap attribute value in user's entry. <br>
* CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
* OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- * in a RDN in this example. <br>
+ * in a RDN in this example. <br>
* O = the (first) 'o' value in the user's entry DN. <br>
* C = the string "US"
* <p>
* </pre>
+ *
* <pre>
* Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
* Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org
@@ -101,15 +104,16 @@ import com.netscape.certsrv.base.EBaseException;
* <p>
* CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
* OU = the second 'ou' value in the user's entry DN followed by the
- * first 'ou' value in the user's entry. note multiple AVAs
- * in a RDN in this example. <br>
+ * first 'ou' value in the user's entry. note multiple AVAs
+ * in a RDN in this example. <br>
* O = the (first) 'o' value in the user's entry DN. <br>
* C = the string "US"
* <p>
* </pre>
- * If an attribute or subject DN component does not exist the attribute
- * is skipped.
- *
+ *
+ * If an attribute or subject DN component does not exist the attribute is
+ * skipped.
+ *
* @version $Revision$, $Date$
*/
public class DNPattern {
@@ -125,15 +129,15 @@ public class DNPattern {
protected String mTestDN = null;
- /**
+ /**
* Construct a DN pattern by parsing a pattern string.
+ *
* @param pattern the DN pattern
- * @exception EBaseException If parsing error occurs.
+ * @exception EBaseException If parsing error occurs.
*/
- public DNPattern(String pattern)
- throws EAuthException {
+ public DNPattern(String pattern) throws EAuthException {
if (pattern == null || pattern.equals("")) {
- // create an attribute list that is the dn.
+ // create an attribute list that is the dn.
mLdapAttrs = new String[] { "dn" };
} else {
mPatternString = pattern;
@@ -143,13 +147,11 @@ public class DNPattern {
}
}
- public DNPattern(PushbackReader in)
- throws EAuthException {
+ public DNPattern(PushbackReader in) throws EAuthException {
parse(in);
}
- private void parse(PushbackReader in)
- throws EAuthException {
+ private void parse(PushbackReader in) throws EAuthException {
Vector rdnPatterns = new Vector();
RDNPattern rdnPattern = null;
int lastChar = -1;
@@ -160,10 +162,10 @@ public class DNPattern {
try {
lastChar = in.read();
} catch (IOException e) {
- throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString());
+ throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR",
+ e.toString());
}
- }
- while (lastChar == ',');
+ } while (lastChar == ',');
mRDNPatterns = new RDNPattern[rdnPatterns.size()];
rdnPatterns.copyInto(mRDNPatterns);
@@ -173,8 +175,8 @@ public class DNPattern {
for (int i = 0; i < mRDNPatterns.length; i++) {
String[] rdnAttrs = mRDNPatterns[i].getLdapAttrs();
- if (rdnAttrs != null && rdnAttrs.length > 0)
- for (int j = 0; j < rdnAttrs.length; j++)
+ if (rdnAttrs != null && rdnAttrs.length > 0)
+ for (int j = 0; j < rdnAttrs.length; j++)
ldapAttrs.addElement(rdnAttrs[j]);
}
mLdapAttrs = new String[ldapAttrs.size()];
@@ -183,11 +185,11 @@ public class DNPattern {
/**
* Form a Ldap v3 DN string from results of a ldap search.
+ *
* @param entry LDAPentry from a ldap search
- * @return Ldap v3 DN string to use for a subject name.
+ * @return Ldap v3 DN string to use for a subject name.
*/
- public String formDN(LDAPEntry entry)
- throws EAuthException {
+ public String formDN(LDAPEntry entry) throws EAuthException {
StringBuffer formedDN = new StringBuffer();
for (int i = 0; i < mRDNPatterns.length; i++) {
@@ -197,13 +199,13 @@ public class DNPattern {
if (rdn != null) {
if (rdn != null && rdn.length() != 0) {
- if (formedDN.length() != 0)
+ if (formedDN.length() != 0)
formedDN.append(",");
formedDN.append(rdn);
}
}
}
- //System.out.println("formed DN "+formedDN.toString());
+ // System.out.println("formed DN "+formedDN.toString());
return formedDN.toString();
}
diff --git a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
index 3260af6e..02e458bc 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
// ldap java sdk
import java.io.IOException;
import java.security.cert.CertificateException;
@@ -57,29 +56,28 @@ import com.netscape.certsrv.ldap.ILdapConnFactory;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmsutil.util.Utils;
-
/**
- * Abstract class for directory based authentication managers
- * Uses a pattern for formulating subject names.
- * The pattern is read from configuration file.
+ * Abstract class for directory based authentication managers Uses a pattern for
+ * formulating subject names. The pattern is read from configuration file.
* Syntax of the pattern is described in the init() method.
*
* <P>
+ *
* @version $Revision$, $Date$
*/
-public abstract class DirBasedAuthentication
- implements IAuthManager, IExtendedPluginInfo {
+public abstract class DirBasedAuthentication implements IAuthManager,
+ IExtendedPluginInfo {
- protected static final String USER_DN = "userDN";
+ protected static final String USER_DN = "userDN";
/* configuration parameter keys */
- protected static final String PROP_LDAP = "ldap";
- protected static final String PROP_BASEDN = "basedn";
- protected static final String PROP_DNPATTERN = "dnpattern";
+ protected static final String PROP_LDAP = "ldap";
+ protected static final String PROP_BASEDN = "basedn";
+ protected static final String PROP_DNPATTERN = "dnpattern";
protected static final String PROP_LDAPSTRINGATTRS = "ldapStringAttributes";
protected static final String PROP_LDAPBYTEATTRS = "ldapByteAttributes";
- // members
+ // members
/* name of this authentication manager instance */
protected String mName = null;
@@ -105,52 +103,57 @@ public abstract class DirBasedAuthentication
/* the subject DN pattern */
protected DNPattern mPattern = null;
- /* the list of LDAP attributes with string values to retrieve to
- * save in the auth token including ones from the dn pattern. */
+ /*
+ * the list of LDAP attributes with string values to retrieve to save in the
+ * auth token including ones from the dn pattern.
+ */
protected String[] mLdapStringAttrs = null;
- /* the list of LDAP attributes with byte[] values to retrive to save
- * in authtoken. */
+ /*
+ * the list of LDAP attributes with byte[] values to retrive to save in
+ * authtoken.
+ */
protected String[] mLdapByteAttrs = null;
- /* the combined list of LDAP attriubutes to retrieve*/
+ /* the combined list of LDAP attriubutes to retrieve */
protected String[] mLdapAttrs = null;
/* default dn pattern if left blank or not set in the config */
- protected static String DEFAULT_DNPATTERN =
- "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c";
+ protected static String DEFAULT_DNPATTERN = "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c";
/* Vector of extendedPluginInfo strings */
protected static Vector mExtendedPluginInfo = null;
static {
mExtendedPluginInfo = new Vector();
- mExtendedPluginInfo.add(PROP_DNPATTERN + ";string;Template for cert" +
- " Subject Name. ($dn.xxx - get value from user's LDAP " +
- "DN. $attr.yyy - get value from LDAP attributes in " +
- "user's entry.) Default: " + DEFAULT_DNPATTERN);
- mExtendedPluginInfo.add(PROP_LDAPSTRINGATTRS + ";string;" +
- "Comma-separated list of LDAP attributes to copy from " +
- "the user's LDAP entry into the AuthToken. e.g use " +
- "'mail' to copy user's email address for subjectAltName");
- mExtendedPluginInfo.add(PROP_LDAPBYTEATTRS + ";string;" +
- "Comma-separated list of binary LDAP attributes to copy" +
- " from the user's LDAP entry into the AuthToken");
- mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" +
- "LDAP host to connect to");
- mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" +
- "LDAP port number (use 389, or 636 if SSL)");
- mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" +
- "Use SSL to connect to directory?");
- mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" +
- "LDAP protocol version");
- mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start searching " +
- "under. If your user's DN is 'uid=jsmith, o=company', you " +
- "might want to use 'o=company' here");
- mExtendedPluginInfo.add("ldap.minConns;number;number of connections " +
- "to keep open to directory server. Default 5.");
- mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection " +
- "pool can grow to this many (multiplexed) connections. Default 1000.");
+ mExtendedPluginInfo.add(PROP_DNPATTERN + ";string;Template for cert"
+ + " Subject Name. ($dn.xxx - get value from user's LDAP "
+ + "DN. $attr.yyy - get value from LDAP attributes in "
+ + "user's entry.) Default: " + DEFAULT_DNPATTERN);
+ mExtendedPluginInfo.add(PROP_LDAPSTRINGATTRS + ";string;"
+ + "Comma-separated list of LDAP attributes to copy from "
+ + "the user's LDAP entry into the AuthToken. e.g use "
+ + "'mail' to copy user's email address for subjectAltName");
+ mExtendedPluginInfo.add(PROP_LDAPBYTEATTRS + ";string;"
+ + "Comma-separated list of binary LDAP attributes to copy"
+ + " from the user's LDAP entry into the AuthToken");
+ mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;"
+ + "LDAP host to connect to");
+ mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;"
+ + "LDAP port number (use 389, or 636 if SSL)");
+ mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;"
+ + "Use SSL to connect to directory?");
+ mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);"
+ + "LDAP protocol version");
+ mExtendedPluginInfo
+ .add("ldap.basedn;string,required;Base DN to start searching "
+ + "under. If your user's DN is 'uid=jsmith, o=company', you "
+ + "might want to use 'o=company' here");
+ mExtendedPluginInfo.add("ldap.minConns;number;number of connections "
+ + "to keep open to directory server. Default 5.");
+ mExtendedPluginInfo
+ .add("ldap.maxConns;number;when needed, connection "
+ + "pool can grow to this many (multiplexed) connections. Default 1000.");
}
/**
@@ -163,24 +166,26 @@ public abstract class DirBasedAuthentication
* Initializes the UidPwdDirBasedAuthentication auth manager.
*
* Takes the following configuration parameters: <br>
+ *
* <pre>
- * ldap.basedn - the ldap base dn.
- * ldap.ldapconn.host - the ldap host.
- * ldap.ldapconn.port - the ldap port
- * ldap.ldapconn.secureConn - whether port should be secure
- * ldap.minConns - minimum connections
- * ldap.maxConns - max connections
- * dnpattern - dn pattern.
+ * ldap.basedn - the ldap base dn.
+ * ldap.ldapconn.host - the ldap host.
+ * ldap.ldapconn.port - the ldap port
+ * ldap.ldapconn.secureConn - whether port should be secure
+ * ldap.minConns - minimum connections
+ * ldap.maxConns - max connections
+ * dnpattern - dn pattern.
* </pre>
* <p>
- * <i><b>dnpattern</b></i> is a string representing a subject name pattern
- * to formulate from the directory attributes and entry dn. If empty or
- * not set, the ldap entry DN will be used as the certificate subject name.
+ * <i><b>dnpattern</b></i> is a string representing a subject name pattern
+ * to formulate from the directory attributes and entry dn. If empty or not
+ * set, the ldap entry DN will be used as the certificate subject name.
* <p>
- * The syntax is
+ * The syntax is
+ *
* <pre>
* dnpattern = SubjectNameComp *[ "," SubjectNameComp ]
- *
+ *
* SubjectNameComponent = DnComp | EntryComp | ConstantComp
* DnComp = CertAttr "=" "$dn" "." DnAttr "." Num
* EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num
@@ -190,11 +195,12 @@ public abstract class DirBasedAuthentication
* CertAttr = a Component in the Certificate Subject Name
* (multiple AVA in one RDN not supported)
* Num = the nth value of tha attribute in the dn or entry.
- * Constant = Constant String, with any accepted ldap string value.
+ * Constant = Constant String, with any accepted ldap string value.
*
* </pre>
* <p>
* <b>Example:</b>
+ *
* <pre>
* dnpattern:
* E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US
@@ -213,6 +219,7 @@ public abstract class DirBasedAuthentication
* </pre>
* <p>
* The subject name formulated in the cert will be : <br>
+ *
* <pre>
* E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US
*
@@ -229,28 +236,32 @@ public abstract class DirBasedAuthentication
* @exception EBaseException If an error occurs during initialization.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
init(name, implName, config, true);
}
- public void init(String name, String implName, IConfigStore config, boolean needBaseDN)
- throws EBaseException {
+ public void init(String name, String implName, IConfigStore config,
+ boolean needBaseDN) throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
/* initialize ldap server configuration */
mLdapConfig = mConfig.getSubStore(PROP_LDAP);
- if (needBaseDN) mBaseDN = mLdapConfig.getString(PROP_BASEDN);
- if (needBaseDN && ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN.trim().equals(""))))
- throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
+ if (needBaseDN)
+ mBaseDN = mLdapConfig.getString(PROP_BASEDN);
+ if (needBaseDN
+ && ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN
+ .trim().equals(""))))
+ throw new EPropertyNotFound(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
mConnFactory = CMS.getLdapAnonConnFactory();
mConnFactory.init(mLdapConfig);
/* initialize dn pattern */
String pattern = mConfig.getString(PROP_DNPATTERN, null);
- if (pattern == null || pattern.length() == 0)
+ if (pattern == null || pattern.length() == 0)
pattern = DEFAULT_DNPATTERN;
mPattern = new DNPattern(pattern);
String[] patternLdapAttrs = mPattern.getLdapAttrs();
@@ -261,15 +272,15 @@ public abstract class DirBasedAuthentication
if (ldapStringAttrs == null) {
mLdapStringAttrs = patternLdapAttrs;
} else {
- StringTokenizer pAttrs =
- new StringTokenizer(ldapStringAttrs, ",", false);
+ StringTokenizer pAttrs = new StringTokenizer(ldapStringAttrs, ",",
+ false);
int begin = 0;
if (patternLdapAttrs != null && patternLdapAttrs.length > 0) {
- mLdapStringAttrs = new String[
- patternLdapAttrs.length + pAttrs.countTokens()];
- System.arraycopy(patternLdapAttrs, 0,
- mLdapStringAttrs, 0, patternLdapAttrs.length);
+ mLdapStringAttrs = new String[patternLdapAttrs.length
+ + pAttrs.countTokens()];
+ System.arraycopy(patternLdapAttrs, 0, mLdapStringAttrs, 0,
+ patternLdapAttrs.length);
begin = patternLdapAttrs.length;
} else {
mLdapStringAttrs = new String[pAttrs.countTokens()];
@@ -285,22 +296,21 @@ public abstract class DirBasedAuthentication
if (ldapByteAttrs == null) {
mLdapByteAttrs = new String[0];
} else {
- StringTokenizer byteAttrs =
- new StringTokenizer(ldapByteAttrs, ",", false);
+ StringTokenizer byteAttrs = new StringTokenizer(ldapByteAttrs, ",",
+ false);
mLdapByteAttrs = new String[byteAttrs.countTokens()];
- for (int j = 0; j < mLdapByteAttrs.length; j++) {
+ for (int j = 0; j < mLdapByteAttrs.length; j++) {
mLdapByteAttrs[j] = ((String) byteAttrs.nextElement()).trim();
}
}
/* make the combined list */
- mLdapAttrs =
- new String[mLdapStringAttrs.length + mLdapByteAttrs.length];
- System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs,
- 0, mLdapStringAttrs.length);
- System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs,
- mLdapStringAttrs.length, mLdapByteAttrs.length);
+ mLdapAttrs = new String[mLdapStringAttrs.length + mLdapByteAttrs.length];
+ System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs, 0,
+ mLdapStringAttrs.length);
+ System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs,
+ mLdapStringAttrs.length, mLdapByteAttrs.length);
log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_INIT_DONE"));
}
@@ -320,21 +330,22 @@ public abstract class DirBasedAuthentication
}
/**
- * Authenticates user through LDAP by a set of credentials.
- * Resulting AuthToken a TOKEN_CERTINFO field of a X509CertInfo
+ * Authenticates user through LDAP by a set of credentials. Resulting
+ * AuthToken a TOKEN_CERTINFO field of a X509CertInfo
* <p>
+ *
* @param authCred Authentication credentials, CRED_UID and CRED_PWD.
* @return A AuthToken with a TOKEN_SUBJECT of X500name type.
- * @exception com.netscape.certsrv.authentication.EMissingCredential
- * If a required authentication credential is missing.
- * @exception com.netscape.certsrv.authentication.EInvalidCredentials
- * If credentials failed authentication.
- * @exception com.netscape.certsrv.base.EBaseException
- * If an internal error occurred.
+ * @exception com.netscape.certsrv.authentication.EMissingCredential If a
+ * required authentication credential is missing.
+ * @exception com.netscape.certsrv.authentication.EInvalidCredentials If
+ * credentials failed authentication.
+ * @exception com.netscape.certsrv.base.EBaseException If an internal error
+ * occurred.
* @see com.netscape.certsrv.authentication.AuthToken
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
String userdn = null;
LDAPConnection conn = null;
AuthToken authToken = new AuthToken(this);
@@ -359,29 +370,31 @@ public abstract class DirBasedAuthentication
// set subject name.
try {
- CertificateSubjectName subjectname = (CertificateSubjectName)
- certInfo.get(X509CertInfo.SUBJECT);
+ CertificateSubjectName subjectname = (CertificateSubjectName) certInfo
+ .get(X509CertInfo.SUBJECT);
if (subjectname != null)
- authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
- subjectname.toString());
+ authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
+ subjectname.toString());
} // error means it's not set.
catch (CertificateException e) {
} catch (IOException e) {
}
- // set validity if any
+ // set validity if any
try {
- CertificateValidity validity = (CertificateValidity)
- certInfo.get(X509CertInfo.VALIDITY);
+ CertificateValidity validity = (CertificateValidity) certInfo
+ .get(X509CertInfo.VALIDITY);
if (validity != null) {
- // the gets throws IOException but only if attribute
- // not recognized. In these cases they are always.
- authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE,
- (Date)validity.get(CertificateValidity.NOT_BEFORE));
- authToken.set(AuthToken.TOKEN_CERT_NOTAFTER,
- (Date)validity.get(CertificateValidity.NOT_AFTER));
+ // the gets throws IOException but only if attribute
+ // not recognized. In these cases they are always.
+ authToken
+ .set(AuthToken.TOKEN_CERT_NOTBEFORE,
+ (Date) validity
+ .get(CertificateValidity.NOT_BEFORE));
+ authToken.set(AuthToken.TOKEN_CERT_NOTAFTER,
+ (Date) validity.get(CertificateValidity.NOT_AFTER));
}
} // error means it's not set.
catch (CertificateException e) {
@@ -390,8 +403,8 @@ public abstract class DirBasedAuthentication
// set extensions if any.
try {
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
if (extensions != null)
authToken.set(AuthToken.TOKEN_CERT_EXTENSIONS, extensions);
@@ -401,7 +414,7 @@ public abstract class DirBasedAuthentication
}
} finally {
- if (conn != null)
+ if (conn != null)
mConnFactory.returnConn(conn);
}
@@ -410,15 +423,16 @@ public abstract class DirBasedAuthentication
/**
* get the list of required credentials.
+ *
* @return list of required credentials as strings.
*/
public abstract String[] getRequiredCreds();
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public abstract String[] getConfigParams();
@@ -434,12 +448,14 @@ public abstract class DirBasedAuthentication
}
} catch (ELdapException e) {
// ignore
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_SHUTDOWN_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_SHUTDOWN_ERROR", e.toString()));
}
}
/**
* Gets the configuration substore used by this authentication manager
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -452,11 +468,10 @@ public abstract class DirBasedAuthentication
* @param authCreds The authentication credentials.
* @return The user's ldap entry dn.
* @exception EInvalidCredentials If the uid and password are not valid
- * @exception EBaseException If an internal error occurs.
+ * @exception EBaseException If an internal error occurs.
*/
- protected abstract String authenticate(
- LDAPConnection conn, IAuthCredentials authCreds, AuthToken token)
- throws EBaseException;
+ protected abstract String authenticate(LDAPConnection conn,
+ IAuthCredentials authCreds, AuthToken token) throws EBaseException;
/**
* Formulate the cert info.
@@ -465,36 +480,34 @@ public abstract class DirBasedAuthentication
* @param userdn The user's dn.
* @param certinfo A certinfo object to fill.
* @param token A authentication token to fill.
- * @exception EBaseException If an internal error occurs.
+ * @exception EBaseException If an internal error occurs.
*/
- protected void formCertInfo(LDAPConnection conn,
- String userdn,
- X509CertInfo certinfo,
- AuthToken token)
- throws EBaseException {
+ protected void formCertInfo(LDAPConnection conn, String userdn,
+ X509CertInfo certinfo, AuthToken token) throws EBaseException {
String dn = null;
// get ldap attributes to retrieve.
String[] attrs = getLdapAttrs();
- // retrieve the attributes.
+ // retrieve the attributes.
try {
if (conn != null) {
LDAPEntry entry = null;
- LDAPSearchResults results =
- conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
- attrs, false);
+ LDAPSearchResults results = conn.search(userdn,
+ LDAPv2.SCOPE_BASE, "objectclass=*", attrs, false);
if (!results.hasMoreElements()) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_ATTR_ERROR"));
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_LDAPATTRIBUTES_NOT_FOUND"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_NO_ATTR_ERROR"));
+ throw new EAuthException(
+ CMS.getUserMessage("CMS_AUTHENTICATION_LDAPATTRIBUTES_NOT_FOUND"));
}
entry = results.next();
- // formulate the subject dn
+ // formulate the subject dn
try {
dn = formSubjectName(entry);
} catch (EBaseException e) {
- //e.printStackTrace();
+ // e.printStackTrace();
throw e;
}
// Put selected values from the entry into the token
@@ -504,64 +517,73 @@ public abstract class DirBasedAuthentication
}
// add anything else in cert info such as validity, extensions
- // (nothing now)
+ // (nothing now)
// pack the dn into X500name and set subject name.
if (dn.length() == 0) {
- EBaseException ex =
- new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName));
+ EBaseException ex = new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_DN_ERROR", ex.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMS_AUTH_NO_DN_ERROR", ex.toString()));
throw ex;
}
X500Name subjectdn = new X500Name(dn);
- certinfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subjectdn));
+ certinfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ subjectdn));
} catch (LDAPException e) {
switch (e.getLDAPResultCode()) {
- case LDAPException.SERVER_DOWN:
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_AUTH_ATTR_ERROR"));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ case LDAPException.SERVER_DOWN:
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_NO_AUTH_ATTR_ERROR"));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
case LDAPException.NO_SUCH_OBJECT:
case LDAPException.LDAP_PARTIAL_RESULTS:
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_USER_ENTRY_ERROR", userdn));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMS_AUTH_NO_USER_ENTRY_ERROR", userdn));
// fall to below.
default:
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString()));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
- e.errorCodeToString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_OTHER_LDAP_EXCEPTION", e.errorCodeToString()));
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_SUBJECT_ERROR", userdn, e.getMessage()));
- throw new EFormSubjectDN(CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMS_AUTH_CREATE_SUBJECT_ERROR", userdn, e.getMessage()));
+ throw new EFormSubjectDN(
+ CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_CERTINFO_ERROR", userdn, e.getMessage()));
- throw new EFormSubjectDN(CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMS_AUTH_CREATE_CERTINFO_ERROR", userdn, e.getMessage()));
+ throw new EFormSubjectDN(
+ CMS.getUserMessage("CMS_AUTHENTICATION_FORM_SUBJECTDN_ERROR"));
}
}
/**
- * Copy values from the LDAPEntry into the AuthToken. The
- * list of values that should be store this way is given in
- * a the ldapAttributes configuration parameter.
+ * Copy values from the LDAPEntry into the AuthToken. The list of values
+ * that should be store this way is given in a the ldapAttributes
+ * configuration parameter.
*/
protected void setAuthTokenValues(LDAPEntry e, AuthToken tok) {
for (int i = 0; i < mLdapStringAttrs.length; i++)
setAuthTokenStringValue(mLdapStringAttrs[i], e, tok);
- for (int j = 0; j < mLdapByteAttrs.length; j++)
+ for (int j = 0; j < mLdapByteAttrs.length; j++)
setAuthTokenByteValue(mLdapByteAttrs[j], e, tok);
}
- protected void setAuthTokenStringValue(
- String name, LDAPEntry entry, AuthToken tok) {
+ protected void setAuthTokenStringValue(String name, LDAPEntry entry,
+ AuthToken tok) {
LDAPAttribute values = entry.getAttribute(name);
- if (values == null) return;
+ if (values == null)
+ return;
Vector v = new Vector();
Enumeration e = values.getStringValues();
@@ -577,11 +599,12 @@ public abstract class DirBasedAuthentication
tok.set(name, a);
}
- protected void setAuthTokenByteValue(
- String name, LDAPEntry entry, AuthToken tok) {
+ protected void setAuthTokenByteValue(String name, LDAPEntry entry,
+ AuthToken tok) {
LDAPAttribute values = entry.getAttribute(name);
- if (values == null) return;
+ if (values == null)
+ return;
Vector v = new Vector();
Enumeration e = values.getByteValues();
@@ -600,6 +623,7 @@ public abstract class DirBasedAuthentication
/**
* Return a list of LDAP attributes with String values to retrieve.
* Subclasses can override to return any set of attributes.
+ *
* @return Array of LDAP attributes to retrieve from the directory.
*/
protected String[] getLdapAttrs() {
@@ -609,6 +633,7 @@ public abstract class DirBasedAuthentication
/**
* Return a list of LDAP attributes with byte[] values to retrieve.
* Subclasses can override to return any set of attributes.
+ *
* @return Array of LDAP attributes to retrieve from the directory.
*/
protected String[] getLdapByteAttrs() {
@@ -616,22 +641,20 @@ public abstract class DirBasedAuthentication
}
/**
- * Formulate the subject name
+ * Formulate the subject name
+ *
* @param entry The LDAP entry
* @return The subject name string.
* @exception EBaseException If an internal error occurs.
*/
- protected String formSubjectName(LDAPEntry entry)
- throws EAuthException {
- if (mPattern.mPatternString == null)
+ protected String formSubjectName(LDAPEntry entry) throws EAuthException {
+ if (mPattern.mPatternString == null)
return entry.getDN();
-
- /*
- if (mTestDNString != null) {
- mPattern.mTestDN = mTestDNString;
- //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN);
- }
- */
+
+ /*
+ * if (mTestDNString != null) { mPattern.mTestDN = mTestDNString;
+ * //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN); }
+ */
String dn = mPattern.formDN(entry);
@@ -641,6 +664,7 @@ public abstract class DirBasedAuthentication
/**
* Logs a message for this class in the system log file.
+ *
* @param level The log level.
* @param msg The message to log.
* @see com.netscape.certsrv.logging.ILogger
@@ -648,16 +672,15 @@ public abstract class DirBasedAuthentication
protected void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
+ msg);
}
public String[] getExtendedPluginInfo(Locale locale) {
String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo);
return s;
-
+
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
index ab59c499..67092c29 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
// ldap java sdk
import java.io.BufferedReader;
import java.io.BufferedWriter;
@@ -49,15 +48,13 @@ import com.netscape.certsrv.profile.IProfileAuthenticator;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This represents the authentication manager that authenticates
- * user against a file where id, and password are stored.
+ * This represents the authentication manager that authenticates user against a
+ * file where id, and password are stored.
*
* @version $Revision$, $Date$
*/
-public class FlatFileAuth
- implements IProfileAuthenticator, IExtendedPluginInfo {
+public class FlatFileAuth implements IProfileAuthenticator, IExtendedPluginInfo {
/* configuration parameter keys */
protected static final String PROP_FILENAME = "fileName";
@@ -66,39 +63,36 @@ public class FlatFileAuth
protected static final String PROP_DEFERONFAILURE = "deferOnFailure";
protected String mFilename = "config/pwfile";
- protected long mFileLastRead = 0;
+ protected long mFileLastRead = 0;
protected String mKeyAttributes = "UID";
protected String mAuthAttrs = "PWD";
protected boolean mDeferOnFailure = true;
private static final String DATE_PATTERN = "yyyy-MM-dd-HH-mm-ss";
- private static SimpleDateFormat mDateFormat = new SimpleDateFormat(DATE_PATTERN);
+ private static SimpleDateFormat mDateFormat = new SimpleDateFormat(
+ DATE_PATTERN);
- protected static String[] mConfigParams =
- new String[] {
- PROP_FILENAME,
- PROP_KEYATTRIBUTES,
- PROP_AUTHATTRS,
- PROP_DEFERONFAILURE
- };
+ protected static String[] mConfigParams = new String[] { PROP_FILENAME,
+ PROP_KEYATTRIBUTES, PROP_AUTHATTRS, PROP_DEFERONFAILURE };
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
PROP_FILENAME + ";string;Pathname of password file",
- PROP_KEYATTRIBUTES + ";string;Comma-separated list of attributes" +
- " which together form a unique identifier for the user",
- PROP_AUTHATTRS + ";string;Comma-separated list of attributes" +
- " which are used for further authentication",
- PROP_DEFERONFAILURE + ";boolean;if user is not found, defer the " +
- "request to the queue for manual-authentication (true), or " +
- "simply rejected the request (false)"
- };
+ PROP_KEYATTRIBUTES
+ + ";string;Comma-separated list of attributes"
+ + " which together form a unique identifier for the user",
+ PROP_AUTHATTRS + ";string;Comma-separated list of attributes"
+ + " which are used for further authentication",
+ PROP_DEFERONFAILURE
+ + ";boolean;if user is not found, defer the "
+ + "request to the queue for manual-authentication (true), or "
+ + "simply rejected the request (false)" };
return s;
}
-
+
/** name of this authentication manager instance */
protected String mName = null;
-
+
protected String FFAUTH = "FlatFileAuth";
/** name of the authentication manager plugin */
@@ -109,30 +103,31 @@ public class FlatFileAuth
/** system logger */
protected ILogger mLogger = CMS.getLogger();
-
- /** This array is created as to include all the requested attributes
- *
+
+ /**
+ * This array is created as to include all the requested attributes
+ *
*/
String[] reqCreds = null;
String[] authAttrs = null;
String[] keyAttrs = null;
- /** Hashtable of entries from Auth File. Hash index is the
- * concatenation of the attributes from matchAttributes property
+ /**
+ * Hashtable of entries from Auth File. Hash index is the concatenation of
+ * the attributes from matchAttributes property
*/
protected Hashtable entries = null;
/**
- * Get the named property
- * If the property is not set, use s as the default, and create
- * a new value for the property in the config file.
+ * Get the named property If the property is not set, use s as the default,
+ * and create a new value for the property in the config file.
*
* @param propertyName Property name
* @param s The default value of the property
*/
protected String getPropertyS(String propertyName, String s)
- throws EBaseException {
+ throws EBaseException {
String p;
try {
@@ -149,15 +144,14 @@ public class FlatFileAuth
}
/**
- * Get the named property,
- * If the property is not set, use b as the default, and create
- * a new value for the property in the config file.
+ * Get the named property, If the property is not set, use b as the default,
+ * and create a new value for the property in the config file.
*
* @param propertyName Property name
* @param b The default value of the property
*/
protected boolean getPropertyB(String propertyName, boolean b)
- throws EBaseException {
+ throws EBaseException {
boolean p;
try {
@@ -170,7 +164,7 @@ public class FlatFileAuth
}
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -198,7 +192,8 @@ public class FlatFileAuth
print("mAuthAttrs = " + mAuthAttrs);
for (int i = 0; i < stringArrays.length; i++) {
for (int j = 0; j < stringArrays[i].length; j++) {
- print("stringArrays[" + i + "][" + j + "] = " + stringArrays[i][j]);
+ print("stringArrays[" + i + "][" + j + "] = "
+ + stringArrays[i][j]);
}
}
@@ -207,35 +202,40 @@ public class FlatFileAuth
mFileLastRead = file.lastModified();
entries = readFile(file, keyAttrs);
- CMS.debug("FlatFileAuth: " + CMS.getLogMessage("CMS_AUTH_READ_ENTRIES", mFilename));
+ CMS.debug("FlatFileAuth: "
+ + CMS.getLogMessage("CMS_AUTH_READ_ENTRIES", mFilename));
// printAllEntries();
} catch (IOException e) {
- throw new EBaseException(mName + " authentication: Could not open file " + mFilename + " (" + e.getMessage() + ")");
+ throw new EBaseException(mName
+ + " authentication: Could not open file " + mFilename
+ + " (" + e.getMessage() + ")");
} catch (java.lang.StringIndexOutOfBoundsException ee) {
- CMS.debug("FlatFileAuth: " + CMS.getLogMessage("OPERATION_ERROR", ee.toString()));
+ CMS.debug("FlatFileAuth: "
+ + CMS.getLogMessage("OPERATION_ERROR", ee.toString()));
}
}
/**
* Log a message.
+ *
* @param level The logging level.
* @param msg The message to log.
*/
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
+ msg);
}
-
+
void print(String s) {
CMS.debug("FlatFileAuth: " + s);
}
/**
- * Return a string array which is the union of all the string arrays
- * passed in. The strings are treated as case sensitive
+ * Return a string array which is the union of all the string arrays passed
+ * in. The strings are treated as case sensitive
*/
public String[] unionOfStrings(String[][] stringArrays) {
@@ -257,12 +257,11 @@ public class FlatFileAuth
s[i] = (String) e.nextElement();
}
return s;
-
+
}
-
+
/**
- * Split a comma-delimited String into an array of individual
- * Strings.
+ * Split a comma-delimited String into an array of individual Strings.
*/
private String[] splitOnComma(String s) {
print("Splitting String: " + s + " on commas");
@@ -282,8 +281,8 @@ public class FlatFileAuth
}
/**
- * Join an array of Strings into one string, with
- * the specified string between each string
+ * Join an array of Strings into one string, with the specified string
+ * between each string
*/
private String joinStringArray(String[] s, String sep) {
@@ -298,9 +297,9 @@ public class FlatFileAuth
return sb.toString();
}
- private synchronized void updateFile (String key) {
+ private synchronized void updateFile(String key) {
try {
- String name = writeFile (key);
+ String name = writeFile(key);
if (name != null) {
File orgFile = new File(mFilename);
long lastModified = orgFile.lastModified();
@@ -310,23 +309,28 @@ public class FlatFileAuth
} else {
mFileLastRead = newFile.lastModified();
}
- if (orgFile.renameTo(new File(name.substring(0, name.length()-1)))) {
+ if (orgFile.renameTo(new File(name.substring(0,
+ name.length() - 1)))) {
if (!newFile.renameTo(new File(mFilename))) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", name, mFilename));
- File file = new File(name.substring(0, name.length()-1));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "RENAME_FILE_ERROR", name, mFilename));
+ File file = new File(name.substring(0,
+ name.length() - 1));
file.renameTo(new File(mFilename));
}
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", mFilename,
- name.substring(0, name.length()-1)));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "RENAME_FILE_ERROR", mFilename,
+ name.substring(0, name.length() - 1)));
}
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("FILE_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("FILE_ERROR", e.getMessage()));
}
}
- private String writeFile (String key) {
+ private String writeFile(String key) {
BufferedReader reader = null;
BufferedWriter writer = null;
String name = null;
@@ -334,9 +338,9 @@ public class FlatFileAuth
boolean done = false;
String line = null;
try {
- reader = new BufferedReader (new FileReader (mFilename));
- name = mFilename+"."+mDateFormat.format(new Date())+"~";
- writer = new BufferedWriter (new FileWriter(name));
+ reader = new BufferedReader(new FileReader(mFilename));
+ name = mFilename + "." + mDateFormat.format(new Date()) + "~";
+ writer = new BufferedWriter(new FileWriter(name));
if (reader != null && writer != null) {
while ((line = reader.readLine()) != null) {
if (commentOutNextLine) {
@@ -353,7 +357,8 @@ public class FlatFileAuth
done = true;
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("FILE_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("FILE_ERROR", e.getMessage()));
}
try {
@@ -365,7 +370,8 @@ public class FlatFileAuth
writer.close();
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("FILE_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("FILE_ERROR", e.getMessage()));
}
try {
@@ -374,43 +380,45 @@ public class FlatFileAuth
long s2 = 0;
File f1 = new File(mFilename);
File f2 = new File(name);
- if (f1.exists()) s1 = f1.length();
- if (f2.exists()) s2 = f2.length();
+ if (f1.exists())
+ s1 = f1.length();
+ if (f2.exists())
+ s2 = f2.length();
if (s1 > 0 && s2 > 0 && s2 > s1) {
done = true;
} else {
- if (f2.exists()) f2.delete();
+ if (f2.exists())
+ f2.delete();
name = null;
}
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("FILE_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("FILE_ERROR", e.getMessage()));
}
return name;
}
-
/**
- * Read a file with the following format: <p><pre>
+ * Read a file with the following format:
+ * <p>
+ *
+ * <pre>
* param1: valuea
* param2: valueb
* -blank-line-
* param1: valuec
* param2: valued
* </pre>
- *
+ *
* @param f The file to read
- * @param keys The parameters to concat together to form the hash
- * key
+ * @param keys The parameters to concat together to form the hash key
* @return a hashtable of hashtables.
*/
- protected Hashtable readFile(File f, String[] keys)
- throws IOException {
+ protected Hashtable readFile(File f, String[] keys) throws IOException {
log(ILogger.LL_INFO, "Reading file: " + f.getName());
- BufferedReader file = new BufferedReader(
- new FileReader(f)
- );
+ BufferedReader file = new BufferedReader(new FileReader(f));
String line;
Hashtable allusers = new Hashtable();
@@ -429,13 +437,14 @@ public class FlatFileAuth
entry = new Hashtable();
}
- if (colon == -1) { // no colon -> empty line signifies end of record
+ if (colon == -1) { // no colon -> empty line signifies end of record
if (!line.trim().equals("")) {
if (file != null) {
file.close();
}
- throw new IOException(FFAUTH + ": Parsing error, " +
- "colon missing from line " + linenum + " of " + f.getName());
+ throw new IOException(FFAUTH + ": Parsing error, "
+ + "colon missing from line " + linenum + " of "
+ + f.getName());
}
if (entry.size() > 0) {
putEntry(allusers, entry, keys);
@@ -457,9 +466,7 @@ public class FlatFileAuth
return allusers;
}
- private void putEntry(Hashtable allUsers,
- Hashtable entry,
- String[] keys) {
+ private void putEntry(Hashtable allUsers, Hashtable entry, String[] keys) {
if (entry == null) {
return;
}
@@ -497,22 +504,24 @@ public class FlatFileAuth
}
/**
- * Compare attributes provided by the user with those in
- * in flat file.
- *
+ * Compare attributes provided by the user with those in in flat file.
+ *
*/
- private IAuthToken doAuthentication(Hashtable user, IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
+ private IAuthToken doAuthentication(Hashtable user,
+ IAuthCredentials authCred) throws EMissingCredential,
+ EInvalidCredentials, EBaseException {
AuthToken authToken = new AuthToken(this);
for (int i = 0; i < authAttrs.length; i++) {
String ffvalue = (String) user.get(authAttrs[i]);
String uservalue = (String) authCred.get(authAttrs[i]);
- // print("checking authentication token (" + authAttrs[i] + ": " + uservalue + " against ff value: " + ffvalue);
+ // print("checking authentication token (" + authAttrs[i] + ": " +
+ // uservalue + " against ff value: " + ffvalue);
if (!ffvalue.equals(uservalue)) {
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
}
return authToken;
@@ -530,16 +539,18 @@ public class FlatFileAuth
// printAllEntries();
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("READ_FILE_ERROR", mFilename, e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("READ_FILE_ERROR", mFilename,
+ e.getMessage()));
}
}
/**
* Authenticate the request
- *
+ *
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
IAuthToken authToken = null;
String keyForUser = "";
@@ -550,11 +561,13 @@ public class FlatFileAuth
/* Find the user in our hashtable */
for (int i = 0; i < keyAttrs.length; i++) {
- print("concatenating string i=" + i + " keyAttrs[" + i + "] = " + keyAttrs[i]);
+ print("concatenating string i=" + i + " keyAttrs[" + i + "] = "
+ + keyAttrs[i]);
String credential = (String) authCred.get(keyAttrs[i]);
if (credential == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", keyAttrs[i]));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", keyAttrs[i]));
}
keyForUser = keyForUser.concat((String) authCred.get(keyAttrs[i]));
}
@@ -566,8 +579,10 @@ public class FlatFileAuth
if (user != null) {
authToken = doAuthentication(user, authCred);
} else {
- CMS.debug("FlatFileAuth: " + CMS.getLogMessage("CMS_AUTH_USER_NOT_FOUND"));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ CMS.debug("FlatFileAuth: "
+ + CMS.getLogMessage("CMS_AUTH_USER_NOT_FOUND"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
} catch (EInvalidCredentials e) {
// If defer on failure is false, then we re-throw the exception
@@ -579,7 +594,7 @@ public class FlatFileAuth
}
}
- // if a dn was specified in the password file for this user,
+ // if a dn was specified in the password file for this user,
// replace the requested dn with the one in the pwfile
if (user != null) {
String dn = (String) user.get("dn");
@@ -601,21 +616,21 @@ public class FlatFileAuth
}
/**
- * Return a list of HTTP parameters which will be taken from the
- * request posting and placed into the AuthCredentials block
- *
- * Note that this method will not be called until after the
- * init() method is called
+ * Return a list of HTTP parameters which will be taken from the request
+ * posting and placed into the AuthCredentials block
+ *
+ * Note that this method will not be called until after the init() method is
+ * called
*/
public String[] getRequiredCreds() {
print("getRequiredCreds returning: " + joinStringArray(reqCreds, ","));
return reqCreds;
-
+
}
/**
- * Returns a list of configuration parameters, so the console
- * can prompt the user when configuring.
+ * Returns a list of configuration parameters, so the console can prompt the
+ * user when configuring.
*/
public String[] getConfigParams() {
return mConfigParams;
@@ -640,7 +655,7 @@ public class FlatFileAuth
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
}
/**
@@ -666,7 +681,7 @@ public class FlatFileAuth
}
public void populate(IAuthToken token, IRequest request)
- throws EProfileException {
+ throws EProfileException {
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java
index 19bfab69..19e4f0e3 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java
@@ -17,17 +17,16 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
// java sdk imports.
import java.util.Hashtable;
import java.util.Vector;
-
/**
- * The structure stores the information of which machine is enabled for
- * the agent-initiated user enrollment, and whom agents enable this feature,
- * and the value of the timeout.
+ * The structure stores the information of which machine is enabled for the
+ * agent-initiated user enrollment, and whom agents enable this feature, and the
+ * value of the timeout.
* <P>
+ *
* @version $Revision$, $Date$
*/
public class HashAuthData extends Hashtable {
@@ -54,7 +53,7 @@ public class HashAuthData extends Hashtable {
Vector val = (Vector) get(hostname);
if (val == null) {
- val = new Vector();
+ val = new Vector();
put(hostname, val);
}
val.setElementAt(agentName, 0);
@@ -117,4 +116,3 @@ public class HashAuthData extends Hashtable {
val.setElementAt(Long.valueOf(lastLogin), 3);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
index 24a10e0a..9875b2a3 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
// ldap java sdk
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmsutil.util.Utils;
-
/**
* Hash uid/pwd directory based authentication manager
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
@@ -54,8 +52,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
public static final String CRED_FINGERPRINT = "fingerprint";
public static final String CRED_PAGEID = "pageID";
public static final String CRED_HOST = "hostname";
- protected static String[] mRequiredCreds = { CRED_UID,
- CRED_PAGEID, CRED_FINGERPRINT, CRED_HOST };
+ protected static String[] mRequiredCreds = { CRED_UID, CRED_PAGEID,
+ CRED_FINGERPRINT, CRED_HOST };
public static final long DEFAULT_TIMEOUT = 600000;
private boolean mEnable = false;
private long mTimeout = DEFAULT_TIMEOUT; // in milliseconds
@@ -71,18 +69,17 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
private ILogger mLogger = CMS.getLogger();
private static Vector mExtendedPluginInfo = null;
private HashAuthData mHosts = null;
-
- static String[] mConfigParams =
- new String[] {};
+
+ static String[] mConfigParams = new String[] {};
static {
mExtendedPluginInfo = new Vector();
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
- ";Authenticate the username and password provided " +
- "by the user against an LDAP directory. Works with the " +
- "Dir Based Enrollment HTML form");
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-authrules-uidpwddirauth");
+ mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT
+ + ";Authenticate the username and password provided "
+ + "by the user against an LDAP directory. Works with the "
+ + "Dir Based Enrollment HTML form");
+ mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-authrules-uidpwddirauth");
};
/**
@@ -91,8 +88,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
public HashAuthentication() {
}
- public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ public void init(String name, String implName, IConfigStore config)
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -102,7 +99,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
try {
mSHADigest = MessageDigest.getInstance("SHA1");
} catch (NoSuchAlgorithmException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()));
}
}
@@ -124,7 +122,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
}
public void createEntry(String host, String dn, long timeout,
- String secret, long lastLogin) {
+ String secret, long lastLogin) {
Vector v = new Vector();
v.addElement(dn);
@@ -141,7 +139,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
public String getAgentName(String hostname) {
return mHosts.getAgentName(hostname);
}
-
+
public void setAgentName(String hostname, String agentName) {
mHosts.setAgentName(hostname, agentName);
}
@@ -183,16 +181,17 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
public void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level,
+ msg);
}
- public boolean validFingerprint(String host, String pageID, String uid, String fingerprint) {
+ public boolean validFingerprint(String host, String pageID, String uid,
+ String fingerprint) {
String val = hashFingerprint(host, pageID, uid);
if (val.equals(fingerprint))
return true;
- return false;
+ return false;
}
public Enumeration getHosts() {
@@ -200,8 +199,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
}
public String hashFingerprint(String host, String pageID, String uid) {
- byte[] hash =
- mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes());
+ byte[] hash = mSHADigest.digest((SALT + pageID + getSecret(host) + uid)
+ .getBytes());
String b64E = com.netscape.osutil.OSUtil.BtoA(hash);
return "{SHA}" + b64E;
@@ -216,19 +215,20 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
* @param authCreds The authentication credentials.
* @return The user's ldap entry dn.
* @exception EInvalidCredentials If the uid and password are not valid
- * @exception EBaseException If an internal error occurs.
+ * @exception EBaseException If an internal error occurs.
*/
public IAuthToken authenticate(IAuthCredentials authCreds)
- throws EBaseException {
+ throws EBaseException {
AuthToken token = new AuthToken(this);
String fingerprint = (String) authCreds.get(CRED_FINGERPRINT);
String pageID = (String) authCreds.get(CRED_PAGEID);
String uid = (String) authCreds.get(CRED_UID);
String host = (String) authCreds.get(CRED_HOST);
- if (fingerprint.equals("") ||
- !validFingerprint(host, pageID, uid, fingerprint)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_INVALID_FINGER_PRINT"));
+ if (fingerprint.equals("")
+ || !validFingerprint(host, pageID, uid, fingerprint)) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_INVALID_FINGER_PRINT"));
throw new EAuthException("Invalid Fingerprint");
}
@@ -240,6 +240,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
/**
* Returns array of required credentials for this authentication manager.
+ *
* @return Array of required credentials.
*/
public String[] getRequiredCreds() {
@@ -248,6 +249,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
/**
* Gets the configuration substore used by this authentication manager
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -276,14 +278,13 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
return (mConfigParams);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
index 56c8739a..74a5392a 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
// ldap java sdk
import java.util.Enumeration;
import java.util.Locale;
@@ -49,26 +48,25 @@ import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.ldap.ILdapConnFactory;
import com.netscape.certsrv.logging.ILogger;
-
/**
* uid/pwd directory based authentication manager
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class PortalEnroll extends DirBasedAuthentication {
/* configuration parameter keys */
- protected static final String PROP_LDAPAUTH = "ldapauth";
- protected static final String PROP_AUTHTYPE = "authtype";
- protected static final String PROP_BINDDN = "bindDN";
- protected static final String PROP_BINDPW = "bindPW";
- protected static final String PROP_LDAPCONN = "ldapconn";
- protected static final String PROP_HOST = "host";
- protected static final String PROP_PORT = "port";
- protected static final String PROP_SECURECONN = "secureConn";
- protected static final String PROP_VERSION = "version";
- protected static final String PROP_OBJECTCLASS = "objectclass";
+ protected static final String PROP_LDAPAUTH = "ldapauth";
+ protected static final String PROP_AUTHTYPE = "authtype";
+ protected static final String PROP_BINDDN = "bindDN";
+ protected static final String PROP_BINDPW = "bindPW";
+ protected static final String PROP_LDAPCONN = "ldapconn";
+ protected static final String PROP_HOST = "host";
+ protected static final String PROP_PORT = "port";
+ protected static final String PROP_SECURECONN = "secureConn";
+ protected static final String PROP_VERSION = "version";
+ protected static final String PROP_OBJECTCLASS = "objectclass";
/* required credentials to authenticate. uid and pwd are strings. */
public static final String CRED_UID = "uid";
@@ -80,83 +78,77 @@ public class PortalEnroll extends DirBasedAuthentication {
private String mObjectClass = null;
private String mBindDN = null;
private String mBaseDN = null;
- private ILdapConnFactory mLdapFactory = null;
- private LDAPConnection mLdapConn = null;
+ private ILdapConnFactory mLdapFactory = null;
+ private LDAPConnection mLdapConn = null;
// contains all nested superiors' required attrs in the form of a
- // vector of "required" attributes in Enumeration
+ // vector of "required" attributes in Enumeration
Vector mRequiredAttrs = null;
-
+
// contains all nested superiors' optional attrs in the form of a
- // vector of "optional" attributes in Enumeration
+ // vector of "optional" attributes in Enumeration
Vector mOptionalAttrs = null;
// contains all the objclasses, including superiors and itself
Vector mObjClasses = null;
-
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+
+ /*
+ * Holds configuration parameters accepted by this implementation. This list
+ * is passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] {
- PROP_DNPATTERN,
- "ldap.ldapconn.host",
- "ldap.ldapconn.port",
- "ldap.ldapconn.secureConn",
- "ldap.ldapconn.version",
- "ldap.ldapauth.bindDN",
- "ldap.ldapauth.bindPWPrompt",
- "ldap.ldapauth.clientCertNickname",
- "ldap.ldapauth.authtype",
- "ldap.basedn",
- "ldap.objectclass",
- "ldap.minConns",
- "ldap.maxConns",
- };
-
+ protected static String[] mConfigParams = new String[] { PROP_DNPATTERN,
+ "ldap.ldapconn.host", "ldap.ldapconn.port",
+ "ldap.ldapconn.secureConn", "ldap.ldapconn.version",
+ "ldap.ldapauth.bindDN", "ldap.ldapauth.bindPWPrompt",
+ "ldap.ldapauth.clientCertNickname", "ldap.ldapauth.authtype",
+ "ldap.basedn", "ldap.objectclass", "ldap.minConns",
+ "ldap.maxConns", };
+
/**
* Default constructor, initialization must follow.
*/
- public PortalEnroll()
- throws EBaseException {
+ public PortalEnroll() throws EBaseException {
super();
}
/**
* Initializes the PortalEnrollment auth manager.
* <p>
+ *
* @param name - The name for this authentication manager instance.
* @param implName - The name of the authentication manager plugin.
* @param config - The configuration store for this instance.
* @exception EBaseException If an error occurs during initialization.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
super.init(name, implName, config);
-
+
/* Get Bind DN for directory server */
mConfig = mLdapConfig.getSubStore(PROP_LDAPAUTH);
mBindDN = mConfig.getString(PROP_BINDDN);
- if ( (mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == ""))
- throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "binddn"));
-
- /* Get Bind DN for directory server */
+ if ((mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == ""))
+ throw new EPropertyNotFound(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", "binddn"));
+
+ /* Get Bind DN for directory server */
mBaseDN = mLdapConfig.getString(PROP_BASEDN);
if ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN == ""))
- throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
-
- /* Get Object clase name for enrollment */
+ throw new EPropertyNotFound(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
+
+ /* Get Object clase name for enrollment */
mObjectClass = mLdapConfig.getString(PROP_OBJECTCLASS);
- if (mObjectClass == null || mObjectClass.length() == 0)
- throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "objectclass"));
+ if (mObjectClass == null || mObjectClass.length() == 0)
+ throw new EPropertyNotFound(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", "objectclass"));
- /* Get connect parameter */
+ /* Get connect parameter */
mLdapFactory = CMS.getLdapBoundConnFactory();
mLdapFactory.init(mLdapConfig);
mLdapConn = mLdapFactory.getConn();
-
+
log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_PORTAL_INIT"));
}
@@ -166,48 +158,53 @@ public class PortalEnroll extends DirBasedAuthentication {
* @param authCreds The authentication credentials.
* @return The user's ldap entry dn.
* @exception EInvalidCredentials If the uid and password are not valid
- * @exception EBaseException If an internal error occurs.
+ * @exception EBaseException If an internal error occurs.
*/
- protected String authenticate(LDAPConnection conn,
- IAuthCredentials authCreds,
- AuthToken token)
- throws EBaseException {
+ protected String authenticate(LDAPConnection conn,
+ IAuthCredentials authCreds, AuthToken token) throws EBaseException {
String uid = null;
String pwd = null;
String dn = null;
argblk = authCreds.getArgBlock();
-
+
// authenticate by binding to ldap server with password.
try {
// get the uid.
uid = (String) authCreds.get(CRED_UID);
if (uid == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
}
-
+
// get the password.
pwd = (String) authCreds.get(CRED_PWD);
if (pwd == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
}
if (pwd.equals("")) {
// anonymous binding not allowed
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// get user dn.
- LDAPSearchResults res = conn.search(mBaseDN,
- LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
+ LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
+ "(uid=" + uid + ")", null, false);
if (res.hasMoreElements()) {
LDAPEntry entry = (LDAPEntry) res.nextElement();
- throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "UID already exists."));
+ throw new EAuthUserError(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE",
+ "UID already exists."));
} else {
dn = regist(token, uid);
- if (dn == null)
- throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE","Could not add user " + uid + "."));
+ if (dn == null)
+ throw new EAuthUserError(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE",
+ "Could not add user " + uid + "."));
}
// bind as user dn and pwd - authenticates user with pwd.
@@ -217,47 +214,57 @@ public class PortalEnroll extends DirBasedAuthentication {
token.set(CRED_UID, uid);
log(ILogger.LL_INFO, "portal authentication is done");
-
+
return dn;
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR", e.toString()));
throw e;
} catch (LDAPException e) {
switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- case LDAPException.LDAP_PARTIAL_RESULTS:
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort())));
- throw new
- EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail."));
+ case LDAPException.NO_SUCH_OBJECT:
+ case LDAPException.LDAP_PARTIAL_RESULTS:
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR",
+ conn.getHost(),
+ Integer.toString(conn.getPort())));
+ throw new EAuthInternalError(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR",
+ "Check Configuration detail."));
case LDAPException.INVALID_CREDENTIALS:
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
case LDAPException.SERVER_DOWN:
log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_SERVER_DOWN"));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
- default:
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
- e.errorCodeToString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
+
+ default:
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_OTHER_LDAP_EXCEPTION", e.errorCodeToString()));
}
} catch (EBaseException e) {
- if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_MAKE_DN_ERROR", e.toString()));
+ if (e.getMessage().equalsIgnoreCase(
+ CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_MAKE_DN_ERROR",
+ e.toString()));
throw e;
- }
+ }
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
@@ -266,44 +273,49 @@ public class PortalEnroll extends DirBasedAuthentication {
public String[] getExtendedPluginInfo(Locale locale) {
String[] s = {
- PROP_DNPATTERN + ";string;Template for cert" +
- " Subject Name. ($dn.xxx - get value from user's LDAP " +
- "DN. $attr.yyy - get value from LDAP attributes in " +
- "user's entry.) Default: " + DEFAULT_DNPATTERN,
- "ldap.ldapconn.host;string,required;" + "LDAP host to connect to",
- "ldap.ldapconn.port;number,required;" + "LDAP port number (default 389, or 636 if SSL)",
+ PROP_DNPATTERN
+ + ";string;Template for cert"
+ + " Subject Name. ($dn.xxx - get value from user's LDAP "
+ + "DN. $attr.yyy - get value from LDAP attributes in "
+ + "user's entry.) Default: " + DEFAULT_DNPATTERN,
+ "ldap.ldapconn.host;string,required;"
+ + "LDAP host to connect to",
+ "ldap.ldapconn.port;number,required;"
+ + "LDAP port number (default 389, or 636 if SSL)",
"ldap.objectclass;string,required;SEE DOCUMENTATION for Object Class. "
- + "Default is inetOrgPerson.",
- "ldap.ldapconn.secureConn;boolean;" + "Use SSL to connect to directory?",
+ + "Default is inetOrgPerson.",
+ "ldap.ldapconn.secureConn;boolean;"
+ + "Use SSL to connect to directory?",
"ldap.ldapconn.version;choice(3,2);" + "LDAP protocol version",
"ldap.ldapauth.bindDN;string,required;DN to bind as for Directory Manager. "
- + "For example 'CN=Directory Manager'",
- "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
- "the above user",
+ + "For example 'CN=Directory Manager'",
+ "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as "
+ + "the above user",
"ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth);"
- + "How to bind to the directory (for pin removal only)",
+ + "How to bind to the directory (for pin removal only)",
"ldap.ldapauth.clientCertNickname;string;If you want to use "
- + "SSL client auth to the directory, set the client "
- + "cert nickname here",
- "ldap.basedn;string,required;Base DN to start searching " +
- "under. If your user's DN is 'uid=jsmith, o=company', you " +
- "might want to use 'o=company' here",
- "ldap.minConns;number;number of connections " +
- "to keep open to directory server",
- "ldap.maxConns;number;when needed, connection " +
- "pool can grow to this many connections",
- IExtendedPluginInfo.HELP_TEXT +
- ";This authentication plugin checks to see if a user " +
- "exists in the directory. If not, then the user is created " +
- "with the requested password.",
- IExtendedPluginInfo.HELP_TOKEN + ";configuration-authrules-portalauth"
- };
-
+ + "SSL client auth to the directory, set the client "
+ + "cert nickname here",
+ "ldap.basedn;string,required;Base DN to start searching "
+ + "under. If your user's DN is 'uid=jsmith, o=company', you "
+ + "might want to use 'o=company' here",
+ "ldap.minConns;number;number of connections "
+ + "to keep open to directory server",
+ "ldap.maxConns;number;when needed, connection "
+ + "pool can grow to this many connections",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This authentication plugin checks to see if a user "
+ + "exists in the directory. If not, then the user is created "
+ + "with the requested password.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-authrules-portalauth" };
+
return s;
}
/**
* Returns array of required credentials for this authentication manager.
+ *
* @return Array of required credentials.
*/
public String[] getRequiredCreds() {
@@ -312,6 +324,7 @@ public class PortalEnroll extends DirBasedAuthentication {
/**
* adds a user to the directory.
+ *
* @return dn upon success and null upon failure.
* @param token authentication token
* @param uid the user's id.
@@ -321,7 +334,7 @@ public class PortalEnroll extends DirBasedAuthentication {
/* Specify the attributes of the entry */
Vector objectclass_values = null;
-
+
LDAPAttributeSet attrs = new LDAPAttributeSet();
LDAPAttribute attr = new LDAPAttribute("objectclass");
@@ -334,14 +347,17 @@ public class PortalEnroll extends DirBasedAuthentication {
try {
- /* Construct a new LDAPSchema object to hold
- the schema that you want to retrieve. */
+ /*
+ * Construct a new LDAPSchema object to hold the schema that you
+ * want to retrieve.
+ */
dirSchema = new LDAPSchema();
/* Get the schema from the Directory. Anonymous access okay. */
dirSchema.fetchSchema(mLdapConn);
} catch (LDAPException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
}
// complete mRequiredAttrs, mOptionalAttrs, and mObjClasses
initLdapAttrs(dirSchema, mObjectClass);
@@ -367,9 +383,10 @@ public class PortalEnroll extends DirBasedAuthentication {
try {
attrval = (String) argblk.getValueAsString(attrname);
} catch (EBaseException e) {
- if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
+ if (e.getMessage().equalsIgnoreCase(
+ CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
continue;
- }
+ }
CMS.debug("PortalEnroll: " + attrname + " = " + attrval);
attrs.add(new LDAPAttribute(attrname, attrval));
@@ -386,17 +403,18 @@ public class PortalEnroll extends DirBasedAuthentication {
while (attrnames.hasMoreElements()) {
String attrname = (String) attrnames.nextElement();
String attrval = null;
-
+
CMS.debug("PortalEnroll: attrname is: " + attrname);
try {
attrval = (String) argblk.getValueAsString(attrname);
} catch (EBaseException e) {
- if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
+ if (e.getMessage().equalsIgnoreCase(
+ CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
continue;
- }
+ }
CMS.debug("PortalEnroll: " + attrname + " = " + attrval);
if (attrval != null) {
- attrs.add(new LDAPAttribute(attrname, attrval));
+ attrs.add(new LDAPAttribute(attrname, attrval));
}
}
}
@@ -410,22 +428,24 @@ public class PortalEnroll extends DirBasedAuthentication {
mLdapConn.add(entry);
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
} else
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
return null;
}
log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_REGISTRATION_DONE"));
-
+
return dn;
}
/*
- * get the superiors of "inetOrgPerson" so the "required
- * attributes", "optional qttributes", and "object classes" are complete;
- * should build up
- * mRequiredAttrs, mOptionalAttrs, and mObjClasses when returned
+ * get the superiors of "inetOrgPerson" so the "required
+ * attributes", "optional qttributes", and "object classes" are complete;
+ * should build up mRequiredAttrs, mOptionalAttrs, and mObjClasses when
+ * returned
*/
public void initLdapAttrs(LDAPSchema dirSchema, String oclass) {
CMS.debug("PortalEnroll: in initLdapAttrsAttrs");
@@ -448,7 +468,8 @@ public class PortalEnroll extends DirBasedAuthentication {
CMS.debug("PortalEnroll: getting superiors for: " + oclass);
String superiors[] = objClass.getSuperiors();
- CMS.debug("PortalEnroll: got superiors, superiors.length=" + superiors.length);
+ CMS.debug("PortalEnroll: got superiors, superiors.length="
+ + superiors.length);
if (superiors.length == 0)
return;
for (int i = 0; i < superiors.length; i++) {
@@ -457,8 +478,8 @@ public class PortalEnroll extends DirBasedAuthentication {
initLdapAttrs(dirSchema, superiors[i]);
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
index 1f21bc1d..c5aeee7c 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
import java.io.IOException;
import java.io.PushbackReader;
import java.io.StringReader;
@@ -29,24 +28,27 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.EAuthException;
import com.netscape.certsrv.base.EBaseException;
-
/**
- * class for parsing a DN pattern used to construct a certificate
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate subject name
+ * from ldap attributes and dn.
+ * <p>
*
- * dnpattern is a string representing a subject name pattern to formulate from
- * the directory attributes and entry dn. If empty or not set, the
- * ldap entry DN will be used as the certificate subject name. <p>
+ * dnpattern is a string representing a subject name pattern to formulate from
+ * the directory attributes and entry dn. If empty or not set, the ldap entry DN
+ * will be used as the certificate subject name.
+ * <p>
+ *
+ * The syntax is
*
- * The syntax is
* <pre>
- * dnPattern := rdnPattern *[ "," rdnPattern ]
- * rdnPattern := avaPattern *[ "+" avaPattern ]
+ * dnPattern := rdnPattern *[ "," rdnPattern ]
+ * rdnPattern := avaPattern *[ "+" avaPattern ]
* avaPattern := name "=" value |
- * name "=" "$attr" "." attrName [ "." attrNumber ] |
- * name "=" "$dn" "." attrName [ "." attrNumber ] |
- * "$dn" "." "$rdn" "." number
+ * name "=" "$attr" "." attrName [ "." attrNumber ] |
+ * name "=" "$dn" "." attrName [ "." attrNumber ] |
+ * "$dn" "." "$rdn" "." number
* </pre>
+ *
* <pre>
* Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
* Ldap entry: dn: UID=jjames, OU=IS, OU=people, O=acme.org
@@ -73,11 +75,12 @@ import com.netscape.certsrv.base.EBaseException;
* E = the first 'mail' ldap attribute value in user's entry. <br>
* CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
* OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- * in a RDN in this example. <br>
+ * in a RDN in this example. <br>
* O = the (first) 'o' value in the user's entry DN. <br>
* C = the string "US"
* <p>
* </pre>
+ *
* <pre>
* Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
* Ldap entry: dn: UID=jjames, OU=IS+OU=people, O=acme.org
@@ -102,15 +105,16 @@ import com.netscape.certsrv.base.EBaseException;
* <p>
* CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
* OU = the second 'ou' value in the user's entry DN followed by the
- * first 'ou' value in the user's entry. note multiple AVAs
- * in a RDN in this example. <br>
+ * first 'ou' value in the user's entry. note multiple AVAs
+ * in a RDN in this example. <br>
* O = the (first) 'o' value in the user's entry DN. <br>
* C = the string "US"
* <p>
* </pre>
- * If an attribute or subject DN component does not exist the attribute
- * is skipped.
- *
+ *
+ * If an attribute or subject DN component does not exist the attribute is
+ * skipped.
+ *
* @version $Revision$, $Date$
*/
class RDNPattern {
@@ -126,15 +130,15 @@ class RDNPattern {
protected String mTestDN = null;
- /**
+ /**
* Construct a DN pattern by parsing a pattern string.
+ *
* @param pattenr the DN pattern
- * @exception EBaseException If parsing error occurs.
+ * @exception EBaseException If parsing error occurs.
*/
- public RDNPattern(String pattern)
- throws EAuthException {
+ public RDNPattern(String pattern) throws EAuthException {
if (pattern == null || pattern.equals("")) {
- // create an attribute list that is the dn.
+ // create an attribute list that is the dn.
mLdapAttrs = new String[] { "dn" };
} else {
mPatternString = pattern;
@@ -145,16 +149,14 @@ class RDNPattern {
}
/**
- * Construct a DN pattern from a input stream of pattern
+ * Construct a DN pattern from a input stream of pattern
*/
- public RDNPattern(PushbackReader in)
- throws EAuthException {
+ public RDNPattern(PushbackReader in) throws EAuthException {
parse(in);
}
- private void parse(PushbackReader in)
- throws EAuthException {
- //System.out.println("_________ begin rdn _________");
+ private void parse(PushbackReader in) throws EAuthException {
+ // System.out.println("_________ begin rdn _________");
Vector avaPatterns = new Vector();
AVAPattern avaPattern = null;
int lastChar;
@@ -162,24 +164,25 @@ class RDNPattern {
do {
avaPattern = new AVAPattern(in);
avaPatterns.addElement(avaPattern);
- //System.out.println("added AVAPattern"+
- //" mType "+avaPattern.mType+
- //" mAttr "+avaPattern.mAttr+
- //" mValue "+avaPattern.mValue+
- //" mElement "+avaPattern.mElement);
- try {
- lastChar = in.read();
+ // System.out.println("added AVAPattern"+
+ // " mType "+avaPattern.mType+
+ // " mAttr "+avaPattern.mAttr+
+ // " mValue "+avaPattern.mValue+
+ // " mElement "+avaPattern.mElement);
+ try {
+ lastChar = in.read();
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
- }
- while (lastChar == '+');
+ } while (lastChar == '+');
if (lastChar != -1) {
try {
- in.unread(lastChar); // pushback last ,
+ in.unread(lastChar); // pushback last ,
} catch (IOException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
}
}
@@ -191,7 +194,7 @@ class RDNPattern {
for (int i = 0; i < mAVAPatterns.length; i++) {
String avaAttr = mAVAPatterns[i].getLdapAttr();
- if (avaAttr == null || avaAttr.length() == 0)
+ if (avaAttr == null || avaAttr.length() == 0)
continue;
ldapAttrs.addElement(avaAttr);
}
@@ -201,15 +204,15 @@ class RDNPattern {
/**
* Form a Ldap v3 DN string from results of a ldap search.
+ *
* @param entry LDAPentry from a ldap search
- * @return Ldap v3 DN string to use for a subject name.
+ * @return Ldap v3 DN string to use for a subject name.
*/
- public String formRDN(LDAPEntry entry)
- throws EAuthException {
+ public String formRDN(LDAPEntry entry) throws EAuthException {
StringBuffer formedRDN = new StringBuffer();
for (int i = 0; i < mAVAPatterns.length; i++) {
- if (mTestDN != null)
+ if (mTestDN != null)
mAVAPatterns[i].mTestDN = mTestDN;
String ava = mAVAPatterns[i].formAVA(entry);
@@ -219,7 +222,7 @@ class RDNPattern {
formedRDN.append(ava);
}
}
- //System.out.println("formed RDN "+formedRDN.toString());
+ // System.out.println("formed RDN "+formedRDN.toString());
return formedRDN.toString();
}
diff --git a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
index 3092d00a..00bf88c3 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -47,15 +46,14 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.usrgrp.Certificates;
-
/**
- * Certificate server SSL client authentication.
- *
+ * Certificate server SSL client authentication.
+ *
* @author Christina Fu
- * <P>
- *
+ * <P>
+ *
*/
-public class SSLclientCertAuthentication implements IAuthManager,
+public class SSLclientCertAuthentication implements IAuthManager,
IProfileAuthenticator {
/* result auth token attributes */
@@ -86,19 +84,20 @@ public class SSLclientCertAuthentication implements IAuthManager,
/**
* initializes the SSLClientCertAuthentication auth manager
* <p>
- * called by AuthSubsystem init() method, when initializing
- * all available authentication managers.
+ * called by AuthSubsystem init() method, when initializing all available
+ * authentication managers.
+ *
* @param name The name of this authentication manager instance.
* @param implName The name of the authentication manager plugin.
* @param config The configuration store for this authentication manager.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
}
-
+
/**
* Gets the name of this authentication manager.
*/
@@ -112,7 +111,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
public String getImplName() {
return mImplName;
}
-
+
public boolean isSSLClientRequired() {
return true;
}
@@ -120,33 +119,34 @@ public class SSLclientCertAuthentication implements IAuthManager,
/**
* authenticates user by certificate
* <p>
- * called by other subsystems or their servlets to authenticate
- * users
- * @param authCred - authentication credential that contains
- * an usrgrp.Certificates of the user (agent)
+ * called by other subsystems or their servlets to authenticate users
+ *
+ * @param authCred - authentication credential that contains an
+ * usrgrp.Certificates of the user (agent)
* @return the authentication token that contains the following
- *
+ *
* @exception EMissingCredential If a required credential for this
- * authentication manager is missing.
+ * authentication manager is missing.
* @exception EInvalidCredentials If credentials cannot be authenticated.
* @exception EBaseException If an internal error occurred.
* @see com.netscape.certsrv.authentication.AuthToken
* @see com.netscape.certsrv.usrgrp.Certificates
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
-
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
+
CMS.debug("SSLclientCertAuthentication: start");
- CMS.debug("authenticator instance name is "+getName());
+ CMS.debug("authenticator instance name is " + getName());
// force SSL handshake
SessionContext context = SessionContext.getExistingContext();
- ISSLClientCertProvider provider = (ISSLClientCertProvider)
- context.get("sslClientCertProvider");
+ ISSLClientCertProvider provider = (ISSLClientCertProvider) context
+ .get("sslClientCertProvider");
if (provider == null) {
CMS.debug("SSLclientCertAuthentication: No SSL Client Cert Provider Found");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
CMS.debug("SSLclientCertAuthentication: got provider");
CMS.debug("SSLclientCertAuthentication: retrieving client certificate");
@@ -154,7 +154,8 @@ public class SSLclientCertAuthentication implements IAuthManager,
if (allCerts == null) {
CMS.debug("SSLclientCertAuthentication: No SSL Client Certs Found");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
CMS.debug("SSLclientCertAuthentication: got certificates");
@@ -173,7 +174,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
// find out which one is the leaf cert
clientCert = ci[i];
- byte [] extBytes = clientCert.getExtensionValue("2.5.29.19");
+ byte[] extBytes = clientCert.getExtensionValue("2.5.29.19");
// try to see if this is a leaf cert
// look for BasicConstraint extension
if (extBytes == null) {
@@ -186,42 +187,46 @@ public class SSLclientCertAuthentication implements IAuthManager,
// so it's not likely to be a leaf cert,
// however, check the isCA field regardless
try {
- BasicConstraintsExtension bce =
- new BasicConstraintsExtension(true, extBytes);
- if (bce != null) {
- if (!(Boolean)bce.get("is_ca")) {
- CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain");
- break;
- } // else found a ca cert, continue
- }
- } catch (Exception e) {
- CMS.debug("SSLclientCertAuthentication: authenticate: exception:"+
- e.toString());
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
- }
- }
+ BasicConstraintsExtension bce = new BasicConstraintsExtension(
+ true, extBytes);
+ if (bce != null) {
+ if (!(Boolean) bce.get("is_ca")) {
+ CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain");
+ break;
+ } // else found a ca cert, continue
+ }
+ } catch (Exception e) {
+ CMS.debug("SSLclientCertAuthentication: authenticate: exception:"
+ + e.toString());
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ }
+ }
}
if (clientCert == null) {
- CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found");
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
} catch (CertificateException e) {
CMS.debug(e.toString());
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// check if certificate(s) is revoked
boolean checkRevocation = true;
try {
- checkRevocation = mConfig.getBoolean("checkRevocation", true);
+ checkRevocation = mConfig.getBoolean("checkRevocation", true);
} catch (EBaseException e) {
- // do nothing; default to true
+ // do nothing; default to true
}
if (checkRevocation) {
- if (CMS.isRevoked(ci)) {
- CMS.debug("SSLclientCertAuthentication: certificate revoked");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
- }
+ if (CMS.isRevoked(ci)) {
+ CMS.debug("SSLclientCertAuthentication: certificate revoked");
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ }
}
Certificates certs = new Certificates(ci);
Principal p_dn = clientCert.getSubjectDN();
@@ -232,13 +237,13 @@ public class SSLclientCertAuthentication implements IAuthManager,
authToken.set(TOKEN_UID, uid);
authToken.set(TOKEN_USERID, uid);
}
-/*
- authToken.set(TOKEN_USER_DN, user.getUserDN());
- authToken.set(TOKEN_USERID, user.getUserID());
- authToken.set(TOKEN_UID, user.getUserID());
- authToken.set(TOKEN_GROUP, groupname);
-*/
- authToken.set(CRED_CERT, certs);
+ /*
+ * authToken.set(TOKEN_USER_DN, user.getUserDN());
+ * authToken.set(TOKEN_USERID, user.getUserID());
+ * authToken.set(TOKEN_UID, user.getUserID());
+ * authToken.set(TOKEN_GROUP, groupname);
+ */
+ authToken.set(CRED_CERT, certs);
CMS.debug("SSLclientCertAuthentication: authenticated ");
@@ -257,7 +262,8 @@ public class SSLclientCertAuthentication implements IAuthManager,
String n = t.substring(0, i);
if (n.equalsIgnoreCase("uid")) {
String v = t.substring(i + 1);
- CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:"+v);
+ CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:"
+ + v);
return v;
} else {
continue;
@@ -267,11 +273,12 @@ public class SSLclientCertAuthentication implements IAuthManager,
}
/**
- * get the list of authentication credential attribute names
- * required by this authentication manager. Generally used by
- * the servlets that handle agent operations to authenticate its
- * users. It calls this method to know which are the
- * required credentials from the user (e.g. Javascript form data)
+ * get the list of authentication credential attribute names required by
+ * this authentication manager. Generally used by the servlets that handle
+ * agent operations to authenticate its users. It calls this method to know
+ * which are the required credentials from the user (e.g. Javascript form
+ * data)
+ *
* @return attribute names in Vector
*/
public String[] getRequiredCreds() {
@@ -279,15 +286,15 @@ public class SSLclientCertAuthentication implements IAuthManager,
}
/**
- * get the list of configuration parameter names
- * required by this authentication manager. Generally used by
- * the Certificate Server Console to display the table for
- * configuration purposes. CertUserDBAuthentication is currently not
- * exposed in this case, so this method is not to be used.
- * @return configuration parameter names in Hashtable of Vectors
- * where each hashtable entry's key is the substore name, value is a
- * Vector of parameter names. If no substore, the parameter name
- * is the Hashtable key itself, with value same as key.
+ * get the list of configuration parameter names required by this
+ * authentication manager. Generally used by the Certificate Server Console
+ * to display the table for configuration purposes. CertUserDBAuthentication
+ * is currently not exposed in this case, so this method is not to be used.
+ *
+ * @return configuration parameter names in Hashtable of Vectors where each
+ * hashtable entry's key is the substore name, value is a Vector of
+ * parameter names. If no substore, the parameter name is the
+ * Hashtable key itself, with value same as key.
*/
public String[] getConfigParams() {
return (mConfigParams);
@@ -300,8 +307,8 @@ public class SSLclientCertAuthentication implements IAuthManager,
}
/**
- * gets the configuretion substore used by this authentication
- * manager
+ * gets the configuretion substore used by this authentication manager
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -311,7 +318,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
// Profile-related methods
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
}
/**
@@ -340,15 +347,14 @@ public class SSLclientCertAuthentication implements IAuthManager,
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
return null;
}
public void populate(IAuthToken token, IRequest request)
- throws EProfileException {
+ throws EProfileException {
request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
token.getInString(TOKEN_USERDN));
request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
diff --git a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java
index 8b0a7b9b..7a0784c5 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java
@@ -26,7 +26,7 @@ import com.netscape.certsrv.authentication.ISharedToken;
public class SharedSecret implements ISharedToken {
public SharedSecret() {
- }
+ }
public String getSharedToken(PKIData cmcdata) {
return "testing";
diff --git a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
index bb393767..39084395 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
@@ -46,14 +46,12 @@ import com.netscape.cmsutil.http.JssSSLSocketFactory;
import com.netscape.cmsutil.xml.XMLObject;
/**
- * Token authentication.
- * Checked if the given token is valid.
+ * Token authentication. Checked if the given token is valid.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
-public class TokenAuthentication implements IAuthManager,
- IProfileAuthenticator {
+public class TokenAuthentication implements IAuthManager, IProfileAuthenticator {
/* result auth token attributes */
public static final String TOKEN_UID = "uid";
@@ -79,21 +77,22 @@ public class TokenAuthentication implements IAuthManager,
/**
* initializes the TokenAuthentication auth manager
* <p>
- * called by AuthSubsystem init() method, when initializing
- * all available authentication managers.
+ * called by AuthSubsystem init() method, when initializing all available
+ * authentication managers.
+ *
* @param name The name of this authentication manager instance.
* @param implName The name of the authentication manager plugin.
* @param config The configuration store for this authentication manager.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
}
-
+
/**
* Gets the name of this authentication manager.
*/
@@ -107,7 +106,7 @@ public class TokenAuthentication implements IAuthManager,
public String getImplName() {
return mImplName;
}
-
+
public boolean isSSLClientRequired() {
return false;
}
@@ -115,21 +114,22 @@ public class TokenAuthentication implements IAuthManager,
/**
* authenticates user(agent) by certificate
* <p>
- * called by other subsystems or their servlets to authenticate
- * users (agents)
- * @param authCred - authentication credential that contains
- * an usrgrp.Certificates of the user (agent)
+ * called by other subsystems or their servlets to authenticate users
+ * (agents)
+ *
+ * @param authCred - authentication credential that contains an
+ * usrgrp.Certificates of the user (agent)
* @return the authentication token that contains the following
- * @exception EMissingCredential If a required credential for this
- * authentication manager is missing.
+ * @exception EMissingCredential If a required credential for this
+ * authentication manager is missing.
* @exception EInvalidCredentials If credentials cannot be authenticated.
* @exception EBaseException If an internal error occurred.
* @see com.netscape.certsrv.authentication.AuthToken
* @see com.netscape.certsrv.usrgrp.Certificates
*/
public IAuthToken authenticate(IAuthCredentials authCred)
- throws EMissingCredential, EInvalidCredentials, EBaseException {
-
+ throws EMissingCredential, EInvalidCredentials, EBaseException {
+
CMS.debug("TokenAuthentication: start");
// force SSL handshake
@@ -141,8 +141,8 @@ public class TokenAuthentication implements IAuthManager,
// get group name from configuration file
IConfigStore sconfig = CMS.getConfigStore();
- String sessionId = (String)authCred.get(CRED_SESSION_ID);
- String givenHost = (String)authCred.get("clientHost");
+ String sessionId = (String) authCred.get(CRED_SESSION_ID);
+ String givenHost = (String) authCred.get("clientHost");
String auth_host = sconfig.getString("securitydomain.host");
int auth_port = sconfig.getInteger("securitydomain.httpseeport");
@@ -151,7 +151,8 @@ public class TokenAuthentication implements IAuthManager,
try {
JssSSLSocketFactory factory = new JssSSLSocketFactory();
httpclient = new HttpClient(factory);
- String content = CRED_SESSION_ID+"="+sessionId+"&hostname="+givenHost;
+ String content = CRED_SESSION_ID + "=" + sessionId + "&hostname="
+ + givenHost;
CMS.debug("TokenAuthentication: content=" + content);
httpclient.connect(auth_host, auth_port);
HttpRequest httprequest = new HttpRequest();
@@ -165,21 +166,23 @@ public class TokenAuthentication implements IAuthManager,
HttpResponse httpresponse = httpclient.send(httprequest);
c = httpresponse.getContent();
- } catch (Exception e) {
- CMS.debug("TokenAuthentication authenticate Exception="+e.toString());
+ } catch (Exception e) {
+ CMS.debug("TokenAuthentication authenticate Exception="
+ + e.toString());
}
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "TokenAuthentication::authenticate() - "
- + "Exception="+e.toString() );
- throw new EBaseException( e.toString() );
+ CMS.debug("TokenAuthentication::authenticate() - "
+ + "Exception=" + e.toString());
+ throw new EBaseException(e.toString());
}
String status = parser.getValue("Status");
@@ -195,13 +198,15 @@ public class TokenAuthentication implements IAuthManager,
authToken.set(TOKEN_UID, uid);
authToken.set(TOKEN_GID, gid);
- if(context != null) {
- CMS.debug("SessionContext.USER_ID " + uid + " SessionContext.GROUP_ID " + gid);
- context.put(SessionContext.USER_ID, uid );
- context.put(SessionContext.GROUP_ID, gid );
+ if (context != null) {
+ CMS.debug("SessionContext.USER_ID " + uid
+ + " SessionContext.GROUP_ID " + gid);
+ context.put(SessionContext.USER_ID, uid);
+ context.put(SessionContext.GROUP_ID, gid);
}
- CMS.debug("TokenAuthentication: authenticated uid="+uid+", gid="+gid);
+ CMS.debug("TokenAuthentication: authenticated uid=" + uid
+ + ", gid=" + gid);
} catch (EBaseException e) {
throw e;
} catch (Exception e) {
@@ -212,11 +217,12 @@ public class TokenAuthentication implements IAuthManager,
}
/**
- * get the list of authentication credential attribute names
- * required by this authentication manager. Generally used by
- * the servlets that handle agent operations to authenticate its
- * users. It calls this method to know which are the
- * required credentials from the user (e.g. Javascript form data)
+ * get the list of authentication credential attribute names required by
+ * this authentication manager. Generally used by the servlets that handle
+ * agent operations to authenticate its users. It calls this method to know
+ * which are the required credentials from the user (e.g. Javascript form
+ * data)
+ *
* @return attribute names in Vector
*/
public String[] getRequiredCreds() {
@@ -224,15 +230,15 @@ public class TokenAuthentication implements IAuthManager,
}
/**
- * get the list of configuration parameter names
- * required by this authentication manager. Generally used by
- * the Certificate Server Console to display the table for
- * configuration purposes. CertUserDBAuthentication is currently not
- * exposed in this case, so this method is not to be used.
- * @return configuration parameter names in Hashtable of Vectors
- * where each hashtable entry's key is the substore name, value is a
- * Vector of parameter names. If no substore, the parameter name
- * is the Hashtable key itself, with value same as key.
+ * get the list of configuration parameter names required by this
+ * authentication manager. Generally used by the Certificate Server Console
+ * to display the table for configuration purposes. CertUserDBAuthentication
+ * is currently not exposed in this case, so this method is not to be used.
+ *
+ * @return configuration parameter names in Hashtable of Vectors where each
+ * hashtable entry's key is the substore name, value is a Vector of
+ * parameter names. If no substore, the parameter name is the
+ * Hashtable key itself, with value same as key.
*/
public String[] getConfigParams() {
return (mConfigParams);
@@ -245,8 +251,8 @@ public class TokenAuthentication implements IAuthManager,
}
/**
- * gets the configuretion substore used by this authentication
- * manager
+ * gets the configuretion substore used by this authentication manager
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -256,7 +262,7 @@ public class TokenAuthentication implements IAuthManager,
// Profile-related methods
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
}
/**
@@ -288,14 +294,13 @@ public class TokenAuthentication implements IAuthManager,
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
return null;
}
public void populate(IAuthToken token, IRequest request)
- throws EProfileException {
+ throws EProfileException {
}
}
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
index 565bca1a..255645c1 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
// ldap java sdk
import netscape.ldap.LDAPConnection;
import netscape.ldap.LDAPException;
@@ -33,11 +32,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo;
import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.logging.ILogger;
-
/**
* udn/pwd directory based authentication manager
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class UdnPwdDirAuthentication extends DirBasedAuthentication {
@@ -47,30 +45,24 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
public static final String CRED_PWD = "pwd";
protected static String[] mRequiredCreds = { CRED_UDN, CRED_PWD };
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+ /*
+ * Holds configuration parameters accepted by this implementation. This list
+ * is passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] { PROP_DNPATTERN,
- PROP_LDAPSTRINGATTRS,
- PROP_LDAPBYTEATTRS,
- "ldap.ldapconn.host",
- "ldap.ldapconn.port",
- "ldap.ldapconn.secureConn",
- "ldap.ldapconn.version",
- "ldap.minConns",
- "ldap.maxConns",
- };
+ protected static String[] mConfigParams = new String[] { PROP_DNPATTERN,
+ PROP_LDAPSTRINGATTRS, PROP_LDAPBYTEATTRS, "ldap.ldapconn.host",
+ "ldap.ldapconn.port", "ldap.ldapconn.secureConn",
+ "ldap.ldapconn.version", "ldap.minConns", "ldap.maxConns", };
static {
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
- ";Authenticate the user distinguished name and password provided " +
- "by the user against an LDAP directory. Works with the " +
- "Dir Based Enrollment HTML form");
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-authentication");
+ mExtendedPluginInfo
+ .add(IExtendedPluginInfo.HELP_TEXT
+ + ";Authenticate the user distinguished name and password provided "
+ + "by the user against an LDAP directory. Works with the "
+ + "Dir Based Enrollment HTML form");
+ mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-authentication");
};
/**
@@ -83,13 +75,14 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
/**
* Initializes the UdnPwdDirAuthentication auth manager.
* <p>
+ *
* @param name - The name for this authentication manager instance.
* @param implName - The name of the authentication manager plugin.
* @param config - The configuration store for this instance.
* @exception EBaseException If an error occurs during initialization.
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
super.init(name, implName, config, false);
}
@@ -99,12 +92,10 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
* @param authCreds The authentication credentials.
* @return The user's ldap entry dn.
* @exception EInvalidCredentials If the udn and password are not valid
- * @exception EBaseException If an internal error occurs.
+ * @exception EBaseException If an internal error occurs.
*/
- protected String authenticate(LDAPConnection conn,
- IAuthCredentials authCreds,
- AuthToken token)
- throws EBaseException {
+ protected String authenticate(LDAPConnection conn,
+ IAuthCredentials authCreds, AuthToken token) throws EBaseException {
String userdn = null;
// authenticate by binding to ldap server with password.
@@ -112,20 +103,23 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
// get the udn.
userdn = (String) authCreds.get(CRED_UDN);
if (userdn == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UDN));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UDN));
}
-
+
// get the password.
String pwd = (String) authCreds.get(CRED_PWD);
if (pwd == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
}
if (pwd.equals("")) {
// anonymous binding not allowed
- log(ILogger.LL_FAILURE,
- "user " + userdn + " attempted login with empty password.");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE, "user " + userdn
+ + " attempted login with empty password.");
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// bind as user dn and pwd - authenticates user with pwd.
@@ -135,43 +129,47 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
return userdn;
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE,
- "Couldn't get ldap connection. Error: " + e.toString());
+ log(ILogger.LL_FAILURE,
+ "Couldn't get ldap connection. Error: " + e.toString());
throw e;
} catch (LDAPException e) {
switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- case LDAPException.LDAP_PARTIAL_RESULTS:
- log(ILogger.LL_SECURITY,
- "user " + userdn + " does not exist in ldap server host " +
- conn.getHost() + ", port " + conn.getPort() + ".");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ case LDAPException.NO_SUCH_OBJECT:
+ case LDAPException.LDAP_PARTIAL_RESULTS:
+ log(ILogger.LL_SECURITY,
+ "user " + userdn
+ + " does not exist in ldap server host "
+ + conn.getHost() + ", port " + conn.getPort()
+ + ".");
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
case LDAPException.INVALID_CREDENTIALS:
- log(ILogger.LL_SECURITY,
- "authenticate user " + userdn + " with bad password.");
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY, "authenticate user " + userdn
+ + " with bad password.");
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
case LDAPException.SERVER_DOWN:
log(ILogger.LL_FAILURE, "Ldap server is down.");
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
- default:
- log(ILogger.LL_FAILURE,
- "Ldap error encountered. " + e.getMessage());
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
- e.errorCodeToString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
+
+ default:
+ log(ILogger.LL_FAILURE,
+ "Ldap error encountered. " + e.getMessage());
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_OTHER_LDAP_EXCEPTION", e.errorCodeToString()));
}
- }
+ }
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
@@ -180,6 +178,7 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
/**
* Returns array of required credentials for this authentication manager.
+ *
* @return Array of required credentials.
*/
public String[] getRequiredCreds() {
@@ -187,4 +186,3 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
index e97fee8b..9619e20f 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
// ldap java sdk
import java.util.Enumeration;
import java.util.Locale;
@@ -47,46 +46,38 @@ import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
* uid/pwd directory based authentication manager
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
-public class UidPwdDirAuthentication extends DirBasedAuthentication
- implements IProfileAuthenticator {
+public class UidPwdDirAuthentication extends DirBasedAuthentication implements
+ IProfileAuthenticator {
/* required credentials to authenticate. uid and pwd are strings. */
public static final String CRED_UID = "uid";
public static final String CRED_PWD = "pwd";
protected static String[] mRequiredCreds = { CRED_UID, CRED_PWD };
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+ /*
+ * Holds configuration parameters accepted by this implementation. This list
+ * is passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] { PROP_DNPATTERN,
- PROP_LDAPSTRINGATTRS,
- PROP_LDAPBYTEATTRS,
- "ldap.ldapconn.host",
- "ldap.ldapconn.port",
- "ldap.ldapconn.secureConn",
- "ldap.ldapconn.version",
- "ldap.basedn",
- "ldap.minConns",
- "ldap.maxConns",
- };
+ protected static String[] mConfigParams = new String[] { PROP_DNPATTERN,
+ PROP_LDAPSTRINGATTRS, PROP_LDAPBYTEATTRS, "ldap.ldapconn.host",
+ "ldap.ldapconn.port", "ldap.ldapconn.secureConn",
+ "ldap.ldapconn.version", "ldap.basedn", "ldap.minConns",
+ "ldap.maxConns", };
static {
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
- ";Authenticate the username and password provided " +
- "by the user against an LDAP directory. Works with the " +
- "Dir Based Enrollment HTML form");
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-authrules-uidpwddirauth");
+ mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT
+ + ";Authenticate the username and password provided "
+ + "by the user against an LDAP directory. Works with the "
+ + "Dir Based Enrollment HTML form");
+ mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-authrules-uidpwddirauth");
};
/**
@@ -102,12 +93,10 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
* @param authCreds The authentication credentials.
* @return The user's ldap entry dn.
* @exception EInvalidCredentials If the uid and password are not valid
- * @exception EBaseException If an internal error occurs.
+ * @exception EBaseException If an internal error occurs.
*/
- protected String authenticate(LDAPConnection conn,
- IAuthCredentials authCreds,
- AuthToken token)
- throws EBaseException {
+ protected String authenticate(LDAPConnection conn,
+ IAuthCredentials authCreds, AuthToken token) throws EBaseException {
String userdn = null;
String uid = null;
@@ -117,36 +106,42 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
uid = (String) authCreds.get(CRED_UID);
CMS.debug("Authenticating UID=" + uid);
if (uid == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
}
-
+
// get the password.
String pwd = (String) authCreds.get(CRED_PWD);
if (pwd == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_PWD));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
}
if (pwd.equals("")) {
// anonymous binding not allowed
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// get user dn.
- CMS.debug("Authenticating: Searching for UID=" + uid +
- " base DN=" + mBaseDN);
- LDAPSearchResults res = conn.search(mBaseDN,
- LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
+ CMS.debug("Authenticating: Searching for UID=" + uid + " base DN="
+ + mBaseDN);
+ LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
+ "(uid=" + uid + ")", null, false);
if (res.hasMoreElements()) {
- //LDAPEntry entry = (LDAPEntry)res.nextElement();
+ // LDAPEntry entry = (LDAPEntry)res.nextElement();
LDAPEntry entry = res.next();
userdn = entry.getDN();
CMS.debug("Authenticating: Found User DN=" + userdn);
} else {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// bind as user dn and pwd - authenticates user with pwd.
@@ -156,38 +151,44 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
return userdn;
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString()));
throw e;
} catch (LDAPException e) {
switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- case LDAPException.LDAP_PARTIAL_RESULTS:
- log(ILogger.LL_SECURITY, CMS.getLogMessage("USER_NOT_EXIST", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ case LDAPException.NO_SUCH_OBJECT:
+ case LDAPException.LDAP_PARTIAL_RESULTS:
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("USER_NOT_EXIST", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
case LDAPException.INVALID_CREDENTIALS:
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
case LDAPException.SERVER_DOWN:
log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_SERVER_DOWN"));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
- default:
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
- e.errorCodeToString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
+
+ default:
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_OTHER_LDAP_EXCEPTION", e.errorCodeToString()));
}
- }
+ }
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
@@ -196,6 +197,7 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
/**
* Returns array of required credentials for this authentication manager.
+ *
* @return Array of required credentials.
*/
public String[] getRequiredCreds() {
@@ -203,9 +205,9 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
}
// Profile-related methods
-
+
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
}
/**
@@ -243,23 +245,22 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
- if (name.equals(CRED_UID)) {
+ if (name.equals(CRED_UID)) {
return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID"));
} else if (name.equals(CRED_PWD)) {
return new Descriptor(IDescriptor.PASSWORD, null, null,
CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_PWD"));
-
+
}
return null;
}
- public void populate(IAuthToken token, IRequest request)
- throws EProfileException {
+ public void populate(IAuthToken token, IRequest request)
+ throws EProfileException {
request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
token.getInString(USER_DN));
}
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
index 11605418..6bc32edb 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authentication;
-
// ldap java sdk
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -53,15 +52,14 @@ import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
* uid/pwd/pin directory based authentication manager
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class UidPwdPinDirAuthentication extends DirBasedAuthentication
- implements IExtendedPluginInfo, IProfileAuthenticator {
+ implements IExtendedPluginInfo, IProfileAuthenticator {
/* required credentials to authenticate. uid and pwd are strings. */
public static final String CRED_UID = "uid";
@@ -79,54 +77,43 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
protected static final byte SENTINEL_MD5 = 1;
protected static final byte SENTINEL_NONE = 0x2d;
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+ /*
+ * Holds configuration parameters accepted by this implementation. This list
+ * is passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] { PROP_REMOVE_PIN,
- PROP_PIN_ATTR,
- PROP_DNPATTERN,
- PROP_LDAPSTRINGATTRS,
- PROP_LDAPBYTEATTRS,
- "ldap.ldapconn.host",
- "ldap.ldapconn.port",
- "ldap.ldapconn.secureConn",
- "ldap.ldapconn.version",
- "ldap.ldapauth.bindDN",
- "ldap.ldapauth.bindPWPrompt",
- "ldap.ldapauth.clientCertNickname",
- "ldap.ldapauth.authtype",
- "ldap.basedn",
- "ldap.minConns",
- "ldap.maxConns",
- };
+ protected static String[] mConfigParams = new String[] { PROP_REMOVE_PIN,
+ PROP_PIN_ATTR, PROP_DNPATTERN, PROP_LDAPSTRINGATTRS,
+ PROP_LDAPBYTEATTRS, "ldap.ldapconn.host", "ldap.ldapconn.port",
+ "ldap.ldapconn.secureConn", "ldap.ldapconn.version",
+ "ldap.ldapauth.bindDN", "ldap.ldapauth.bindPWPrompt",
+ "ldap.ldapauth.clientCertNickname", "ldap.ldapauth.authtype",
+ "ldap.basedn", "ldap.minConns", "ldap.maxConns", };
static {
- mExtendedPluginInfo.add(
- PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal");
- mExtendedPluginInfo.add(
- PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')");
- mExtendedPluginInfo.add(
- "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. "
- + "For example 'CN=PinRemoval User'");
- mExtendedPluginInfo.add(
- "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
- "the above user");
- mExtendedPluginInfo.add(
- "ldap.ldapauth.clientCertNickname;string;If you want to use "
- + "SSL client auth to the directory, set the client "
- + "cert nickname here");
- mExtendedPluginInfo.add(
- "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;"
- + "How to bind to the directory (for pin removal only)");
+ mExtendedPluginInfo.add(PROP_REMOVE_PIN
+ + ";boolean;SEE DOCUMENTATION for pin removal");
+ mExtendedPluginInfo.add(PROP_PIN_ATTR
+ + ";string;directory attribute to use for pin (default 'pin')");
+ mExtendedPluginInfo
+ .add("ldap.ldapauth.bindDN;string;DN to bind as for pin removal. "
+ + "For example 'CN=PinRemoval User'");
+ mExtendedPluginInfo
+ .add("ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as "
+ + "the above user");
+ mExtendedPluginInfo
+ .add("ldap.ldapauth.clientCertNickname;string;If you want to use "
+ + "SSL client auth to the directory, set the client "
+ + "cert nickname here");
+ mExtendedPluginInfo
+ .add("ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;"
+ + "How to bind to the directory (for pin removal only)");
mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT
- + ";Authenticate the username, password and pin provided "
- + "by the user against an LDAP directory. Works with the "
- + "Dir/Pin Based Enrollment HTML form");
- mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-authrules-uidpwdpindirauth");
+ + ";Authenticate the username, password and pin provided "
+ + "by the user against an LDAP directory. Works with the "
+ + "Dir/Pin Based Enrollment HTML form");
+ mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-authrules-uidpwdpindirauth");
}
@@ -135,12 +122,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
protected MessageDigest mSHADigest = null;
protected MessageDigest mMD5Digest = null;
- private String mBindDN = null;
- private String mBindPassword = null;
+ private String mBindDN = null;
+ private String mBindPassword = null;
- private ILdapConnFactory removePinLdapFactory = null;
- private LDAPConnection removePinLdapConnection = null;
- private IConfigStore removePinLdapConfigStore = null;
+ private ILdapConnFactory removePinLdapFactory = null;
+ private LDAPConnection removePinLdapConnection = null;
+ private IConfigStore removePinLdapConfigStore = null;
/**
* Default constructor, initialization must follow.
@@ -149,13 +136,11 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
super();
}
- public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ public void init(String name, String implName, IConfigStore config)
+ throws EBaseException {
super.init(name, implName, config);
- mRemovePin =
- config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN);
- mPinAttr =
- config.getString(PROP_PIN_ATTR, DEF_PIN_ATTR);
+ mRemovePin = config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN);
+ mPinAttr = config.getString(PROP_PIN_ATTR, DEF_PIN_ATTR);
if (mPinAttr.equals("")) {
mPinAttr = DEF_PIN_ATTR;
}
@@ -166,18 +151,19 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
removePinLdapFactory.init(removePinLdapConfigStore);
removePinLdapConnection = removePinLdapFactory.getConn();
}
-
+
try {
mSHADigest = MessageDigest.getInstance("SHA1");
mMD5Digest = MessageDigest.getInstance("MD5");
} catch (NoSuchAlgorithmException e) {
- throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()));
+ throw new EAuthException(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage()));
}
}
protected void verifyPassword(String Password) {
- }
+ }
/**
* Authenticates a user based on its uid, pwd, pin in the directory.
@@ -185,66 +171,74 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
* @param authCreds The authentication credentials with uid, pwd, pin.
* @return The user's ldap entry dn.
* @exception EInvalidCredentials If the uid and password are not valid
- * @exception EBaseException If an internal error occurs.
+ * @exception EBaseException If an internal error occurs.
*/
- protected String authenticate(LDAPConnection conn,
- IAuthCredentials authCreds,
- AuthToken token)
- throws EBaseException {
+ protected String authenticate(LDAPConnection conn,
+ IAuthCredentials authCreds, AuthToken token) throws EBaseException {
String userdn = null;
- String uid = null;
- String pwd = null;
- String pin = null;
+ String uid = null;
+ String pwd = null;
+ String pin = null;
try {
// get the uid.
uid = (String) authCreds.get(CRED_UID);
if (uid == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
}
-
+
// get the password.
pwd = (String) authCreds.get(CRED_PWD);
if (pwd == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
}
if (pwd.equals("")) {
// anonymous binding not allowed
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_EMPTY_PASSWORD", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// get the pin.
pin = (String) authCreds.get(CRED_PIN);
if (pin == null) {
- throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PIN));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PIN));
}
if (pin.equals("")) {
// empty pin not allowed
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_EMPTY_PIN", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_EMPTY_PIN", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// get user dn.
- LDAPSearchResults res = conn.search(mBaseDN,
- LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
+ LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
+ "(uid=" + uid + ")", null, false);
if (res.hasMoreElements()) {
LDAPEntry entry = (LDAPEntry) res.nextElement();
userdn = entry.getDN();
} else {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// bind as user dn and pwd - authenticates user with pwd.
conn.authenticate(userdn, pwd);
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid));
// log(ILogger.LL_SECURITY, "found user : " + userdn);
- // check pin.
+ // check pin.
checkpin(conn, userdn, uid, pin);
// set uid in the token.
@@ -252,132 +246,151 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
return userdn;
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CANNOT_CONNECT_LDAP", e.toString()));
throw e;
} catch (LDAPException e) {
switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- case LDAPException.LDAP_PARTIAL_RESULTS:
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ case LDAPException.NO_SUCH_OBJECT:
+ case LDAPException.LDAP_PARTIAL_RESULTS:
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
case LDAPException.INVALID_CREDENTIALS:
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
case LDAPException.SERVER_DOWN:
log(ILogger.LL_SECURITY, CMS.getLogMessage("LDAP_SERVER_DOWN"));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
-
- default:
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
- e.errorCodeToString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
+
+ default:
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_OTHER_LDAP_EXCEPTION", e.errorCodeToString()));
}
- }
+ }
}
- protected void checkpin(LDAPConnection conn, String userdn,
- String uid, String pin)
- throws EBaseException, LDAPException {
+ protected void checkpin(LDAPConnection conn, String userdn, String uid,
+ String pin) throws EBaseException, LDAPException {
LDAPSearchResults res = null;
LDAPEntry entry = null;
// get pin.
- res = conn.search(userdn, LDAPv2.SCOPE_BASE,
- "(objectclass=*)", new String[] { mPinAttr }, false);
+ res = conn.search(userdn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+ new String[] { mPinAttr }, false);
if (res.hasMoreElements()) {
entry = (LDAPEntry) res.nextElement();
} else {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_ENTRY_RETURNED", uid, userdn));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY, CMS.getLogMessage(
+ "CMS_AUTH_NO_ENTRY_RETURNED", uid, userdn));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
LDAPAttribute pinAttr = entry.getAttribute(mPinAttr);
if (pinAttr == null) {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
Enumeration pinValues = pinAttr.getByteValues();
if (!pinValues.hasMoreElements()) {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
- byte[] entrypin = (byte[]) pinValues.nextElement();
+ byte[] entrypin = (byte[]) pinValues.nextElement();
// compare value digest.
if (entrypin == null || entrypin.length < 2) {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
-
+
byte hashtype = entrypin[0];
byte[] pinDigest = null;
String toBeDigested = userdn + pin;
if (hashtype == SENTINEL_SHA) {
-
+
pinDigest = mSHADigest.digest(toBeDigested.getBytes());
} else if (hashtype == SENTINEL_MD5) {
pinDigest = mMD5Digest.digest(toBeDigested.getBytes());
} else if (hashtype == SENTINEL_NONE) {
pinDigest = toBeDigested.getBytes();
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_UKNOWN_ENCODING_TYPE", mPinAttr, "*", userdn));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMS_AUTH_UKNOWN_ENCODING_TYPE", mPinAttr, "*", userdn));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
if (pinDigest.length != (entrypin.length - 1)) {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_LENGTH_NOT_MATCHED", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_LENGTH_NOT_MATCHED", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
int i;
for (i = 0; i < (entrypin.length - 1); i++) {
- if (pinDigest[i] != entrypin[i + 1])
+ if (pinDigest[i] != entrypin[i + 1])
break;
}
if (i != (entrypin.length - 1)) {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
- throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
+ throw new EInvalidCredentials(
+ CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
}
// pin ok. remove pin if so configured
// Note that this means that a policy may reject this request later,
// but the user will not be able to enroll again as his pin is gone.
-
+
// We remove the pin using a different connection which is bound as
// a more privileged user.
if (mRemovePin) {
try {
- removePinLdapConnection.modify(userdn,
- new LDAPModification(
- LDAPModification.DELETE,
- new LDAPAttribute(mPinAttr, entrypin)));
+ removePinLdapConnection.modify(userdn, new LDAPModification(
+ LDAPModification.DELETE, new LDAPAttribute(mPinAttr,
+ entrypin)));
} catch (LDAPException e) {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_CANT_REMOVE_PIN", userdn));
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMS_AUTH_CANT_REMOVE_PIN", userdn));
}
}
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
@@ -386,6 +399,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
/**
* Returns array of required credentials for this authentication manager.
+ *
* @return Array of required credentials.
*/
public String[] getRequiredCreds() {
@@ -395,21 +409,23 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
// Profile-related methods
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
}
/**
* Retrieves the localizable name of this policy.
*/
public String getName(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID_PIN_NAME");
+ return CMS.getUserMessage(locale,
+ "CMS_AUTHENTICATION_LDAP_UID_PIN_NAME");
}
/**
* Retrieves the localizable description of this policy.
*/
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID_PIN_TEXT");
+ return CMS.getUserMessage(locale,
+ "CMS_AUTHENTICATION_LDAP_UID_PIN_TEXT");
}
/**
@@ -434,8 +450,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(CRED_UID)) {
@@ -453,7 +468,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
}
public void populate(IAuthToken token, IRequest request)
- throws EProfileException {
+ throws EProfileException {
request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
token.getInString(USER_DN));
}
@@ -462,4 +477,3 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
return false;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
index c3b0a853..62abf308 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authorization;
-
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Locale;
@@ -37,30 +36,32 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmsutil.util.Utils;
-
/**
- * An abstract class represents an authorization manager that governs the
- * access of internal resources such as servlets.
- * It parses in the ACLs associated with each protected
- * resources, and provides protected method <CODE>checkPermission</CODE>
- * for code that needs to verify access before performing
- * actions.
+ * An abstract class represents an authorization manager that governs the access
+ * of internal resources such as servlets. It parses in the ACLs associated with
+ * each protected resources, and provides protected method
+ * <CODE>checkPermission</CODE> for code that needs to verify access before
+ * performing actions.
* <P>
* Here is a sample resourceACLS for a resource
+ *
* <PRE>
* certServer.UsrGrpAdminServlet:
* execute:
* deny (execute) user="tempAdmin";
* allow (execute) group="Administrators";
* </PRE>
- * To perform permission checking, code call authz mgr authorize()
- * method to verify access. See AuthzMgr for calling example.
+ *
+ * To perform permission checking, code call authz mgr authorize() method to
+ * verify access. See AuthzMgr for calling example.
* <P>
- * default "evaluators" are used to evaluate the "group=.." or "user=.."
- * rules. See evaluator for more info
+ * default "evaluators" are used to evaluate the "group=.." or "user=.." rules.
+ * See evaluator for more info
*
* @version $Revision$, $Date$
- * @see <A HREF="http://developer.netscape.com/library/documentation/enterprise/admnunix/aclfiles.htm">ACL Files</A>
+ * @see <A
+ * HREF="http://developer.netscape.com/library/documentation/enterprise/admnunix/aclfiles.htm">ACL
+ * Files</A>
*/
public abstract class AAclAuthz {
@@ -92,10 +93,9 @@ public abstract class AAclAuthz {
}
/**
- * Initializes
+ * Initializes
*/
- protected void init(IConfigStore config)
- throws EBaseException {
+ protected void init(IConfigStore config) throws EBaseException {
mLogger = CMS.getLogger();
CMS.debug("AAclAuthz: init begins");
@@ -119,21 +119,21 @@ public abstract class AAclAuthz {
} catch (Exception e) {
log(ILogger.LL_MISCONF, "failed to get config class info");
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
- type + "." + PROP_CLASS));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", type
+ + "." + PROP_CLASS));
}
- // instantiate evaluator
+ // instantiate evaluator
try {
- evaluator =
- (IAccessEvaluator) Class.forName(evalClassPath).newInstance();
+ evaluator = (IAccessEvaluator) Class.forName(evalClassPath)
+ .newInstance();
} catch (Exception e) {
- String errMsg = "init(): failed to load class: " +
- evalClassPath + ":" + e.toString();
+ String errMsg = "init(): failed to load class: "
+ + evalClassPath + ":" + e.toString();
- throw new
- EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL",
- evalClassPath));
+ throw new EACLsException(CMS.getUserMessage(
+ "CMS_ACL_CLASS_LOAD_FAIL", evalClassPath));
}
if (evaluator != null) {
@@ -143,7 +143,8 @@ public abstract class AAclAuthz {
} else {
String errMsg = "access evaluator " + type + " is null";
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_NULL", type));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_NULL", type));
}
}
@@ -151,16 +152,18 @@ public abstract class AAclAuthz {
}
/**
- * Parse ACL resource attributes, then update the ACLs memory store
- * This is intended to be used if storing ACLs on ldap is not desired,
- * and the caller is expected to call this method to add resource
- * and acl info into acls memory store. The resACLs format should conform
- * to the following:
- * <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl
+ * Parse ACL resource attributes, then update the ACLs memory store This is
+ * intended to be used if storing ACLs on ldap is not desired, and the
+ * caller is expected to call this method to add resource and acl info into
+ * acls memory store. The resACLs format should conform to the following:
+ * <resource
+ * ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value
+ * >:<comment for this resource acl
* <P>
- * Example:
- * resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
- * @param resACLs same format as the resourceACLs attribute
+ * Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs
+ * for lefties
+ *
+ * @param resACLs same format as the resourceACLs attribute
* @throws EBaseException parsing error from <code>parseACL</code>
*/
public void addACLs(String resACLs) throws EBaseException {
@@ -180,7 +183,7 @@ public abstract class AAclAuthz {
public IACL getACL(String target) {
return (ACL) mACLs.get(target);
}
-
+
protected Enumeration getTargetNames() {
return mACLs.keys();
}
@@ -204,10 +207,10 @@ public abstract class AAclAuthz {
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
@@ -220,8 +223,7 @@ public abstract class AAclAuthz {
public abstract void shutdown();
/**
- * Registers new handler for the given attribute type
- * in the expressions.
+ * Registers new handler for the given attribute type in the expressions.
*/
public void registerEvaluator(String type, IAccessEvaluator evaluator) {
mEvaluators.put(type, evaluator);
@@ -233,45 +235,42 @@ public abstract class AAclAuthz {
*******************************************************/
/**
- * Checks if the permission is granted or denied in
- * the current execution context. If the code is
- * marked as privileged, this methods will simply
+ * Checks if the permission is granted or denied in the current execution
+ * context. If the code is marked as privileged, this methods will simply
* return.
* <P>
- * note that if a resource does not exist in the aclResources
- * entry, but a higher level node exist, it will still be
- * evaluated. The highest level node's acl determines the
- * permission. If the higher level node doesn't contain any acl
- * information, then it's passed down to the lower node. If
- * a node has no aci in its resourceACLs, then it's considered
- * passed.
+ * note that if a resource does not exist in the aclResources entry, but a
+ * higher level node exist, it will still be evaluated. The highest level
+ * node's acl determines the permission. If the higher level node doesn't
+ * contain any acl information, then it's passed down to the lower node. If
+ * a node has no aci in its resourceACLs, then it's considered passed.
* <p>
* example: certServer.common.users, if failed permission check for
- * "certServer", then it's considered failed, and there is no need to
- * continue the check. If passed permission check for "certServer",
- * then it's considered passed, and no need to continue the
- * check. If certServer contains no aci then "certServer.common" will be
- * checked for permission instead. If down to the leaf level,
- * the node still contains no aci, then it's considered passed.
- * If at the leaf level, no such resource exist, or no acis, it's
- * considered passed.
+ * "certServer", then it's considered failed, and there is no need to
+ * continue the check. If passed permission check for "certServer", then
+ * it's considered passed, and no need to continue the check. If certServer
+ * contains no aci then "certServer.common" will be checked for permission
+ * instead. If down to the leaf level, the node still contains no aci, then
+ * it's considered passed. If at the leaf level, no such resource exist, or
+ * no acis, it's considered passed.
* <p>
- * If there are multiple aci's for a resource, ALL aci's will be
- * checked, and only if all passed permission checks, will the
- * eventual access be granted.
+ * If there are multiple aci's for a resource, ALL aci's will be checked,
+ * and only if all passed permission checks, will the eventual access be
+ * granted.
+ *
* @param name resource name
* @param perm permission requested
* @exception EACLsException access permission denied
*/
- protected synchronized void checkPermission(String name, String perm)
- throws EACLsException {
+ protected synchronized void checkPermission(String name, String perm)
+ throws EACLsException {
String resource = "";
StringTokenizer st = new StringTokenizer(name, ".");
while (st.hasMoreTokens()) {
String node = st.nextToken();
- if (! "".equals(resource)) {
+ if (!"".equals(resource)) {
resource = resource + "." + node;
} else {
resource = node;
@@ -287,19 +286,19 @@ public abstract class AAclAuthz {
params[0] = name;
params[1] = perm;
- String errMsg = "checkPermission(): permission denied for the resource " +
- name + " on operation " + perm;
+ String errMsg = "checkPermission(): permission denied for the resource "
+ + name + " on operation " + perm;
- log(ILogger.LL_SECURITY, CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
+ log(ILogger.LL_SECURITY, CMS.getLogMessage(
+ "AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
- throw new
- EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
- (String[]) params));
+ throw new EACLsException(CMS.getUserMessage(
+ "CMS_ACL_NO_PERMISSION", (String[]) params));
}
if (passed) {
- String infoMsg = "checkPermission(): permission granted for the resource " +
- name + " on operation " + perm;
+ String infoMsg = "checkPermission(): permission granted for the resource "
+ + name + " on operation " + perm;
log(ILogger.LL_INFO, infoMsg);
@@ -309,46 +308,44 @@ public abstract class AAclAuthz {
}
/**
- * Checks if the permission is granted or denied in
- * the current execution context.
+ * Checks if the permission is granted or denied in the current execution
+ * context.
* <P>
* An <code>ACL</code> may contain one or more <code>ACLEntry</code>.
- * However, in case of multiple <code>ACLEntry</code>, a subject must
- * pass ALL of the <code>ACLEntry</code> evaluation for permission
- * to be granted
+ * However, in case of multiple <code>ACLEntry</code>, a subject must pass
+ * ALL of the <code>ACLEntry</code> evaluation for permission to be granted
* <P>
- * negative ("deny") aclEntries are treated differently than
- * positive ("allow") statements. If a negative aclEntries
- * fails the acl check, the permission check will return "false"
- * right away; while in the case of a positive aclEntry, if the
- * the aclEntry fails the acl check, the next aclEntry will be
- * evaluated.
+ * negative ("deny") aclEntries are treated differently than positive
+ * ("allow") statements. If a negative aclEntries fails the acl check, the
+ * permission check will return "false" right away; while in the case of a
+ * positive aclEntry, if the the aclEntry fails the acl check, the next
+ * aclEntry will be evaluated.
+ *
* @param name resource name
* @param perm permission requested
- * @return true if access allowed
- * false if should be passed down to the next node
+ * @return true if access allowed false if should be passed down to the next
+ * node
* @exception EACLsException if access disallowed
*/
- private boolean checkACLs(String name, String perm)
- throws EACLsException {
+ private boolean checkACLs(String name, String perm) throws EACLsException {
ACL acl = (ACL) mACLs.get(name);
// no such resource, pass it down
if (acl == null) {
- String infoMsg = "checkACLs(): no acl for" +
- name + "...pass down to next node";
+ String infoMsg = "checkACLs(): no acl for" + name
+ + "...pass down to next node";
log(ILogger.LL_INFO, infoMsg);
- return false;
+ return false;
}
Enumeration e = acl.entries();
if ((e == null) || (e.hasMoreElements() == false)) {
// no acis for node, pass down to next node
- String infoMsg = " AAclAuthz.checkACLs(): no acis for " +
- name + " acl entry...pass down to next node";
+ String infoMsg = " AAclAuthz.checkACLs(): no acis for " + name
+ + " acl entry...pass down to next node";
log(ILogger.LL_INFO, infoMsg);
@@ -365,13 +362,16 @@ public abstract class AAclAuthz {
if (entry.containPermission(perm) == true) {
if (evaluateExpressions(entry.getAttributeExpressions())) {
if (entry.checkPermission(perm) == false) {
- log(ILogger.LL_SECURITY, " checkACLs(): permission denied");
- throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
+ log(ILogger.LL_SECURITY,
+ " checkACLs(): permission denied");
+ throw new EACLsException(
+ CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
}
} else if (!entry.isNegative()) {
// didn't meet the access expression for "allow", failed
log(ILogger.LL_SECURITY, "checkACLs(): permission denied");
- throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
+ throw new EACLsException(
+ CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
}
}
}
@@ -380,10 +380,8 @@ public abstract class AAclAuthz {
}
/**
- * Resolves the given expressions.
- * expression || expression || ...
- * example:
- * group="Administrators" || group="Operators"
+ * Resolves the given expressions. expression || expression || ... example:
+ * group="Administrators" || group="Operators"
*/
private boolean evaluateExpressions(String s) {
// XXX - just handle "||" (or) among multiple expressions for now
@@ -449,14 +447,15 @@ public abstract class AAclAuthz {
private boolean evaluateExpression(String expression) {
// XXX - just recognize "=" for now!!
int i = expression.indexOf("=");
- String type = expression.substring(0, i);
- String value = expression.substring(i + 1);
+ String type = expression.substring(0, i);
+ String value = expression.substring(i + 1);
IAccessEvaluator evaluator = (IAccessEvaluator) mEvaluators.get(type);
if (evaluator == null) {
String errMsg = "evaluator for type " + type + "not found";
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_NOT_FOUND", type));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_NOT_FOUND", type));
return false;
}
@@ -468,76 +467,72 @@ public abstract class AAclAuthz {
*******************************************************/
/**
- * Checks if the permission is granted or denied with id from authtoken
+ * Checks if the permission is granted or denied with id from authtoken
* gotten from authentication that precedes authorization. If the code is
- * marked as privileged, this methods will simply
- * return.
+ * marked as privileged, this methods will simply return.
* <P>
- * note that if a resource does not exist in the aclResources
- * entry, but a higher level node exist, it will still be
- * evaluated. The highest level node's acl determines the
- * permission. If the higher level node doesn't contain any acl
- * information, then it's passed down to the lower node. If
- * a node has no aci in its resourceACLs, then it's considered
- * passed.
+ * note that if a resource does not exist in the aclResources entry, but a
+ * higher level node exist, it will still be evaluated. The highest level
+ * node's acl determines the permission. If the higher level node doesn't
+ * contain any acl information, then it's passed down to the lower node. If
+ * a node has no aci in its resourceACLs, then it's considered passed.
* <p>
* example: certServer.common.users, if failed permission check for
- * "certServer", then it's considered failed, and there is no need to
- * continue the check. If passed permission check for "certServer",
- * then it's considered passed, and no need to continue the
- * check. If certServer contains no aci then "certServer.common" will be
- * checked for permission instead. If down to the leaf level,
- * the node still contains no aci, then it's considered passed.
- * If at the leaf level, no such resource exist, or no acis, it's
- * considered passed.
+ * "certServer", then it's considered failed, and there is no need to
+ * continue the check. If passed permission check for "certServer", then
+ * it's considered passed, and no need to continue the check. If certServer
+ * contains no aci then "certServer.common" will be checked for permission
+ * instead. If down to the leaf level, the node still contains no aci, then
+ * it's considered passed. If at the leaf level, no such resource exist, or
+ * no acis, it's considered passed.
* <p>
- * If there are multiple aci's for a resource, ALL aci's will be
- * checked, and only if all passed permission checks, will the
- * eventual access be granted.
+ * If there are multiple aci's for a resource, ALL aci's will be checked,
+ * and only if all passed permission checks, will the eventual access be
+ * granted.
+ *
* @param authToken authentication token gotten from authentication
* @param name resource name
* @param perm permission requested
* @exception EACLsException access permission denied
*/
- public synchronized void checkPermission(IAuthToken authToken, String name,
- String perm)
- throws EACLsException {
-
+ public synchronized void checkPermission(IAuthToken authToken, String name,
+ String perm) throws EACLsException {
+
Vector nodev = getNodes(name);
Enumeration nodes = nodev.elements();
String order = getOrder();
Enumeration entries = null;
- if (order.equals("deny"))
+ if (order.equals("deny"))
entries = getDenyEntries(nodes, perm);
- else
+ else
entries = getAllowEntries(nodes, perm);
-
+
boolean permitted = false;
while (entries.hasMoreElements()) {
ACLEntry entry = (ACLEntry) entries.nextElement();
- CMS.debug("checkACLS(): ACLEntry expressions= " +
- entry.getAttributeExpressions());
+ CMS.debug("checkACLS(): ACLEntry expressions= "
+ + entry.getAttributeExpressions());
if (evaluateExpressions(authToken, entry.getAttributeExpressions())) {
- log(ILogger.LL_SECURITY,
- " checkACLs(): permission denied");
- throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
+ log(ILogger.LL_SECURITY, " checkACLs(): permission denied");
+ throw new EACLsException(
+ CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
}
}
nodes = nodev.elements();
- if (order.equals("deny"))
+ if (order.equals("deny"))
entries = getAllowEntries(nodes, perm);
- else
+ else
entries = getDenyEntries(nodes, perm);
- while (entries.hasMoreElements()) {
+ while (entries.hasMoreElements()) {
ACLEntry entry = (ACLEntry) entries.nextElement();
- CMS.debug("checkACLS(): ACLEntry expressions= " +
- entry.getAttributeExpressions());
+ CMS.debug("checkACLS(): ACLEntry expressions= "
+ + entry.getAttributeExpressions());
if (evaluateExpressions(authToken, entry.getAttributeExpressions())) {
permitted = true;
}
@@ -545,8 +540,8 @@ public abstract class AAclAuthz {
nodev = null;
if (permitted) {
- String infoMsg = "checkPermission(): permission granted for the resource " +
- name + " on operation " + perm;
+ String infoMsg = "checkPermission(): permission granted for the resource "
+ + name + " on operation " + perm;
log(ILogger.LL_INFO, infoMsg);
return;
@@ -556,14 +551,14 @@ public abstract class AAclAuthz {
params[0] = name;
params[1] = perm;
- String errMsg = "checkPermission(): permission denied for the resource " +
- name + " on operation " + perm;
+ String errMsg = "checkPermission(): permission denied for the resource "
+ + name + " on operation " + perm;
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
+ log(ILogger.LL_SECURITY, CMS.getLogMessage(
+ "AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
- throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
- (String[]) params));
+ throw new EACLsException(CMS.getUserMessage(
+ "CMS_ACL_NO_PERMISSION", (String[]) params));
}
}
@@ -582,13 +577,12 @@ public abstract class AAclAuthz {
while (e.hasMoreElements()) {
ACLEntry entry = (ACLEntry) e.nextElement();
- if (!entry.isNegative() &&
- entry.containPermission(operation)) {
+ if (!entry.isNegative() && entry.containPermission(operation)) {
v.addElement(entry);
}
}
}
-
+
return v.elements();
}
@@ -607,21 +601,18 @@ public abstract class AAclAuthz {
while (e.hasMoreElements()) {
ACLEntry entry = (ACLEntry) e.nextElement();
- if (entry.isNegative() &&
- entry.containPermission(operation)) {
+ if (entry.isNegative() && entry.containPermission(operation)) {
v.addElement(entry);
}
}
}
-
+
return v.elements();
}
/**
- * Resolves the given expressions.
- * expression || expression || ...
- * example:
- * group="Administrators" || group="Operators"
+ * Resolves the given expressions. expression || expression || ... example:
+ * group="Administrators" || group="Operators"
*/
private boolean evaluateExpressions(IAuthToken authToken, String s) {
// XXX - just handle "||" (or) among multiple expressions for now
@@ -638,7 +629,8 @@ public abstract class AAclAuthz {
if (orIndex == -1 && andIndex == -1) {
boolean passed = evaluateExpression(authToken, s.trim());
- CMS.debug("evaluated expression: " + s.trim() + " to be " + passed);
+ CMS.debug("evaluated expression: " + s.trim() + " to be "
+ + passed);
v.addElement(Boolean.valueOf(passed));
break;
@@ -647,7 +639,8 @@ public abstract class AAclAuthz {
String s1 = s.substring(0, orIndex);
boolean passed = evaluateExpression(authToken, s1.trim());
- CMS.debug("evaluated expression: " + s1.trim() + " to be " + passed);
+ CMS.debug("evaluated expression: " + s1.trim() + " to be "
+ + passed);
v.addElement(new Boolean(passed));
v.addElement("||");
s = s.substring(orIndex + 2);
@@ -656,7 +649,8 @@ public abstract class AAclAuthz {
String s1 = s.substring(0, andIndex);
boolean passed = evaluateExpression(authToken, s1.trim());
- CMS.debug("evaluated expression: " + s1.trim() + " to be " + passed);
+ CMS.debug("evaluated expression: " + s1.trim() + " to be "
+ + passed);
v.addElement(new Boolean(passed));
v.addElement("&&");
s = s.substring(andIndex + 2);
@@ -703,7 +697,7 @@ public abstract class AAclAuthz {
while (index != -1) {
name = name.substring(0, index);
v.addElement(name);
- index = name.lastIndexOf(".");
+ index = name.lastIndexOf(".");
}
return v;
@@ -729,7 +723,8 @@ public abstract class AAclAuthz {
if (evaluator == null) {
String errMsg = "evaluator for type " + type + "not found";
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_NOT_FOUND", type));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_NOT_FOUND", type));
return false;
}
@@ -745,8 +740,9 @@ public abstract class AAclAuthz {
i = exp.indexOf(">");
if (i == -1) {
i = exp.indexOf("<");
- if (i == -1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_OP_NOT_SUPPORTED", exp));
+ if (i == -1) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "AUTHZ_OP_NOT_SUPPORTED", exp));
} else {
return "<";
}
@@ -780,25 +776,26 @@ public abstract class AAclAuthz {
*******************************************************/
/**
- * This one only updates the memory. Classes extend this class should
- * also update to a permanent storage
+ * This one only updates the memory. Classes extend this class should also
+ * update to a permanent storage
*/
- public void updateACLs(String id, String rights, String strACLs,
- String desc) throws EACLsException {
+ public void updateACLs(String id, String rights, String strACLs, String desc)
+ throws EACLsException {
ACL acl = (ACL) getACL(id);
-
+
String resourceACLs = id;
if (rights != null)
resourceACLs = id + ":" + rights + ":" + strACLs + ":" + desc;
- // memory update
+ // memory update
ACL ac = null;
try {
ac = (ACL) CMS.parseACL(resourceACLs);
} catch (EBaseException ex) {
- throw new EACLsException(CMS.getUserMessage("CMS_ACL_PARSING_ERROR_0"));
+ throw new EACLsException(
+ CMS.getUserMessage("CMS_ACL_PARSING_ERROR_0"));
}
mACLs.put(ac.getName(), ac);
@@ -806,6 +803,7 @@ public abstract class AAclAuthz {
/**
* gets an enumeration of resources
+ *
* @return an enumeration of resources contained in the ACL table
*/
public Enumeration aclResElements() {
@@ -814,6 +812,7 @@ public abstract class AAclAuthz {
/**
* gets an enumeration of access evaluators
+ *
* @return an enumeraton of access evaluators
*/
public Enumeration aclEvaluatorElements() {
@@ -822,6 +821,7 @@ public abstract class AAclAuthz {
/**
* gets the access evaluators
+ *
* @return handle to the access evaluators table
*/
public Hashtable getAccessEvaluators() {
@@ -830,6 +830,7 @@ public abstract class AAclAuthz {
/**
* is this resource name unique
+ *
* @return true if unique; false otherwise
*/
public boolean isTypeUnique(String type) {
@@ -843,8 +844,8 @@ public abstract class AAclAuthz {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, level,
+ msg);
}
/*********************************
@@ -852,24 +853,24 @@ public abstract class AAclAuthz {
**********************************/
/**
- * update acls. called after memory upate is done to flush to permanent
+ * update acls. called after memory upate is done to flush to permanent
* storage.
* <p>
*/
protected abstract void flushResourceACLs() throws EACLsException;
/**
- * an abstract class that enforces implementation of the
- * authorize() method that will authorize an operation on a
- * particular resource
- *
+ * an abstract class that enforces implementation of the authorize() method
+ * that will authorize an operation on a particular resource
+ *
* @param authToken the authToken associated with a user
* @param resource - the protected resource name
* @param operation - the protected resource operation name
* @exception EBaseException If an internal error occurred.
* @return authzToken
*/
- public abstract AuthzToken authorize(IAuthToken authToken, String resource, String operation) throws EBaseException;
+ public abstract AuthzToken authorize(IAuthToken authToken, String resource,
+ String operation) throws EBaseException;
public String getOrder() {
IConfigStore mainConfig = CMS.getConfigStore();
diff --git a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
index 29cb671e..f9d1864c 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authorization;
-
// cert server imports.
import com.netscape.certsrv.acls.EACLsException;
import com.netscape.certsrv.apps.CMS;
@@ -31,14 +30,13 @@ import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.IExtendedPluginInfo;
import com.netscape.certsrv.logging.ILogger;
-
/**
* A class for basic acls authorization manager
- *
+ *
* @version $Revision$, $Date$
*/
-public class BasicAclAuthz extends AAclAuthz
- implements IAuthzManager, IExtendedPluginInfo {
+public class BasicAclAuthz extends AAclAuthz implements IAuthzManager,
+ IExtendedPluginInfo {
// members
@@ -67,22 +65,20 @@ public class BasicAclAuthz extends AAclAuthz
*/
public BasicAclAuthz() {
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
+ /*
+ * Holds configuration parameters accepted by this implementation. This
+ * list is passed to the configuration console so configuration for
+ * instances of this implementation can be configured through the
* console.
*/
- mConfigParams =
- new String[] {
- "dummy"
- };
+ mConfigParams = new String[] { "dummy" };
}
/**
*
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -108,20 +104,23 @@ public class BasicAclAuthz extends AAclAuthz
}
/**
- * check the authorization permission for the user associated with
- * authToken on operation
+ * check the authorization permission for the user associated with authToken
+ * on operation
* <p>
* Example:
* <p>
- * For example, if UsrGrpAdminServlet needs to authorize the caller
- * it would do be done in the following fashion:
+ * For example, if UsrGrpAdminServlet needs to authorize the caller it would
+ * do be done in the following fashion:
+ *
* <PRE>
- * try {
- * authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read");
- * } catch (EBaseException e) {
- * log(ILogger.LL_FAILURE, "authorize call: "+ e.toString());
- * }
- * </PRE>
+ * try {
+ * authzTok = mAuthz.authorize(&quot;DirACLBasedAuthz&quot;, authToken, RES_GROUP,
+ * &quot;read&quot;);
+ * } catch (EBaseException e) {
+ * log(ILogger.LL_FAILURE, &quot;authorize call: &quot; + e.toString());
+ * }
+ * </PRE>
+ *
* @param authToken the authToken associated with a user
* @param resource - the protected resource name
* @param operation - the protected resource operation name
@@ -129,8 +128,8 @@ public class BasicAclAuthz extends AAclAuthz
* @exception EAuthzAccessDenied if access denied
* @return authzToken if success
*/
- public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
- throws EAuthzInternalError, EAuthzAccessDenied {
+ public AuthzToken authorize(IAuthToken authToken, String resource,
+ String operation) throws EAuthzInternalError, EAuthzAccessDenied {
AuthzToken authzToken = new AuthzToken(this);
try {
@@ -142,63 +141,70 @@ public class BasicAclAuthz extends AAclAuthz
authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource);
authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation);
authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS,
- AuthzToken.AUTHZ_STATUS_SUCCESS);
+ AuthzToken.AUTHZ_STATUS_SUCCESS);
} catch (EACLsException e) {
- // audit here later
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
- String params[] = {resource, operation};
+ // audit here later
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
+ String params[] = { resource, operation };
- throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
+ throw new EAuthzAccessDenied(CMS.getUserMessage(
+ "CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
}
return authzToken;
}
public AuthzToken authorize(IAuthToken authToken, String expression)
- throws EAuthzAccessDenied {
+ throws EAuthzAccessDenied {
if (evaluateACLs(authToken, expression)) {
return (new AuthzToken(this));
} else {
- String params[] = {expression};
- throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
+ String params[] = { expression };
+ throw new EAuthzAccessDenied(CMS.getUserMessage(
+ "CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
}
}
/**
* This currently does not flush to permanent storage
+ *
* @param id is the resource id
- * @param strACLs
+ * @param strACLs
*/
- public void updateACLs(String id, String rights, String strACLs,
- String desc) throws EACLsException {
+ public void updateACLs(String id, String rights, String strACLs, String desc)
+ throws EACLsException {
try {
super.updateACLs(id, rights, strACLs, desc);
- // flushResourceACLs();
+ // flushResourceACLs();
needsFlush = false;
} catch (EACLsException ex) {
// flushing failed, set flag
needsFlush = true;
String errMsg = "updateACLs: failed to flushResourceACLs(): "
- + ex.toString();
+ + ex.toString();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES",
+ ex.toString()));
throw new EACLsException(CMS.getUserMessage("CMS_ACL_UPDATE_FAIL"));
}
}
/**
- * updates resourceACLs to permanent storage.
- * currently not implemented for this authzMgr
+ * updates resourceACLs to permanent storage. currently not implemented for
+ * this authzMgr
*/
protected void flushResourceACLs() throws EACLsException {
log(ILogger.LL_FAILURE, "flushResourceACL() is not implemented");
- throw new EACLsException(CMS.getUserMessage("CMS_ACL_METHOD_NOT_IMPLEMENTED"));
+ throw new EACLsException(
+ CMS.getUserMessage("CMS_ACL_METHOD_NOT_IMPLEMENTED"));
}
/**
- * graceful shutdown
+ * graceful shutdown
*/
public void shutdown() {
log(ILogger.LL_INFO, "shutting down");
@@ -206,6 +212,7 @@ public class BasicAclAuthz extends AAclAuthz
/**
* Logs a message for this class in the system log file.
+ *
* @param level The log level.
* @param msg The message to log.
* @see com.netscape.certsrv.logging.ILogger
@@ -213,7 +220,7 @@ public class BasicAclAuthz extends AAclAuthz
protected void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, level,
+ msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
index ee22bb59..88ef8af0 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.authorization;
-
import java.util.Enumeration;
import netscape.ldap.LDAPAttribute;
@@ -44,15 +43,14 @@ import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.ldap.ILdapConnFactory;
import com.netscape.certsrv.logging.ILogger;
-
/**
- * A class for ldap acls based authorization manager
- * The ldap server used for acls is the cms internal ldap db.
- *
+ * A class for ldap acls based authorization manager The ldap server used for
+ * acls is the cms internal ldap db.
+ *
* @version $Revision$, $Date$
*/
-public class DirAclAuthz extends AAclAuthz
- implements IAuthzManager, IExtendedPluginInfo {
+public class DirAclAuthz extends AAclAuthz implements IAuthzManager,
+ IExtendedPluginInfo {
// members
@@ -75,22 +73,23 @@ public class DirAclAuthz extends AAclAuthz
private static boolean needsFlush = false;
static {
- mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" +
- "LDAP host to connect to");
- mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" +
- "LDAP port number (use 389, or 636 if SSL)");
- mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" +
- "Use SSL to connect to directory?");
- mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" +
- "LDAP protocol version");
- mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start sarching " +
- "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " +
- "might want to use 'o=NetscapeCertificateServer' here");
- mExtendedPluginInfo.add("ldap.minConns;number;number of connections " +
- "to keep open to directory server. Default 5.");
- mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection "
- +
- "pool can grow to this many (multiplexed) connections. Default 1000");
+ mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;"
+ + "LDAP host to connect to");
+ mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;"
+ + "LDAP port number (use 389, or 636 if SSL)");
+ mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;"
+ + "Use SSL to connect to directory?");
+ mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);"
+ + "LDAP protocol version");
+ mExtendedPluginInfo
+ .add("ldap.basedn;string,required;Base DN to start sarching "
+ + "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you "
+ + "might want to use 'o=NetscapeCertificateServer' here");
+ mExtendedPluginInfo.add("ldap.minConns;number;number of connections "
+ + "to keep open to directory server. Default 5.");
+ mExtendedPluginInfo
+ .add("ldap.maxConns;number;when needed, connection "
+ + "pool can grow to this many (multiplexed) connections. Default 1000");
}
/**
@@ -98,28 +97,23 @@ public class DirAclAuthz extends AAclAuthz
*/
public DirAclAuthz() {
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
+ /*
+ * Holds configuration parameters accepted by this implementation. This
+ * list is passed to the configuration console so configuration for
+ * instances of this implementation can be configured through the
* console.
*/
- mConfigParams =
- new String[] {
- "ldap.ldapconn.host",
- "ldap.ldapconn.port",
- "ldap.ldapconn.secureConn",
- "ldap.ldapconn.version",
- "ldap.basedn",
- "ldap.minConns",
- "ldap.maxConns",
- };
+ mConfigParams = new String[] { "ldap.ldapconn.host",
+ "ldap.ldapconn.port", "ldap.ldapconn.secureConn",
+ "ldap.ldapconn.version", "ldap.basedn", "ldap.minConns",
+ "ldap.maxConns", };
}
/**
*
*/
public void init(String name, String implName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = implName;
mConfig = config;
@@ -154,7 +148,7 @@ public class DirAclAuthz extends AAclAuthz
CMS.debug("DirAclAuthz: about to ldap search aclResources");
try {
conn = getConn();
- LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
+ LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
"cn=aclResources", null, false);
returnConn(conn);
@@ -175,10 +169,15 @@ public class DirAclAuthz extends AAclAuthz
} catch (LDAPException e) {
String errMsg = "init() -" + e.toString();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_INIT_ERROR", e.toString()));
- throw new EACLsException(CMS.getUserMessage("CMS_ACL_CONNECT_LDAP_FAIL", mBaseDN));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_INIT_ERROR",
+ e.toString()));
+ throw new EACLsException(CMS.getUserMessage(
+ "CMS_ACL_CONNECT_LDAP_FAIL", mBaseDN));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_INIT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_INIT_ERROR",
+ e.toString()));
}
log(ILogger.LL_INFO, "initialization done");
@@ -199,28 +198,30 @@ public class DirAclAuthz extends AAclAuthz
}
/**
- * check the authorization permission for the user associated with
- * authToken on operation
+ * check the authorization permission for the user associated with authToken
+ * on operation
* <p>
* Example:
* <p>
- * For example, if UsrGrpAdminServlet needs to authorize the caller
- * it would do be done in the following fashion:
+ * For example, if UsrGrpAdminServlet needs to authorize the caller it would
+ * do be done in the following fashion:
+ *
* <PRE>
- * try {
- * authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read");
- * } catch (EBaseException e) {
- * log(ILogger.LL_FAILURE, "authorize call: "+ e.toString());
- * }
- * </PRE>
+ * try {
+ * authzTok = mAuthz.authorize(&quot;DirAclAuthz&quot;, authToken, RES_GROUP, &quot;read&quot;);
+ * } catch (EBaseException e) {
+ * log(ILogger.LL_FAILURE, &quot;authorize call: &quot; + e.toString());
+ * }
+ * </PRE>
+ *
* @param authToken the authToken associated with a user
* @param resource - the protected resource name
* @param operation - the protected resource operation name
* @exception EBaseException If an internal error occurred.
* @return authzToken
*/
- public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
- throws EAuthzInternalError, EAuthzAccessDenied {
+ public AuthzToken authorize(IAuthToken authToken, String resource,
+ String operation) throws EAuthzInternalError, EAuthzAccessDenied {
AuthzToken authzToken = new AuthzToken(this);
try {
@@ -228,45 +229,49 @@ public class DirAclAuthz extends AAclAuthz
// compose AuthzToken
authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource);
authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation);
- authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS, AuthzToken.AUTHZ_STATUS_SUCCESS);
+ authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS,
+ AuthzToken.AUTHZ_STATUS_SUCCESS);
CMS.debug("DirAclAuthz: authorization passed");
} catch (EACLsException e) {
- // audit here later
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
- String params[] = {resource, operation};
+ // audit here later
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
+ String params[] = { resource, operation };
- throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
+ throw new EAuthzAccessDenied(CMS.getUserMessage(
+ "CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
}
-
+
return authzToken;
}
public AuthzToken authorize(IAuthToken authToken, String expression)
- throws EAuthzAccessDenied {
+ throws EAuthzAccessDenied {
if (evaluateACLs(authToken, expression)) {
return (new AuthzToken(this));
} else {
- String params[] = {expression};
- throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
+ String params[] = { expression };
+ throw new EAuthzAccessDenied(CMS.getUserMessage(
+ "CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
}
}
/**
- * update acls. when memory update is done, flush to ldap.
+ * update acls. when memory update is done, flush to ldap.
* <p>
- * Currently, it is possible that when the memory is updated
- * successfully, and the ldap isn't, the memory upates lingers.
- * The result is that the changes will only be done on ldap at the
- * next update, or when the system shuts down, another flush will be
- * attempted.
+ * Currently, it is possible that when the memory is updated successfully,
+ * and the ldap isn't, the memory upates lingers. The result is that the
+ * changes will only be done on ldap at the next update, or when the system
+ * shuts down, another flush will be attempted.
+ *
* @param id is the resource id
* @param rights The allowable rights for this resource
- * @param strACLs has the same format as a resourceACLs entry acis
- * on the ldap server
+ * @param strACLs has the same format as a resourceACLs entry acis on the
+ * ldap server
* @param desc The description for this resource
*/
- public void updateACLs(String id, String rights, String strACLs,
- String desc) throws EACLsException {
+ public void updateACLs(String id, String rights, String strACLs, String desc)
+ throws EACLsException {
try {
super.updateACLs(id, rights, strACLs, desc);
flushResourceACLs();
@@ -276,9 +281,11 @@ public class DirAclAuthz extends AAclAuthz
needsFlush = true;
String errMsg = "updateACLs: failed to flushResourceACLs(): "
- + ex.toString();
+ + ex.toString();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES",
+ ex.toString()));
throw new EACLsException(CMS.getUserMessage("CMS_ACL_UPDATE_FAIL"));
}
@@ -334,7 +341,7 @@ public class DirAclAuthz extends AAclAuthz
}
/**
- * graceful shutdown
+ * graceful shutdown
*/
public void shutdown() {
if (needsFlush) {
@@ -343,20 +350,25 @@ public class DirAclAuthz extends AAclAuthz
flushResourceACLs();
} catch (EACLsException e) {
// flushing failed again...too bad
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_ERROR",
+ e.toString()));
}
}
try {
mLdapConnFactory.reset();
mLdapConnFactory = null;
- } catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_LDAP_ERROR", e.toString()));
+ } catch (ELdapException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("AUTHZ_EVALUATOR_LDAP_ERROR",
+ e.toString()));
}
}
/**
* Logs a message for this class in the system log file.
+ *
* @param level The log level.
* @param msg The message to log.
* @see com.netscape.certsrv.logging.ILogger
@@ -364,7 +376,7 @@ public class DirAclAuthz extends AAclAuthz
protected void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION, level,
+ msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
index 6fe802e7..5ca09320 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.util.Locale;
@@ -38,14 +37,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents a Authority Information Access CRL extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSAuthInfoAccessExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSAuthInfoAccessExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
public static final String PROP_NUM_ADS = "numberOfAccessDescriptions";
public static final String PROP_ACCESS_METHOD = "accessMethod";
public static final String PROP_ACCESS_LOCATION_TYPE = "accessLocationType";
@@ -61,8 +59,7 @@ public class CMSAuthInfoAccessExtension
public CMSAuthInfoAccessExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
AuthInfoAccessExtension authInfoAccessExt = (AuthInfoAccessExtension) ext;
authInfoAccessExt.setCritical(critical);
@@ -71,16 +68,19 @@ public class CMSAuthInfoAccessExtension
}
public Extension getCRLExtension(IConfigStore config, Object ip,
- boolean critical) {
+ boolean critical) {
ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
- AuthInfoAccessExtension authInfoAccessExt = new AuthInfoAccessExtension(critical);
+ AuthInfoAccessExtension authInfoAccessExt = new AuthInfoAccessExtension(
+ critical);
int numberOfAccessDescriptions = 0;
try {
numberOfAccessDescriptions = config.getInteger(PROP_NUM_ADS, 0);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS",
+ e.toString()));
}
if (numberOfAccessDescriptions > 0) {
@@ -94,54 +94,72 @@ public class CMSAuthInfoAccessExtension
try {
accessMethod = config.getString(PROP_ACCESS_METHOD + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_AIA_AD_AM_UNDEFINED", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID",
+ e.toString()));
}
- if (accessMethod != null && accessMethod.equals(PROP_ACCESS_METHOD_OCSP)) {
+ if (accessMethod != null
+ && accessMethod.equals(PROP_ACCESS_METHOD_OCSP)) {
method = AuthInfoAccessExtension.METHOD_OCSP;
}
try {
- accessLocationType = config.getString(PROP_ACCESS_LOCATION_TYPE + i);
+ accessLocationType = config
+ .getString(PROP_ACCESS_LOCATION_TYPE + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_AIA_AD_ALT_UNDEFINED", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_AIA_AD_ALT_INVALID", e.toString()));
}
try {
accessLocation = config.getString(PROP_ACCESS_LOCATION + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_DIST_POINT_INVALID", e.toString()));
}
- if (accessLocationType != null && accessLocation != null && accessLocation.length() > 0) {
+ if (accessLocationType != null && accessLocation != null
+ && accessLocation.length() > 0) {
if (accessLocationType.equalsIgnoreCase(PROP_DIRNAME)) {
try {
X500Name dirName = new X500Name(accessLocation);
- authInfoAccessExt.addAccessDescription(method, new GeneralName(dirName));
+ authInfoAccessExt.addAccessDescription(method,
+ new GeneralName(dirName));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_INVALID_500NAME", e.toString()));
}
- } else if (accessLocationType.equalsIgnoreCase(PROP_URINAME)) {
+ } else if (accessLocationType
+ .equalsIgnoreCase(PROP_URINAME)) {
URIName uriName = new URIName(accessLocation);
- authInfoAccessExt.addAccessDescription(method, new GeneralName(uriName));
+ authInfoAccessExt.addAccessDescription(method,
+ new GeneralName(uriName));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", accessLocation));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_INVALID_POTINT_TYPE", accessLocation));
}
} else {
accessLocationType = PROP_URINAME;
String hostname = CMS.getEENonSSLHost();
String port = CMS.getEENonSSLPort();
if (hostname != null && port != null) {
- accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN";
+ accessLocation = "http://" + hostname + ":" + port
+ + "/ca/ee/ca/getCAChain?op=downloadBIN";
}
URIName uriName = new URIName(accessLocation);
- authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName(uriName));
+ authInfoAccessExt.addAccessDescription(
+ AuthInfoAccessExtension.METHOD_CA_ISSUERS,
+ new GeneralName(uriName));
}
}
}
@@ -160,7 +178,9 @@ public class CMSAuthInfoAccessExtension
try {
numberOfAccessDescriptions = config.getInteger(PROP_NUM_ADS, 0);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS",
+ e.toString()));
}
nvp.add(PROP_NUM_ADS, String.valueOf(numberOfAccessDescriptions));
@@ -172,9 +192,13 @@ public class CMSAuthInfoAccessExtension
try {
accessMethod = config.getString(PROP_ACCESS_METHOD + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID",
+ e.toString()));
}
if (accessMethod != null && accessMethod.length() > 0) {
@@ -184,11 +208,16 @@ public class CMSAuthInfoAccessExtension
}
try {
- accessLocationType = config.getString(PROP_ACCESS_LOCATION_TYPE + i);
+ accessLocationType = config.getString(PROP_ACCESS_LOCATION_TYPE
+ + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_INVALID",
+ e.toString()));
}
if (accessLocationType != null && accessLocationType.length() > 0) {
@@ -200,9 +229,13 @@ public class CMSAuthInfoAccessExtension
try {
accessLocation = config.getString(PROP_ACCESS_LOCATION + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_INVALID",
+ e.toString()));
}
if (accessLocation != null && accessLocation.length() > 0) {
@@ -211,7 +244,8 @@ public class CMSAuthInfoAccessExtension
String hostname = CMS.getEENonSSLHost();
String port = CMS.getEENonSSLPort();
if (hostname != null && port != null) {
- accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN";
+ accessLocation = "http://" + hostname + ":" + port
+ + "/ca/ee/ca/getCAChain?op=downloadBIN";
}
nvp.add(PROP_ACCESS_LOCATION + i, accessLocation);
}
@@ -223,40 +257,42 @@ public class CMSAuthInfoAccessExtension
"enable;boolean;Check to enable Authority Information Access extension.",
"critical;boolean;Set criticality for Authority Information Access extension.",
PROP_NUM_ADS + ";number;Set number of Access Descriptions.",
- PROP_ACCESS_METHOD + "0;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
- PROP_ACCESS_METHOD_OCSP +");Select access description method.",
- PROP_ACCESS_LOCATION_TYPE + "0;choice(" + PROP_URINAME + "," +
- PROP_DIRNAME + ");Select access location type.",
- PROP_ACCESS_LOCATION + "0;string;Enter access location " +
- "corresponding to the selected access location type.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-authorityinformationaccess",
- PROP_ACCESS_METHOD + "1;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
- PROP_ACCESS_METHOD_OCSP +");Select access description method.",
- PROP_ACCESS_LOCATION_TYPE + "1;choice(" + PROP_URINAME + "," +
- PROP_DIRNAME + ");Select access location type.",
- PROP_ACCESS_LOCATION + "1;string;Enter access location " +
- "corresponding to the selected access location type.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-authorityinformationaccess",
- PROP_ACCESS_METHOD + "2;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
- PROP_ACCESS_METHOD_OCSP +");Select access description method.",
- PROP_ACCESS_LOCATION_TYPE + "2;choice(" + PROP_URINAME + "," +
- PROP_DIRNAME + ");Select access location type.",
- PROP_ACCESS_LOCATION + "2;string;Enter access location " +
- "corresponding to the selected access location type.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-authorityinformationaccess",
- IExtendedPluginInfo.HELP_TEXT +
- ";The Freshest CRL is a non critical CRL extension " +
- "that identifies the delta CRL distribution points for a particular CRL."
- };
+ PROP_ACCESS_METHOD + "0;choice(" + PROP_ACCESS_METHOD_CAISSUERS
+ + "," + PROP_ACCESS_METHOD_OCSP
+ + ");Select access description method.",
+ PROP_ACCESS_LOCATION_TYPE + "0;choice(" + PROP_URINAME + ","
+ + PROP_DIRNAME + ");Select access location type.",
+ PROP_ACCESS_LOCATION + "0;string;Enter access location "
+ + "corresponding to the selected access location type.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-authorityinformationaccess",
+ PROP_ACCESS_METHOD + "1;choice(" + PROP_ACCESS_METHOD_CAISSUERS
+ + "," + PROP_ACCESS_METHOD_OCSP
+ + ");Select access description method.",
+ PROP_ACCESS_LOCATION_TYPE + "1;choice(" + PROP_URINAME + ","
+ + PROP_DIRNAME + ");Select access location type.",
+ PROP_ACCESS_LOCATION + "1;string;Enter access location "
+ + "corresponding to the selected access location type.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-authorityinformationaccess",
+ PROP_ACCESS_METHOD + "2;choice(" + PROP_ACCESS_METHOD_CAISSUERS
+ + "," + PROP_ACCESS_METHOD_OCSP
+ + ");Select access description method.",
+ PROP_ACCESS_LOCATION_TYPE + "2;choice(" + PROP_URINAME + ","
+ + PROP_DIRNAME + ");Select access location type.",
+ PROP_ACCESS_LOCATION + "2;string;Enter access location "
+ + "corresponding to the selected access location type.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-authorityinformationaccess",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The Freshest CRL is a non critical CRL extension "
+ + "that identifies the delta CRL distribution points for a particular CRL." };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSAuthInfoAccessExtension - " + msg);
+ "CMSAuthInfoAccessExtension - " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
index 4cdb0bdc..494de799 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
@@ -43,43 +42,42 @@ import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents an authority key identifier extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSAuthorityKeyIdentifierExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSAuthorityKeyIdentifierExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
private ILogger mLogger = CMS.getLogger();
public CMSAuthorityKeyIdentifierExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
AuthorityKeyIdentifierExtension authKeyIdExt = null;
KeyIdentifier keyId = null;
GeneralNames names = null;
SerialNumber sn = null;
try {
- keyId = (KeyIdentifier) ((AuthorityKeyIdentifierExtension) ext).get(
- AuthorityKeyIdentifierExtension.KEY_ID);
- names = (GeneralNames) ((AuthorityKeyIdentifierExtension) ext).get(
- AuthorityKeyIdentifierExtension.AUTH_NAME);
- sn = (SerialNumber) ((AuthorityKeyIdentifierExtension) ext).get(
- AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
- authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId, names, sn);
+ keyId = (KeyIdentifier) ((AuthorityKeyIdentifierExtension) ext)
+ .get(AuthorityKeyIdentifierExtension.KEY_ID);
+ names = (GeneralNames) ((AuthorityKeyIdentifierExtension) ext)
+ .get(AuthorityKeyIdentifierExtension.AUTH_NAME);
+ sn = (SerialNumber) ((AuthorityKeyIdentifierExtension) ext)
+ .get(AuthorityKeyIdentifierExtension.SERIAL_NUMBER);
+ authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId,
+ names, sn);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString()));
}
return authKeyIdExt;
}
- public Extension getCRLExtension(IConfigStore config,
- Object ip,
- boolean critical) {
+ public Extension getCRLExtension(IConfigStore config, Object ip,
+ boolean critical) {
AuthorityKeyIdentifierExtension authKeyIdExt = null;
ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
@@ -87,48 +85,58 @@ public class CMSAuthorityKeyIdentifierExtension
KeyIdentifier keyId = null;
try {
- X509CertInfo info = (X509CertInfo)
- ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get(
+ X509CertInfo info = (X509CertInfo) ((ICertificateAuthority) crlIssuingPoint
+ .getCertificateAuthority()).getCACert().get(
X509CertImpl.NAME + "." + X509CertImpl.INFO);
if (info != null) {
- CertificateExtensions caCertExtensions = (CertificateExtensions)
- info.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions caCertExtensions = (CertificateExtensions) info
+ .get(X509CertInfo.EXTENSIONS);
if (caCertExtensions != null) {
for (int i = 0; i < caCertExtensions.size(); i++) {
- Extension caCertExt = (Extension) caCertExtensions.elementAt(i);
+ Extension caCertExt = (Extension) caCertExtensions
+ .elementAt(i);
if (caCertExt instanceof SubjectKeyIdentifierExtension) {
- SubjectKeyIdentifierExtension id =
- (SubjectKeyIdentifierExtension) caCertExt;
+ SubjectKeyIdentifierExtension id = (SubjectKeyIdentifierExtension) caCertExt;
- keyId = (KeyIdentifier)
- id.get(SubjectKeyIdentifierExtension.KEY_ID);
+ keyId = (KeyIdentifier) id
+ .get(SubjectKeyIdentifierExtension.KEY_ID);
}
}
}
}
} catch (CertificateParsingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CERT_PARSING_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CERT_PARSING_ERROR",
+ e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CERT_CERT_EXCEPTION", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CERT_CERT_EXCEPTION",
+ e.toString()));
}
if (keyId != null) {
- authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId, null, null);
+ authKeyIdExt = new AuthorityKeyIdentifierExtension(critical,
+ keyId, null, null);
} else {
GeneralNames gNames = new GeneralNames();
- gNames.addElement(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getX500Name());
+ gNames.addElement(((ICertificateAuthority) crlIssuingPoint
+ .getCertificateAuthority()).getX500Name());
- authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, null, gNames,
- new SerialNumber(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().getSerialNumber()));
+ authKeyIdExt = new AuthorityKeyIdentifierExtension(critical,
+ null, gNames, new SerialNumber(
+ ((ICertificateAuthority) crlIssuingPoint
+ .getCertificateAuthority()).getCACert()
+ .getSerialNumber()));
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString()));
}
return authKeyIdExt;
@@ -143,23 +151,22 @@ public class CMSAuthorityKeyIdentifierExtension
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- //"type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+
- //"This field is not editable.",
+ // "type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+
+ // "This field is not editable.",
"enable;boolean;Check to enable Authority Key Identifier CRL extension.",
"critical;boolean;Set criticality for Authority Key Identifier CRL extension.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-authoritykeyidentifier",
- IExtendedPluginInfo.HELP_TEXT +
- ";The authority key identifier extension provides a means " +
- "of identifying the public key corresponding to the private " +
- "key used to sign a CRL."
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-authoritykeyidentifier",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The authority key identifier extension provides a means "
+ + "of identifying the public key corresponding to the private "
+ + "key used to sign a CRL." };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSAuthorityKeyIdentifierExtension - " + msg);
+ "CMSAuthorityKeyIdentifierExtension - " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
index e4bb4cb6..c7c7af71 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -34,46 +33,45 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents a CRL number extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSCRLNumberExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSCRLNumberExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
private ILogger mLogger = CMS.getLogger();
public CMSCRLNumberExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
BigInteger crlNumber = null;
CRLNumberExtension crlNumberExt = null;
try {
- crlNumber = (BigInteger)
- ((CRLNumberExtension) ext).get(CRLNumberExtension.NUMBER);
+ crlNumber = (BigInteger) ((CRLNumberExtension) ext)
+ .get(CRLNumberExtension.NUMBER);
crlNumberExt = new CRLNumberExtension(Boolean.valueOf(critical),
- crlNumber);
+ crlNumber);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CRL_NUMBER_EXT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_CRL_NUMBER_EXT", e.toString()));
}
return crlNumberExt;
}
- public Extension getCRLExtension(IConfigStore config,
- Object ip,
- boolean critical) {
+ public Extension getCRLExtension(IConfigStore config, Object ip,
+ boolean critical) {
CRLNumberExtension crlNumberExt = null;
ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
try {
crlNumberExt = new CRLNumberExtension(Boolean.valueOf(critical),
- crlIssuingPoint.getNextCRLNumber());
+ crlIssuingPoint.getNextCRLNumber());
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CRL_NUMBER_EXT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_CRL_NUMBER_EXT", e.toString()));
}
return crlNumberExt;
}
@@ -87,23 +85,22 @@ public class CMSCRLNumberExtension
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- //"type;choice(CRLExtension,CRLEntryExtension);"+
- //"CRL Extension type. This field is not editable.",
+ // "type;choice(CRLExtension,CRLEntryExtension);"+
+ // "CRL Extension type. This field is not editable.",
"enable;boolean;Check to enable CRL Number extension.",
"critical;boolean;Set criticality for CRL Number extension.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-crlnumber",
- IExtendedPluginInfo.HELP_TEXT +
- ";The CRL number is a non-critical CRL extension " +
- "which conveys a monotonically increasing sequence number " +
- "for each CRL issued by a CA"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-crlnumber",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The CRL number is a non-critical CRL extension "
+ + "which conveys a monotonically increasing sequence number "
+ + "for each CRL issued by a CA" };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSCRLNumberExtension - " + msg);
+ "CMSCRLNumberExtension - " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
index 245428a6..0471af42 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.util.Locale;
@@ -33,36 +32,36 @@ import com.netscape.certsrv.ca.ICMSCRLExtension;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents a CRL reason extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSCRLReasonExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSCRLReasonExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
private ILogger mLogger = CMS.getLogger();
public CMSCRLReasonExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
RevocationReason reason = null;
CRLReasonExtension crlReasonExt = null;
try {
- reason = (RevocationReason) ((CRLReasonExtension) ext).get(CRLReasonExtension.REASON);
- crlReasonExt = new CRLReasonExtension(Boolean.valueOf(critical), reason);
+ reason = (RevocationReason) ((CRLReasonExtension) ext)
+ .get(CRLReasonExtension.REASON);
+ crlReasonExt = new CRLReasonExtension(Boolean.valueOf(critical),
+ reason);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CRL_REASON_EXT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_CRL_REASON_EXT", e.toString()));
}
return crlReasonExt;
}
public Extension getCRLExtension(IConfigStore config,
- Object crlIssuingPoint,
- boolean critical) {
+ Object crlIssuingPoint, boolean critical) {
CRLReasonExtension crlReasonExt = null;
return crlReasonExt;
@@ -77,22 +76,21 @@ public class CMSCRLReasonExtension
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- //"type;choice(CRLExtension,CRLEntryExtension);"+
- //"CRL Entry Extension type. This field is not editable.",
+ // "type;choice(CRLExtension,CRLEntryExtension);"+
+ // "CRL Entry Extension type. This field is not editable.",
"enable;boolean;Check to enable reason code CRL entry extension.",
"critical;boolean;Set criticality for reason code CRL entry extension.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-crlreason",
- IExtendedPluginInfo.HELP_TEXT +
- ";The CRL reason code is a non-critical CRL entry extension " +
- "that identifies the reason for the certificate revocation."
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-crlreason",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The CRL reason code is a non-critical CRL entry extension "
+ + "that identifies the reason for the certificate revocation." };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSCRLReasonExtension - " + msg);
+ "CMSCRLReasonExtension - " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
index 601e15d2..0e912139 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.util.Locale;
@@ -40,35 +39,35 @@ import com.netscape.certsrv.logging.ILogger;
/**
* This represents a certificate issuer extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSCertificateIssuerExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSCertificateIssuerExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
private ILogger mLogger = CMS.getLogger();
public CMSCertificateIssuerExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
CertificateIssuerExtension certIssuerExt = null;
GeneralNames names = null;
try {
- names = (GeneralNames) ((CertificateIssuerExtension) ext).get(
- CertificateIssuerExtension.CERTIFICATE_ISSUER);
- certIssuerExt = new CertificateIssuerExtension(Boolean.valueOf(critical),
- names);
+ names = (GeneralNames) ((CertificateIssuerExtension) ext)
+ .get(CertificateIssuerExtension.CERTIFICATE_ISSUER);
+ certIssuerExt = new CertificateIssuerExtension(
+ Boolean.valueOf(critical), names);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CERT_ISSUER_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_CERT_ISSUER_EXT",
+ e.toString()));
}
return certIssuerExt;
}
- public Extension getCRLExtension(IConfigStore config,
- Object ip,
- boolean critical) {
+ public Extension getCRLExtension(IConfigStore config, Object ip,
+ boolean critical) {
CertificateIssuerExtension certIssuerExt = null;
int numNames = 0;
@@ -77,7 +76,9 @@ public class CMSCertificateIssuerExtension
try {
numNames = config.getInteger("numNames", 0);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_NUM_NAMES", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_INVALID_NUM_NAMES",
+ e.toString()));
}
if (numNames > 0) {
GeneralNames names = new GeneralNames();
@@ -88,9 +89,13 @@ public class CMSCertificateIssuerExtension
try {
nameType = config.getString("nameType" + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i),
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_INVALID_TYPE", Integer.toString(i),
+ e.toString()));
}
if (nameType != null) {
@@ -99,9 +104,13 @@ public class CMSCertificateIssuerExtension
try {
name = config.getString("name" + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_UNDEFINED_TYPE",
+ Integer.toString(i), e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_INVALID_TYPE", Integer.toString(i),
+ e.toString()));
}
if (name != null && name.length() > 0) {
@@ -111,14 +120,17 @@ public class CMSCertificateIssuerExtension
names.addElement(dirName);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_INVALID_500NAME",
+ e.toString()));
}
} else if (nameType.equalsIgnoreCase("URI")) {
URIName uriName = new URIName(name);
names.addElement(uriName);
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_NAME_TYPE", nameType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_INVALID_NAME_TYPE", nameType));
}
}
}
@@ -127,9 +139,11 @@ public class CMSCertificateIssuerExtension
if (names.size() > 0) {
try {
certIssuerExt = new CertificateIssuerExtension(
- Boolean.valueOf(critical), names);
+ Boolean.valueOf(critical), names);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CERT_ISSUER_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_CERT_ISSUER_EXT",
+ e.toString()));
}
}
}
@@ -147,7 +161,9 @@ public class CMSCertificateIssuerExtension
try {
numNames = config.getInteger("numNames", 0);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_NUM_NAMES", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_INVALID_NUM_NAMES",
+ e.toString()));
}
nvp.add("numNames", String.valueOf(numNames));
@@ -157,9 +173,13 @@ public class CMSCertificateIssuerExtension
try {
nameType = config.getString("nameType" + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE",
+ Integer.toString(i), e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_INVALID_TYPE",
+ Integer.toString(i), e.toString()));
}
if (nameType != null && nameType.length() > 0) {
@@ -173,9 +193,13 @@ public class CMSCertificateIssuerExtension
try {
name = config.getString("name" + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE",
+ Integer.toString(i), e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_INVALID_TYPE",
+ Integer.toString(i), e.toString()));
}
if (name != null && name.length() > 0) {
@@ -195,8 +219,8 @@ public class CMSCertificateIssuerExtension
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- //"type;choice(CRLExtension,CRLEntryExtension);CRL Entry Extension type."+
- //" This field is not editable.",
+ // "type;choice(CRLExtension,CRLEntryExtension);CRL Entry Extension type."+
+ // " This field is not editable.",
"enable;boolean;Check to enable Certificate Issuer CRL entry extension.",
"critical;boolean;Set criticality for Certificate Issuer CRL entry extension.",
"numNames;number;Set number of certificate issuer names for the CRL entry.",
@@ -206,12 +230,11 @@ public class CMSCertificateIssuerExtension
"name1;string;Enter Certificate Issuer name corresponding to the selected name type.",
"nameType2;choice(DirectoryName,URI);Select Certificate Issuer name type.",
"name2;string;Enter Certificate Issuer name corresponding to the selected name type.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-certificateissuer",
- IExtendedPluginInfo.HELP_TEXT +
- ";This CRL entry extension identifies the certificate issuer" +
- " associated with an entry in an indirect CRL."
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-certificateissuer",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This CRL entry extension identifies the certificate issuer"
+ + " associated with an entry in an indirect CRL." };
return params;
}
@@ -219,4 +242,4 @@ public class CMSCertificateIssuerExtension
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
index 35d21e5c..7808e58e 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -34,48 +33,45 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents a delta CRL indicator extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSDeltaCRLIndicatorExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSDeltaCRLIndicatorExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
private ILogger mLogger = CMS.getLogger();
public CMSDeltaCRLIndicatorExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
BigInteger baseCRLNumber = null;
DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null;
try {
- baseCRLNumber = (BigInteger)
- ((DeltaCRLIndicatorExtension) ext).get(DeltaCRLIndicatorExtension.NUMBER);
+ baseCRLNumber = (BigInteger) ((DeltaCRLIndicatorExtension) ext)
+ .get(DeltaCRLIndicatorExtension.NUMBER);
deltaCRLIndicatorExt = new DeltaCRLIndicatorExtension(
- Boolean.valueOf(critical),
- baseCRLNumber);
+ Boolean.valueOf(critical), baseCRLNumber);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DELTA_CRL_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DELTA_CRL_EXT", e.toString()));
}
return deltaCRLIndicatorExt;
}
- public Extension getCRLExtension(IConfigStore config,
- Object ip,
- boolean critical) {
+ public Extension getCRLExtension(IConfigStore config, Object ip,
+ boolean critical) {
DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null;
ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
try {
deltaCRLIndicatorExt = new DeltaCRLIndicatorExtension(
- Boolean.valueOf(critical),
- crlIssuingPoint.getCRLNumber());
+ Boolean.valueOf(critical), crlIssuingPoint.getCRLNumber());
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DELTA_CRL_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DELTA_CRL_EXT", e.toString()));
}
return deltaCRLIndicatorExt;
}
@@ -89,23 +85,21 @@ public class CMSDeltaCRLIndicatorExtension
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- //"type;choice(CRLExtension,CRLEntryExtension);"+
- //"CRL Extension type. This field is not editable.",
+ // "type;choice(CRLExtension,CRLEntryExtension);"+
+ // "CRL Extension type. This field is not editable.",
"enable;boolean;Check to enable Delta CRL Indicator extension.",
"critical;boolean;Set criticality for Delta CRL Indicator extension.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-crlnumber",
- IExtendedPluginInfo.HELP_TEXT +
- ";The Delta CRL Indicator is a critical CRL extension " +
- "which identifies a delta-CRL."
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-crlnumber",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The Delta CRL Indicator is a critical CRL extension "
+ + "which identifies a delta-CRL." };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSDeltaCRLIndicatorExtension - " + msg);
+ "CMSDeltaCRLIndicatorExtension - " + msg);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
index 86bdd05e..edc9a2c8 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.util.Locale;
@@ -40,14 +39,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents a freshest CRL extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSFreshestCRLExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSFreshestCRLExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
public static final String PROP_NUM_POINTS = "numPoints";
public static final String PROP_POINTTYPE = "pointType";
public static final String PROP_POINTNAME = "pointName";
@@ -59,8 +57,7 @@ public class CMSFreshestCRLExtension
public CMSFreshestCRLExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
FreshestCRLExtension freshestCRLExt = (FreshestCRLExtension) ext;
freshestCRLExt.setCritical(critical);
@@ -69,7 +66,7 @@ public class CMSFreshestCRLExtension
}
public Extension getCRLExtension(IConfigStore config, Object ip,
- boolean critical) {
+ boolean critical) {
ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
FreshestCRLExtension freshestCRLExt = null;
@@ -78,7 +75,9 @@ public class CMSFreshestCRLExtension
try {
numPoints = config.getInteger("numPoints", 0);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_NUM_NAMES", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_NUM_NAMES",
+ e.toString()));
}
if (numPoints > 0) {
@@ -91,9 +90,11 @@ public class CMSFreshestCRLExtension
try {
pointType = config.getString(PROP_POINTTYPE + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_DIST_POINT_INVALID", e.toString()));
}
if (pointType != null) {
@@ -102,9 +103,13 @@ public class CMSFreshestCRLExtension
try {
pointName = config.getString(PROP_POINTNAME + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "CRL_CREATE_DIST_POINT_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_DIST_POINT_INVALID", e.toString()));
}
if (pointName != null && pointName.length() > 0) {
@@ -114,14 +119,17 @@ public class CMSFreshestCRLExtension
names.addElement(dirName);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_INVALID_500NAME",
+ e.toString()));
}
} else if (pointType.equalsIgnoreCase(PROP_URINAME)) {
URIName uriName = new URIName(pointName);
names.addElement(uriName);
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", pointType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_INVALID_POTINT_TYPE", pointType));
}
}
}
@@ -130,9 +138,13 @@ public class CMSFreshestCRLExtension
try {
crlDP.setFullName(names);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CANNOT_SET_NAME",
+ e.toString()));
} catch (GeneralNamesException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CANNOT_SET_NAME",
+ e.toString()));
}
}
@@ -158,8 +170,8 @@ public class CMSFreshestCRLExtension
try {
numPoints = config.getInteger(PROP_NUM_POINTS, 0);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, "Invalid numPoints property for CRL " +
- "Freshest CRL extension - " + e);
+ log(ILogger.LL_FAILURE, "Invalid numPoints property for CRL "
+ + "Freshest CRL extension - " + e);
}
nvp.add(PROP_NUM_POINTS, String.valueOf(numPoints));
@@ -169,9 +181,13 @@ public class CMSFreshestCRLExtension
try {
pointType = config.getString(PROP_POINTTYPE + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID",
+ e.toString()));
}
if (pointType != null && pointType.length() > 0) {
@@ -185,9 +201,13 @@ public class CMSFreshestCRLExtension
try {
pointName = config.getString(PROP_POINTNAME + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID",
+ e.toString()));
}
if (pointName != null && pointName.length() > 0) {
@@ -202,35 +222,38 @@ public class CMSFreshestCRLExtension
String[] params = {
"enable;boolean;Check to enable Freshest CRL extension.",
"critical;boolean;Set criticality for Freshest CRL extension.",
- PROP_NUM_POINTS + ";number;Set number of CRL distribution points.",
- PROP_POINTTYPE + "0;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
- ");Select CRL distribution point name type.",
- PROP_POINTNAME + "0;string;Enter CRL distribution point name " +
- "corresponding to the selected point type.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-issuingdistributionpoint",
- PROP_POINTTYPE + "1;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
- ");Select CRL distribution point name type.",
- PROP_POINTNAME + "1;string;Enter CRL distribution point name " +
- "corresponding to the selected point type.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-issuingdistributionpoint",
- PROP_POINTTYPE + "2;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
- ");Select CRL distribution point name type.",
- PROP_POINTNAME + "2;string;Enter CRL distribution point name " +
- "corresponding to the selected point type.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-issuingdistributionpoint",
- IExtendedPluginInfo.HELP_TEXT +
- ";The Freshest CRL is a non critical CRL extension " +
- "that identifies the delta CRL distribution points for a particular CRL."
- };
+ PROP_NUM_POINTS
+ + ";number;Set number of CRL distribution points.",
+ PROP_POINTTYPE + "0;choice(" + PROP_DIRNAME + ","
+ + PROP_URINAME
+ + ");Select CRL distribution point name type.",
+ PROP_POINTNAME + "0;string;Enter CRL distribution point name "
+ + "corresponding to the selected point type.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+ PROP_POINTTYPE + "1;choice(" + PROP_DIRNAME + ","
+ + PROP_URINAME
+ + ");Select CRL distribution point name type.",
+ PROP_POINTNAME + "1;string;Enter CRL distribution point name "
+ + "corresponding to the selected point type.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+ PROP_POINTTYPE + "2;choice(" + PROP_DIRNAME + ","
+ + PROP_URINAME
+ + ");Select CRL distribution point name type.",
+ PROP_POINTNAME + "2;string;Enter CRL distribution point name "
+ + "corresponding to the selected point type.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The Freshest CRL is a non critical CRL extension "
+ + "that identifies the delta CRL distribution points for a particular CRL." };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSFreshestCRLExtension - " + msg);
+ "CMSFreshestCRLExtension - " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
index e0e39b8a..4d76625d 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.util.Locale;
@@ -36,14 +35,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents a hold instruction extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSHoldInstructionExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSHoldInstructionExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
public static final String PROP_INSTR = "instruction";
public static final String PROP_INSTR_NONE = "none";
public static final String PROP_INSTR_CALLISSUER = "callissuer";
@@ -54,25 +52,24 @@ public class CMSHoldInstructionExtension
public CMSHoldInstructionExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
HoldInstructionExtension holdInstrExt = null;
try {
- ObjectIdentifier holdInstr =
- ((HoldInstructionExtension) ext).getHoldInstructionCode();
+ ObjectIdentifier holdInstr = ((HoldInstructionExtension) ext)
+ .getHoldInstructionCode();
- holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical),
- holdInstr);
+ holdInstrExt = new HoldInstructionExtension(
+ Boolean.valueOf(critical), holdInstr);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INSTR_EXT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_HOLD_INSTR_EXT", e.toString()));
}
return holdInstrExt;
}
- public Extension getCRLExtension(IConfigStore config,
- Object ip,
- boolean critical) {
+ public Extension getCRLExtension(IConfigStore config, Object ip,
+ boolean critical) {
HoldInstructionExtension holdInstrExt = null;
String instruction = null;
@@ -81,9 +78,11 @@ public class CMSHoldInstructionExtension
try {
instruction = config.getString(PROP_INSTR);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_HOLD_UNDEFINED", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_HOLD_INVALID", e.toString()));
}
ObjectIdentifier holdInstr = HoldInstructionExtension.NONE_HOLD_INSTR_OID;
@@ -96,10 +95,11 @@ public class CMSHoldInstructionExtension
}
}
try {
- holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical),
- holdInstr);
+ holdInstrExt = new HoldInstructionExtension(
+ Boolean.valueOf(critical), holdInstr);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INSTR_EXT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_HOLD_INSTR_EXT", e.toString()));
}
return holdInstrExt;
@@ -115,14 +115,16 @@ public class CMSHoldInstructionExtension
try {
instruction = config.getString(PROP_INSTR);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_HOLD_UNDEFINED", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_HOLD_INVALID", e.toString()));
}
if (instruction != null) {
- if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE) ||
- instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) ||
- instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) {
+ if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE)
+ || instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || instruction
+ .equalsIgnoreCase(PROP_INSTR_REJECT))) {
instruction = PROP_INSTR_NONE;
}
} else {
@@ -133,26 +135,26 @@ public class CMSHoldInstructionExtension
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- //"type;choice(CRLExtension,CRLEntryExtension);"+
- //"CRL Entry Extension type. This field is not editable.",
+ // "type;choice(CRLExtension,CRLEntryExtension);"+
+ // "CRL Entry Extension type. This field is not editable.",
"enable;boolean;Check to enable Hold Instruction CRL entry extension.",
"critical;boolean;Set criticality for Hold Instruction CRL entry extension.",
- PROP_INSTR + ";choice(" + PROP_INSTR_NONE + "," + PROP_INSTR_CALLISSUER + "," +
- PROP_INSTR_REJECT + ");Select hold instruction code.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-holdinstruction",
- IExtendedPluginInfo.HELP_TEXT +
- ";The hold instruction code is a non-critical CRL entry " +
- "extension that provides a registered instruction identifier " +
- "which indicates the action to be taken after encountering " +
- "a certificate that has been placed on hold."
- };
+ PROP_INSTR + ";choice(" + PROP_INSTR_NONE + ","
+ + PROP_INSTR_CALLISSUER + "," + PROP_INSTR_REJECT
+ + ");Select hold instruction code.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-holdinstruction",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The hold instruction code is a non-critical CRL entry "
+ + "extension that provides a registered instruction identifier "
+ + "which indicates the action to be taken after encountering "
+ + "a certificate that has been placed on hold." };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSHoldInstructionExtension - " + msg);
+ "CMSHoldInstructionExtension - " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
index c0c62244..f296cf31 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.util.Date;
import java.util.Locale;
@@ -33,37 +32,37 @@ import com.netscape.certsrv.ca.ICMSCRLExtension;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents a invalidity date extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSInvalidityDateExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSInvalidityDateExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
private ILogger mLogger = CMS.getLogger();
public CMSInvalidityDateExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
InvalidityDateExtension invalidityDateExt = null;
try {
- Date invalidityDate = ((InvalidityDateExtension) ext).getInvalidityDate();
+ Date invalidityDate = ((InvalidityDateExtension) ext)
+ .getInvalidityDate();
- invalidityDateExt = new InvalidityDateExtension(Boolean.valueOf(critical),
- invalidityDate);
+ invalidityDateExt = new InvalidityDateExtension(
+ Boolean.valueOf(critical), invalidityDate);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALIDITY_DATE_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_INVALIDITY_DATE_EXT",
+ e.toString()));
}
return invalidityDateExt;
}
public Extension getCRLExtension(IConfigStore config,
- Object crlIssuingPoint,
- boolean critical) {
+ Object crlIssuingPoint, boolean critical) {
InvalidityDateExtension invalidityDateExt = null;
return invalidityDateExt;
@@ -78,24 +77,23 @@ public class CMSInvalidityDateExtension
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- //"type;choice(CRLExtension,CRLEntryExtension);"+
- //"CRL Entry Extension type. This field is not editable.",
+ // "type;choice(CRLExtension,CRLEntryExtension);"+
+ // "CRL Entry Extension type. This field is not editable.",
"enable;boolean;Check to enable Invalidity Date CRL entry extension.",
"critical;boolean;Set criticality for Invalidity Date CRL entry extension.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-invaliditydate",
- IExtendedPluginInfo.HELP_TEXT +
- ";The invalidity date is a non-critical CRL entry extension " +
- "that provides the date on which it is known or suspected " +
- "that the private key was compromised or that the certificate" +
- " otherwise became invalid."
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-invaliditydate",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The invalidity date is a non-critical CRL entry extension "
+ + "that provides the date on which it is known or suspected "
+ + "that the private key was compromised or that the certificate"
+ + " otherwise became invalid." };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSInvalidityDateExtension - " + msg);
+ "CMSInvalidityDateExtension - " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
index 9ca9d5d2..43a9f41d 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.Locale;
@@ -47,14 +46,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents a issuer alternative name extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSIssuerAlternativeNameExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSIssuerAlternativeNameExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
private static final String PROP_RFC822_NAME = "rfc822Name";
private static final String PROP_DNS_NAME = "dNSName";
private static final String PROP_DIR_NAME = "directoryName";
@@ -69,23 +67,25 @@ public class CMSIssuerAlternativeNameExtension
public CMSIssuerAlternativeNameExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
IssuerAlternativeNameExtension issuerAltNameExt = null;
GeneralNames names = null;
try {
- names = (GeneralNames) ((IssuerAlternativeNameExtension) ext).get(IssuerAlternativeNameExtension.ISSUER_NAME);
- issuerAltNameExt = new IssuerAlternativeNameExtension(Boolean.valueOf(critical), names);
+ names = (GeneralNames) ((IssuerAlternativeNameExtension) ext)
+ .get(IssuerAlternativeNameExtension.ISSUER_NAME);
+ issuerAltNameExt = new IssuerAlternativeNameExtension(
+ Boolean.valueOf(critical), names);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT",
+ e.toString()));
}
return issuerAltNameExt;
}
- public Extension getCRLExtension(IConfigStore config,
- Object ip,
- boolean critical) {
+ public Extension getCRLExtension(IConfigStore config, Object ip,
+ boolean critical) {
ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
IssuerAlternativeNameExtension issuerAltNameExt = null;
int numNames = 0;
@@ -93,7 +93,9 @@ public class CMSIssuerAlternativeNameExtension
try {
numNames = config.getInteger("numNames", 0);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_NUM_NAMES", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_NUM_NAMES",
+ e.toString()));
}
if (numNames > 0) {
GeneralNames names = new GeneralNames();
@@ -104,9 +106,13 @@ public class CMSIssuerAlternativeNameExtension
try {
nameType = config.getString("nameType" + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_ISSUER_UNDEFINED_TYPE",
+ Integer.toString(i), e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_ISSUER_INVALID_TYPE",
+ Integer.toString(i), e.toString()));
}
if (nameType != null && nameType.length() > 0) {
@@ -115,9 +121,13 @@ public class CMSIssuerAlternativeNameExtension
try {
name = config.getString("name" + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_ISSUER_UNDEFINED_TYPE",
+ Integer.toString(i), e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_ISSUER_INVALID_TYPE",
+ Integer.toString(i), e.toString()));
}
if (name != null && name.length() > 0) {
@@ -127,7 +137,9 @@ public class CMSIssuerAlternativeNameExtension
names.addElement(dirName);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_INVALID_500NAME",
+ e.toString()));
}
} else if (nameType.equalsIgnoreCase(PROP_RFC822_NAME)) {
RFC822Name rfc822Name = new RFC822Name(name);
@@ -157,16 +169,22 @@ public class CMSIssuerAlternativeNameExtension
} else if (nameType.equalsIgnoreCase(PROP_OTHER_NAME)) {
try {
- byte[] val = com.netscape.osutil.OSUtil.AtoB(name);
- DerValue derVal = new DerValue(new ByteArrayInputStream(val));
- GeneralName generalName = new GeneralName(derVal);
+ byte[] val = com.netscape.osutil.OSUtil
+ .AtoB(name);
+ DerValue derVal = new DerValue(
+ new ByteArrayInputStream(val));
+ GeneralName generalName = new GeneralName(
+ derVal);
names.addElement(generalName);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_OTHER_NAME", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_INVALID_OTHER_NAME", e.toString()));
}
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", nameType, ""));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_ISSUER_INVALID_TYPE", nameType,
+ ""));
}
}
}
@@ -175,9 +193,10 @@ public class CMSIssuerAlternativeNameExtension
if (names.size() > 0) {
try {
issuerAltNameExt = new IssuerAlternativeNameExtension(
- Boolean.valueOf(critical), names);
+ Boolean.valueOf(critical), names);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
}
}
}
@@ -195,8 +214,8 @@ public class CMSIssuerAlternativeNameExtension
try {
numNames = config.getInteger("numNames", 0);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, "Invalid numNames property for CRL " +
- "IssuerAlternativeName extension - " + e);
+ log(ILogger.LL_FAILURE, "Invalid numNames property for CRL "
+ + "IssuerAlternativeName extension - " + e);
}
nvp.add("numNames", String.valueOf(numNames));
@@ -206,11 +225,13 @@ public class CMSIssuerAlternativeNameExtension
try {
nameType = config.getString("nameType" + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, "Undefined nameType" + i + " property for " +
- "CRL IssuerAlternativeName extension - " + e);
+ log(ILogger.LL_FAILURE, "Undefined nameType" + i
+ + " property for "
+ + "CRL IssuerAlternativeName extension - " + e);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, "Invalid nameType" + i + " property for " +
- "CRL IssuerAlternativeName extension - " + e);
+ log(ILogger.LL_FAILURE, "Invalid nameType" + i
+ + " property for "
+ + "CRL IssuerAlternativeName extension - " + e);
}
if (nameType != null && nameType.length() > 0) {
@@ -224,11 +245,11 @@ public class CMSIssuerAlternativeNameExtension
try {
name = config.getString("name" + i);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, "Undefined name" + i + " property for " +
- "CRL IssuerAlternativeName extension - " + e);
+ log(ILogger.LL_FAILURE, "Undefined name" + i + " property for "
+ + "CRL IssuerAlternativeName extension - " + e);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, "Invalid name" + i + " property for " +
- "CRL IssuerAlternativeName extension - " + e);
+ log(ILogger.LL_FAILURE, "Invalid name" + i + " property for "
+ + "CRL IssuerAlternativeName extension - " + e);
}
if (name != null && name.length() > 0) {
@@ -248,35 +269,40 @@ public class CMSIssuerAlternativeNameExtension
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- //"type;choice(CRLExtension,CRLEntryExtension);"+
- //"CRL Extension type. This field is not editable.",
+ // "type;choice(CRLExtension,CRLEntryExtension);"+
+ // "CRL Extension type. This field is not editable.",
"enable;boolean;Check to enable Issuer Alternative Name CRL extension.",
"critical;boolean;Set criticality for Issuer Alternative Name CRL extension.",
"numNames;number;Set number of alternative names for the CRL issuer.",
- "nameType0;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
- PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
- PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
+ "nameType0;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME
+ + "," + PROP_DNS_NAME + "," + PROP_EDI_NAME + ","
+ + PROP_URI_NAME + "," + PROP_IP_NAME + ","
+ + PROP_OID_NAME + "," + PROP_OTHER_NAME
+ + ");Select Issuer Alternative Name type.",
"name0;string;Enter Issuer Alternative Name corresponding to the selected name type.",
- "nameType1;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
- PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
- PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
+ "nameType1;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME
+ + "," + PROP_DNS_NAME + "," + PROP_EDI_NAME + ","
+ + PROP_URI_NAME + "," + PROP_IP_NAME + ","
+ + PROP_OID_NAME + "," + PROP_OTHER_NAME
+ + ");Select Issuer Alternative Name type.",
"name1;string;Enter Issuer Alternative Name corresponding to the selected name type.",
- "nameType2;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
- PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
- PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
+ "nameType2;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME
+ + "," + PROP_DNS_NAME + "," + PROP_EDI_NAME + ","
+ + PROP_URI_NAME + "," + PROP_IP_NAME + ","
+ + PROP_OID_NAME + "," + PROP_OTHER_NAME
+ + ");Select Issuer Alternative Name type.",
"name2;string;Enter Issuer Alternative Name corresponding to the selected name type.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-issueralternativename",
- IExtendedPluginInfo.HELP_TEXT +
- ";The issuer alternative names extension allows additional" +
- " identities to be associated with the issuer of the CRL."
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-issueralternativename",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The issuer alternative names extension allows additional"
+ + " identities to be associated with the issuer of the CRL." };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSIssuerAlternativeNameExtension - " + msg);
+ "CMSIssuerAlternativeNameExtension - " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
index ccc5b64d..4109e10f 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.crl;
-
import java.io.IOException;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -43,14 +42,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
import com.netscape.certsrv.common.NameValuePairs;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This represents a issuing distribution point extension.
- *
+ *
* @version $Revision$, $Date$
*/
-public class CMSIssuingDistributionPointExtension
- implements ICMSCRLExtension, IExtendedPluginInfo {
+public class CMSIssuingDistributionPointExtension implements ICMSCRLExtension,
+ IExtendedPluginInfo {
public static final String PROP_POINTTYPE = "pointType";
public static final String PROP_POINTNAME = "pointName";
public static final String PROP_DIRNAME = "DirectoryName";
@@ -61,33 +59,25 @@ public class CMSIssuingDistributionPointExtension
public static final String PROP_INDIRECT = "indirectCRL";
public static final String PROP_REASONS = "onlySomeReasons";
- private static final String[] reasonFlags = {"unused",
- "keyCompromise",
- "cACompromise",
- "affiliationChanged",
- "superseded",
- "cessationOfOperation",
- "certificateHold",
- "privilegeWithdrawn"};
+ private static final String[] reasonFlags = { "unused", "keyCompromise",
+ "cACompromise", "affiliationChanged", "superseded",
+ "cessationOfOperation", "certificateHold", "privilegeWithdrawn" };
private ILogger mLogger = CMS.getLogger();
public CMSIssuingDistributionPointExtension() {
}
- public Extension setCRLExtensionCriticality(Extension ext,
- boolean critical) {
- IssuingDistributionPointExtension issuingDPointExt =
- (IssuingDistributionPointExtension) ext;
+ public Extension setCRLExtensionCriticality(Extension ext, boolean critical) {
+ IssuingDistributionPointExtension issuingDPointExt = (IssuingDistributionPointExtension) ext;
issuingDPointExt.setCritical(critical);
return issuingDPointExt;
}
- public Extension getCRLExtension(IConfigStore config,
- Object ip,
- boolean critical) {
+ public Extension getCRLExtension(IConfigStore config, Object ip,
+ boolean critical) {
CMS.debug("in CMSIssuingDistributionPointExtension::getCRLExtension.");
ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
@@ -102,9 +92,13 @@ public class CMSIssuingDistributionPointExtension
try {
pointType = config.getString(PROP_POINTTYPE);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID",
+ e.toString()));
}
if (pointType != null) {
@@ -113,9 +107,13 @@ public class CMSIssuingDistributionPointExtension
try {
pointName = config.getString(PROP_POINTNAME);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID",
+ e.toString()));
}
if (pointName != null && pointName.length() > 0) {
@@ -123,7 +121,9 @@ public class CMSIssuingDistributionPointExtension
try {
rdnName = new RDN(pointName);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_RDN", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_RDN",
+ e.toString()));
}
} else if (pointType.equalsIgnoreCase(PROP_DIRNAME)) {
try {
@@ -131,14 +131,16 @@ public class CMSIssuingDistributionPointExtension
names.addElement(dirName);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_CREATE_INVALID_500NAME", e.toString()));
}
} else if (pointType.equalsIgnoreCase(PROP_URINAME)) {
URIName uriName = new URIName(pointName);
names.addElement(uriName);
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", pointType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CRL_INVALID_POTINT_TYPE", pointType));
}
}
}
@@ -149,9 +151,11 @@ public class CMSIssuingDistributionPointExtension
try {
issuingDPoint.setFullName(names);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
} catch (GeneralNamesException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString()));
}
}
@@ -160,11 +164,13 @@ public class CMSIssuingDistributionPointExtension
try {
reasons = config.getString(PROP_REASONS, null);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", PROP_REASONS, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_INVALID_PROPERTY", PROP_REASONS,
+ e.toString()));
}
if (reasons != null && reasons.length() > 0) {
- boolean[] bits = {false, false, false, false, false, false, false};
+ boolean[] bits = { false, false, false, false, false, false, false };
int k = 0;
StringTokenizer st = new StringTokenizer(reasons, ",");
@@ -193,7 +199,9 @@ public class CMSIssuingDistributionPointExtension
if (caCertsOnly)
issuingDPoint.setOnlyContainsCACerts(caCertsOnly);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly",
+ e.toString()));
}
try {
boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false);
@@ -201,7 +209,8 @@ public class CMSIssuingDistributionPointExtension
if (userCertsOnly)
issuingDPoint.setOnlyContainsUserCerts(userCertsOnly);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY",
+ "userCertsOnly", e.toString()));
}
try {
boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false);
@@ -209,7 +218,9 @@ public class CMSIssuingDistributionPointExtension
if (indirectCRL)
issuingDPoint.setIndirectCRL(indirectCRL);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL",
+ e.toString()));
}
issuingDPointExt = new IssuingDistributionPointExtension(issuingDPoint);
@@ -228,9 +239,13 @@ public class CMSIssuingDistributionPointExtension
try {
pointType = config.getString(PROP_POINTTYPE);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID",
+ e.toString()));
}
if (pointType != null && pointType.length() > 0) {
nvp.add("pointType", pointType);
@@ -243,9 +258,13 @@ public class CMSIssuingDistributionPointExtension
try {
pointName = config.getString(PROP_POINTNAME);
} catch (EPropertyNotFound e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED",
+ e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID",
+ e.toString()));
}
if (pointName != null && pointName.length() > 0) {
nvp.add("pointName", pointName);
@@ -258,7 +277,9 @@ public class CMSIssuingDistributionPointExtension
try {
reasons = config.getString(PROP_REASONS, null);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", PROP_REASONS, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_INVALID_PROPERTY", PROP_REASONS,
+ e.toString()));
}
if (reasons != null && reasons.length() > 0) {
nvp.add(PROP_REASONS, reasons);
@@ -272,28 +293,27 @@ public class CMSIssuingDistributionPointExtension
nvp.add(PROP_CACERTS, String.valueOf(caCertsOnly));
} catch (EBaseException e) {
nvp.add(PROP_CACERTS, "false");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly",
+ e.toString()));
}
// Disable these for now unitl we support them fully
-/*
- try {
- boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false);
-
- nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly));
- } catch (EBaseException e) {
- nvp.add(PROP_USERCERTS, "false");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString()));
- }
-
- try {
- boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false);
-
- nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL));
- } catch (EBaseException e) {
- nvp.add(PROP_INDIRECT, "false");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString()));
- }
-*/
+ /*
+ * try { boolean userCertsOnly = config.getBoolean(PROP_USERCERTS,
+ * false);
+ *
+ * nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly)); } catch
+ * (EBaseException e) { nvp.add(PROP_USERCERTS, "false");
+ * log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY",
+ * "userCertsOnly", e.toString())); }
+ *
+ * try { boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false);
+ *
+ * nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL)); } catch
+ * (EBaseException e) { nvp.add(PROP_INDIRECT, "false");
+ * log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY",
+ * "indirectCRL", e.toString())); }
+ */
}
public String[] getExtendedPluginInfo(Locale locale) {
@@ -305,32 +325,36 @@ public class CMSIssuingDistributionPointExtension
sb_reasons.append(reasonFlags[i]);
}
String[] params = {
- //"type;choice(CRLExtension,CRLEntryExtension);"+
- //"CRL Extension type. This field is not editable.",
+ // "type;choice(CRLExtension,CRLEntryExtension);"+
+ // "CRL Extension type. This field is not editable.",
"enable;boolean;Check to enable Issuing Distribution Point CRL extension.",
"critical;boolean;Set criticality for Issuing Distribution Point CRL extension.",
- PROP_POINTTYPE + ";choice(" + PROP_DIRNAME + "," + PROP_URINAME + "," +
- PROP_RDNNAME + ");Select Issuing Distribution Point name type.",
- PROP_POINTNAME + ";string;Enter Issuing Distribution Point name " +
- "corresponding to the selected point type.",
- PROP_REASONS + ";string;Select any combination of the following reasons: " +
- sb_reasons.toString(),
- PROP_CACERTS + ";boolean;Check if CRL contains CA certificates only",
- // Remove these from the UI until they can be supported fully.
- // PROP_USERCERTS + ";boolean;Check if CRL contains user certificates only",
- // PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ca-edit-crlextension-issuingdistributionpoint",
- IExtendedPluginInfo.HELP_TEXT +
- ";The issuing distribution point is a critical CRL extension " +
- "that identifies the CRL distribution point for a particular CRL."
- };
+ PROP_POINTTYPE + ";choice(" + PROP_DIRNAME + "," + PROP_URINAME
+ + "," + PROP_RDNNAME
+ + ");Select Issuing Distribution Point name type.",
+ PROP_POINTNAME
+ + ";string;Enter Issuing Distribution Point name "
+ + "corresponding to the selected point type.",
+ PROP_REASONS
+ + ";string;Select any combination of the following reasons: "
+ + sb_reasons.toString(),
+ PROP_CACERTS
+ + ";boolean;Check if CRL contains CA certificates only",
+ // Remove these from the UI until they can be supported fully.
+ // PROP_USERCERTS +
+ // ";boolean;Check if CRL contains user certificates only",
+ // PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";The issuing distribution point is a critical CRL extension "
+ + "that identifies the CRL distribution point for a particular CRL." };
return params;
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
- "CMSIssuingDistributionPointExtension - " + msg);
+ "CMSIssuingDistributionPointExtension - " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
index d026cdba..d945d708 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.EBaseException;
@@ -28,7 +27,6 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Utils;
-
/**
* A class represents a group acls evaluator.
* <P>
@@ -54,7 +52,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
CMS.debug("GroupAccessEvaluator: init");
@@ -62,6 +60,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
/**
* gets the type name for this acl evaluator
+ *
* @return type for this acl evaluator: "group" or "at_group"
*/
public String getType() {
@@ -70,6 +69,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
+ *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -85,16 +85,16 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
}
/**
- * evaluates uid in AuthToken to see if it has membership in
- * group value
+ * evaluates uid in AuthToken to see if it has membership in group value
+ *
* @param authToken authentication token
* @param type must be "at_group"
* @param op must be "="
* @param value the group name
- * @return true if AuthToken uid belongs to the group value,
- * false otherwise
+ * @return true if AuthToken uid belongs to the group value, false otherwise
*/
- public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op,
+ String value) {
if (type.equals(mType)) {
// should define "uid" at a common place
@@ -104,17 +104,20 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
if (uid == null) {
uid = authToken.getInString("uid");
if (uid == null) {
- CMS.debug("GroupAccessEvaluator: evaluate: uid null");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
- return false;
+ CMS.debug("GroupAccessEvaluator: evaluate: uid null");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("EVALUTOR_UID_NULL"));
+ return false;
}
}
- CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value);
+ CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value="
+ + value);
String groupname = authToken.getInString("gid");
if (groupname != null) {
- CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname);
+ CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="
+ + groupname);
if (op.equals("=")) {
return groupname.equals(Utils.stripQuotes(value));
} else if (op.equals("!=")) {
@@ -123,12 +126,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
} else {
CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken");
IUser id = null;
- try {
- id = mUG.getUser(uid);
- } catch (EBaseException e) {
+ try {
+ id = mUG.getUser(uid);
+ } catch (EBaseException e) {
CMS.debug("GroupAccessEvaluator: " + e.toString());
return false;
- }
+ }
if (op.equals("=")) {
return mUG.isMemberOf(id, Utils.stripQuotes(value));
@@ -142,13 +145,14 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
}
/**
- * evaluates uid in SessionContext to see if it has membership in
- * group value
+ * evaluates uid in SessionContext to see if it has membership in group
+ * value
+ *
* @param type must be "group"
* @param op must be "="
* @param value the group name
- * @return true if SessionContext uid belongs to the group value,
- * false otherwise
+ * @return true if SessionContext uid belongs to the group value, false
+ * otherwise
*/
public boolean evaluate(String type, String op, String value) {
@@ -161,12 +165,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
return false;
}
- if (op.equals("="))
+ if (op.equals("="))
return mUG.isMemberOf(id, Utils.stripQuotes(value));
else
return !(mUG.isMemberOf(id, Utils.stripQuotes(value)));
-
- }
+
+ }
return false;
}
@@ -174,8 +178,8 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "GroupAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
+ "GroupAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
index a5c99eeb..4de8f694 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.SessionContext;
@@ -25,7 +24,6 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmsutil.util.Utils;
-
/**
* A class represents a IP address acls evaluator.
* <P>
@@ -44,13 +42,14 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
}
/**
* gets the type name for this acl evaluator
+ *
* @return type for this acl evaluator: ipaddress
*/
public String getType() {
@@ -59,6 +58,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
+ *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -75,24 +75,27 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
/**
* Gets the IP address from session context
+ *
* @param authToken authentication token
* @param type must be "ipaddress"
* @param op must be "=" or "!="
* @param value the ipaddress
*/
- public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op,
+ String value) {
return evaluate(type, op, value);
}
/**
- * evaluates uid in SessionContext to see if it has membership in
- * group value
+ * evaluates uid in SessionContext to see if it has membership in group
+ * value
+ *
* @param type must be "group"
* @param op must be "="
* @param value the group name
- * @return true if SessionContext uid belongs to the group value,
- * false otherwise
+ * @return true if SessionContext uid belongs to the group value, false
+ * otherwise
*/
public boolean evaluate(String type, String op, String value) {
@@ -103,16 +106,17 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
if (type.equals(mType)) {
if (ipaddress == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL"));
return false;
}
- if (op.equals("=")) {
+ if (op.equals("=")) {
return ipaddress.matches(value);
} else {
return !(ipaddress.matches(value));
}
-
- }
+
+ }
return false;
}
@@ -120,7 +124,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "GroupAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
+ "GroupAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
index 4b6b5677..862206a9 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.SessionContext;
@@ -26,7 +25,6 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Utils;
-
/**
* A class represents a user acls evaluator.
* <P>
@@ -48,7 +46,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
CMS.debug("UserAccessEvaluator: init");
@@ -56,6 +54,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
/**
* gets the type name for this acl evaluator
+ *
* @return type for this acl evaluator: "user" or "at_user"
*/
public String getType() {
@@ -64,6 +63,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
+ *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -80,27 +80,30 @@ public class UserAccessEvaluator implements IAccessEvaluator {
/**
* Evaluates the user in AuthToken to see if it's equal to value
+ *
* @param authToken AuthToken from authentication
* @param type must be "at_user"
* @param op must be "="
* @param value the user id
* @return true if AuthToken uid is same as value, false otherwise
*/
- public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op,
+ String value) {
if (type.equals(mType)) {
String s = Utils.stripQuotes(value);
if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
- return true;
-
- // should define "uid" at a common place
+ return true;
+
+ // should define "uid" at a common place
String uid = null;
uid = authToken.getInString("uid");
if (uid == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_IS_NULL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("EVALUTOR_UID_IS_NULL"));
return false;
}
@@ -108,13 +111,14 @@ public class UserAccessEvaluator implements IAccessEvaluator {
return s.equalsIgnoreCase(uid);
else if (op.equals("!="))
return !(s.equalsIgnoreCase(uid));
- }
+ }
return false;
}
/**
* Evaluates the user in session context to see if it's equal to value
+ *
* @param type must be "user"
* @param op must be "="
* @param value the user id
@@ -144,8 +148,8 @@ public class UserAccessEvaluator implements IAccessEvaluator {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "UserAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
+ "UserAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
index 88358aa5..ffe4a4f8 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.SessionContext;
@@ -26,12 +25,11 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Utils;
-
/**
- * A class represents a user-origreq uid mapping acls evaluator.
- * This is primarily used for renewal. During renewal, the orig_req
- * uid is placed in the SessionContext of the renewal session context
- * to be evaluated by this evaluator
+ * A class represents a user-origreq uid mapping acls evaluator. This is
+ * primarily used for renewal. During renewal, the orig_req uid is placed in the
+ * SessionContext of the renewal session context to be evaluated by this
+ * evaluator
* <P>
*
* @author Christina Fu
@@ -52,7 +50,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
CMS.debug("UserOrigReqAccessEvaluator: init");
@@ -60,6 +58,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
/**
* gets the type name for this acl evaluator
+ *
* @return type for this acl evaluator: "user_origreq" or "at_user_origreq"
*/
public String getType() {
@@ -68,6 +67,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
+ *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -84,21 +84,23 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
/**
* Evaluates the user in AuthToken to see if it's equal to value
+ *
* @param authToken AuthToken from authentication
* @param type must be "at_userreq"
* @param op must be "="
* @param value the request param name
* @return true if AuthToken uid is same as value, false otherwise
*/
- public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op,
+ String value) {
CMS.debug("UserOrigReqAccessEvaluator: evaluate() begins");
if (type.equals(mType)) {
String s = Utils.stripQuotes(value);
if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
- return true;
-
- // should define "uid" at a common place
+ return true;
+
+ // should define "uid" at a common place
String uid = null;
uid = authToken.getInString("uid");
@@ -107,30 +109,34 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null");
return false;
} else
- CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="+ uid);
+ CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="
+ + uid);
// find value of param in request
SessionContext mSC = SessionContext.getContext();
- CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "+"orig_req."+s+ " in SessionContext");
+ CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "
+ + "orig_req." + s + " in SessionContext");
// "orig_req.auth_token.uid"
- String orig_id = (String) mSC.get("orig_req."+s);
+ String orig_id = (String) mSC.get("orig_req." + s);
if (orig_id == null) {
CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null");
return false;
}
- CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="+ orig_id);
+ CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="
+ + orig_id);
if (op.equals("="))
return uid.equalsIgnoreCase(orig_id);
else if (op.equals("!="))
return !(uid.equalsIgnoreCase(orig_id));
- }
+ }
return false;
}
/**
* Evaluates the user in session context to see if it's equal to value
+ *
* @param type must be "user_origreq"
* @param op must be "="
* @param value the user id
@@ -141,7 +147,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
SessionContext mSC = SessionContext.getContext();
if (type.equals(mType)) {
-// what do I do with s here?
+ // what do I do with s here?
String s = Utils.stripQuotes(value);
if (s.equals(ANYBODY) && op.equals("="))
@@ -149,7 +155,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
IUser id = (IUser) mSC.get(SessionContext.USER);
// "orig_req.auth_token.uid"
- String orig_id = (String) mSC.get("orig_req"+s);
+ String orig_id = (String) mSC.get("orig_req" + s);
if (op.equals("="))
return id.getName().equalsIgnoreCase(orig_id);
@@ -159,11 +165,12 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
return false;
}
+
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "UserOrigReqAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
+ "UserOrigReqAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java
index 8488ec2d..ecf827e4 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.jobs;
-
import java.io.IOException;
import java.util.Hashtable;
@@ -36,11 +35,10 @@ import com.netscape.certsrv.notification.IEmailTemplate;
import com.netscape.certsrv.notification.IMailNotification;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This abstract class is a base job for real job extentions for the
- * Jobs Scheduler.
- *
+ * This abstract class is a base job for real job extentions for the Jobs
+ * Scheduler.
+ *
* @version $Revision$, $Date$
* @see com.netscape.certsrv.jobs.IJob
*/
@@ -57,7 +55,7 @@ public abstract class AJobBase implements IJob, Runnable {
protected static final String STATUS_FAILURE = "failed";
protected static final String STATUS_SUCCESS = "succeeded";
- // variables used by the Job Scheduler Daemon
+ // variables used by the Job Scheduler Daemon
protected String mImplName = null;
protected IConfigStore mConfig;
protected String mId = null;
@@ -81,8 +79,8 @@ public abstract class AJobBase implements IJob, Runnable {
/**
* tells if the job is enabled
- * @return a boolean value indicating whether the job is enabled
- * or not
+ *
+ * @return a boolean value indicating whether the job is enabled or not
*/
public boolean isEnabled() {
boolean enabled = false;
@@ -97,17 +95,18 @@ public abstract class AJobBase implements IJob, Runnable {
/***********************
* abstract methods
***********************/
- public abstract void init(ISubsystem owner, String id, String implName, IConfigStore
- config) throws EBaseException;
+ public abstract void init(ISubsystem owner, String id, String implName,
+ IConfigStore config) throws EBaseException;
public abstract void run();
/***********************
* public methods
***********************/
-
+
/**
* get instance id.
+ *
* @return a String identifier
*/
public String getId() {
@@ -116,6 +115,7 @@ public abstract class AJobBase implements IJob, Runnable {
/**
* set instance id.
+ *
* @param id String id of the instance
*/
public void setId(String id) {
@@ -124,6 +124,7 @@ public abstract class AJobBase implements IJob, Runnable {
/**
* get cron string associated with this job
+ *
* @return a JobCron object that represents the schedule of this job
*/
public IJobCron getJobCron() {
@@ -132,6 +133,7 @@ public abstract class AJobBase implements IJob, Runnable {
/**
* gets the plugin name of this job.
+ *
* @return a String that is the name of this implementation
*/
public String getImplName() {
@@ -140,6 +142,7 @@ public abstract class AJobBase implements IJob, Runnable {
/**
* Gets the configuration substore used by this job
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -159,7 +162,8 @@ public abstract class AJobBase implements IJob, Runnable {
if (template != null) {
if (!template.init()) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_TEMPLATE_INIT_ERROR"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_TEMPLATE_INIT_ERROR"));
return null;
}
@@ -170,7 +174,8 @@ public abstract class AJobBase implements IJob, Runnable {
}
templateString = template.toString();
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_TEMPLATE_INIT_ERROR"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_TEMPLATE_INIT_ERROR"));
}
return templateString;
@@ -192,41 +197,43 @@ public abstract class AJobBase implements IJob, Runnable {
mn.sendNotification();
} catch (ENotificationException e) {
// already logged, lets audit
- mLogger.log(ILogger.EV_AUDIT, null,
- ILogger.S_OTHER,
- ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
+ mLogger.log(ILogger.EV_AUDIT, null, ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
} catch (IOException e) {
// already logged, lets audit
- mLogger.log(ILogger.EV_AUDIT, null,
- ILogger.S_OTHER,
- ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
+ mLogger.log(ILogger.EV_AUDIT, null, ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
}
}
protected void buildItemParams(X509CertImpl cert) {
- mItemParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
- (Object) cert.getSerialNumber().toString());
- mItemParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
- (Object) cert.getSerialNumber().toString(16));
- mItemParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
- (Object) cert.getIssuerDN().toString());
- mItemParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
- (Object) cert.getSubjectDN().toString());
- mItemParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER,
- (Object) cert.getNotAfter().toString());
- mItemParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE,
- (Object) cert.getNotBefore().toString());
+ mItemParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM, (Object) cert
+ .getSerialNumber().toString());
+ mItemParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM, (Object) cert
+ .getSerialNumber().toString(16));
+ mItemParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN, (Object) cert
+ .getIssuerDN().toString());
+ mItemParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN, (Object) cert
+ .getSubjectDN().toString());
+ mItemParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER, (Object) cert
+ .getNotAfter().toString());
+ mItemParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE, (Object) cert
+ .getNotBefore().toString());
// ... and more
}
protected void buildItemParams(IRequest r) {
- String re = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail");
+ String re = r.getExtDataInString(IRequest.HTTP_PARAMS,
+ "csrRequestorEmail");
if (re != null) {
mItemParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL, re);
}
- String ct = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+ String ct = r.getExtDataInString(IRequest.HTTP_PARAMS,
+ IRequest.CERT_TYPE);
if (ct != null) {
mItemParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE, ct);
@@ -252,35 +259,38 @@ public abstract class AJobBase implements IJob, Runnable {
if (val != null)
mContentParams.put(name, val);
else {
- CMS.debug("AJobBase: buildContentParams: null value for name= " + name);
+ CMS.debug("AJobBase: buildContentParams: null value for name= "
+ + name);
mContentParams.put(name, "");
}
}
/**
- * logs an entry in the log file. Used by classes extending this class.
+ * logs an entry in the log file. Used by classes extending this class.
+ *
* @param level log level
* @param msg log message in String
*/
public void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, mId + ": " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level, mId + ": "
+ + msg);
}
/**
- * capable of logging multiline entry in the log file. Used by classes extending this class.
+ * capable of logging multiline entry in the log file. Used by classes
+ * extending this class.
+ *
* @param level log level
* @param msg log message in String
- * @param multiline boolean indicating whether the message is a
- * multi-lined message.
+ * @param multiline boolean indicating whether the message is a multi-lined
+ * message.
*/
public void log(int level, String msg, boolean multiline) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, mId + ": " + msg, multiline);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level, mId + ": "
+ + msg, multiline);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
index a23cc1f3..dc4d2485 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.jobs;
-
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Date;
@@ -46,60 +45,41 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.request.RequestId;
-
/**
- * a job for the Jobs Scheduler. This job checks in the internal ldap
- * db for valid certs that have not been published to the
- * publishing directory.
+ * a job for the Jobs Scheduler. This job checks in the internal ldap db for
+ * valid certs that have not been published to the publishing directory.
* <p>
* the $TOKENS that are available for the this jobs's summary outer form are:<br>
* <UL>
- * $Status
- * $InstanceID
- * $SummaryItemList
- * $SummaryTotalNum
- * $SummaryTotalSuccess
- * $SummaryTotalfailure
- * $ExecutionTime
+ * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess
+ * $SummaryTotalfailure $ExecutionTime
* </UL>
* and for the inner list items:
* <UL>
- * $SerialNumber
- * $IssuerDN
- * $SubjectDN
- * $NotAfter
- * $NotBefore
- * $RequestorEmail
+ * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail
* $CertType
* </UL>
- *
+ *
* @version $Revision$, $Date$
*/
-public class PublishCertsJob extends AJobBase
- implements IJob, Runnable, IExtendedPluginInfo {
-
+public class PublishCertsJob extends AJobBase implements IJob, Runnable,
+ IExtendedPluginInfo {
+
ICertificateAuthority mCa = null;
IRequestQueue mReqQ = null;
ICertificateRepository mRepository = null;
IPublisherProcessor mPublisherProcessor = null;
private boolean mSummary = false;
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+ /*
+ * Holds configuration parameters accepted by this implementation. This list
+ * is passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] {
- "enabled",
- "cron",
- "summary.enabled",
- "summary.emailSubject",
- "summary.emailTemplate",
- "summary.itemTemplate",
- "summary.senderEmail",
- "summary.recipientEmail"
- };
+ protected static String[] mConfigParams = new String[] { "enabled", "cron",
+ "summary.enabled", "summary.emailSubject", "summary.emailTemplate",
+ "summary.itemTemplate", "summary.senderEmail",
+ "summary.recipientEmail" };
/* Vector of extendedPluginInfo strings */
protected static Vector mExtendedPluginInfo = null;
@@ -109,26 +89,25 @@ public class PublishCertsJob extends AJobBase
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
- IExtendedPluginInfo.HELP_TEXT +
- "; A job that checks for valid certificates in the " +
- "database, that have not been published and publish them to " +
- "the publishing directory",
- "cron;string;Format: minute hour dayOfMonth month " +
- "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
- "summary.senderEmail;string;Specify the address to be used " +
- "as the email's 'sender'. Bounces go to this address.",
+ IExtendedPluginInfo.HELP_TEXT
+ + "; A job that checks for valid certificates in the "
+ + "database, that have not been published and publish them to "
+ + "the publishing directory",
+ "cron;string;Format: minute hour dayOfMonth month "
+ + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+ "summary.senderEmail;string;Specify the address to be used "
+ + "as the email's 'sender'. Bounces go to this address.",
"summary.recipientEmail;string;Who should receive summaries",
"enabled;boolean;Enable this plugin",
- "summary.enabled;boolean;Enable the summary. You must enabled " +
- "this for the job to work.",
+ "summary.enabled;boolean;Enable the summary. You must enabled "
+ + "this for the job to work.",
"summary.emailSubject;string;Subject of summary email",
- "summary.emailTemplate;string;Fully qualified pathname of " +
- "template file of email to be sent",
- "summary.itemTemplate;string;Fully qualified pathname of " +
- "file containing template for each item",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-jobrules-unpublishexpiredjobs",
- };
+ "summary.emailTemplate;string;Fully qualified pathname of "
+ + "template file of email to be sent",
+ "summary.itemTemplate;string;Fully qualified pathname of "
+ + "file containing template for each item",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-jobrules-unpublishexpiredjobs", };
return s;
}
@@ -136,14 +115,13 @@ public class PublishCertsJob extends AJobBase
/**
* initialize from the configuration file
*/
- public void init(ISubsystem owner, String id, String implName, IConfigStore config) throws
- EBaseException {
+ public void init(ISubsystem owner, String id, String implName,
+ IConfigStore config) throws EBaseException {
mConfig = config;
mId = id;
mImplName = implName;
- mCa = (ICertificateAuthority)
- CMS.getSubsystem("ca");
+ mCa = (ICertificateAuthority) CMS.getSubsystem("ca");
if (mCa == null) {
return;
}
@@ -151,13 +129,13 @@ public class PublishCertsJob extends AJobBase
mReqQ = mCa.getRequestQueue();
mRepository = (ICertificateRepository) mCa.getCertificateRepository();
mPublisherProcessor = mCa.getPublisherProcessor();
-
+
// read from the configuration file
mCron = mConfig.getString(IJobCron.PROP_CRON);
if (mCron == null) {
return;
}
-
+
// parse cron string into a JobCron class
IJobsScheduler scheduler = (IJobsScheduler) owner;
@@ -179,15 +157,13 @@ public class PublishCertsJob extends AJobBase
}
/**
- * look in the internal db for certificateRecords that are
- * valid but not published
- * The publish() method should set <b>InLdapPublishDir</b> flag accordingly.
- * if publish unsuccessfully, log it -- unsuccessful certs should be
- * picked up and attempted again at the next scheduled run
+ * look in the internal db for certificateRecords that are valid but not
+ * published The publish() method should set <b>InLdapPublishDir</b> flag
+ * accordingly. if publish unsuccessfully, log it -- unsuccessful certs
+ * should be picked up and attempted again at the next scheduled run
*/
public void run() {
- CMS.debug("in PublishCertsJob "+
- getId()+ " : run()");
+ CMS.debug("in PublishCertsJob " + getId() + " : run()");
// get time now..."now" is before the loop
Date date = CMS.getCurrentDate();
long now = date.getTime();
@@ -196,8 +172,7 @@ public class PublishCertsJob extends AJobBase
// form filter
String filter = // might need to use "metaInfo"
- "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
- ":true))";
+ "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH + ":true))";
Enumeration unpublishedCerts = null;
@@ -205,13 +180,14 @@ public class PublishCertsJob extends AJobBase
unpublishedCerts = mRepository.findCertRecs(filter);
// bug 399150
/*
- CertRecordList list = null;
- list = mRepository.findCertRecordsInList(filter, null, "serialno", 5);
- int size = list.getSize();
- expired = list.getCertRecords(0, size - 1);
+ * CertRecordList list = null; list =
+ * mRepository.findCertRecordsInList(filter, null, "serialno", 5);
+ * int size = list.getSize(); expired = list.getCertRecords(0, size
+ * - 1);
*/
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
int count = 0; // how many have been published successfully
@@ -225,28 +201,29 @@ public class PublishCertsJob extends AJobBase
itemForm = getTemplateContent(mItemForm);
}
- // filter out the invalid ones and publish them
+ // filter out the invalid ones and publish them
// publish() will set inLdapPublishDir flag
while (unpublishedCerts != null && unpublishedCerts.hasMoreElements()) {
ICertRecord rec = (ICertRecord) unpublishedCerts.nextElement();
- if (rec == null) break;
+ if (rec == null)
+ break;
X509CertImpl cert = rec.getCertificate();
- Date notBefore = cert.getNotBefore();
- Date notAfter = cert.getNotAfter();
+ Date notBefore = cert.getNotBefore();
+ Date notAfter = cert.getNotAfter();
- // skip CA certs
- if (cert.getBasicConstraintsIsCA() == true)
- continue;
+ // skip CA certs
+ if (cert.getBasicConstraintsIsCA() == true)
+ continue;
- // skip the expired certs
- if (notAfter.before(date))
- continue;
+ // skip the expired certs
+ if (notAfter.before(date))
+ continue;
if (mSummary == true)
buildItemParams(cert);
- // get request id from cert record MetaInfo
+ // get request id from cert record MetaInfo
MetaInfo minfo = null;
try {
@@ -255,42 +232,39 @@ public class PublishCertsJob extends AJobBase
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_META_INFO_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_META_INFO_ERROR", cert
+ .getSerialNumber().toString(16) + e.toString()));
}
String ridString = null;
try {
if (minfo != null)
- ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
+ ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
} catch (EBaseException e) {
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_META_REQUEST_ERROR", cert
+ .getSerialNumber().toString(16) + e.toString()));
} catch (NullPointerException e) {
// no requestId in MetaInfo...skip to next record
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_META_REQUEST_ERROR", cert
+ .getSerialNumber().toString(16) + e.toString()));
}
if (ridString != null) {
RequestId rid = new RequestId(ridString);
-
+
// get request from request id
IRequest req = null;
@@ -304,19 +278,21 @@ public class PublishCertsJob extends AJobBase
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "JOBS_FIND_REQUEST_ERROR",
+ cert.getSerialNumber().toString(16)
+ + e.toString()));
}
try {
- if ((mPublisherProcessor != null) &&
- mPublisherProcessor.enabled()) {
- mPublisherProcessor.publishCert((X509Certificate) cert, req);
+ if ((mPublisherProcessor != null)
+ && mPublisherProcessor.enabled()) {
+ mPublisherProcessor.publishCert((X509Certificate) cert,
+ req);
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_SUCCESS);
+ STATUS_SUCCESS);
count += 1;
} else {
negCount += 1;
@@ -325,22 +301,24 @@ public class PublishCertsJob extends AJobBase
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_PUBLISH_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "JOBS_PUBLISH_ERROR",
+ cert.getSerialNumber().toString(16)
+ + e.toString()));
}
} // ridString != null
else {
try {
- if ((mPublisherProcessor != null) &&
- mPublisherProcessor.enabled()) {
- mPublisherProcessor.publishCert((X509Certificate) cert, null);
+ if ((mPublisherProcessor != null)
+ && mPublisherProcessor.enabled()) {
+ mPublisherProcessor.publishCert((X509Certificate) cert,
+ null);
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_SUCCESS);
+ STATUS_SUCCESS);
count += 1;
} else {
negCount += 1;
@@ -350,12 +328,13 @@ public class PublishCertsJob extends AJobBase
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
+ STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_PUBLISH_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "JOBS_PUBLISH_ERROR",
+ cert.getSerialNumber().toString(16)
+ + e.toString()));
}
} // ridString == null
@@ -364,8 +343,8 @@ public class PublishCertsJob extends AJobBase
// if summary is enabled, form the item content
if (mSummary) {
- IEmailFormProcessor emailItemFormProcessor =
- CMS.getEmailFormProcessor();
+ IEmailFormProcessor emailItemFormProcessor = CMS
+ .getEmailFormProcessor();
String c = emailItemFormProcessor.getEmailContent(itemForm,
mItemParams);
@@ -380,37 +359,35 @@ public class PublishCertsJob extends AJobBase
// time for summary
if (mSummary == true) {
- buildContentParams(IEmailFormProcessor.TOKEN_ID,
- mId);
+ buildContentParams(IEmailFormProcessor.TOKEN_ID, mId);
buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
- itemListContent);
+ itemListContent);
buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
- String.valueOf(count + negCount));
+ String.valueOf(count + negCount));
buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
- String.valueOf(count));
+ String.valueOf(count));
buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
- String.valueOf(negCount));
+ String.valueOf(negCount));
buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
- nowString);
+ nowString);
- IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
- String mailContent =
- emailFormProcessor.getEmailContent(contentForm,
- mContentParams);
+ IEmailFormProcessor emailFormProcessor = CMS
+ .getEmailFormProcessor();
+ String mailContent = emailFormProcessor.getEmailContent(
+ contentForm, mContentParams);
mailSummary(mailContent);
}
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
return (mConfigParams);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
index 9b391b51..92c782c9 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.jobs;
-
import java.io.IOException;
import java.text.DateFormat;
import java.util.Calendar;
@@ -49,12 +48,11 @@ import com.netscape.certsrv.notification.IMailNotification;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestId;
-
/**
- * A job for the Jobs Scheduler. This job checks in the internal ldap
- * db for certs about to expire within the next configurable days and
- * sends email notifications to the appropriate recipients.
- *
+ * A job for the Jobs Scheduler. This job checks in the internal ldap db for
+ * certs about to expire within the next configurable days and sends email
+ * notifications to the appropriate recipients.
+ *
* the $TOKENS that are available for the this jobs's summary outer form are:<br
>
* <UL>
@@ -79,14 +77,13 @@ import com.netscape.certsrv.request.RequestId;
* <LI>$HttpHost
* <LI>$HttpPort
* </UL>
- *
+ *
* @version $Revision$, $Date$
* @see com.netscape.certsrv.jobs.IJob
* @see com.netscape.cms.jobs.AJobBase
*/
-public class RenewalNotificationJob
- extends AJobBase
- implements IJob, Runnable, IExtendedPluginInfo {
+public class RenewalNotificationJob extends AJobBase implements IJob, Runnable,
+ IExtendedPluginInfo {
// config parameters...
public static final String PROP_CRON = "cron";
@@ -97,29 +94,26 @@ public class RenewalNotificationJob
public static final String PROP_PROFILE_ID = "profileId";
/**
- * This job will send notification at this much time before the
- * enpiration date
+ * This job will send notification at this much time before the enpiration
+ * date
*/
- public static final String PROP_NOTIFYTRIGGEROFFSET =
- "notifyTriggerOffset";
+ public static final String PROP_NOTIFYTRIGGEROFFSET = "notifyTriggerOffset";
/**
- * This job will stop sending notification this much time after
- * the expiration date
+ * This job will stop sending notification this much time after the
+ * expiration date
*/
public static final String PROP_NOTIFYENDOFFSET = "notifyEndOffset";
/**
* sender email address as appeared on the notification email
*/
- public static final String PROP_SENDEREMAIL =
- "senderEmail";
+ public static final String PROP_SENDEREMAIL = "senderEmail";
/**
* email subject line as appeared on the notification email
*/
- public static final String PROP_EMAILSUBJECT =
- "emailSubject";
+ public static final String PROP_EMAILSUBJECT = "emailSubject";
/**
* location of the template file used for email notification
@@ -148,55 +142,43 @@ public class RenewalNotificationJob
public static final String PROP_SUMMARY_TEMPLATE = "summary.emailTemplate";
/**
- * location of the template file for each item appeared on the
- * notification summary
+ * location of the template file for each item appeared on the notification
+ * summary
*/
public static final String PROP_SUMMARY_ITEMTEMPLATE = "summary.itemTemplate";
/*
- * Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+ * Holds configuration parameters accepted by this implementation. This list
+ * is passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] {
- "enabled",
- PROP_CRON,
- PROP_PROFILE_ID,
- PROP_NOTIFYTRIGGEROFFSET,
- PROP_NOTIFYENDOFFSET,
- PROP_SENDEREMAIL,
- PROP_EMAILSUBJECT,
- PROP_EMAILTEMPLATE,
- "summary.enabled",
- PROP_SUMMARY_RECIPIENTEMAIL,
- PROP_SUMMARY_SENDEREMAIL,
- PROP_SUMMARY_SUBJECT,
- PROP_SUMMARY_ITEMTEMPLATE,
- PROP_SUMMARY_TEMPLATE,
- };
-
+ protected static String[] mConfigParams = new String[] { "enabled",
+ PROP_CRON, PROP_PROFILE_ID, PROP_NOTIFYTRIGGEROFFSET,
+ PROP_NOTIFYENDOFFSET, PROP_SENDEREMAIL, PROP_EMAILSUBJECT,
+ PROP_EMAILTEMPLATE, "summary.enabled", PROP_SUMMARY_RECIPIENTEMAIL,
+ PROP_SUMMARY_SENDEREMAIL, PROP_SUMMARY_SUBJECT,
+ PROP_SUMMARY_ITEMTEMPLATE, PROP_SUMMARY_TEMPLATE, };
+
protected ICertificateRepository mCertDB = null;
protected ICertificateAuthority mCA = null;
protected boolean mSummary = false;
protected String mEmailSender = null;
protected String mEmailSubject = null;
protected String mEmailTemplateName = null;
- protected String mSummaryItemTemplateName = null;
- protected String mSummaryTemplateName = null;
+ protected String mSummaryItemTemplateName = null;
+ protected String mSummaryTemplateName = null;
protected boolean mSummaryHTML = false;
protected boolean mHTML = false;
protected String mHttpHost = null;
protected String mHttpPort = null;
- private int mPreDays = 0;
- private long mPreMS = 0;
- private int mPostDays = 0;
- private long mPostMS = 0;
- private int mMaxNotifyCount = 1;
- private String[] mProfileId = null;
+ private int mPreDays = 0;
+ private long mPreMS = 0;
+ private int mPostDays = 0;
+ private long mPostMS = 0;
+ private int mMaxNotifyCount = 1;
+ private String[] mProfileId = null;
/* Vector of extendedPluginInfo strings */
protected static Vector mExtendedPluginInfo = null;
@@ -207,8 +189,8 @@ public class RenewalNotificationJob
/**
* class constructor
- */
- public RenewalNotificationJob () {
+ */
+ public RenewalNotificationJob() {
}
/**
@@ -216,62 +198,72 @@ public class RenewalNotificationJob
*/
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
- IExtendedPluginInfo.HELP_TEXT +
- "; A job that checks for expiring or expired certs" +
- "notifyTriggerOffset before and notifyEndOffset after " +
- "the expiration date",
-
- PROP_PROFILE_ID + ";string;Specify the ID of the profile which "+
- "approved the certificates that are about to expire. For multiple "+
- "profiles, each entry is separated by white space. For example, " +
- "if the administrator just wants to give automated notification " +
- "when the SSL server certificates are about to expire, then "+
- "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. "+
- "Blank field means all profiles.",
- PROP_NOTIFYTRIGGEROFFSET + ";number,required;How long (in days) before " +
- "certificate expiration will the first notification " +
- "be sent",
- PROP_NOTIFYENDOFFSET + ";number,required;How long (in days) after " +
- "certificate expiration will notifications " +
- "continue to be resent if certificate is not renewed",
- PROP_CRON + ";string,required;Format: minute hour dayOfMonth Mmonth " +
- "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
- PROP_SENDEREMAIL + ";string,required;Specify the address to be used " +
- "as the email's 'sender'. Bounces go to this address.",
+ IExtendedPluginInfo.HELP_TEXT
+ + "; A job that checks for expiring or expired certs"
+ + "notifyTriggerOffset before and notifyEndOffset after "
+ + "the expiration date",
+
+ PROP_PROFILE_ID
+ + ";string;Specify the ID of the profile which "
+ + "approved the certificates that are about to expire. For multiple "
+ + "profiles, each entry is separated by white space. For example, "
+ + "if the administrator just wants to give automated notification "
+ + "when the SSL server certificates are about to expire, then "
+ + "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. "
+ + "Blank field means all profiles.",
+ PROP_NOTIFYTRIGGEROFFSET
+ + ";number,required;How long (in days) before "
+ + "certificate expiration will the first notification "
+ + "be sent",
+ PROP_NOTIFYENDOFFSET
+ + ";number,required;How long (in days) after "
+ + "certificate expiration will notifications "
+ + "continue to be resent if certificate is not renewed",
+ PROP_CRON
+ + ";string,required;Format: minute hour dayOfMonth Mmonth "
+ + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+ PROP_SENDEREMAIL
+ + ";string,required;Specify the address to be used "
+ + "as the email's 'sender'. Bounces go to this address.",
PROP_EMAILSUBJECT + ";string,required;Email subject",
- PROP_EMAILTEMPLATE + ";string,required;Fully qualified pathname of " +
- "template file of email to be sent",
+ PROP_EMAILTEMPLATE
+ + ";string,required;Fully qualified pathname of "
+ + "template file of email to be sent",
"enabled;boolean;Enable this plugin",
"summary.enabled;boolean;Enabled sending of summaries",
- PROP_SUMMARY_SENDEREMAIL + ";string,required;Sender email address of summary",
- PROP_SUMMARY_RECIPIENTEMAIL + ";string,required;Who should receive summaries",
- PROP_SUMMARY_SUBJECT + ";string,required;Subject of summary email",
- PROP_SUMMARY_TEMPLATE + ";string,required;Fully qualified pathname of " +
- "template file of email to be sent",
- PROP_SUMMARY_ITEMTEMPLATE + ";string,required;Fully qualified pathname of " +
- "file with template to be used for each summary item",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-jobrules-renewalnotification",
- };
+ PROP_SUMMARY_SENDEREMAIL
+ + ";string,required;Sender email address of summary",
+ PROP_SUMMARY_RECIPIENTEMAIL
+ + ";string,required;Who should receive summaries",
+ PROP_SUMMARY_SUBJECT
+ + ";string,required;Subject of summary email",
+ PROP_SUMMARY_TEMPLATE
+ + ";string,required;Fully qualified pathname of "
+ + "template file of email to be sent",
+ PROP_SUMMARY_ITEMTEMPLATE
+ + ";string,required;Fully qualified pathname of "
+ + "file with template to be used for each summary item",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-jobrules-renewalnotification", };
return s;
}
-
+
/**
* Initialize from the configuration file.
+ *
* @param id String name of this instance
* @param implName string name of this implementation
* @param config configuration store for this instance
* @exception EBaseException
*/
- public void init(ISubsystem owner, String id, String implName, IConfigStore config) throws
- EBaseException {
+ public void init(ISubsystem owner, String id, String implName,
+ IConfigStore config) throws EBaseException {
mConfig = config;
mId = id;
mImplName = implName;
- mCA = (ICertificateAuthority)
- CMS.getSubsystem("ca");
+ mCA = (ICertificateAuthority) CMS.getSubsystem("ca");
if (mCA == null) {
mSummary = false;
return;
@@ -289,19 +281,20 @@ public class RenewalNotificationJob
mJobCron = scheduler.createJobCron(mCron);
}
-
+
/**
- * finds out which cert needs notification and notifies the
- * responsible parties
+ * finds out which cert needs notification and notifies the responsible
+ * parties
*/
public void run() {
// for forming renewal URL at template
mHttpHost = CMS.getEEHost();
mHttpPort = CMS.getEESSLPort();
- // read from the configuration file
+ // read from the configuration file
try {
- mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30); // in days
+ mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30); // in
+ // days
mPostDays = mConfig.getInteger(PROP_NOTIFYENDOFFSET, 15); // in days
mEmailSender = mConfig.getString(PROP_SENDEREMAIL);
@@ -313,20 +306,18 @@ public class RenewalNotificationJob
if (sc.getBoolean(PROP_ENABLED, false)) {
mSummary = true;
- mSummaryItemTemplateName =
- mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE);
- mSummarySenderEmail =
- mConfig.getString(PROP_SUMMARY_SENDEREMAIL);
- mSummaryReceiverEmail =
- mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL);
- mSummaryMailSubject =
- mConfig.getString(PROP_SUMMARY_SUBJECT);
- mSummaryTemplateName =
- mConfig.getString(PROP_SUMMARY_TEMPLATE);
+ mSummaryItemTemplateName = mConfig
+ .getString(PROP_SUMMARY_ITEMTEMPLATE);
+ mSummarySenderEmail = mConfig
+ .getString(PROP_SUMMARY_SENDEREMAIL);
+ mSummaryReceiverEmail = mConfig
+ .getString(PROP_SUMMARY_RECIPIENTEMAIL);
+ mSummaryMailSubject = mConfig.getString(PROP_SUMMARY_SUBJECT);
+ mSummaryTemplateName = mConfig.getString(PROP_SUMMARY_TEMPLATE);
} else {
mSummary = false;
}
-
+
long msperday = 86400 * 1000;
long mspredays = mPreDays;
long mspostdays = mPostDays;
@@ -339,17 +330,15 @@ public class RenewalNotificationJob
String nowString = dateFormat.format(now);
/*
- * look in the internal db for certificateRecords that are
- * 1. within the expiration notification period
- * 2. has not yet been renewed
- * 3. notify - use EmailTemplateProcessor to formulate
- * content, then send
- * if notified successfully, mark "STATUS_SUCCESS",
- * else, if notified unsuccessfully, mark "STATUS_FAILURE".
+ * look in the internal db for certificateRecords that are 1. within
+ * the expiration notification period 2. has not yet been renewed 3.
+ * notify - use EmailTemplateProcessor to formulate content, then
+ * send if notified successfully, mark "STATUS_SUCCESS", else, if
+ * notified unsuccessfully, mark "STATUS_FAILURE".
*/
-
+
/* 1) make target notAfter string */
-
+
Date expiryDate = null;
Date stopDate = null;
@@ -360,13 +349,14 @@ public class RenewalNotificationJob
expiryDate = new Date(expiryMS);
stopDate = new Date(stopMS);
-
+
// All cert records which:
- // 1) expire before the deadline
- // 2) have not already been renewed
- // filter format:
- // (& (notafter<='time')(!(certAutoRenew=DONE))(!certAutoRenew=DISABLED))
-
+ // 1) expire before the deadline
+ // 2) have not already been renewed
+ // filter format:
+ // (&
+ // (notafter<='time')(!(certAutoRenew=DONE))(!certAutoRenew=DISABLED))
+
StringBuffer f = new StringBuffer();
String profileId = "";
try {
@@ -374,40 +364,47 @@ public class RenewalNotificationJob
} catch (EBaseException ee) {
}
- if (profileId != null && profileId.length() > 0) {
+ if (profileId != null && profileId.length() > 0) {
StringTokenizer tokenizer = new StringTokenizer(profileId);
int num = tokenizer.countTokens();
mProfileId = new String[num];
- for (int i=0; i<num; i++)
+ for (int i = 0; i < num; i++)
mProfileId[i] = tokenizer.nextToken();
}
f.append("(&");
if (mProfileId != null) {
if (mProfileId.length == 1)
- f.append("("+ICertRecord.ATTR_META_INFO+ "=" +
- ICertRecord.META_PROFILE_ID +":"+mProfileId[0]+")");
+ f.append("(" + ICertRecord.ATTR_META_INFO + "="
+ + ICertRecord.META_PROFILE_ID + ":" + mProfileId[0]
+ + ")");
else {
f.append("(|");
- for (int i=0; i<mProfileId.length; i++) {
- f.append("("+ICertRecord.ATTR_META_INFO+ "=" +
- ICertRecord.META_PROFILE_ID +":"+mProfileId[i]+")");
+ for (int i = 0; i < mProfileId.length; i++) {
+ f.append("(" + ICertRecord.ATTR_META_INFO + "="
+ + ICertRecord.META_PROFILE_ID + ":"
+ + mProfileId[i] + ")");
}
f.append(")");
}
}
- f.append("(" + ICertRecord.ATTR_X509CERT + ".notAfter" + "<=" + expiryDate.getTime() + ")");
- f.append("(" + ICertRecord.ATTR_X509CERT + ".notAfter" + ">=" + stopDate.getTime() + ")");
- f.append("(!(" + ICertRecord.ATTR_AUTO_RENEW + "=" + ICertRecord.AUTO_RENEWAL_DONE + "))");
- f.append("(!(" + ICertRecord.ATTR_AUTO_RENEW + "=" + ICertRecord.AUTO_RENEWAL_DISABLED + "))");
- f.append("(!(" + ICertRecord.ATTR_CERT_STATUS + "=" + ICertRecord.STATUS_REVOKED + "))");
- f.append("(!(" + ICertRecord.ATTR_CERT_STATUS + "=" + ICertRecord.STATUS_REVOKED_EXPIRED + "))");
+ f.append("(" + ICertRecord.ATTR_X509CERT + ".notAfter" + "<="
+ + expiryDate.getTime() + ")");
+ f.append("(" + ICertRecord.ATTR_X509CERT + ".notAfter" + ">="
+ + stopDate.getTime() + ")");
+ f.append("(!(" + ICertRecord.ATTR_AUTO_RENEW + "="
+ + ICertRecord.AUTO_RENEWAL_DONE + "))");
+ f.append("(!(" + ICertRecord.ATTR_AUTO_RENEW + "="
+ + ICertRecord.AUTO_RENEWAL_DISABLED + "))");
+ f.append("(!(" + ICertRecord.ATTR_CERT_STATUS + "="
+ + ICertRecord.STATUS_REVOKED + "))");
+ f.append("(!(" + ICertRecord.ATTR_CERT_STATUS + "="
+ + ICertRecord.STATUS_REVOKED_EXPIRED + "))");
f.append(")");
String filter = f.toString();
- String emailTemplate =
- getTemplateContent(mEmailTemplateName);
+ String emailTemplate = getTemplateContent(mEmailTemplateName);
mHTML = mMailHTML;
@@ -415,15 +412,16 @@ public class RenewalNotificationJob
String summaryItemTemplate = null;
if (mSummary == true) {
- summaryItemTemplate =
- getTemplateContent(mSummaryItemTemplateName);
+ summaryItemTemplate = getTemplateContent(mSummaryItemTemplateName);
}
ItemCounter ic = new ItemCounter();
- CertRecProcessor cp = new CertRecProcessor(this, emailTemplate, summaryItemTemplate, ic);
- //CertRecordList list = mCertDB.findCertRecordsInList(filter, null, "serialno", 5);
- //list.processCertRecords(0, list.getSize() - 1, cp);
-
+ CertRecProcessor cp = new CertRecProcessor(this, emailTemplate,
+ summaryItemTemplate, ic);
+ // CertRecordList list = mCertDB.findCertRecordsInList(filter,
+ // null, "serialno", 5);
+ // list.processCertRecords(0, list.getSize() - 1, cp);
+
Enumeration en = mCertDB.findCertRecs(filter);
while (en.hasMoreElements()) {
@@ -432,43 +430,50 @@ public class RenewalNotificationJob
try {
cp.process(element);
} catch (Exception e) {
- //Don't abort the entire operation. The error should already be logged
- log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_FAILED_PROCESS", e.toString()));
+ // Don't abort the entire operation. The error should
+ // already be logged
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_FAILED_PROCESS",
+ e.toString()));
}
}
-
+
// Now send the summary
if (mSummary == true) {
try {
- String summaryTemplate =
- getTemplateContent(mSummaryTemplateName);
+ String summaryTemplate = getTemplateContent(mSummaryTemplateName);
mSummaryHTML = mMailHTML;
- buildContentParams(IEmailFormProcessor.TOKEN_ID,
- mId);
+ buildContentParams(IEmailFormProcessor.TOKEN_ID, mId);
+
+ buildContentParams(
+ IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
+ ic.mItemListContent);
+ buildContentParams(
+ IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
+ String.valueOf(ic.mNumFail + ic.mNumSuccessful));
+ buildContentParams(
+ IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
+ String.valueOf(ic.mNumSuccessful));
+ buildContentParams(
+ IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
+ String.valueOf(ic.mNumFail));
- buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
- ic.mItemListContent);
- buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
- String.valueOf(ic.mNumFail + ic.mNumSuccessful));
- buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
- String.valueOf(ic.mNumSuccessful));
- buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
- String.valueOf(ic.mNumFail));
+ buildContentParams(
+ IEmailFormProcessor.TOKEN_EXECUTION_TIME,
+ nowString);
- buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
- nowString);
-
- IEmailFormProcessor summaryEmfp = CMS.getEmailFormProcessor();
+ IEmailFormProcessor summaryEmfp = CMS
+ .getEmailFormProcessor();
- String summaryContent =
- summaryEmfp.getEmailContent(summaryTemplate,
- mContentParams);
+ String summaryContent = summaryEmfp.getEmailContent(
+ summaryTemplate, mContentParams);
if (summaryContent == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SUMMARY_CONTENT_NULL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_SUMMARY_CONTENT_NULL"));
mailSummary(" no summaryContent");
} else {
mMailHTML = mSummaryHTML;
@@ -476,93 +481,101 @@ public class RenewalNotificationJob
}
} catch (Exception e) {
// log error
- log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_EXCEPTION_IN_RUN", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_EXCEPTION_IN_RUN",
+ e.toString()));
}
}
} catch (EBaseException e) {
// log error
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
} catch (EBaseException ex) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("Configuration error:", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("Configuration error:", ex.toString()));
}
}
private String makeLDAPDateString(Date date) {
-
+
Calendar calendar = Calendar.getInstance();
calendar.setTime(date);
- String ldfYear = "" + Integer.toString(calendar.get(Calendar.YEAR) - 1900);
-
+ String ldfYear = ""
+ + Integer.toString(calendar.get(Calendar.YEAR) - 1900);
+
String ldfMonth = getPadded(calendar.get(Calendar.MONTH));
String ldfDate = getPadded(calendar.get(Calendar.DAY_OF_MONTH));
String ldfHours = getPadded(calendar.get(Calendar.HOUR));
String ldfMinutes = getPadded(calendar.get(Calendar.MINUTE));
String ldfSeconds = getPadded(calendar.get(Calendar.SECOND));
-
- return ldfYear + ldfMonth + ldfDate + ldfHours + ldfMinutes + ldfSeconds + "Z";
+
+ return ldfYear + ldfMonth + ldfDate + ldfHours + ldfMinutes
+ + ldfSeconds + "Z";
}
-
+
private String getPadded(int i) {
if (i < 10) {
return "0" + Integer.toString(i);
} else {
- return "" + Integer.toString(i);
+ return "" + Integer.toString(i);
}
}
-
+
/**
* get instance id.
+ *
* @return a String identifier
*/
public String getId() {
return mId;
}
-
+
/**
* set instance id.
+ *
* @param id String id of the instance
*/
public void setId(String id) {
mId = id;
}
-
+
/**
* get cron string associated with this job
+ *
* @return a JobCron object that represents the schedule of this job
*/
public IJobCron getJobCron() {
return mJobCron;
}
-
+
/**
* gets the plugin name of this job.
+ *
* @return a String that is the name of this implementation
*/
public String getImplName() {
return mImplName;
}
-
+
/**
* Gets the configuration substore used by this job
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
return mConfig;
}
- protected void mailUser(String subject,
- String msg,
- String sender,
- IRequest req,
- ICertRecord cr)
- throws IOException, ENotificationException, EBaseException {
+ protected void mailUser(String subject, String msg, String sender,
+ IRequest req, ICertRecord cr) throws IOException,
+ ENotificationException, EBaseException {
IMailNotification mn = CMS.getMailNotification();
String rcp = null;
- // boolean sendFailed = false;
+ // boolean sendFailed = false;
Exception sendFailedException = null;
IEmailResolverKeys keys = CMS.getEmailResolverKeys();
@@ -585,20 +598,25 @@ public class RenewalNotificationJob
} catch (Exception e) {
// already logged by the resolver
- // sendFailed = true;
+ // sendFailed = true;
sendFailedException = e;
throw (ENotificationException) sendFailedException;
}
mn.setTo(rcp);
- if (sender != null) mn.setFrom(sender);
- else mn.setFrom("nobody");
+ if (sender != null)
+ mn.setFrom(sender);
+ else
+ mn.setFrom("nobody");
- if (subject != null) mn.setSubject(subject);
- else mn.setFrom("Important message from Certificate Authority");
+ if (subject != null)
+ mn.setSubject(subject);
+ else
+ mn.setFrom("Important message from Certificate Authority");
- if (mHTML == true) mn.setContentType("text/html");
+ if (mHTML == true)
+ mn.setContentType("text/html");
String failedString = null;
@@ -608,10 +626,10 @@ public class RenewalNotificationJob
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
@@ -619,15 +637,14 @@ public class RenewalNotificationJob
}
}
-
class CertRecProcessor implements IElementProcessor {
protected RenewalNotificationJob mJob;
protected String mEmailTemplate;
protected String mSummaryItemTemplate;
protected ItemCounter mIC;
- public CertRecProcessor(RenewalNotificationJob job, String emailTemplate,
- String summaryItemTemplate, ItemCounter ic) {
+ public CertRecProcessor(RenewalNotificationJob job, String emailTemplate,
+ String summaryItemTemplate, ItemCounter ic) {
mJob = job;
mEmailTemplate = emailTemplate;
mSummaryItemTemplate = summaryItemTemplate;
@@ -645,9 +662,10 @@ class CertRecProcessor implements IElementProcessor {
if (cr != null) {
mJob.buildItemParams(cr.getCertificate());
mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_HOST,
- mJob.mHttpHost);
- mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_PORT, mJob.mHttpPort);
-
+ mJob.mHttpHost);
+ mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_PORT,
+ mJob.mHttpPort);
+
MetaInfo metaInfo = null;
metaInfo = (MetaInfo) cr.get(ICertRecord.ATTR_META_INFO);
@@ -656,10 +674,12 @@ class CertRecProcessor implements IElementProcessor {
numFailCounted = true;
if (mJob.mSummary == true)
mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- AJobBase.STATUS_FAILURE);
- mJob.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_GET_CERT_ERROR",
- cr.getCertificate().getSerialNumber().toString(16)));
+ AJobBase.STATUS_FAILURE);
+ mJob.log(
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_GET_CERT_ERROR", cr
+ .getCertificate().getSerialNumber()
+ .toString(16)));
} else {
ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
}
@@ -669,54 +689,51 @@ class CertRecProcessor implements IElementProcessor {
if (ridString != null) {
RequestId rid = new RequestId(ridString);
-
+
try {
req = mJob.mCA.getRequestQueue().findRequest(rid);
} catch (Exception e) {
// it is ok not to be able to get the request. The main reason
// to get the request is to retrieve the requestor's email.
// We can retrieve the email from the CertRecord.
- CMS.debug("huh RenewalNotificationJob Exception: "+e.toString());
+ CMS.debug("huh RenewalNotificationJob Exception: "
+ + e.toString());
}
if (req != null)
mJob.buildItemParams(req);
} // ridString != null
- try {
+ try {
// send mail to user
-
+
IEmailFormProcessor emfp = CMS.getEmailFormProcessor();
String message = emfp.getEmailContent(mEmailTemplate,
mJob.mItemParams);
- mJob.mailUser(mJob.mEmailSubject,
- message,
- mJob.mEmailSender,
- req,
- cr);
-
+ mJob.mailUser(mJob.mEmailSubject, message, mJob.mEmailSender, req,
+ cr);
+
mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- AJobBase.STATUS_SUCCESS);
-
+ AJobBase.STATUS_SUCCESS);
+
mIC.mNumSuccessful++;
-
+
} catch (Exception e) {
- CMS.debug("RenewalNotificationJob Exception: "+e.toString());
- mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, AJobBase.STATUS_FAILURE);
+ CMS.debug("RenewalNotificationJob Exception: " + e.toString());
+ mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
+ AJobBase.STATUS_FAILURE);
mJob.log(ILogger.LL_FAILURE, e.toString(), ILogger.L_MULTILINE);
if (numFailCounted == false) {
mIC.mNumFail++;
}
}
-
+
if (mJob.mSummary == true) {
- IEmailFormProcessor summaryItemEmfp =
- CMS.getEmailFormProcessor();
- String c =
- summaryItemEmfp.getEmailContent(mSummaryItemTemplate,
+ IEmailFormProcessor summaryItemEmfp = CMS.getEmailFormProcessor();
+ String c = summaryItemEmfp.getEmailContent(mSummaryItemTemplate,
mJob.mItemParams);
-
+
if (mIC.mItemListContent == null) {
mIC.mItemListContent = c;
} else {
@@ -726,7 +743,6 @@ class CertRecProcessor implements IElementProcessor {
}
}
-
class ItemCounter {
public int mNumSuccessful = 0;
public int mNumFail = 0;
diff --git a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
index 07a35a9d..f68d554b 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.jobs;
-
import java.text.DateFormat;
import java.util.Date;
import java.util.Locale;
@@ -37,85 +36,75 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.request.RequestId;
import com.netscape.certsrv.request.RequestStatus;
-
/**
- * A job for the Jobs Scheduler. This job checks in the internal ldap
- * db for requests currently in the request queue and send a summary
- * report to the administrator
+ * A job for the Jobs Scheduler. This job checks in the internal ldap db for
+ * requests currently in the request queue and send a summary report to the
+ * administrator
* <p>
* the $TOKENS that are available for the this jobs's summary outer form are:<br>
* <UL>
- * $InstanceID
- * $SummaryTotalNum
- * $ExecutionTime
+ * $InstanceID $SummaryTotalNum $ExecutionTime
* </UL>
- *
+ *
* @version $Revision$, $Date$
* @see com.netscape.certsrv.jobs.IJob
* @see com.netscape.cms.jobs.AJobBase
*/
-public class RequestInQueueJob extends AJobBase
- implements IJob, Runnable, IExtendedPluginInfo {
+public class RequestInQueueJob extends AJobBase implements IJob, Runnable,
+ IExtendedPluginInfo {
protected static final String PROP_SUBSYSTEM_ID = "subsystemId";
IAuthority mSub = null;
IRequestQueue mReqQ = null;
private boolean mSummary = false;
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+ /*
+ * Holds configuration parameters accepted by this implementation. This list
+ * is passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] {
- "enabled",
- "cron",
- "subsystemId",
- "summary.enabled",
- "summary.emailSubject",
- "summary.emailTemplate",
- "summary.senderEmail",
- "summary.recipientEmail"
- };
+ protected static String[] mConfigParams = new String[] { "enabled", "cron",
+ "subsystemId", "summary.enabled", "summary.emailSubject",
+ "summary.emailTemplate", "summary.senderEmail",
+ "summary.recipientEmail" };
/**
* holds help text for this plugin
*/
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
- IExtendedPluginInfo.HELP_TEXT +
- "; A job that checks for enrollment requests in the " +
- "queue, and reports to recipientEmail",
- "cron;string;Format: minute hour dayOfMonth month " +
- "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
- "summary.senderEmail;string;Specify the address to be used " +
- "as the email's 'sender'. Bounces go to this address.",
+ IExtendedPluginInfo.HELP_TEXT
+ + "; A job that checks for enrollment requests in the "
+ + "queue, and reports to recipientEmail",
+ "cron;string;Format: minute hour dayOfMonth month "
+ + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+ "summary.senderEmail;string;Specify the address to be used "
+ + "as the email's 'sender'. Bounces go to this address.",
"summary.recipientEmail;string;Who should receive summaries",
"enabled;boolean;Enable this plugin",
- "summary.enabled;boolean;Enable the summary. You must enabled " +
- "this for the job to work.",
+ "summary.enabled;boolean;Enable the summary. You must enabled "
+ + "this for the job to work.",
"summary.emailSubject;string;Subject of summary email",
- "summary.emailTemplate;string;Fully qualified pathname of " +
- "template file of email to be sent",
- "subsystemId;choice(ca,ra);The type of subsystem this job is " +
- "for",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-jobrules-requestinqueuejob",
- };
+ "summary.emailTemplate;string;Fully qualified pathname of "
+ + "template file of email to be sent",
+ "subsystemId;choice(ca,ra);The type of subsystem this job is "
+ + "for",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-jobrules-requestinqueuejob", };
return s;
}
-
+
/**
* initialize from the configuration file
+ *
* @param id String name of this instance
* @param implName string name of this implementation
* @param config configuration store for this instance
* @exception EBaseException
*/
- public void init(ISubsystem owner, String id, String implName, IConfigStore config) throws
- EBaseException {
+ public void init(ISubsystem owner, String id, String implName,
+ IConfigStore config) throws EBaseException {
mConfig = config;
mId = id;
mImplName = implName;
@@ -123,8 +112,7 @@ public class RequestInQueueJob extends AJobBase
// read from the configuration file
String sub = mConfig.getString(PROP_SUBSYSTEM_ID);
- mSub = (IAuthority)
- CMS.getSubsystem(sub);
+ mSub = (IAuthority) CMS.getSubsystem(sub);
if (mSub == null) {
// take this as disable
mSummary = false;
@@ -137,7 +125,7 @@ public class RequestInQueueJob extends AJobBase
if (mCron == null) {
return;
}
-
+
// parse cron string into a JobCron class
IJobsScheduler scheduler = (IJobsScheduler) owner;
@@ -150,7 +138,7 @@ public class RequestInQueueJob extends AJobBase
mSummary = true;
mSummaryMailSubject = sc.getString(PROP_EMAIL_SUBJECT);
mMailForm = sc.getString(PROP_EMAIL_TEMPLATE);
- // mItemForm = sc.getString(PROP_ITEM_TEMPLATE);
+ // mItemForm = sc.getString(PROP_ITEM_TEMPLATE);
mSummarySenderEmail = sc.getString(PROP_SENDER_EMAIL);
mSummaryReceiverEmail = sc.getString(PROP_RECEIVER_EMAIL);
} else {
@@ -162,7 +150,8 @@ public class RequestInQueueJob extends AJobBase
* summarize the queue status and mail it
*/
public void run() {
- if (mSummary == false) return;
+ if (mSummary == false)
+ return;
Date date = CMS.getCurrentDate();
long now = date.getTime();
@@ -170,25 +159,20 @@ public class RequestInQueueJob extends AJobBase
String nowString = dateFormat.format(date);
int count = 0;
- IRequestList list =
- mReqQ.listRequestsByStatus(RequestStatus.PENDING);
+ IRequestList list = mReqQ.listRequestsByStatus(RequestStatus.PENDING);
while (list != null && list.hasMoreElements()) {
RequestId rid = list.nextRequestId();
- /* This is way too slow
- // get request from request id
- IRequest req = null;
- try {
- req = mReqQ.findRequest(rid);
- } catch (EBaseException e) {
- System.out.println(e.toString());
- }
+ /*
+ * This is way too slow // get request from request id IRequest req
+ * = null; try { req = mReqQ.findRequest(rid); } catch
+ * (EBaseException e) { System.out.println(e.toString()); }
*/
count++;
}
- // if (count == 0) return;
+ // if (count == 0) return;
String contentForm = null;
@@ -196,23 +180,21 @@ public class RequestInQueueJob extends AJobBase
buildContentParams(IEmailFormProcessor.TOKEN_ID, mId);
buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
- String.valueOf(count));
- buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
- nowString);
+ String.valueOf(count));
+ buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME, nowString);
IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
- String mailContent =
- emailFormProcessor.getEmailContent(contentForm,
+ String mailContent = emailFormProcessor.getEmailContent(contentForm,
mContentParams);
mailSummary(mailContent);
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
diff --git a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
index 6a0a6d03..0c53d551 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.jobs;
-
import java.security.cert.X509Certificate;
import java.text.DateFormat;
import java.util.Date;
@@ -46,60 +45,41 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.request.RequestId;
-
/**
- * a job for the Jobs Scheduler. This job checks in the internal ldap
- * db for certs that have expired and remove them from the ldap
- * publishing directory.
+ * a job for the Jobs Scheduler. This job checks in the internal ldap db for
+ * certs that have expired and remove them from the ldap publishing directory.
* <p>
* the $TOKENS that are available for the this jobs's summary outer form are:<br>
* <UL>
- * $Status
- * $InstanceID
- * $SummaryItemList
- * $SummaryTotalNum
- * $SummaryTotalSuccess
- * $SummaryTotalfailure
- * $ExecutionTime
+ * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess
+ * $SummaryTotalfailure $ExecutionTime
* </UL>
* and for the inner list items:
* <UL>
- * $SerialNumber
- * $IssuerDN
- * $SubjectDN
- * $NotAfter
- * $NotBefore
- * $RequestorEmail
+ * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail
* $CertType
* </UL>
- *
+ *
* @version $Revision$, $Date$
*/
-public class UnpublishExpiredJob extends AJobBase
- implements IJob, Runnable, IExtendedPluginInfo {
-
+public class UnpublishExpiredJob extends AJobBase implements IJob, Runnable,
+ IExtendedPluginInfo {
+
ICertificateAuthority mCa = null;
IRequestQueue mReqQ = null;
ICertificateRepository mRepository = null;
IPublisherProcessor mPublisherProcessor = null;
private boolean mSummary = false;
- /* Holds configuration parameters accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+ /*
+ * Holds configuration parameters accepted by this implementation. This list
+ * is passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
- protected static String[] mConfigParams =
- new String[] {
- "enabled",
- "cron",
- "summary.enabled",
- "summary.emailSubject",
- "summary.emailTemplate",
- "summary.itemTemplate",
- "summary.senderEmail",
- "summary.recipientEmail"
- };
+ protected static String[] mConfigParams = new String[] { "enabled", "cron",
+ "summary.enabled", "summary.emailSubject", "summary.emailTemplate",
+ "summary.itemTemplate", "summary.senderEmail",
+ "summary.recipientEmail" };
/* Vector of extendedPluginInfo strings */
protected static Vector mExtendedPluginInfo = null;
@@ -109,26 +89,25 @@ public class UnpublishExpiredJob extends AJobBase
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
- IExtendedPluginInfo.HELP_TEXT +
- "; A job that checks for expired certificates in the " +
- "database, and removes them from the publishing " +
- "directory",
- "cron;string;Format: minute hour dayOfMonth month " +
- "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
- "summary.senderEmail;string;Specify the address to be used " +
- "as the email's 'sender'. Bounces go to this address.",
+ IExtendedPluginInfo.HELP_TEXT
+ + "; A job that checks for expired certificates in the "
+ + "database, and removes them from the publishing "
+ + "directory",
+ "cron;string;Format: minute hour dayOfMonth month "
+ + "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+ "summary.senderEmail;string;Specify the address to be used "
+ + "as the email's 'sender'. Bounces go to this address.",
"summary.recipientEmail;string;Who should receive summaries",
"enabled;boolean;Enable this plugin",
- "summary.enabled;boolean;Enable the summary. You must enabled " +
- "this for the job to work.",
+ "summary.enabled;boolean;Enable the summary. You must enabled "
+ + "this for the job to work.",
"summary.emailSubject;string;Subject of summary email",
- "summary.emailTemplate;string;Fully qualified pathname of " +
- "template file of email to be sent",
- "summary.itemTemplate;string;Fully qualified pathname of " +
- "file containing template for each item",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-jobrules-unpublishexpiredjobs",
- };
+ "summary.emailTemplate;string;Fully qualified pathname of "
+ + "template file of email to be sent",
+ "summary.itemTemplate;string;Fully qualified pathname of "
+ + "file containing template for each item",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-jobrules-unpublishexpiredjobs", };
return s;
}
@@ -136,14 +115,13 @@ public class UnpublishExpiredJob extends AJobBase
/**
* initialize from the configuration file
*/
- public void init(ISubsystem owner, String id, String implName, IConfigStore config) throws
- EBaseException {
+ public void init(ISubsystem owner, String id, String implName,
+ IConfigStore config) throws EBaseException {
mConfig = config;
mId = id;
mImplName = implName;
- mCa = (ICertificateAuthority)
- CMS.getSubsystem("ca");
+ mCa = (ICertificateAuthority) CMS.getSubsystem("ca");
if (mCa == null) {
return;
}
@@ -151,13 +129,13 @@ public class UnpublishExpiredJob extends AJobBase
mReqQ = mCa.getRequestQueue();
mRepository = (ICertificateRepository) mCa.getCertificateRepository();
mPublisherProcessor = mCa.getPublisherProcessor();
-
+
// read from the configuration file
mCron = mConfig.getString(IJobCron.PROP_CRON);
if (mCron == null) {
return;
}
-
+
// parse cron string into a JobCron class
IJobsScheduler scheduler = (IJobsScheduler) owner;
@@ -179,16 +157,14 @@ public class UnpublishExpiredJob extends AJobBase
}
/**
- * look in the internal db for certificateRecords that are
- * expired.
- * remove them from ldap publishing directory
- * if remove successfully, mark <i>false</i> on the
- * <b>InLdapPublishDir</b> flag,
- * else, if remove unsuccessfully, log it
+ * look in the internal db for certificateRecords that are expired. remove
+ * them from ldap publishing directory if remove successfully, mark
+ * <i>false</i> on the <b>InLdapPublishDir</b> flag, else, if remove
+ * unsuccessfully, log it
*/
public void run() {
- // System.out.println("in ExpiredUnpublishJob "+
- // getId()+ " : run()");
+ // System.out.println("in ExpiredUnpublishJob "+
+ // getId()+ " : run()");
// get time now..."now" is before the loop
Date date = CMS.getCurrentDate();
long now = date.getTime();
@@ -196,12 +172,11 @@ public class UnpublishExpiredJob extends AJobBase
String nowString = dateFormat.format(date);
// form filter
- String filter = "(&(x509Cert.notAfter<=" + now +
- ")(!(x509Cert.notAfter=" + now + "))" +
- "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
- ":true))";
+ String filter = "(&(x509Cert.notAfter<=" + now
+ + ")(!(x509Cert.notAfter=" + now + "))" + "(" + "certMetainfo="
+ + ICertRecord.META_LDAPPUBLISH + ":true))";
// a test for without CertRecord.META_LDAPPUBLISH
- //String filter = "(x509Cert.notAfter<="+ now +")";
+ // String filter = "(x509Cert.notAfter<="+ now +")";
Enumeration expired = null;
@@ -209,13 +184,14 @@ public class UnpublishExpiredJob extends AJobBase
expired = mRepository.findCertRecs(filter);
// bug 399150
/*
- CertRecordList list = null;
- list = mRepository.findCertRecordsInList(filter, null, "serialno", 5);
- int size = list.getSize();
- expired = list.getCertRecords(0, size - 1);
+ * CertRecordList list = null; list =
+ * mRepository.findCertRecordsInList(filter, null, "serialno", 5);
+ * int size = list.getSize(); expired = list.getCertRecords(0, size
+ * - 1);
*/
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
int count = 0; // how many have been unpublished successfully
@@ -233,13 +209,14 @@ public class UnpublishExpiredJob extends AJobBase
while (expired != null && expired.hasMoreElements()) {
ICertRecord rec = (ICertRecord) expired.nextElement();
- if (rec == null) break;
+ if (rec == null)
+ break;
X509CertImpl cert = rec.getCertificate();
if (mSummary == true)
buildItemParams(cert);
- // get request id from cert record MetaInfo
+ // get request id from cert record MetaInfo
MetaInfo minfo = null;
try {
@@ -248,42 +225,39 @@ public class UnpublishExpiredJob extends AJobBase
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_META_INFO_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_META_INFO_ERROR", cert
+ .getSerialNumber().toString(16) + e.toString()));
}
String ridString = null;
try {
if (minfo != null)
- ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
+ ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
} catch (EBaseException e) {
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_META_REQUEST_ERROR", cert
+ .getSerialNumber().toString(16) + e.toString()));
} catch (NullPointerException e) {
// no requestId in MetaInfo...skip to next record
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("JOBS_META_REQUEST_ERROR", cert
+ .getSerialNumber().toString(16) + e.toString()));
}
if (ridString != null) {
RequestId rid = new RequestId(ridString);
-
+
// get request from request id
IRequest req = null;
@@ -297,19 +271,21 @@ public class UnpublishExpiredJob extends AJobBase
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "JOBS_FIND_REQUEST_ERROR",
+ cert.getSerialNumber().toString(16)
+ + e.toString()));
}
try {
- if ((mPublisherProcessor != null) &&
- mPublisherProcessor.enabled()) {
- mPublisherProcessor.unpublishCert((X509Certificate) cert, req);
+ if ((mPublisherProcessor != null)
+ && mPublisherProcessor.enabled()) {
+ mPublisherProcessor.unpublishCert(
+ (X509Certificate) cert, req);
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_SUCCESS);
+ STATUS_SUCCESS);
count += 1;
} else {
negCount += 1;
@@ -318,21 +294,23 @@ public class UnpublishExpiredJob extends AJobBase
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "JOBS_UNPUBLISH_ERROR",
+ cert.getSerialNumber().toString(16)
+ + e.toString()));
}
} // ridString != null
else {
try {
- if ((mPublisherProcessor != null) &&
- mPublisherProcessor.enabled()) {
- mPublisherProcessor.unpublishCert((X509Certificate) cert, null);
+ if ((mPublisherProcessor != null)
+ && mPublisherProcessor.enabled()) {
+ mPublisherProcessor.unpublishCert(
+ (X509Certificate) cert, null);
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_SUCCESS);
+ STATUS_SUCCESS);
count += 1;
} else {
negCount += 1;
@@ -341,11 +319,12 @@ public class UnpublishExpiredJob extends AJobBase
negCount += 1;
if (mSummary == true)
buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
- STATUS_FAILURE);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
- cert.getSerialNumber().toString(16) +
- e.toString()));
+ STATUS_FAILURE);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "JOBS_UNPUBLISH_ERROR",
+ cert.getSerialNumber().toString(16)
+ + e.toString()));
}
} // ridString == null
@@ -354,8 +333,8 @@ public class UnpublishExpiredJob extends AJobBase
// if summary is enabled, form the item content
if (mSummary) {
- IEmailFormProcessor emailItemFormProcessor =
- CMS.getEmailFormProcessor();
+ IEmailFormProcessor emailItemFormProcessor = CMS
+ .getEmailFormProcessor();
String c = emailItemFormProcessor.getEmailContent(itemForm,
mItemParams);
@@ -370,37 +349,35 @@ public class UnpublishExpiredJob extends AJobBase
// time for summary
if (mSummary == true) {
- buildContentParams(IEmailFormProcessor.TOKEN_ID,
- mId);
+ buildContentParams(IEmailFormProcessor.TOKEN_ID, mId);
buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
- itemListContent);
+ itemListContent);
buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
- String.valueOf(count + negCount));
+ String.valueOf(count + negCount));
buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
- String.valueOf(count));
+ String.valueOf(count));
buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
- String.valueOf(negCount));
+ String.valueOf(negCount));
buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
- nowString);
+ nowString);
- IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
- String mailContent =
- emailFormProcessor.getEmailContent(contentForm,
- mContentParams);
+ IEmailFormProcessor emailFormProcessor = CMS
+ .getEmailFormProcessor();
+ String mailContent = emailFormProcessor.getEmailContent(
+ contentForm, mContentParams);
mailSummary(mailContent);
}
}
/**
- * Returns a list of configuration parameter names.
- * The list is passed to the configuration console so instances of
- * this implementation can be configured through the console.
- *
+ * Returns a list of configuration parameter names. The list is passed to
+ * the configuration console so instances of this implementation can be
+ * configured through the console.
+ *
* @return String array of configuration parameter names.
*/
public String[] getConfigParams() {
return (mConfigParams);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
index d238c279..a6a61c20 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.listeners;
-
import java.io.File;
import java.io.IOException;
import java.text.DateFormat;
@@ -45,12 +44,11 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IRequestListener;
import com.netscape.certsrv.request.RequestId;
-
/**
* a listener for every completed enrollment request
* <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate is successfully issued:
+ * Here is a list of available $TOKENs for email notification templates if
+ * certificate is successfully issued:
* <UL>
* <LI>$InstanceID
* <LI>$SerialNumber
@@ -66,13 +64,13 @@ import com.netscape.certsrv.request.RequestId;
* <LI>$RecipientEmail
* </UL>
* <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate request is rejected:
+ * Here is a list of available $TOKENs for email notification templates if
+ * certificate request is rejected:
* <UL>
* <LI>$RequestId
* <LI>$InstanceID
* </UL>
- *
+ *
* @version $Revision$, $Date$
*/
public class CertificateIssuedListener implements IRequestListener {
@@ -107,7 +105,7 @@ public class CertificateIssuedListener implements IRequestListener {
}
public void init(ISubsystem sub, IConfigStore config)
- throws EListenersException, EPropertyNotFound, EBaseException {
+ throws EListenersException, EPropertyNotFound, EBaseException {
mSubsystem = (ICertAuthority) sub;
mConfig = mSubsystem.getConfigStore();
@@ -118,25 +116,24 @@ public class CertificateIssuedListener implements IRequestListener {
mSenderEmail = rc.getString(PROP_SENDER_EMAIL);
if (mSenderEmail == null) {
- throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND"));
+ throw new EListenersException(
+ CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND"));
}
mFormPath = rc.getString(PROP_EMAIL_TEMPLATE);
String mDir = null;
// figure out the reject email path: same dir as form path,
- // same ending as form path
+ // same ending as form path
int ridx = mFormPath.lastIndexOf(File.separator);
if (ridx == -1) {
- CMS.debug("CertificateIssuedListener: file separator: " + File.separator
- +
- " not found. Use default /");
+ CMS.debug("CertificateIssuedListener: file separator: "
+ + File.separator + " not found. Use default /");
ridx = mFormPath.lastIndexOf("/");
mDir = mFormPath.substring(0, ridx + 1);
} else {
- mDir = mFormPath.substring(0, ridx +
- File.separator.length());
+ mDir = mFormPath.substring(0, ridx + File.separator.length());
}
CMS.debug("CertificateIssuedListener: template file directory: " + mDir);
mRejectPath = mDir + REJECT_FILE_NAME;
@@ -154,7 +151,7 @@ public class CertificateIssuedListener implements IRequestListener {
mDateFormat = DateFormat.getDateTimeInstance();
mSubject_Success = rc.getString(PROP_EMAIL_SUBJECT,
- "Your Certificate Request");
+ "Your Certificate Request");
mSubject = new String(mSubject_Success);
// form the cert retrieval URL for the notification
@@ -166,9 +163,10 @@ public class CertificateIssuedListener implements IRequestListener {
}
public void accept(IRequest r) {
- CMS.debug("CertificateIssuedListener: accept " +
- r.getRequestId().toString());
- if (mEnabled != true) return;
+ CMS.debug("CertificateIssuedListener: accept "
+ + r.getRequestId().toString());
+ if (mEnabled != true)
+ return;
mSubject = mSubject_Success;
mReqId = r.getRequestId();
@@ -190,17 +188,18 @@ public class CertificateIssuedListener implements IRequestListener {
if (profileId == null) {
if (r.getExtDataInInteger(IRequest.RESULT) == null)
return;
- if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
- CMS.debug("CertificateIssuedListener: Request errored. " +
- "No need to email notify for enrollment request id " +
- mReqId);
+ if ((r.getExtDataInInteger(IRequest.RESULT))
+ .equals(IRequest.RES_ERROR)) {
+ CMS.debug("CertificateIssuedListener: Request errored. "
+ + "No need to email notify for enrollment request id "
+ + mReqId);
return;
}
}
String requestType = r.getRequestType();
- if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
- requestType.equals(IRequest.RENEWAL_REQUEST)) {
+ if (requestType.equals(IRequest.ENROLLMENT_REQUEST)
+ || requestType.equals(IRequest.RENEWAL_REQUEST)) {
CMS.debug("accept() enrollment/renewal request...");
// Get the certificate from the request
X509CertImpl issuedCert[] = null;
@@ -210,8 +209,8 @@ public class CertificateIssuedListener implements IRequestListener {
issuedCert = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
} else {
issuedCert = new X509CertImpl[1];
- issuedCert[0] =
- r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+ issuedCert[0] = r
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
}
if (issuedCert != null) {
@@ -223,11 +222,10 @@ public class CertificateIssuedListener implements IRequestListener {
try {
keys.set(IEmailResolverKeys.KEY_REQUEST, r);
- keys.set(IEmailResolverKeys.KEY_CERT,
- issuedCert[0]);
+ keys.set(IEmailResolverKeys.KEY_CERT, issuedCert[0]);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
}
IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -235,31 +233,29 @@ public class CertificateIssuedListener implements IRequestListener {
try {
mEmail = er.getEmail(keys);
} catch (ENotificationException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_EXCEPTION", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_EXCEPTION", e.toString()));
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_EXCEPTION", e.toString()));
}
-
+
// now we can mail
if ((mEmail != null) && (!mEmail.equals(""))) {
mailIt(mEmail, issuedCert);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
- issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_NOTIFY_ERROR", issuedCert[0]
+ .getSerialNumber().toString(), mReqId
+ .toString()));
// send failure notification to "sender"
mSubject = "Certificate Issued notification undeliverable";
mailIt(mSenderEmail, issuedCert);
}
- }
+ }
}
}
@@ -282,7 +278,7 @@ public class CertificateIssuedListener implements IRequestListener {
if (!template.init()) {
return;
}
-
+
buildContentParams(issuedCert, mEmail);
IEmailFormProcessor et = CMS.getEmailFormProcessor();
String c = et.getEmailContent(template.toString(), mContentParams);
@@ -292,22 +288,23 @@ public class CertificateIssuedListener implements IRequestListener {
}
mn.setContent(c);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
- issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", issuedCert[0]
+ .getSerialNumber().toString(), mReqId.toString()));
- mn.setContent("Serial Number = " +
- issuedCert[0].getSerialNumber() +
- "; Request ID = " + mReqId);
+ mn.setContent("Serial Number = " + issuedCert[0].getSerialNumber()
+ + "; Request ID = " + mReqId);
}
-
+
try {
mn.sendNotification();
} catch (ENotificationException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
}
@@ -320,7 +317,8 @@ public class CertificateIssuedListener implements IRequestListener {
keys.set(IEmailResolverKeys.KEY_REQUEST, r);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+ CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER",
+ e.toString()));
}
IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -328,11 +326,14 @@ public class CertificateIssuedListener implements IRequestListener {
try {
mEmail = er.getEmail(keys);
} catch (ENotificationException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
// now we can mail
@@ -352,23 +353,25 @@ public class CertificateIssuedListener implements IRequestListener {
if (!template.init()) {
return;
}
-
+
if (template.isHTML()) {
mn.setContentType("text/html");
}
// build some token data
mContentParams.put(IEmailFormProcessor.TOKEN_ID,
- mConfig.getName());
+ mConfig.getName());
mReqId = r.getRequestId();
mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
- (Object) mReqId.toString());
+ (Object) mReqId.toString());
IEmailFormProcessor et = CMS.getEmailFormProcessor();
- String c = et.getEmailContent(template.toString(), mContentParams);
+ String c = et.getEmailContent(template.toString(),
+ mContentParams);
mn.setContent(c);
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION"));
mn.setContent("Your Certificate Request has been rejected. Please contact your administrator for assistance");
}
@@ -376,49 +379,52 @@ public class CertificateIssuedListener implements IRequestListener {
mn.sendNotification();
} catch (ENotificationException e) {
// already logged, lets audit
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION",
+ mReqId.toString()));
}
}
private void buildContentParams(X509CertImpl issuedCert[], String mEmail) {
- mContentParams.put(IEmailFormProcessor.TOKEN_ID,
- mConfig.getName());
+ mContentParams.put(IEmailFormProcessor.TOKEN_ID, mConfig.getName());
mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
- (Object) issuedCert[0].getSerialNumber().toString());
+ (Object) issuedCert[0].getSerialNumber().toString());
mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
- (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue()));
+ (Object) Long.toHexString(issuedCert[0].getSerialNumber()
+ .longValue()));
mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
- (Object) mReqId.toString());
+ (Object) mReqId.toString());
mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
- (Object) mHttpHost);
+ (Object) mHttpHost);
mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
- (Object) mHttpPort);
+ (Object) mHttpPort);
mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
- (Object) issuedCert[0].getIssuerDN().toString());
+ (Object) issuedCert[0].getIssuerDN().toString());
mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
- (Object) issuedCert[0].getSubjectDN().toString());
+ (Object) issuedCert[0].getSubjectDN().toString());
Date date = (Date) issuedCert[0].getNotAfter();
mContentParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER,
- mDateFormat.format(date));
+ mDateFormat.format(date));
date = (Date) issuedCert[0].getNotBefore();
mContentParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE,
- mDateFormat.format(date));
+ mDateFormat.format(date));
mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
- (Object) mSenderEmail);
+ (Object) mSenderEmail);
mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
- (Object) mEmail);
+ (Object) mEmail);
// ... and more
}
@@ -440,15 +446,15 @@ public class CertificateIssuedListener implements IRequestListener {
} else if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
mFormPath = val;
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET"));
}
}
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level, msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
index d1cc3d80..9b7fa4c0 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.listeners;
-
import java.io.File;
import java.io.IOException;
import java.security.cert.X509Certificate;
@@ -47,12 +46,11 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IRequestListener;
import com.netscape.certsrv.request.RequestId;
-
/**
* a listener for every completed enrollment request
* <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate is successfully issued:
+ * Here is a list of available $TOKENs for email notification templates if
+ * certificate is successfully issued:
* <UL>
* <LI>$InstanceID
* <LI>$SerialNumber
@@ -68,13 +66,13 @@ import com.netscape.certsrv.request.RequestId;
* <LI>$RecipientEmail
* </UL>
* <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate request is revoked:
+ * Here is a list of available $TOKENs for email notification templates if
+ * certificate request is revoked:
* <UL>
* <LI>$RequestId
* <LI>$InstanceID
* </UL>
- *
+ *
* @version $Revision$, $Date$
*/
public class CertificateRevokedListener implements IRequestListener {
@@ -109,7 +107,7 @@ public class CertificateRevokedListener implements IRequestListener {
}
public void init(ISubsystem sub, IConfigStore config)
- throws EListenersException, EPropertyNotFound, EBaseException {
+ throws EListenersException, EPropertyNotFound, EBaseException {
mSubsystem = (ICertAuthority) sub;
mConfig = mSubsystem.getConfigStore();
@@ -120,27 +118,27 @@ public class CertificateRevokedListener implements IRequestListener {
mSenderEmail = rc.getString(PROP_SENDER_EMAIL);
if (mSenderEmail == null) {
- throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND"));
+ throw new EListenersException(
+ CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND"));
}
mFormPath = rc.getString(PROP_EMAIL_TEMPLATE);
String mDir = null;
// figure out the reject email path: same dir as form path,
- // same ending as form path
+ // same ending as form path
int ridx = mFormPath.lastIndexOf(File.separator);
if (ridx == -1) {
- CMS.debug("CertificateRevokedListener: file separator: " + File.separator
- +
- " not found. Use default /");
+ CMS.debug("CertificateRevokedListener: file separator: "
+ + File.separator + " not found. Use default /");
ridx = mFormPath.lastIndexOf("/");
mDir = mFormPath.substring(0, ridx + 1);
} else {
- mDir = mFormPath.substring(0, ridx +
- File.separator.length());
+ mDir = mFormPath.substring(0, ridx + File.separator.length());
}
- CMS.debug("CertificateRevokedListener: template file directory: " + mDir);
+ CMS.debug("CertificateRevokedListener: template file directory: "
+ + mDir);
mRejectPath = mDir + REJECT_FILE_NAME;
if (mFormPath.endsWith(".html"))
mRejectPath += ".html";
@@ -151,12 +149,13 @@ public class CertificateRevokedListener implements IRequestListener {
else if (mFormPath.endsWith(".HTM"))
mRejectPath += ".HTM";
- CMS.debug("CertificateRevokedListener: Reject file path: " + mRejectPath);
+ CMS.debug("CertificateRevokedListener: Reject file path: "
+ + mRejectPath);
mDateFormat = DateFormat.getDateTimeInstance();
mSubject_Success = rc.getString(PROP_EMAIL_SUBJECT,
- "Your Certificate Request");
+ "Your Certificate Request");
mSubject = new String(mSubject_Success);
// form the cert retrieval URL for the notification
@@ -168,7 +167,8 @@ public class CertificateRevokedListener implements IRequestListener {
}
public void accept(IRequest r) {
- if (mEnabled != true) return;
+ if (mEnabled != true)
+ return;
mSubject = mSubject_Success;
mReqId = r.getRequestId();
@@ -180,7 +180,7 @@ public class CertificateRevokedListener implements IRequestListener {
return;
if (rs.equals("complete") == false) {
CMS.debug("CertificateRevokedListener: Request status: " + rs);
- //revoked(r);
+ // revoked(r);
return;
}
@@ -189,19 +189,19 @@ public class CertificateRevokedListener implements IRequestListener {
return;
if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
- CMS.debug("CertificateRevokedListener: Request errored. " +
- "No need to email notify for enrollment request id " +
- mReqId);
+ CMS.debug("CertificateRevokedListener: Request errored. "
+ + "No need to email notify for enrollment request id "
+ + mReqId);
return;
}
-
+
if (requestType.equals(IRequest.REVOCATION_REQUEST)) {
CMS.debug("CertificateRevokedListener: accept() revocation request...");
// Get the certificate from the request
- //X509CertImpl issuedCert[] =
- // (X509CertImpl[])
- RevokedCertImpl crlentries[] =
- r.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+ // X509CertImpl issuedCert[] =
+ // (X509CertImpl[])
+ RevokedCertImpl crlentries[] = r
+ .getExtDataInRevokedCertArray(IRequest.CERT_INFO);
if (crlentries != null) {
CMS.debug("CertificateRevokedListener: Sending email notification..");
@@ -212,11 +212,10 @@ public class CertificateRevokedListener implements IRequestListener {
try {
keys.set(IEmailResolverKeys.KEY_REQUEST, r);
- keys.set(IEmailResolverKeys.KEY_CERT,
- crlentries[0]);
+ keys.set(IEmailResolverKeys.KEY_CERT, crlentries[0]);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
}
IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -224,31 +223,29 @@ public class CertificateRevokedListener implements IRequestListener {
try {
mEmail = er.getEmail(keys);
} catch (ENotificationException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_EXCEPTION", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_EXCEPTION", e.toString()));
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_EXCEPTION", e.toString()));
}
-
+
// now we can mail
if ((mEmail != null) && (!mEmail.equals(""))) {
mailIt(mEmail, crlentries);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
- crlentries[0].getSerialNumber().toString(), mReqId.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_NOTIFY_ERROR", crlentries[0]
+ .getSerialNumber().toString(), mReqId
+ .toString()));
// send failure notification to "sender"
mSubject = "Certificate Issued notification undeliverable";
mailIt(mSenderEmail, crlentries);
}
- }
+ }
}
}
@@ -271,7 +268,7 @@ public class CertificateRevokedListener implements IRequestListener {
if (!template.init()) {
return;
}
-
+
buildContentParams(crlentries, mEmail);
IEmailFormProcessor et = CMS.getEmailFormProcessor();
String c = et.getEmailContent(template.toString(), mContentParams);
@@ -281,22 +278,23 @@ public class CertificateRevokedListener implements IRequestListener {
}
mn.setContent(c);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
- crlentries[0].getSerialNumber().toString(), mReqId.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_TEMPLATE_ERROR", crlentries[0]
+ .getSerialNumber().toString(), mReqId.toString()));
- mn.setContent("Serial Number = " +
- crlentries[0].getSerialNumber() +
- "; Request ID = " + mReqId);
+ mn.setContent("Serial Number = " + crlentries[0].getSerialNumber()
+ + "; Request ID = " + mReqId);
}
-
+
try {
mn.sendNotification();
} catch (ENotificationException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
}
@@ -309,7 +307,8 @@ public class CertificateRevokedListener implements IRequestListener {
keys.set(IEmailResolverKeys.KEY_REQUEST, r);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+ CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER",
+ e.toString()));
}
IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -317,11 +316,14 @@ public class CertificateRevokedListener implements IRequestListener {
try {
mEmail = er.getEmail(keys);
} catch (ENotificationException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
// now we can mail
@@ -341,23 +343,25 @@ public class CertificateRevokedListener implements IRequestListener {
if (!template.init()) {
return;
}
-
+
if (template.isHTML()) {
mn.setContentType("text/html");
}
// build some token data
mContentParams.put(IEmailFormProcessor.TOKEN_ID,
- mConfig.getName());
+ mConfig.getName());
mReqId = r.getRequestId();
mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
- (Object) mReqId.toString());
+ (Object) mReqId.toString());
IEmailFormProcessor et = CMS.getEmailFormProcessor();
- String c = et.getEmailContent(template.toString(), mContentParams);
+ String c = et.getEmailContent(template.toString(),
+ mContentParams);
mn.setContent(c);
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION"));
mn.setContent("Your Certificate Request has been revoked. Please contact your administrator for assistance");
}
@@ -365,55 +369,61 @@ public class CertificateRevokedListener implements IRequestListener {
mn.sendNotification();
} catch (ENotificationException e) {
// already logged, lets audit
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION",
+ mReqId.toString()));
}
}
private void buildContentParams(RevokedCertImpl crlentries[], String mEmail) {
- mContentParams.put(IEmailFormProcessor.TOKEN_ID,
- mConfig.getName());
+ mContentParams.put(IEmailFormProcessor.TOKEN_ID, mConfig.getName());
mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
- (Object) crlentries[0].getSerialNumber().toString());
+ (Object) crlentries[0].getSerialNumber().toString());
mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
- (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue()));
+ (Object) Long.toHexString(crlentries[0].getSerialNumber()
+ .longValue()));
mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
- (Object) mReqId.toString());
+ (Object) mReqId.toString());
mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
- (Object) mHttpHost);
+ (Object) mHttpHost);
mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
- (Object) mHttpPort);
-
+ (Object) mHttpPort);
+
try {
RevokedCertImpl revCert = (RevokedCertImpl) crlentries[0];
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ICertificateRepository certDB = ca.getCertificateRepository();
- X509Certificate cert = certDB.getX509Certificate(revCert.getSerialNumber());
+ X509Certificate cert = certDB.getX509Certificate(revCert
+ .getSerialNumber());
mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
- (Object) cert.getIssuerDN().toString());
+ (Object) cert.getIssuerDN().toString());
mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
- (Object) cert.getSubjectDN().toString());
+ (Object) cert.getSubjectDN().toString());
Date date = (Date) crlentries[0].getRevocationDate();
-
+
mContentParams.put(IEmailFormProcessor.TOKEN_REVOCATION_DATE,
- mDateFormat.format(date));
+ mDateFormat.format(date));
} catch (EBaseException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+ CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER",
+ e.toString()));
}
mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
- (Object) mSenderEmail);
+ (Object) mSenderEmail);
mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
- (Object) mEmail);
+ (Object) mEmail);
// ... and more
}
@@ -435,15 +445,15 @@ public class CertificateRevokedListener implements IRequestListener {
} else if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
mFormPath = val;
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET"));
}
}
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level, msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
index 2f02774d..57368b76 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.listeners;
-
import java.util.Hashtable;
import netscape.ldap.LDAPAttribute;
@@ -39,10 +38,9 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IRequestListener;
import com.netscape.certsrv.request.RequestId;
-
/**
* This represnets a listener that removes pin from LDAP directory.
- *
+ *
* @version $Revision$, $Date$
*/
public class PinRemovalListener implements IRequestListener {
@@ -87,18 +85,17 @@ public class PinRemovalListener implements IRequestListener {
protected String[] configParams = { "a" };
- public String[] getConfigParams()
- throws EBaseException {
+ public String[] getConfigParams() throws EBaseException {
return configParams;
}
public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
- init(null, null, config);
+ init(null, null, config);
}
public void init(String name, String ImplName, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mName = name;
mImplName = ImplName;
mConfig = config;
@@ -115,7 +112,8 @@ public class PinRemovalListener implements IRequestListener {
}
public void accept(IRequest r) {
- if (mEnabled != true) return;
+ if (mEnabled != true)
+ return;
mReqId = r.getRequestId();
@@ -128,37 +126,37 @@ public class PinRemovalListener implements IRequestListener {
}
String requestType = r.getRequestType();
- if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
- requestType.equals(IRequest.RENEWAL_REQUEST)) {
+ if (requestType.equals(IRequest.ENROLLMENT_REQUEST)
+ || requestType.equals(IRequest.RENEWAL_REQUEST)) {
- String uid = r.getExtDataInString(
- IRequest.HTTP_PARAMS, "uid");
+ String uid = r.getExtDataInString(IRequest.HTTP_PARAMS, "uid");
if (uid == null) {
- log(ILogger.LL_INFO, "did not find UID parameter in this request");
+ log(ILogger.LL_INFO,
+ "did not find UID parameter in this request");
return;
}
String userdn = null;
try {
- LDAPSearchResults res = mRemovePinLdapConnection.search(mBaseDN,
- LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
-
+ LDAPSearchResults res = mRemovePinLdapConnection.search(
+ mBaseDN, LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null,
+ false);
+
if (!res.hasMoreElements()) {
- log(ILogger.LL_SECURITY, "uid " + uid + " does not exist in the ldap " +
- " server. Could not remove pin");
+ log(ILogger.LL_SECURITY, "uid " + uid
+ + " does not exist in the ldap "
+ + " server. Could not remove pin");
return;
}
LDAPEntry entry = (LDAPEntry) res.nextElement();
userdn = entry.getDN();
-
- mRemovePinLdapConnection.modify(userdn,
- new LDAPModification(
- LDAPModification.DELETE,
- new LDAPAttribute(mPinAttr)));
+
+ mRemovePinLdapConnection.modify(userdn, new LDAPModification(
+ LDAPModification.DELETE, new LDAPAttribute(mPinAttr)));
log(ILogger.LL_INFO, "Removed pin for user \"" + userdn + "\"");
@@ -172,11 +170,10 @@ public class PinRemovalListener implements IRequestListener {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, "PinRemovalListener: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level,
+ "PinRemovalListener: " + msg);
}
public void set(String name, String val) {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
index f5810a46..4100b465 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.listeners;
-
import java.io.IOException;
import java.util.Hashtable;
@@ -39,7 +38,6 @@ import com.netscape.certsrv.request.RequestId;
import com.netscape.cms.profile.input.SubjectNameInput;
import com.netscape.cms.profile.input.SubmitterInfoInput;
-
/**
* a listener for every request gets into the request queue.
* <p>
@@ -54,7 +52,7 @@ import com.netscape.cms.profile.input.SubmitterInfoInput;
* <LI>$SenderEmail
* <LI>$RecipientEmail
* </UL>
- *
+ *
*/
public class RequestInQListener implements IRequestListener {
protected static final String PROP_ENABLED = "enabled";
@@ -89,8 +87,8 @@ public class RequestInQListener implements IRequestListener {
* initializes the listener from the configuration
*/
public void init(ISubsystem sub, IConfigStore config)
- throws EListenersException, EPropertyNotFound, EBaseException {
-
+ throws EListenersException, EPropertyNotFound, EBaseException {
+
mSubsystem = (ICertAuthority) sub;
mConfig = mSubsystem.getConfigStore();
@@ -101,11 +99,13 @@ public class RequestInQListener implements IRequestListener {
mSenderEmail = rq.getString(PROP_SENDER_EMAIL);
if (mSenderEmail == null) {
- throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND"));
+ throw new EListenersException(
+ CMS.getLogMessage("NO_NOTIFY_SENDER_EMAIL_CONFIG_FOUND"));
}
mRecipientEmail = rq.getString(PROP_RECVR_EMAIL);
if (mRecipientEmail == null) {
- throw new EListenersException(CMS.getLogMessage("NO_NOTIFY_RECVR_EMAIL_CONFIG_FOUND"));
+ throw new EListenersException(
+ CMS.getLogMessage("NO_NOTIFY_RECVR_EMAIL_CONFIG_FOUND"));
}
mEmailSubject = rq.getString(PROP_EMAIL_SUBJECT);
@@ -118,32 +118,34 @@ public class RequestInQListener implements IRequestListener {
// make available http host and port for forming url in templates
mHttpHost = CMS.getAgentHost();
mAgentPort = CMS.getAgentPort();
- if (mAgentPort == null)
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_REQUEST_PORT_NOT_FOUND"));
+ if (mAgentPort == null)
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LISTENERS_REQUEST_PORT_NOT_FOUND"));
else
CMS.debug("RequestInQuListener: agentport = " + mAgentPort);
- // register for this event listener
+ // register for this event listener
mSubsystem.registerPendingListener(this);
}
/**
* carries out the operation when the listener is triggered.
+ *
* @param r IRequest structure holding the request information
* @see com.netscape.certsrv.request.IRequest
*/
public void accept(IRequest r) {
- if (mEnabled != true) return;
+ if (mEnabled != true)
+ return;
- // regardless of type of request...notify for everything
- // no need for email resolver here...
+ // regardless of type of request...notify for everything
+ // no need for email resolver here...
IMailNotification mn = CMS.getMailNotification();
mn.setFrom(mSenderEmail);
mn.setTo(mRecipientEmail);
- mn.setSubject(mEmailSubject + " (request id: " +
- r.getRequestId() + ")");
+ mn.setSubject(mEmailSubject + " (request id: " + r.getRequestId() + ")");
/*
* get form file from disk
@@ -155,10 +157,11 @@ public class RequestInQListener implements IRequestListener {
*/
if (template != null) {
if (!template.init()) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_INIT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_INIT"));
return;
}
-
+
buildContentParams(r);
IEmailFormProcessor et = CMS.getEmailFormProcessor();
String c = et.getEmailContent(template.toString(), mContentParams);
@@ -169,8 +172,8 @@ public class RequestInQListener implements IRequestListener {
mn.setContent(c);
} else {
// log and mail
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET"));
mn.setContent("Template not retrievable for Request in Queue notification");
}
@@ -178,79 +181,77 @@ public class RequestInQListener implements IRequestListener {
mn.sendNotification();
} catch (ENotificationException e) {
// already logged, lets audit
- mLogger.log(ILogger.EV_AUDIT, null,
- ILogger.S_OTHER,
- ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
+ mLogger.log(ILogger.EV_AUDIT, null, ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
+ CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
}
}
private void buildContentParams(IRequest r) {
mContentParams.clear();
- mContentParams.put(IEmailFormProcessor.TOKEN_ID,
- mConfig.getName());
+ mContentParams.put(IEmailFormProcessor.TOKEN_ID, mConfig.getName());
Object val = null;
String profileId = r.getExtDataInString("profileId");
if (profileId == null) {
- val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail");
+ val = r.getExtDataInString(IRequest.HTTP_PARAMS,
+ "csrRequestorEmail");
} else {
- // use the submitter info if available, otherwise, use the
- // subject name input email
- val = r.getExtDataInString(SubmitterInfoInput.EMAIL);
+ // use the submitter info if available, otherwise, use the
+ // subject name input email
+ val = r.getExtDataInString(SubmitterInfoInput.EMAIL);
- if ((val == null) || (((String) val).compareTo("") == 0)) {
- val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL);
- }
+ if ((val == null) || (((String) val).compareTo("") == 0)) {
+ val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL);
+ }
}
if (val != null)
- mContentParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL,
- val);
+ mContentParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL, val);
if (profileId == null) {
- val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+ val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
} else {
- val = profileId;
+ val = profileId;
}
if (val != null) {
- mContentParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE,
- val);
+ mContentParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE, val);
}
RequestId reqId = r.getRequestId();
mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
- (Object) reqId.toString());
+ (Object) reqId.toString());
mContentParams.put(IEmailFormProcessor.TOKEN_ID, mId);
val = r.getRequestType();
if (val != null)
- mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_TYPE,
- val);
+ mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_TYPE, val);
mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
- (Object) mHttpHost);
+ (Object) mHttpHost);
mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
- (Object) mAgentPort);
+ (Object) mAgentPort);
mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
- (Object) mSenderEmail);
+ (Object) mSenderEmail);
mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
- (Object) mRecipientEmail);
+ (Object) mRecipientEmail);
}
/**
* sets the configurable parameters
- * @param name a String represents the name of the configuration parameter to be set
+ *
+ * @param name a String represents the name of the configuration parameter
+ * to be set
* @param val a String containing the value to be set for name
*/
public void set(String name, String val) {
@@ -269,15 +270,14 @@ public class RequestInQListener implements IRequestListener {
} else if (name.equalsIgnoreCase(PROP_EMAIL_TEMPLATE)) {
mFormPath = val;
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET"));
}
}
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level, msg);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java
index 4ab9f281..b95f2687 100644
--- a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java
+++ b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java
@@ -17,17 +17,15 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.logging;
-
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Vector;
-
/**
* A log entry of LogFile
- *
+ *
* @version $Revision$, $Date$
*/
public class LogEntry {
@@ -43,7 +41,7 @@ public class LogEntry {
/**
* Constructor for a LogEntry.
- *
+ *
*/
public LogEntry(String entry) throws ParseException {
mEntry = entry;
@@ -52,10 +50,10 @@ public class LogEntry {
/**
* parse a log entry
- *
+ *
* return a vector of the segments of the entry
*/
-
+
public Vector parse() throws ParseException {
int x = mEntry.indexOf("[");
@@ -96,7 +94,8 @@ public class LogEntry {
row.addElement(mTime);
row.addElement(mDetail);
- //System.out.println(mSource +"," + mLevel +","+ mDate+","+mTime+","+mDetail);
+ // System.out.println(mSource +"," + mLevel +","+
+ // mDate+","+mTime+","+mDetail);
return row;
}
diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
index 284ff02d..cf5a4d2b 100644
--- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.logging;
-
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.ByteArrayOutputStream;
@@ -81,7 +80,7 @@ import com.netscape.cmsutil.util.Utils;
/**
* A log event listener which write logs to log files
- *
+ *
* @version $Revision$, $Date$
**/
public class LogFile implements ILogEventListener, IExtendedPluginInfo {
@@ -90,8 +89,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
public static final String PROP_ON = "enable";
public static final String PROP_TRACE = "trace";
public static final String PROP_SIGNED_AUDIT_LOG_SIGNING = "logSigning";
- public static final String PROP_SIGNED_AUDIT_CERT_NICKNAME =
- "signedAuditCertNickname";
+ public static final String PROP_SIGNED_AUDIT_CERT_NICKNAME = "signedAuditCertNickname";
public static final String PROP_SIGNED_AUDIT_EVENTS = "events";
public static final String PROP_LEVEL = "level";
static final String PROP_FILE_NAME = "fileName";
@@ -99,16 +97,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
static final String PROP_BUFFER_SIZE = "bufferSize";
static final String PROP_FLUSH_INTERVAL = "flushInterval";
- private final static String LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP =
- "LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP_2";
- private final static String LOGGING_SIGNED_AUDIT_SIGNING =
- "LOGGING_SIGNED_AUDIT_SIGNING_3";
- private final static String LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN =
- "LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN_2";
- private final static String LOG_SIGNED_AUDIT_EXCEPTION =
- "LOG_SIGNED_AUDIT_EXCEPTION_1";
+ private final static String LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP = "LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP_2";
+ private final static String LOGGING_SIGNED_AUDIT_SIGNING = "LOGGING_SIGNED_AUDIT_SIGNING_3";
+ private final static String LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN = "LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN_2";
+ private final static String LOG_SIGNED_AUDIT_EXCEPTION = "LOG_SIGNED_AUDIT_EXCEPTION_1";
- protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
+ protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
protected IConfigStore mConfig = null;
/**
@@ -116,8 +110,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
*/
static final String DATE_PATTERN = "yyyyMMddHHmmss";
- //It may be interesting to make this flexable someday....
- protected SimpleDateFormat mLogFileDateFormat = new SimpleDateFormat(DATE_PATTERN);
+ // It may be interesting to make this flexable someday....
+ protected SimpleDateFormat mLogFileDateFormat = new SimpleDateFormat(
+ DATE_PATTERN);
/**
* The default output stream buffer size in bytes
@@ -152,7 +147,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* The log date entry format
*/
- protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern);
+ protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(
+ mDatePattern);
/**
* The date object used for log entries
@@ -228,53 +224,55 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
static final String CRYPTO_PROVIDER = "Mozilla-JSS";
/**
- * The log level threshold
- * Only logs with level greater or equal than this value will be written
+ * The log level threshold Only logs with level greater or equal than this
+ * value will be written
*/
protected long mLevel = 1;
/**
* Constructor for a LogFile.
- *
+ *
*/
public LogFile() {
}
- public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem owner, IConfigStore config)
+ throws EBaseException {
mConfig = config;
try {
mOn = config.getBoolean(PROP_ON, true);
} catch (EBaseException e) {
- throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "." + PROP_ON));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_ON));
}
try {
mLogSigning = config.getBoolean(PROP_SIGNED_AUDIT_LOG_SIGNING,
- false);
+ false);
} catch (EBaseException e) {
- throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "." + PROP_SIGNED_AUDIT_LOG_SIGNING));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_SIGNED_AUDIT_LOG_SIGNING));
}
if (mOn && mLogSigning) {
try {
- mSAuditCertNickName = config.getString(
- PROP_SIGNED_AUDIT_CERT_NICKNAME);
- CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname="+ mSAuditCertNickName);
+ mSAuditCertNickName = config
+ .getString(PROP_SIGNED_AUDIT_CERT_NICKNAME);
+ CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname="
+ + mSAuditCertNickName);
} catch (EBaseException e) {
- throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "."
- + PROP_SIGNED_AUDIT_CERT_NICKNAME));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_SIGNED_AUDIT_CERT_NICKNAME));
}
- if (mSAuditCertNickName == null ||
- mSAuditCertNickName.trim().equals("")) {
+ if (mSAuditCertNickName == null
+ || mSAuditCertNickName.trim().equals("")) {
throw new ELogException(CMS.getUserMessage(
- "CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "."
- + PROP_SIGNED_AUDIT_CERT_NICKNAME));
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_SIGNED_AUDIT_CERT_NICKNAME));
}
}
@@ -290,7 +288,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
try {
init(config);
} catch (IOException e) {
- throw new ELogException(CMS.getUserMessage("CMS_LOG_UNEXPECTED_EXCEPTION", e.toString()));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_LOG_UNEXPECTED_EXCEPTION", e.toString()));
}
}
@@ -303,19 +302,19 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
return theVector;
}
- StringTokenizer tokens = new StringTokenizer(theString,
- ",");
+ StringTokenizer tokens = new StringTokenizer(theString, ",");
while (tokens.hasMoreTokens()) {
String eventId = tokens.nextToken().trim();
theVector.addElement(eventId);
- CMS.debug("LogFile: log event type selected: "+eventId);
+ CMS.debug("LogFile: log event type selected: " + eventId);
}
return theVector;
}
/**
* add the event to the selected events list
+ *
* @param event to be selected
*/
public void selectEvent(String event) {
@@ -325,6 +324,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* remove the event from the selected events list
+ *
* @param event to be de-selected
*/
public void deselectEvent(String event) {
@@ -334,6 +334,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* replace the selected events list
+ *
* @param events comma-separated event list
*/
public void replaceEvents(String events) {
@@ -346,11 +347,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
// All this streaming is lame, but Base64OutputStream needs a
// PrintStream
ByteArrayOutputStream output = new ByteArrayOutputStream();
- Base64OutputStream b64 = new Base64OutputStream(new
- PrintStream(new
- FilterOutputStream(output)
- )
- );
+ Base64OutputStream b64 = new Base64OutputStream(new PrintStream(
+ new FilterOutputStream(output)));
b64.write(bytes);
b64.flush();
@@ -363,7 +361,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
private static boolean mInSignedAuditLogFailureMode = false;
private static synchronized void shutdownCMS() {
- if( mInSignedAuditLogFailureMode == false ) {
+ if (mInSignedAuditLogFailureMode == false) {
// Set signed audit log failure mode true
// No, this isn't a race condition, because the method is
@@ -371,7 +369,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
mInSignedAuditLogFailureMode = true;
// Block all new incoming requests
- if( CMS.areRequestsDisabled() == false ) {
+ if (CMS.areRequestsDisabled() == false) {
// XXX is this a race condition?
CMS.disableRequests();
}
@@ -389,11 +387,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Initialize and open the log using the parameters from a config store
- *
+ *
* @param config The property config store to find values in
*/
- public void init(IConfigStore config) throws IOException,
- EBaseException {
+ public void init(IConfigStore config) throws IOException, EBaseException {
String fileName = null;
String defaultFileName = null;
String signedAuditDefaultFileName = "";
@@ -403,22 +400,25 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
try {
mTrace = config.getBoolean(PROP_TRACE, false);
} catch (EBaseException e) {
- throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "." + PROP_TRACE));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_TRACE));
}
try {
mType = config.getString(PROP_TYPE, "system");
} catch (EBaseException e) {
- throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "." + PROP_TYPE));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_TYPE));
}
try {
mRegister = config.getBoolean(PROP_REGISTER, true);
} catch (EBaseException e) {
- throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "." + PROP_REGISTER));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_REGISTER));
}
if (mOn) {
@@ -437,94 +437,97 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
mLevel = config.getInteger(PROP_LEVEL, 3);
} catch (EBaseException e) {
e.printStackTrace();
- throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "." + PROP_LEVEL));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_LEVEL));
}
try {
// retrieve the subsystem
String subsystem = "";
- ISubsystem caSubsystem = CMS.getSubsystem( "ca" );
- if( caSubsystem != null ) {
+ ISubsystem caSubsystem = CMS.getSubsystem("ca");
+ if (caSubsystem != null) {
subsystem = "ca";
}
- ISubsystem raSubsystem = CMS.getSubsystem( "ra" );
- if( raSubsystem != null ) {
+ ISubsystem raSubsystem = CMS.getSubsystem("ra");
+ if (raSubsystem != null) {
subsystem = "ra";
}
- ISubsystem kraSubsystem = CMS.getSubsystem( "kra" );
- if( kraSubsystem != null ) {
+ ISubsystem kraSubsystem = CMS.getSubsystem("kra");
+ if (kraSubsystem != null) {
subsystem = "kra";
}
- ISubsystem ocspSubsystem = CMS.getSubsystem( "ocsp" );
- if( ocspSubsystem != null ) {
+ ISubsystem ocspSubsystem = CMS.getSubsystem("ocsp");
+ if (ocspSubsystem != null) {
subsystem = "ocsp";
}
// retrieve the instance name
String instIDPath = CMS.getInstanceDir();
- int index = instIDPath.lastIndexOf( "/" );
- String instID = instIDPath.substring( index + 1 );
+ int index = instIDPath.lastIndexOf("/");
+ String instID = instIDPath.substring(index + 1);
// build the default signedAudit file name
- signedAuditDefaultFileName = subsystem + "_"
- + instID + "_" + "audit";
-
- } catch( Exception e2 ) {
- throw new ELogException(
- CMS.getUserMessage( "CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "." +
- PROP_FILE_NAME ) );
+ signedAuditDefaultFileName = subsystem + "_" + instID + "_"
+ + "audit";
+
+ } catch (Exception e2) {
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_FILE_NAME));
}
// the default value is determined by the eventType.
if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
defaultFileName = "logs/signedAudit/" + signedAuditDefaultFileName;
- }else if (mType.equals(ILogger.PROP_SYSTEM)) {
+ } else if (mType.equals(ILogger.PROP_SYSTEM)) {
defaultFileName = "logs/system";
- }else if (mType.equals(ILogger.PROP_AUDIT)) {
+ } else if (mType.equals(ILogger.PROP_AUDIT)) {
defaultFileName = "logs/transactions";
- }else {
- //wont get here
- throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_LOG_TYPE",
- config.getName()));
+ } else {
+ // wont get here
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_LOG_INVALID_LOG_TYPE", config.getName()));
}
try {
fileName = config.getString(PROP_FILE_NAME, defaultFileName);
} catch (EBaseException e) {
- throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
- config.getName() + "." + PROP_FILE_NAME));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", config.getName() + "."
+ + PROP_FILE_NAME));
}
if (mOn) {
- init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE),
- config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL));
+ init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE),
+ config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL));
}
}
/**
* Initialize and open the log
- *
- * @param bufferSize The buffer size for the output stream in bytes
- * @param flushInterval The interval in seconds to flush the log
+ *
+ * @param bufferSize The buffer size for the output stream in bytes
+ * @param flushInterval The interval in seconds to flush the log
*/
- public void init(String fileName, int bufferSize, int flushInterval) throws IOException,ELogException {
+ public void init(String fileName, int bufferSize, int flushInterval)
+ throws IOException, ELogException {
if (fileName == null)
- throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_FILE_NAME", "null"));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_LOG_INVALID_FILE_NAME", "null"));
- //If we want to reuse the old log files
- //mFileName = fileName + "." + mLogFileDateFormat.format(mDate);
+ // If we want to reuse the old log files
+ // mFileName = fileName + "." + mLogFileDateFormat.format(mDate);
mFileName = fileName;
- if( !Utils.isNT() ) {
+ if (!Utils.isNT()) {
// Always insure that a physical file exists!
- Utils.exec( "touch " + mFileName );
- Utils.exec( "chmod 00640 " + mFileName );
+ Utils.exec("touch " + mFileName);
+ Utils.exec("chmod 00640 " + mFileName);
}
mFile = new File(mFileName);
mBufferSize = bufferSize;
@@ -540,25 +543,28 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
Provider[] providers = java.security.Security.getProviders();
int ps = providers.length;
- for (int i = 0; i<ps; i++) {
- CMS.debug("LogFile: provider "+i+"= "+providers[i].getName());
+ for (int i = 0; i < ps; i++) {
+ CMS.debug("LogFile: provider " + i + "= "
+ + providers[i].getName());
}
CryptoManager cm = CryptoManager.getInstance();
// find CertServer's private key
- X509Certificate cert = cm.findCertByNickname( mSAuditCertNickName );
+ X509Certificate cert = cm.findCertByNickname(mSAuditCertNickName);
if (cert != null) {
- CMS.debug("LogFile: setupSignig(): found cert:"+mSAuditCertNickName);
+ CMS.debug("LogFile: setupSignig(): found cert:"
+ + mSAuditCertNickName);
} else {
- CMS.debug("LogFile: setupSignig(): cert not found:"+mSAuditCertNickName);
+ CMS.debug("LogFile: setupSignig(): cert not found:"
+ + mSAuditCertNickName);
}
mSigningKey = cm.findPrivKeyByCert(cert);
String sigAlgorithm;
- if( mSigningKey instanceof RSAPrivateKey ) {
+ if (mSigningKey instanceof RSAPrivateKey) {
sigAlgorithm = "SHA-256/RSA";
- } else if( mSigningKey instanceof DSAPrivateKey ) {
+ } else if (mSigningKey instanceof DSAPrivateKey) {
sigAlgorithm = "SHA-256/DSA";
} else {
throw new NoSuchAlgorithmException("Unknown private key type");
@@ -566,12 +572,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
CryptoToken savedToken = cm.getThreadToken();
try {
- CryptoToken keyToken =
- ((org.mozilla.jss.pkcs11.PK11PrivKey)mSigningKey)
- .getOwningToken();
+ CryptoToken keyToken = ((org.mozilla.jss.pkcs11.PK11PrivKey) mSigningKey)
+ .getOwningToken();
cm.setThreadToken(keyToken);
mSignature = java.security.Signature.getInstance(sigAlgorithm,
- CRYPTO_PROVIDER);
+ CRYPTO_PROVIDER);
} finally {
cm.setThreadToken(savedToken);
}
@@ -580,7 +585,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
// get the last signature from the currently-opened file
String entry = getLastSignature(mFile);
- if( entry != null ) {
+ if (entry != null) {
mSignature.update(entry.getBytes("UTF-8"));
mSignature.update(LINE_SEP_BYTE);
}
@@ -614,12 +619,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
}
private static void setupSigningFailure(String logMessageCode, Exception e)
- throws EBaseException
- {
+ throws EBaseException {
try {
- ConsoleError.send( new SystemEvent(
- CMS.getLogMessage(logMessageCode)));
- } catch(Exception e2) {
+ ConsoleError
+ .send(new SystemEvent(CMS.getLogMessage(logMessageCode)));
+ } catch (Exception e2) {
// don't allow an exception while printing to the console
// prevent us from running the rest of this function.
e2.printStackTrace();
@@ -632,36 +636,32 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Startup the instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP used at audit
* function startup
* </ul>
+ *
* @exception EBaseException if an internal error occurred
*/
public void startup() throws EBaseException {
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
CMS.debug("LogFile: entering LogFile.startup()");
- if( mOn && mLogSigning ) {
+ if (mOn && mLogSigning) {
try {
setupSigning();
- audit( CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
- ILogger.SYSTEM_UID,
- ILogger.SUCCESS) );
- } catch(EBaseException e) {
- audit( CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
- ILogger.SYSTEM_UID,
- ILogger.FAILURE) );
+ audit(CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
+ ILogger.SYSTEM_UID, ILogger.SUCCESS));
+ } catch (EBaseException e) {
+ audit(CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
+ ILogger.SYSTEM_UID, ILogger.FAILURE));
throw e;
}
}
}
-
/**
* Retrieves the eventType this log is triggered.
*/
@@ -673,7 +673,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
* Retrieves the log on/off.
*/
public String getOn() {
- return String.valueOf( mOn );
+ return String.valueOf(mOn);
}
/**
@@ -695,22 +695,22 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Record that the signed audit log has been signed
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the
- * audit log is generated (same as "flush" time)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on
+ * the audit log is generated (same as "flush" time)
* </ul>
+ *
* @exception IOException for input/output problems
* @exception ELogException when plugin implementation fails
* @exception SignatureException when signing fails
* @exception InvalidKeyException when an invalid key is utilized
*/
private void pushSignature() throws IOException, ELogException,
- SignatureException, InvalidKeyException
- {
+ SignatureException, InvalidKeyException {
byte[] sigBytes = null;
- if( mSignature == null ) {
+ if (mSignature == null) {
return;
}
@@ -723,35 +723,27 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
// cook up a signed audit log message to record mac
// so as to avoid infinite recursiveness of calling
// the log() method
- String auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SIGNING,
- ILogger.SYSTEM_UID,
- ILogger.SUCCESS,
- base64Encode( sigBytes ) );
+ String auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_SIGNING,
+ ILogger.SYSTEM_UID, ILogger.SUCCESS, base64Encode(sigBytes));
- if( mSignedAuditLogger == null ) {
+ if (mSignedAuditLogger == null) {
return;
}
- ILogEvent ev = mSignedAuditLogger.create(
- ILogger.EV_SIGNED_AUDIT,
- ( Properties ) null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- auditMessage,
- o,
- ILogger.L_SINGLELINE );
+ ILogEvent ev = mSignedAuditLogger.create(ILogger.EV_SIGNED_AUDIT,
+ (Properties) null, ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY,
+ auditMessage, o, ILogger.L_SINGLELINE);
- String logMesg = logEvt2String(ev);
+ String logMesg = logEvt2String(ev);
doLog(logMesg, true);
}
private static String getLastSignature(File f) throws IOException {
- BufferedReader r = new BufferedReader( new FileReader(f) );
+ BufferedReader r = new BufferedReader(new FileReader(f));
String lastSig = null;
String curLine = null;
- while( (curLine = r.readLine()) != null ) {
- if( curLine.indexOf("AUDIT_LOG_SIGNING") != -1 ) {
+ while ((curLine = r.readLine()) != null) {
+ if (curLine.indexOf("AUDIT_LOG_SIGNING") != -1) {
lastSig = curLine;
}
}
@@ -760,8 +752,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
}
/**
- * Open the log file. This creates the buffered FileWriter
- *
+ * Open the log file. This creates the buffered FileWriter
+ *
*/
protected synchronized void open() throws IOException {
RandomAccessFile out;
@@ -769,36 +761,34 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
try {
out = new RandomAccessFile(mFile, "rw");
out.seek(out.length());
- //XXX int or long?
+ // XXX int or long?
mBytesWritten = (int) out.length();
- if( !Utils.isNT() ) {
+ if (!Utils.isNT()) {
try {
- Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() );
- } catch( IOException e ) {
- CMS.debug( "Unable to change file permissions on "
- + mFile.toString() );
+ Utils.exec("chmod 00640 " + mFile.getCanonicalPath());
+ } catch (IOException e) {
+ CMS.debug("Unable to change file permissions on "
+ + mFile.toString());
}
}
- mLogWriter = new BufferedWriter(
- new FileWriter(out.getFD()), mBufferSize);
+ mLogWriter = new BufferedWriter(new FileWriter(out.getFD()),
+ mBufferSize);
// The first time we open, mSignature will not have been
// initialized yet. That's ok, we will push our first signature
// in setupSigning().
- if( mLogSigning && (mSignature != null)) {
+ if (mLogSigning && (mSignature != null)) {
try {
pushSignature();
} catch (ELogException le) {
- ConsoleError.send(
- new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
- mFileName)));
+ ConsoleError.send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_ILLEGALARGUMENT", mFileName)));
}
}
} catch (IllegalArgumentException iae) {
- ConsoleError.send(
- new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
- mFileName)));
- } catch(GeneralSecurityException gse) {
+ ConsoleError.send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_ILLEGALARGUMENT", mFileName)));
+ } catch (GeneralSecurityException gse) {
// error with signed audit log, shutdown CMS
gse.printStackTrace();
shutdownCMS();
@@ -808,16 +798,18 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
}
/**
- * Flush the log file. Also update the MAC for hash protected logs
- *
+ * Flush the log file. Also update the MAC for hash protected logs
+ *
*/
public synchronized void flush() {
try {
- if( mLogSigning ) {
+ if (mLogSigning) {
try {
pushSignature();
} catch (ELogException le) {
- ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName, le.toString())));
+ ConsoleError.send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_FLUSH_LOG_FAILED", mFileName,
+ le.toString())));
}
}
@@ -825,13 +817,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
mLogWriter.flush();
}
} catch (IOException e) {
- ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName, e.toString())));
+ ConsoleError.send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_FLUSH_LOG_FAILED", mFileName, e.toString())));
if (mLogSigning) {
- //error in writing to signed audit log, shut down CMS
+ // error in writing to signed audit log, shut down CMS
e.printStackTrace();
shutdownCMS();
}
- } catch(GeneralSecurityException gse) {
+ } catch (GeneralSecurityException gse) {
// error with signed audit log, shutdown CMS
gse.printStackTrace();
shutdownCMS();
@@ -842,7 +835,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Close the log file
- *
+ *
*/
protected synchronized void close() {
try {
@@ -851,7 +844,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
mLogWriter.close();
}
} catch (IOException e) {
- ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_CLOSE_FAILED", mFileName, e.toString())));
+ ConsoleError.send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_CLOSE_FAILED", mFileName, e.toString())));
}
mLogWriter = null;
}
@@ -859,7 +853,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Shutdown this log file.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN used at audit
* function shutdown
@@ -874,11 +868,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
// log signed audit shutdown success
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN,
- ILogger.SYSTEM_UID,
- ILogger.SUCCESS );
+ LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN, ILogger.SYSTEM_UID,
+ ILogger.SUCCESS);
- audit( auditMessage );
+ audit(auditMessage);
close();
}
@@ -886,9 +879,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Set the flush interval
* <P>
- * @param flushInterval The amount of time in seconds until the log
- * is flush. A value of 0 will disable autoflush. This will also set
- * the update period for hash protected logs.
+ *
+ * @param flushInterval The amount of time in seconds until the log is
+ * flush. A value of 0 will disable autoflush. This will also set
+ * the update period for hash protected logs.
**/
public synchronized void setFlushInterval(int flushInterval) {
mFlushInterval = flushInterval * 1000;
@@ -903,8 +897,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
}
/**
- * Log flush thread. Sleep for the flush interval and flush the
- * log. Changing flush interval to 0 will cause this thread to exit.
+ * Log flush thread. Sleep for the flush interval and flush the log.
+ * Changing flush interval to 0 will cause this thread to exit.
*/
final class FlushThread extends Thread {
@@ -924,8 +918,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
LogFile.this.wait(mFlushInterval);
} catch (InterruptedException e) {
// This shouldn't happen very often
- ConsoleError.send(new
- SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush")));
+ ConsoleError.send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_THREAD_INTERRUPT", "flush")));
}
}
@@ -942,10 +936,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
}
/**
- * Synchronized method to write a string to the log file. All I18N
- * should take place before this call.
- *
- * @param entry The log entry string
+ * Synchronized method to write a string to the log file. All I18N should
+ * take place before this call.
+ *
+ * @param entry The log entry string
*/
protected synchronized void log(String entry) throws ELogException {
doLog(entry, false);
@@ -957,93 +951,99 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
private static final byte LINE_SEP_BYTE = 0x0a;
/**
- * This method actually does the logging, and is not overridden
- * by subclasses, so you can call it and know that it will do exactly
- * what you see below.
+ * This method actually does the logging, and is not overridden by
+ * subclasses, so you can call it and know that it will do exactly what you
+ * see below.
*/
private synchronized void doLog(String entry, boolean noFlush)
throws ELogException {
if (mLogWriter == null) {
String[] params = { mFileName, entry };
- throw new ELogException(CMS.getUserMessage("CMS_LOG_LOGFILE_CLOSED", params));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_LOG_LOGFILE_CLOSED", params));
} else {
try {
- mLogWriter.write(entry, 0/*offset*/, entry.length());
+ mLogWriter.write(entry, 0/* offset */, entry.length());
- if (mLogSigning==true) {
- if(mSignature != null) {
+ if (mLogSigning == true) {
+ if (mSignature != null) {
// include newline for calculating MAC
mSignature.update(entry.getBytes("UTF-8"));
} else {
CMS.debug("LogFile: mSignature is not yet ready... null in log()");
}
}
- if (mTrace) {
- CharArrayWriter cw = new CharArrayWriter(200);
+ if (mTrace) {
+ CharArrayWriter cw = new CharArrayWriter(200);
PrintWriter pw = new PrintWriter(cw);
Exception e = new Exception();
- e.printStackTrace(pw);
- char[] c = cw.toCharArray();
- cw.close();
+ e.printStackTrace(pw);
+ char[] c = cw.toCharArray();
+ cw.close();
pw.close();
- CharArrayReader cr = new CharArrayReader(c);
+ CharArrayReader cr = new CharArrayReader(c);
LineNumberReader lr = new LineNumberReader(cr);
- String text = null;
- String method = null;
+ String text = null;
+ String method = null;
String fileAndLine = null;
- if (lr.ready()) {
- text = lr.readLine();
- do {
- text = lr.readLine();
+ if (lr.ready()) {
+ text = lr.readLine();
+ do {
+ text = lr.readLine();
} while (text.indexOf("logging") != -1);
- int p = text.indexOf("(");
+ int p = text.indexOf("(");
fileAndLine = text.substring(p);
- String classandmethod = text.substring(0, p);
- int q = classandmethod.lastIndexOf(".");
- method = classandmethod.substring(q + 1);
- mLogWriter.write(fileAndLine, 0/*offset*/, fileAndLine.length());
- mLogWriter.write(" ", 0/*offset*/, " ".length());
- mLogWriter.write(method, 0/*offset*/, method.length());
+ String classandmethod = text.substring(0, p);
+ int q = classandmethod.lastIndexOf(".");
+ method = classandmethod.substring(q + 1);
+ mLogWriter.write(fileAndLine, 0/* offset */,
+ fileAndLine.length());
+ mLogWriter.write(" ", 0/* offset */, " ".length());
+ mLogWriter
+ .write(method, 0/* offset */, method.length());
}
}
mLogWriter.newLine();
- if (mLogSigning==true){
- if(mSignature != null) {
+ if (mLogSigning == true) {
+ if (mSignature != null) {
mSignature.update(LINE_SEP_BYTE);
} else {
CMS.debug("LogFile: mSignature is null in log() 2");
}
}
} catch (IOException e) {
- ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_WRITE_FAILED", mFileName, entry, e.toString())));
+ ConsoleError
+ .send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_WRITE_FAILED", mFileName, entry,
+ e.toString())));
if (mLogSigning) {
// Failed to write to audit log, shut down CMS
e.printStackTrace();
shutdownCMS();
}
} catch (IllegalStateException e) {
- CMS.debug("LogFile: exception thrown in log(): "+e.toString());
- ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION,e.toString())));
- } catch( GeneralSecurityException gse ) {
+ CMS.debug("LogFile: exception thrown in log(): " + e.toString());
+ ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(
+ LOG_SIGNED_AUDIT_EXCEPTION, e.toString())));
+ } catch (GeneralSecurityException gse) {
// DJN: handle error
CMS.debug("LogFile: exception thrown in log(): "
- + gse.toString());
+ + gse.toString());
gse.printStackTrace();
ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(
- LOG_SIGNED_AUDIT_EXCEPTION,gse.toString())));
+ LOG_SIGNED_AUDIT_EXCEPTION, gse.toString())));
}
-
// XXX
// Although length will be in Unicode dual-bytes, the PrintWriter
- // will only print out 1 byte per character. I suppose this could
+ // will only print out 1 byte per character. I suppose this could
// be dependent on the encoding of your log file, but it ain't that
- // smart yet. Also, add one for the newline. (hmm, on NT, CR+LF)
+ // smart yet. Also, add one for the newline. (hmm, on NT, CR+LF)
int nBytes = entry.length() + 1;
mBytesWritten += nBytes;
@@ -1057,20 +1057,22 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Write an event to the log file
- *
- * @param ev The event to be logged.
+ *
+ * @param ev The event to be logged.
*/
public void log(ILogEvent ev) throws ELogException {
if (ev instanceof AuditEvent) {
- if (!mType.equals("transaction") || (!mOn) || mLevel > ev.getLevel()) {
+ if (!mType.equals("transaction") || (!mOn)
+ || mLevel > ev.getLevel()) {
return;
}
} else if (ev instanceof SystemEvent) {
if (!mType.equals("system") || (!mOn) || mLevel > ev.getLevel()) {
return;
}
- } else if (ev instanceof SignedAuditEvent) {
- if (!mType.equals("signedAudit") || (!mOn) || mLevel > ev.getLevel()) {
+ } else if (ev instanceof SignedAuditEvent) {
+ if (!mType.equals("signedAudit") || (!mOn)
+ || mLevel > ev.getLevel()) {
return;
}
}
@@ -1082,7 +1084,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
String type = ev.getEventType();
if (type != null) {
if (!mSelectedEvents.contains(type)) {
- CMS.debug("LogFile: event type not selected: "+type);
+ CMS.debug("LogFile: event type not selected: " + type);
return;
}
}
@@ -1105,14 +1107,15 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
// some work.
if (ev.getMultiline() == ILogger.L_MULTILINE) {
entry = mPid + "." + Thread.currentThread().getName() + " - ["
- + mLogDateFormat.format(mDate) + "] [" +
- Integer.toString(ev.getSource()) + "] [" + Integer.toString(ev.getLevel())
- + "] " + prepareMultiline(ev.toString());
+ + mLogDateFormat.format(mDate) + "] ["
+ + Integer.toString(ev.getSource()) + "] ["
+ + Integer.toString(ev.getLevel()) + "] "
+ + prepareMultiline(ev.toString());
} else {
entry = mPid + "." + Thread.currentThread().getName() + " - ["
- + mLogDateFormat.format(mDate) + "] [" +
- Integer.toString(ev.getSource()) + "] [" + Integer.toString(ev.getLevel())
- + "] " + ev.toString();
+ + mLogDateFormat.format(mDate) + "] ["
+ + Integer.toString(ev.getSource()) + "] ["
+ + Integer.toString(ev.getLevel()) + "] " + ev.toString();
}
return entry;
@@ -1120,30 +1123,31 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* change multi-line log entry by replace "\n" with "\n "
- *
- * @param original The original multi-line log entry.
+ *
+ * @param original The original multi-line log entry.
*/
private String prepareMultiline(String original) {
int i, last = 0;
- //NT: \r\n, unix: \n
+ // NT: \r\n, unix: \n
while ((i = original.indexOf("\n", last)) != -1) {
last = i + 1;
- original = original.substring(0, i + 1) + " " + original.substring(i + 1);
+ original = original.substring(0, i + 1) + " "
+ + original.substring(i + 1);
}
return original;
}
/**
- * Read all entries whose logLevel>=lowLevel && log source = source
- * to at most maxLine entries(from end)
- * If the parameter is -1, it's ignored and return all entries
- *
+ * Read all entries whose logLevel>=lowLevel && log source = source to at
+ * most maxLine entries(from end) If the parameter is -1, it's ignored and
+ * return all entries
+ *
* @param maxLine The maximum lines to be returned
* @param lowLevel The lowest log level to be returned
* @param source The particular log source to be returned
* @param fName The log file name to be read. If it's null, read the current
- * log file
+ * log file
*/
public Vector readEntry(int maxLine, int lowLevel, int source, String fName) {
Vector mEntries = new Vector();
@@ -1152,33 +1156,35 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
int lineNo = 0; // lineNo of the current entry in the log file
int line = 0; // line of readed valid entries
String firstLine = null; // line buffer
- String nextLine = null;
+ String nextLine = null;
String entry = null;
LogEntry logEntry = null;
/*
- this variable is added to accormodate misplaced multiline entries
- write out buffered log entry when next entry is parsed successfully
- this implementation is assuming parsing is more time consuming than
- condition check
+ * this variable is added to accormodate misplaced multiline entries
+ * write out buffered log entry when next entry is parsed successfully
+ * this implementation is assuming parsing is more time consuming than
+ * condition check
*/
- LogEntry preLogEntry = null;
+ LogEntry preLogEntry = null;
if (fName != null) {
fileName = fName;
}
try {
- //XXX think about this
+ // XXX think about this
fBuffer = new BufferedReader(new FileReader(fileName));
do {
try {
nextLine = fBuffer.readLine();
if (nextLine != null) {
- if ((nextLine.length() == 0) || (nextLine.charAt(0) == ' ')) {
+ if ((nextLine.length() == 0)
+ || (nextLine.charAt(0) == ' ')) {
// It's a continuous line
entry = null;
if (nextLine.length() > 1)
- firstLine = firstLine + "\n" + nextLine.substring(1);
+ firstLine = firstLine + "\n"
+ + nextLine.substring(1);
else
firstLine = firstLine + "\n";
@@ -1193,10 +1199,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
logEntry = new LogEntry(entry);
// if parse succeed, write out previous entry
if (preLogEntry != null) {
- if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) &&
- ((Integer.parseInt(preLogEntry.getSource()) == source) ||
- (source == ILogger.S_ALL)
- )) {
+ if ((Integer.parseInt(preLogEntry
+ .getLevel()) >= lowLevel)
+ && ((Integer.parseInt(preLogEntry
+ .getSource()) == source) || (source == ILogger.S_ALL))) {
mEntries.addElement(preLogEntry);
if (maxLine == -1) {
line++;
@@ -1222,14 +1228,15 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
lineNo++;
} catch (IOException e) {
- CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("LOGGING_READ_ERROR", fileName,
- Integer.toString(lineNo)));
+ CMS.getLogger().log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("LOGGING_READ_ERROR", fileName,
+ Integer.toString(lineNo)));
}
- }
- while (nextLine != null);
+ } while (nextLine != null);
// need to process the last 2 entries of the file
if (firstLine != null) {
@@ -1240,17 +1247,16 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
try {
logEntry = new LogEntry(entry);
- /* System.out.println(
- Integer.toString(Integer.parseInt(logEntry.getLevel()))
- +","+Integer.toString(lowLevel)+","+
- Integer.toString(Integer.parseInt(logEntry.getSource()))
- +","+Integer.toString(source) );
+ /*
+ * System.out.println(
+ * Integer.toString(Integer.parseInt(logEntry.getLevel()))
+ * +","+Integer.toString(lowLevel)+","+
+ * Integer.toString(Integer.parseInt(logEntry.getSource()))
+ * +","+Integer.toString(source) );
*/
if (preLogEntry != null) {
- if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) &&
- ((Integer.parseInt(preLogEntry.getSource()) == source) ||
- (source == ILogger.S_ALL)
- )) {
+ if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel)
+ && ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL))) {
mEntries.addElement(preLogEntry);
if (maxLine == -1) {
line++;
@@ -1268,11 +1274,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
if (preLogEntry != null) {
if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel)
- &&
- ((Integer.parseInt(preLogEntry.getSource()) == source)
- ||
- (source == ILogger.S_ALL)
- )) {
+ && ((Integer.parseInt(preLogEntry.getSource()) == source) || (source == ILogger.S_ALL))) {
// parse the entry, pass to UI
mEntries.addElement(preLogEntry);
if (maxLine == -1) {
@@ -1291,15 +1293,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
fBuffer.close();
} catch (IOException e) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE, "logging:" + fileName +
- " failed to close for reading");
+ ILogger.LL_FAILURE,
+ "logging:" + fileName + " failed to close for reading");
}
} catch (FileNotFoundException e) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("LOGGING_FILE_NOT_FOUND",
- fileName));
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("LOGGING_FILE_NOT_FOUND", fileName));
}
return mEntries;
}
@@ -1307,7 +1308,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Retrieves the configuration store of this subsystem.
* <P>
- *
+ *
* @return configuration store
*/
public IConfigStore getConfigStore() {
@@ -1315,27 +1316,27 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
}
/**
- * Retrieve last "maxLine" number of system log with log lever >"level"
- * and from source "source". If the parameter is omitted. All entries
- * are sent back.
+ * Retrieve last "maxLine" number of system log with log lever >"level" and
+ * from source "source". If the parameter is omitted. All entries are sent
+ * back.
*/
- public synchronized NameValuePairs retrieveLogContent(Hashtable req) throws ServletException,
- IOException, EBaseException {
+ public synchronized NameValuePairs retrieveLogContent(Hashtable req)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String tmp, fName = null;
int maxLine = -1, level = -1, source = -1;
Vector entries = null;
- if ((tmp = (String)req.get(Constants.PR_LOG_ENTRY)) != null) {
+ if ((tmp = (String) req.get(Constants.PR_LOG_ENTRY)) != null) {
maxLine = Integer.parseInt(tmp);
}
- if ((tmp = (String)req.get(Constants.PR_LOG_LEVEL)) != null) {
+ if ((tmp = (String) req.get(Constants.PR_LOG_LEVEL)) != null) {
level = Integer.parseInt(tmp);
}
- if ((tmp = (String)req.get(Constants.PR_LOG_SOURCE)) != null) {
+ if ((tmp = (String) req.get(Constants.PR_LOG_SOURCE)) != null) {
source = Integer.parseInt(tmp);
}
- tmp = (String)req.get(Constants.PR_LOG_NAME);
+ tmp = (String) req.get(Constants.PR_LOG_NAME);
if (!(tmp.equals(Constants.PR_CURRENT_LOG))) {
fName = tmp;
} else {
@@ -1345,13 +1346,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
try {
entries = readEntry(maxLine, level, source, fName);
for (int i = 0; i < entries.size(); i++) {
- params.add(Integer.toString(i) +
- ((LogEntry) entries.elementAt(i)).getEntry(), "");
+ params.add(
+ Integer.toString(i)
+ + ((LogEntry) entries.elementAt(i)).getEntry(),
+ "");
}
} catch (Exception e) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_WARN,
- "System log parse error");
+ ILogger.LL_WARN, "System log parse error");
}
return params;
}
@@ -1359,8 +1361,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Retrieve log file list.
*/
- public synchronized NameValuePairs retrieveLogList(Hashtable req) throws ServletException,
- IOException, EBaseException {
+ public synchronized NameValuePairs retrieveLogList(Hashtable req)
+ throws ServletException, IOException, EBaseException {
return null;
}
@@ -1385,11 +1387,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
// needs to find a way to determine what type you want. if this
// is not for the signed audit type, then we should not show the
// following parameters.
- //if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
- v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "=" );
- v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" );
- v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" );
- //}
+ // if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
+ v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "=");
+ v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
+ v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=");
+ // }
return v;
}
@@ -1401,11 +1403,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
if (mType == null) {
v.addElement(PROP_TYPE + "=");
- }else {
- v.addElement(PROP_TYPE + "=" +
- mConfig.getString(PROP_TYPE));
+ } else {
+ v.addElement(PROP_TYPE + "=" + mConfig.getString(PROP_TYPE));
}
- v.addElement(PROP_ON + "=" + String.valueOf( mOn ) );
+ v.addElement(PROP_ON + "=" + String.valueOf(mOn));
if (mLevel == 0)
v.addElement(PROP_LEVEL + "=" + ILogger.LL_DEBUG_STRING);
else if (mLevel == 1)
@@ -1423,29 +1424,28 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
if (mFileName == null) {
v.addElement(PROP_FILE_NAME + "=");
- }else {
- v.addElement(PROP_FILE_NAME + "=" +
- mFileName);
+ } else {
+ v.addElement(PROP_FILE_NAME + "=" + mFileName);
}
v.addElement(PROP_BUFFER_SIZE + "=" + mBufferSize);
v.addElement(PROP_FLUSH_INTERVAL + "=" + mFlushInterval / 1000);
- if( (mType != null) && mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
- v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "="
- + String.valueOf( mLogSigning ) );
+ if ((mType != null) && mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
+ v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "="
+ + String.valueOf(mLogSigning));
- if( mSAuditCertNickName == null ) {
- v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" );
+ if (mSAuditCertNickName == null) {
+ v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
} else {
- v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "="
- + mSAuditCertNickName );
+ v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "="
+ + mSAuditCertNickName);
}
- if( mSelectedEventsList == null ) {
- v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" );
+ if (mSelectedEventsList == null) {
+ v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=");
} else {
- v.addElement( PROP_SIGNED_AUDIT_EVENTS + "="
- + mSelectedEventsList );
+ v.addElement(PROP_SIGNED_AUDIT_EVENTS + "="
+ + mSelectedEventsList);
}
}
} catch (Exception e) {
@@ -1454,54 +1454,78 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
}
public String[] getExtendedPluginInfo(Locale locale) {
- if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
+ if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
String[] params = {
- PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
- PROP_ON + ";boolean;Turn on the listener",
- PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
- ILogger.LL_INFO_STRING + "," +
- ILogger.LL_WARN_STRING + "," +
- ILogger.LL_FAILURE_STRING + "," +
- ILogger.LL_MISCONF_STRING + "," +
- ILogger.LL_CATASTRPHE_STRING + "," +
- ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
- PROP_FILE_NAME + ";string;The name of the file the log is written to",
- PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
- PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-logrules-logfile",
- IExtendedPluginInfo.HELP_TEXT +
- ";Write the log messages to a file",
- PROP_SIGNED_AUDIT_LOG_SIGNING +
- ";boolean;Enable audit logs to be signed",
- PROP_SIGNED_AUDIT_CERT_NICKNAME +
- ";string;The nickname of the certificate to be used to sign audit logs",
- PROP_SIGNED_AUDIT_EVENTS +
- ";string;A comma-separated list of strings used to specify particular signed audit log events",
- };
+ PROP_TYPE
+ + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
+ PROP_ON + ";boolean;Turn on the listener",
+ PROP_LEVEL
+ + ";choice("
+ + ILogger.LL_DEBUG_STRING
+ + ","
+ + ILogger.LL_INFO_STRING
+ + ","
+ + ILogger.LL_WARN_STRING
+ + ","
+ + ILogger.LL_FAILURE_STRING
+ + ","
+ + ILogger.LL_MISCONF_STRING
+ + ","
+ + ILogger.LL_CATASTRPHE_STRING
+ + ","
+ + ILogger.LL_SECURITY_STRING
+ + ");Only log message with level higher than this filter will be written by this listener",
+ PROP_FILE_NAME
+ + ";string;The name of the file the log is written to",
+ PROP_BUFFER_SIZE
+ + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
+ PROP_FLUSH_INTERVAL
+ + ";integer;The maximum time in seconds before the buffer is flushed to the file",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-logrules-logfile",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Write the log messages to a file",
+ PROP_SIGNED_AUDIT_LOG_SIGNING
+ + ";boolean;Enable audit logs to be signed",
+ PROP_SIGNED_AUDIT_CERT_NICKNAME
+ + ";string;The nickname of the certificate to be used to sign audit logs",
+ PROP_SIGNED_AUDIT_EVENTS
+ + ";string;A comma-separated list of strings used to specify particular signed audit log events", };
return params;
} else {
- // mType.equals( ILogger.PROP_AUDIT ) ||
+ // mType.equals( ILogger.PROP_AUDIT ) ||
// mType.equals( ILogger.PROP_SYSTEM )
String[] params = {
- PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
- PROP_ON + ";boolean;Turn on the listener",
- PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
- ILogger.LL_INFO_STRING + "," +
- ILogger.LL_WARN_STRING + "," +
- ILogger.LL_FAILURE_STRING + "," +
- ILogger.LL_MISCONF_STRING + "," +
- ILogger.LL_CATASTRPHE_STRING + "," +
- ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
- PROP_FILE_NAME + ";string;The name of the file the log is written to",
- PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
- PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-logrules-logfile",
- IExtendedPluginInfo.HELP_TEXT +
- ";Write the log messages to a file"
- };
+ PROP_TYPE
+ + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
+ PROP_ON + ";boolean;Turn on the listener",
+ PROP_LEVEL
+ + ";choice("
+ + ILogger.LL_DEBUG_STRING
+ + ","
+ + ILogger.LL_INFO_STRING
+ + ","
+ + ILogger.LL_WARN_STRING
+ + ","
+ + ILogger.LL_FAILURE_STRING
+ + ","
+ + ILogger.LL_MISCONF_STRING
+ + ","
+ + ILogger.LL_CATASTRPHE_STRING
+ + ","
+ + ILogger.LL_SECURITY_STRING
+ + ");Only log message with level higher than this filter will be written by this listener",
+ PROP_FILE_NAME
+ + ";string;The name of the file the log is written to",
+ PROP_BUFFER_SIZE
+ + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
+ PROP_FLUSH_INTERVAL
+ + ";integer;The maximum time in seconds before the buffer is flushed to the file",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-logrules-logfile",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Write the log messages to a file" };
return params;
}
@@ -1509,27 +1533,22 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
/**
* Signed Audit Log
- *
- * This method is inherited by all classes that extend this "LogFile"
- * class, and is called to store messages to the signed audit log.
+ *
+ * This method is inherited by all classes that extend this "LogFile" class,
+ * and is called to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
- protected void audit( String msg )
- {
+ protected void audit(String msg) {
// in this case, do NOT strip preceding/trailing whitespace
// from passed-in String parameters
- if( mSignedAuditLogger == null ) {
+ if (mSignedAuditLogger == null) {
return;
}
- mSignedAuditLogger.log( ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg );
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
index 2f97dcaa..e51a117a 100644
--- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.logging;
-
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FilenameFilter;
@@ -41,12 +40,11 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.SystemEvent;
import com.netscape.cmsutil.util.Utils;
-
/**
* A rotating log file for Certificate log events. This class loosely follows
* the Netscape Common Log API implementing rollover interval, size and file
* naming conventions. It does not yet implement Disk Usage.
- *
+ *
* @version $Revision$, $Date$
*/
public class RollingLogFile extends LogFile {
@@ -104,8 +102,7 @@ public class RollingLogFile extends LogFile {
*/
private Object mExpLock = new Object();
- private final static String LOGGING_SIGNED_AUDIT_LOG_DELETE =
- "LOGGING_SIGNED_AUDIT_LOG_DELETE_3";
+ private final static String LOGGING_SIGNED_AUDIT_LOG_DELETE = "LOGGING_SIGNED_AUDIT_LOG_DELETE_3";
/**
* Construct a RollingLogFile
@@ -115,16 +112,15 @@ public class RollingLogFile extends LogFile {
/**
* Initialize and open a RollingLogFile using the prop config store
- *
+ *
* @param config The property config store to find values in
*/
- public void init(IConfigStore config) throws IOException,
- EBaseException {
+ public void init(IConfigStore config) throws IOException, EBaseException {
super.init(config);
rl_init(config.getInteger(PROP_MAX_FILE_SIZE, MAX_FILE_SIZE),
- config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL),
- config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME));
+ config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL),
+ config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME));
}
/**
@@ -132,7 +128,7 @@ public class RollingLogFile extends LogFile {
* attributes.
*/
protected void rl_init(int maxFileSize, String rolloverInterval,
- String expirationTime) {
+ String expirationTime) {
mMaxFileSize = maxFileSize * 1024;
setRolloverTime(rolloverInterval);
setExpirationTime(expirationTime);
@@ -153,9 +149,9 @@ public class RollingLogFile extends LogFile {
/**
* Set the rollover interval
- *
- * @param rolloverSeconds The amount of time in seconds until the log
- * is rotated. A value of 0 will disable log rollover.
+ *
+ * @param rolloverSeconds The amount of time in seconds until the log is
+ * rotated. A value of 0 will disable log rollover.
**/
public synchronized void setRolloverTime(String rolloverSeconds) {
mRolloverInterval = Long.valueOf(rolloverSeconds).longValue() * 1000;
@@ -171,8 +167,8 @@ public class RollingLogFile extends LogFile {
/**
* Get the rollover interval
- *
- * @return The interval in seconds in which the log is rotated
+ *
+ * @return The interval in seconds in which the log is rotated
**/
public synchronized int getRolloverTime() {
return (int) (mRolloverInterval / 1000);
@@ -180,9 +176,9 @@ public class RollingLogFile extends LogFile {
/**
* Set the file expiration time
- *
- * @param expirationSeconds The amount of time in seconds until log files
- * are deleted
+ *
+ * @param expirationSeconds The amount of time in seconds until log files
+ * are deleted
**/
public void setExpirationTime(String expirationSeconds) {
@@ -205,8 +201,8 @@ public class RollingLogFile extends LogFile {
/**
* Get the expiration time
- *
- * @return The age in seconds in which log files are delete
+ *
+ * @return The age in seconds in which log files are delete
**/
public int getExpirationTime() {
return (int) (mExpirationTime / 1000);
@@ -216,90 +212,86 @@ public class RollingLogFile extends LogFile {
* Rotate the log file to a backup file with a incrementing integer
* extension
**/
- public synchronized void rotate()
- throws IOException {
+ public synchronized void rotate() throws IOException {
- //File backupFile = new File(mFileName + "." + mFileNumber);
- File backupFile = new File(mFileName + "." + mLogFileDateFormat.format(mDate));
+ // File backupFile = new File(mFileName + "." + mFileNumber);
+ File backupFile = new File(mFileName + "."
+ + mLogFileDateFormat.format(mDate));
// close, backup, and reopen the log file zeroizing its contents
super.close();
try {
- if( Utils.isNT() ) {
+ if (Utils.isNT()) {
// NT is very picky on the path
- Utils.exec( "copy " +
- mFile.getCanonicalPath().replace( '/', '\\' ) +
- " " +
- backupFile.getCanonicalPath().replace( '/',
- '\\' ) );
+ Utils.exec("copy "
+ + mFile.getCanonicalPath().replace('/', '\\') + " "
+ + backupFile.getCanonicalPath().replace('/', '\\'));
} else {
// Create a copy of the original file which
// preserves the original file permissions.
- Utils.exec( "cp -p " + mFile.getCanonicalPath() + " " +
- backupFile.getCanonicalPath() );
+ Utils.exec("cp -p " + mFile.getCanonicalPath() + " "
+ + backupFile.getCanonicalPath());
}
// Zeroize the original file if and only if
// the backup copy was successful.
- if( backupFile.exists() ) {
+ if (backupFile.exists()) {
// Make certain that the backup file has
// the correct permissions.
- if( !Utils.isNT() ) {
- Utils.exec( "chmod 00640 " + backupFile.getCanonicalPath() );
+ if (!Utils.isNT()) {
+ Utils.exec("chmod 00640 " + backupFile.getCanonicalPath());
}
try {
// Open and close the original file
// to zeroize its contents.
- PrintWriter pw = new PrintWriter( mFile );
+ PrintWriter pw = new PrintWriter(mFile);
pw.close();
// Make certain that the original file retains
// the correct permissions.
- if( !Utils.isNT() ) {
- Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() );
+ if (!Utils.isNT()) {
+ Utils.exec("chmod 00640 " + mFile.getCanonicalPath());
}
- } catch ( FileNotFoundException e ) {
- CMS.debug( "Unable to zeroize "
- + mFile.toString() );
+ } catch (FileNotFoundException e) {
+ CMS.debug("Unable to zeroize " + mFile.toString());
}
} else {
- CMS.debug( "Unable to backup "
- + mFile.toString() + " to "
- + backupFile.toString() );
+ CMS.debug("Unable to backup " + mFile.toString() + " to "
+ + backupFile.toString());
}
- } catch( Exception e ) {
- CMS.debug( "Unable to backup "
- + mFile.toString() + " to "
- + backupFile.toString() );
+ } catch (Exception e) {
+ CMS.debug("Unable to backup " + mFile.toString() + " to "
+ + backupFile.toString());
}
super.open(); // will reset mBytesWritten
mFileNumber++;
}
/**
- * Remove any log files which have not been modified in the specified
- * time
+ * Remove any log files which have not been modified in the specified time
* <P>
- *
- * NOTE: automatic removal of log files is currently NOT supported!
+ *
+ * NOTE: automatic removal of log files is currently NOT supported!
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log
* expires (authorization should not allow, but in case authorization gets
* compromised make sure it is written AFTER the log expiration happens)
* </ul>
+ *
* @param expirationSeconds The number of seconds since the expired files
- * have been modified.
+ * have been modified.
* @return the time in milliseconds when the next file expires
**/
public long expire(long expirationSeconds) throws ELogException {
String auditMessage = null;
if (expirationSeconds <= 0)
- throw new ELogException(CMS.getUserMessage("CMS_LOG_EXPIRATION_TIME_ZERO"));
+ throw new ELogException(
+ CMS.getUserMessage("CMS_LOG_EXPIRATION_TIME_ZERO"));
long expirationTime = expirationSeconds * 1000;
long currentTime = System.currentTimeMillis();
@@ -312,27 +304,27 @@ public class RollingLogFile extends LogFile {
File dir = new File(dirName);
// Get just the base name, minus the .date extension
- //int len = mFile.getName().length() - LogFile.DATE_PATTERN.length() - 1;
- //String baseName = mFile.getName().substring(0, len);
+ // int len = mFile.getName().length() - LogFile.DATE_PATTERN.length() -
+ // 1;
+ // String baseName = mFile.getName().substring(0, len);
String fileName = mFile.getName();
String baseName = null, pathName = null;
int index = fileName.lastIndexOf("/");
- if (index != -1) { // "/" exist in fileName
+ if (index != -1) { // "/" exist in fileName
pathName = fileName.substring(0, index);
baseName = fileName.substring(index + 1);
dirName = dirName.concat("/" + pathName);
- }else { // "/" NOT exist in fileName
+ } else { // "/" NOT exist in fileName
baseName = fileName;
}
fileFilter ff = new fileFilter(baseName + ".");
String[] filelist = dir.list(ff);
- if (filelist == null) { // Crap! Something is wrong.
- throw new
- ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED",
- dirName, ff.toString()));
+ if (filelist == null) { // Crap! Something is wrong.
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_LOG_DIRECTORY_LIST_FAILED", dirName, ff.toString()));
}
// Walk through the list of files which match this log file name
@@ -340,33 +332,29 @@ public class RollingLogFile extends LogFile {
for (int i = 0; i < filelist.length; i++) {
if (pathName != null) {
filelist[i] = pathName + "/" + filelist[i];
- }else {
+ } else {
filelist[i] = dirName + "/" + filelist[i];
}
-
+
String fullname = dirName + File.separatorChar + filelist[i];
File file = new File(fullname);
long fileTime = file.lastModified();
// Java documentation on File says lastModified() should not
- // be interpeted. The doc is wrong. See JavaSoft bug #4094538
+ // be interpeted. The doc is wrong. See JavaSoft bug #4094538
if ((currentTime - fileTime) > expirationTime) {
file.delete();
if (file.exists()) {
// log failure in deleting an expired signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_DELETE,
- ILogger.SYSTEM_UID,
- ILogger.FAILURE,
- fullname);
+ LOGGING_SIGNED_AUDIT_LOG_DELETE,
+ ILogger.SYSTEM_UID, ILogger.FAILURE, fullname);
} else {
// log success in deleting an expired signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_DELETE,
- ILogger.SYSTEM_UID,
- ILogger.SUCCESS,
- fullname);
+ LOGGING_SIGNED_AUDIT_LOG_DELETE,
+ ILogger.SYSTEM_UID, ILogger.SUCCESS, fullname);
}
audit(auditMessage);
@@ -382,7 +370,7 @@ public class RollingLogFile extends LogFile {
//
// At first glance you may think it's a waste of thread resources to have
// two threads for every log file, but the truth is that these threads are
- // sleeping 99% of the time. NxN thread implementations (Solaris, NT,
+ // sleeping 99% of the time. NxN thread implementations (Solaris, NT,
// IRIX 6.4, Unixware, etc...) will handle these in user space.
//
// You may be able to join these into one thread, and deal with
@@ -392,8 +380,8 @@ public class RollingLogFile extends LogFile {
//
/**
- * Log rotation thread. Sleep for the rollover interval and rotate the
- * log. Changing rollover interval to 0 will cause this thread to exit.
+ * Log rotation thread. Sleep for the rollover interval and rotate the log.
+ * Changing rollover interval to 0 will cause this thread to exit.
*/
final class RolloverThread extends Thread {
@@ -413,8 +401,10 @@ public class RollingLogFile extends LogFile {
RollingLogFile.this.wait(mRolloverInterval);
} catch (InterruptedException e) {
// This shouldn't happen very often
- CMS.getLogger().getLogQueue().log(new
- SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover")));
+ CMS.getLogger()
+ .getLogQueue()
+ .log(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_THREAD_INTERRUPT", "rollover")));
}
}
@@ -426,24 +416,24 @@ public class RollingLogFile extends LogFile {
try {
rotate();
} catch (IOException e) {
- ConsoleError.send(new
- SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString())));
+ ConsoleError.send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(),
+ e.toString())));
break;
}
}
// else
- // Don't rotate empty logs
- // flag in log summary file?
+ // Don't rotate empty logs
+ // flag in log summary file?
}
mRolloverThread = null;
}
}
-
/**
- * Log expiration thread. Sleep for the expiration interval and
- * delete any files which are too old.
- * Changing expiration interval to 0 will cause this thread to exit.
+ * Log expiration thread. Sleep for the expiration interval and delete any
+ * files which are too old. Changing expiration interval to 0 will cause
+ * this thread to exit.
*/
final class ExpirationThread extends Thread {
@@ -452,7 +442,8 @@ public class RollingLogFile extends LogFile {
*/
public ExpirationThread() {
super();
- super.setName(mFileName + ".expiration-" + (Thread.activeCount() + 1));
+ super.setName(mFileName + ".expiration-"
+ + (Thread.activeCount() + 1));
}
public void run() {
@@ -466,19 +457,19 @@ public class RollingLogFile extends LogFile {
try {
wakeupTime = expire((long) (mExpirationTime / 1000));
} catch (SecurityException e) {
- ConsoleError.send(new
- SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
+ ConsoleError.send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
break;
} catch (ELogException e) {
- ConsoleError.send(new
- SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
+ ConsoleError.send(new SystemEvent(CMS.getUserMessage(
+ "CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
break;
}
sleepTime = wakeupTime - System.currentTimeMillis();
- //System.out.println("wakeup " + wakeupTime);
- //System.out.println("current "+System.currentTimeMillis());
- //System.out.println("sleep " + sleepTime);
+ // System.out.println("wakeup " + wakeupTime);
+ // System.out.println("current "+System.currentTimeMillis());
+ // System.out.println("sleep " + sleepTime);
// Sleep for the interval and then check the directory
// Note: mExpirationTime can only change while we're
// sleeping
@@ -487,8 +478,9 @@ public class RollingLogFile extends LogFile {
mExpLock.wait(sleepTime);
} catch (InterruptedException e) {
// This shouldn't happen very often
- ConsoleError.send(new
- SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration")));
+ ConsoleError.send(new SystemEvent(CMS
+ .getUserMessage("CMS_LOG_THREAD_INTERRUPT",
+ "expiration")));
}
}
}
@@ -499,11 +491,11 @@ public class RollingLogFile extends LogFile {
/**
* Write an event to the log file
- *
- * @param ev The event to be logged.
+ *
+ * @param ev The event to be logged.
**/
public synchronized void log(ILogEvent ev) throws ELogException {
- //xxx, Shall we log first without checking if it exceed the maximum?
+ // xxx, Shall we log first without checking if it exceed the maximum?
super.log(ev); // Will increment mBytesWritten
if ((0 != mMaxFileSize) && (mBytesWritten > mMaxFileSize)) {
@@ -511,7 +503,9 @@ public class RollingLogFile extends LogFile {
try {
rotate();
} catch (IOException e) {
- throw new ELogException(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString()));
+ throw new ELogException(CMS.getUserMessage(
+ "CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(),
+ e.toString()));
}
}
}
@@ -519,9 +513,8 @@ public class RollingLogFile extends LogFile {
/**
* Retrieve log file list.
*/
- public synchronized NameValuePairs retrieveLogList(Hashtable req
- ) throws ServletException,
- IOException, EBaseException {
+ public synchronized NameValuePairs retrieveLogList(Hashtable req)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String[] files = null;
@@ -534,7 +527,7 @@ public class RollingLogFile extends LogFile {
/**
* Get the log file list in the log directory
- *
+ *
* @return an array of filenames with related path to cert server root
*/
protected String[] fileList() {
@@ -544,7 +537,7 @@ public class RollingLogFile extends LogFile {
String fileName = mFile.getName();
int index = fileName.lastIndexOf("/");
- if (index != -1) { // "/" exist in fileName
+ if (index != -1) { // "/" exist in fileName
pathName = fileName.substring(0, index);
baseName = fileName.substring(index + 1);
if (dirName == null) {
@@ -552,24 +545,25 @@ public class RollingLogFile extends LogFile {
} else {
dirName = dirName.concat("/" + pathName);
}
- }else { // "/" NOT exist in fileName
+ } else { // "/" NOT exist in fileName
baseName = fileName;
}
-
+
File dir = new File(dirName);
fileFilter ff = new fileFilter(baseName + ".");
- //There are some difference here. both should work
- //error,logs,logs/error jdk115
- //logs/system,., logs/system jdk116
- //System.out.println(mFile.getName()+","+dirName+","+mFile.getPath()); //log/system,.
-
+ // There are some difference here. both should work
+ // error,logs,logs/error jdk115
+ // logs/system,., logs/system jdk116
+ // System.out.println(mFile.getName()+","+dirName+","+mFile.getPath());
+ // //log/system,.
+
String[] filelist = dir.list(ff);
for (int i = 0; i < filelist.length; i++) {
if (pathName != null) {
filelist[i] = pathName + "/" + filelist[i];
- }else {
+ } else {
filelist[i] = dirName + "/" + filelist[i];
}
}
@@ -589,7 +583,7 @@ public class RollingLogFile extends LogFile {
v.addElement(PROP_MAX_FILE_SIZE + "=");
v.addElement(PROP_ROLLOVER_INTERVAL + "=");
- //v.addElement(PROP_EXPIRATION_TIME + "=");
+ // v.addElement(PROP_EXPIRATION_TIME + "=");
return v;
}
@@ -609,7 +603,8 @@ public class RollingLogFile extends LogFile {
else if (mRolloverInterval / 1000 <= 60 * 60 * 24 * 366)
v.addElement(PROP_ROLLOVER_INTERVAL + "=" + "Yearly");
- //v.addElement(PROP_EXPIRATION_TIME + "=" + mExpirationTime / 1000);
+ // v.addElement(PROP_EXPIRATION_TIME + "=" + mExpirationTime /
+ // 1000);
} catch (Exception e) {
}
return v;
@@ -620,17 +615,21 @@ public class RollingLogFile extends LogFile {
Vector info = new Vector();
for (int i = 0; i < p.length; i++) {
- if (!p[i].startsWith(IExtendedPluginInfo.HELP_TOKEN) && !p[i].startsWith(IExtendedPluginInfo.HELP_TEXT))
+ if (!p[i].startsWith(IExtendedPluginInfo.HELP_TOKEN)
+ && !p[i].startsWith(IExtendedPluginInfo.HELP_TEXT))
info.addElement(p[i]);
}
- info.addElement(PROP_MAX_FILE_SIZE + ";integer;If the current log file size if bigger than this parameter in kilobytes(KB), the file will be rotated.");
- info.addElement(PROP_ROLLOVER_INTERVAL + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated.");
- info.addElement(PROP_EXPIRATION_TIME + ";integer;The amount of time before a backed up log is removed in seconds");
+ info.addElement(PROP_MAX_FILE_SIZE
+ + ";integer;If the current log file size if bigger than this parameter in kilobytes(KB), the file will be rotated.");
+ info.addElement(PROP_ROLLOVER_INTERVAL
+ + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated.");
+ info.addElement(PROP_EXPIRATION_TIME
+ + ";integer;The amount of time before a backed up log is removed in seconds");
info.addElement(IExtendedPluginInfo.HELP_TOKEN +
- //";configuration-logrules-rollinglogfile");
- ";configuration-adminbasics");
- info.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Write the log messages to a file which will be rotated automatically.");
+ // ";configuration-logrules-rollinglogfile");
+ ";configuration-adminbasics");
+ info.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Write the log messages to a file which will be rotated automatically.");
String[] params = new String[info.size()];
info.copyInto(params);
@@ -639,14 +638,13 @@ public class RollingLogFile extends LogFile {
}
}
-
/**
* A file filter to select the file with a given prefix
*/
class fileFilter implements FilenameFilter {
String patternToMatch = null;
- public fileFilter (String pattern) {
+ public fileFilter(String pattern) {
patternToMatch = pattern;
}
diff --git a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java
index 1e409af8..21401eef 100644
--- a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java
+++ b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.notification;
-
import java.io.IOException;
import java.io.PrintStream;
import java.util.Vector;
@@ -30,13 +29,11 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.notification.ENotificationException;
import com.netscape.certsrv.notification.IMailNotification;
-
/**
- * This class handles mail notification via SMTP.
- * This class uses <b>smtp.host</b> in the configuration for smtp
- * host. The port default (25) is used. If no smtp specified, local
- * host is used
- *
+ * This class handles mail notification via SMTP. This class uses
+ * <b>smtp.host</b> in the configuration for smtp host. The port default (25) is
+ * used. If no smtp specified, local host is used
+ *
* @version $Revision$, $Date$
*/
public class MailNotification implements IMailNotification {
@@ -55,11 +52,9 @@ public class MailNotification implements IMailNotification {
public MailNotification() {
if (mHost == null) {
try {
- IConfigStore mConfig =
- CMS.getConfigStore();
+ IConfigStore mConfig = CMS.getConfigStore();
- IConfigStore c =
- mConfig.getSubStore(PROP_SMTP_SUBSTORE);
+ IConfigStore c = mConfig.getSubStore(PROP_SMTP_SUBSTORE);
if (c == null) {
return;
@@ -67,10 +62,10 @@ public class MailNotification implements IMailNotification {
mHost = c.getString(PROP_HOST);
// log it
- // if (mHost !=null) {
- // String msg =" using external SMTP host: "+mHost;
- // CMS.debug("MailNotification: " + msg);
- //}
+ // if (mHost !=null) {
+ // String msg =" using external SMTP host: "+mHost;
+ // CMS.debug("MailNotification: " + msg);
+ // }
} catch (Exception e) {
// don't care
}
@@ -94,7 +89,7 @@ public class MailNotification implements IMailNotification {
if ((mFrom != null) && (!mFrom.equals("")))
sc.from(mFrom);
else {
- throw new ENotificationException (
+ throw new ENotificationException(
CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_SENDER"));
}
@@ -103,7 +98,7 @@ public class MailNotification implements IMailNotification {
log(ILogger.LL_INFO, "mail to be sent to " + mTo);
sc.to(mTo);
} else {
- throw new ENotificationException (
+ throw new ENotificationException(
CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_RECEIVER"));
}
@@ -128,14 +123,16 @@ public class MailNotification implements IMailNotification {
try {
sc.closeServer();
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
- throw new ENotificationException (
- CMS.getUserMessage("CMS_NOTIFICATION_SMTP_SEND_FAILED", mTo));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ throw new ENotificationException(CMS.getUserMessage(
+ "CMS_NOTIFICATION_SMTP_SEND_FAILED", mTo));
}
}
/**
* sets the "From" field
+ *
* @param from email address of the sender
*/
public void setFrom(String from) {
@@ -144,6 +141,7 @@ public class MailNotification implements IMailNotification {
/**
* sets the "Subject" field
+ *
* @param subject subject of the email
*/
public void setSubject(String subject) {
@@ -152,6 +150,7 @@ public class MailNotification implements IMailNotification {
/**
* sets the "Content-Type" field
+ *
* @param contentType content type of the email
*/
public void setContentType(String contentType) {
@@ -160,6 +159,7 @@ public class MailNotification implements IMailNotification {
/**
* sets the content of the email
+ *
* @param content the message content
*/
public void setContent(String content) {
@@ -168,6 +168,7 @@ public class MailNotification implements IMailNotification {
/**
* sets the recipients' email addresses
+ *
* @param addresses a list of email addresses of the recipients
*/
public void setTo(Vector addresses) {
@@ -177,6 +178,7 @@ public class MailNotification implements IMailNotification {
/**
* sets the recipient's email address
+ *
* @param to address of the recipient email address
*/
public void setTo(String to) {
@@ -186,8 +188,8 @@ public class MailNotification implements IMailNotification {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, "MailNotification: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level,
+ "MailNotification: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
index cfa6ff57..f57d3344 100644
--- a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
+++ b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.ocsp;
-
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.cert.X509CRL;
@@ -75,33 +74,29 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
import com.netscape.cmsutil.ocsp.TBSRequest;
import com.netscape.cmsutil.ocsp.UnknownInfo;
-
/**
- * This is the default OCSP store that stores revocation information
- * as certificate record (CMS internal data structure).
- *
+ * This is the default OCSP store that stores revocation information as
+ * certificate record (CMS internal data structure).
+ *
* @version $Revision$, $Date$
*/
public class DefStore implements IDefStore, IExtendedPluginInfo {
// refreshInSec is useful in the master-clone situation.
- // clone does not know that the CRL has been updated in
+ // clone does not know that the CRL has been updated in
// the master (by default no refresh)
private static final String PROP_USE_CACHE = "useCache";
private static final String PROP_REFRESH_IN_SEC = "refreshInSec";
- private static final int DEF_REFRESH_IN_SEC = 0;
+ private static final int DEF_REFRESH_IN_SEC = 0;
public static final BigInteger BIG_ZERO = new BigInteger("0");
public static final Long MINUS_ONE = Long.valueOf(-1);
- private final static String PROP_BY_NAME =
- "byName";
- private final static String PROP_WAIT_ON_CRL_UPDATE =
- "waitOnCRLUpdate";
+ private final static String PROP_BY_NAME = "byName";
+ private final static String PROP_WAIT_ON_CRL_UPDATE = "waitOnCRLUpdate";
private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood";
- private final static String PROP_INCLUDE_NEXT_UPDATE =
- "includeNextUpdate";
+ private final static String PROP_INCLUDE_NEXT_UPDATE = "includeNextUpdate";
protected Hashtable mReqCounts = new Hashtable();
protected boolean mNotFoundGood = true;
@@ -123,19 +118,28 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
public DefStore() {
}
- public String[] getExtendedPluginInfo(Locale locale) {
- Vector v = new Vector();
-
- v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD"));
- v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME"));
- v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE"));
- v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC"));
- v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore");
+ public String[] getExtendedPluginInfo(Locale locale) {
+ Vector v = new Vector();
+
+ v.addElement(PROP_NOT_FOUND_GOOD
+ + ";boolean; "
+ + CMS.getUserMessage(locale,
+ "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD"));
+ v.addElement(PROP_BY_NAME + ";boolean; "
+ + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME"));
+ v.addElement(PROP_INCLUDE_NEXT_UPDATE
+ + ";boolean; "
+ + CMS.getUserMessage(locale,
+ "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE"));
+ v.addElement(IExtendedPluginInfo.HELP_TEXT + "; "
+ + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC"));
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ocspstores-defstore");
return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
}
- public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem owner, IConfigStore config)
+ throws EBaseException {
mOCSPAuthority = (IOCSPAuthority) owner;
mConfig = config;
@@ -160,8 +164,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
// To include next update in the OCSP response. If included,
// PSM (client) will check to see if the revoked information
// is too old or not
- mIncludeNextUpdate = mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE,
- false);
+ mIncludeNextUpdate = mConfig
+ .getBoolean(PROP_INCLUDE_NEXT_UPDATE, false);
// should move this into DBSubsystem ....
IDBRegistry reg = mDBService.getRegistry();
@@ -170,8 +174,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
initWebGateway();
/**
- DeleteOldCRLsThread t = new DeleteOldCRLsThread(this);
- t.start();
+ * DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); t.start();
**/
// deleteOldCRLs();
}
@@ -179,8 +182,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
/**
* init web gateway - just gets the ee gateway for this CA.
*/
- private void initWebGateway()
- throws EBaseException {
+ private void initWebGateway() throws EBaseException {
}
public IRepositoryRecord createRepositoryRecord() {
@@ -222,20 +224,18 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
/**
- * This store will not delete the old CRL until the
- * new one is totally committed.
+ * This store will not delete the old CRL until the new one is totally
+ * committed.
*/
public void deleteOldCRLs() throws EBaseException {
Enumeration recs = searchCRLIssuingPointRecord(
- "objectclass=" +
- CMS.getCRLIssuingPointRecordName(),
- 100);
+ "objectclass=" + CMS.getCRLIssuingPointRecordName(), 100);
X509CertImpl theCert = null;
ICRLIssuingPointRecord theRec = null;
while (recs.hasMoreElements()) {
- ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord)
- recs.nextElement();
+ ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) recs
+ .nextElement();
deleteOldCRLsInCA(rec.getId());
}
@@ -245,47 +245,38 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
IDBSSession s = mDBService.createSession();
try {
- ICRLIssuingPointRecord cp = (ICRLIssuingPointRecord)
- readCRLIssuingPoint(caName);
+ ICRLIssuingPointRecord cp = (ICRLIssuingPointRecord) readCRLIssuingPoint(caName);
if (cp == null)
return; // nothing to do
if (cp.getThisUpdate() == null)
return; // nothing to do
- String thisUpdate = Long.toString(
- cp.getThisUpdate().getTime());
- Enumeration e = searchRepository(
- caName,
- "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" +
- thisUpdate + ")");
+ String thisUpdate = Long.toString(cp.getThisUpdate().getTime());
+ Enumeration e = searchRepository(caName, "(!"
+ + IRepositoryRecord.ATTR_SERIALNO + "=" + thisUpdate + ")");
while (e != null && e.hasMoreElements()) {
- IRepositoryRecord r = (IRepositoryRecord)
- e.nextElement();
- Enumeration recs =
- searchCertRecord(caName,
- r.getSerialNumber().toString(),
- ICertRecord.ATTR_ID + "=*");
-
- log(ILogger.LL_INFO, "remove CRL 0x" +
- r.getSerialNumber().toString(16) +
- " of " + caName);
- String rep_dn = "ou=" +
- r.getSerialNumber().toString() +
- ",cn=" + transformDN(caName) + "," +
- getBaseDN();
+ IRepositoryRecord r = (IRepositoryRecord) e.nextElement();
+ Enumeration recs = searchCertRecord(caName, r.getSerialNumber()
+ .toString(), ICertRecord.ATTR_ID + "=*");
+
+ log(ILogger.LL_INFO, "remove CRL 0x"
+ + r.getSerialNumber().toString(16) + " of " + caName);
+ String rep_dn = "ou=" + r.getSerialNumber().toString() + ",cn="
+ + transformDN(caName) + "," + getBaseDN();
while (recs != null && recs.hasMoreElements()) {
ICertRecord rec = (ICertRecord) recs.nextElement();
- String cert_dn = "cn=" +
- rec.getSerialNumber().toString() + "," + rep_dn;
+ String cert_dn = "cn=" + rec.getSerialNumber().toString()
+ + "," + rep_dn;
s.delete(cert_dn);
}
s.delete(rep_dn);
}
} finally {
- if (s != null) s.close();
+ if (s != null)
+ s.close();
}
}
@@ -298,12 +289,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
public void startup() throws EBaseException {
- int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC,
- DEF_REFRESH_IN_SEC);
+ int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC,
+ DEF_REFRESH_IN_SEC);
if (refresh > 0) {
- DefStoreCRLUpdater updater =
- new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh);
- updater.start();
+ DefStoreCRLUpdater updater = new DefStoreCRLUpdater(
+ mCacheCRLIssuingPoints, refresh);
+ updater.start();
}
}
@@ -325,10 +316,9 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
/**
* Validate an OCSP request.
*/
- public OCSPResponse validate(OCSPRequest request)
- throws EBaseException {
+ public OCSPResponse validate(OCSPRequest request) throws EBaseException {
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
mOCSPAuthority.incNumOCSPRequest(1);
long startTime = CMS.getCurrentDate().getTime();
@@ -337,16 +327,15 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
TBSRequest tbsReq = request.getTBSRequest();
// (3) look into database to check the
- // certificate's status
+ // certificate's status
Vector singleResponses = new Vector();
if (statsSub != null) {
- statsSub.startTiming("lookup");
+ statsSub.startTiming("lookup");
}
long lookupStartTime = CMS.getCurrentDate().getTime();
for (int i = 0; i < tbsReq.getRequestCount(); i++) {
- com.netscape.cmsutil.ocsp.Request req =
- tbsReq.getRequestAt(i);
+ com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
CertID cid = req.getCertID();
SingleResponse sr = processRequest(cid);
@@ -354,17 +343,18 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
long lookupEndTime = CMS.getCurrentDate().getTime();
if (statsSub != null) {
- statsSub.endTiming("lookup");
+ statsSub.endTiming("lookup");
}
mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime);
- if (singleResponses.size() <= 0) {
+ if (singleResponses.size() <= 0) {
CMS.debug("DefStore: No Request Found");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", "No Request Found"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "OCSP_REQUEST_FAILURE", "No Request Found"));
return null;
}
if (statsSub != null) {
- statsSub.startTiming("build_response");
+ statsSub.startTiming("build_response");
}
SingleResponse res[] = new SingleResponse[singleResponses.size()];
@@ -389,27 +379,27 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
}
- ResponseData rd = new ResponseData(rid,
- new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
+ ResponseData rd = new ResponseData(rid, new GeneralizedTime(
+ CMS.getCurrentDate()), res, nonce);
if (statsSub != null) {
- statsSub.endTiming("build_response");
+ statsSub.endTiming("build_response");
}
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long signStartTime = CMS.getCurrentDate().getTime();
BasicOCSPResponse basicRes = mOCSPAuthority.sign(rd);
long signEndTime = CMS.getCurrentDate().getTime();
if (statsSub != null) {
- statsSub.endTiming("signing");
+ statsSub.endTiming("signing");
}
mOCSPAuthority.incSignTime(signEndTime - signStartTime);
OCSPResponse response = new OCSPResponse(
- OCSPResponseStatus.SUCCESSFUL,
- new ResponseBytes(ResponseBytes.OCSP_BASIC,
- new OCTET_STRING(ASN1Util.encode(basicRes))));
+ OCSPResponseStatus.SUCCESSFUL, new ResponseBytes(
+ ResponseBytes.OCSP_BASIC, new OCTET_STRING(
+ ASN1Util.encode(basicRes))));
log(ILogger.LL_INFO, "done OCSP request");
long endTime = CMS.getCurrentDate().getTime();
@@ -417,7 +407,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
return response;
} catch (Exception e) {
CMS.debug("DefStore: validation failed " + e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString()));
return null;
}
}
@@ -435,18 +426,16 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
X509CRLImpl theCRL = null;
ICRLIssuingPointRecord theRec = null;
byte keyhsh[] = cid.getIssuerKeyHash().toByteArray();
- CRLIPContainer matched = (CRLIPContainer)
- mCacheCRLIssuingPoints.get(new String(keyhsh));
+ CRLIPContainer matched = (CRLIPContainer) mCacheCRLIssuingPoints
+ .get(new String(keyhsh));
if (matched == null) {
- Enumeration recs = searchCRLIssuingPointRecord(
- "objectclass=" +
- CMS.getCRLIssuingPointRecordName(),
- 100);
+ Enumeration recs = searchCRLIssuingPointRecord("objectclass="
+ + CMS.getCRLIssuingPointRecordName(), 100);
while (recs.hasMoreElements()) {
- ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord)
- recs.nextElement();
+ ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) recs
+ .nextElement();
byte certdata[] = rec.getCACert();
X509CertImpl cert = null;
@@ -454,11 +443,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
cert = new X509CertImpl(certdata);
} catch (Exception e) {
// error
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OCSP_DECODE_CERT",
+ e.toString()));
return null;
}
- MessageDigest md = MessageDigest.getInstance(
- mOCSPAuthority.getDigestName(cid.getHashAlgorithm()));
+ MessageDigest md = MessageDigest.getInstance(mOCSPAuthority
+ .getDigestName(cid.getHashAlgorithm()));
X509Key key = (X509Key) cert.getPublicKey();
byte digest[] = md.digest(key.getKey());
@@ -469,17 +460,20 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
byte crldata[] = rec.getCRL();
if (rec.getCRLCache() == null) {
- CMS.debug("DefStore: start building x509 crl impl");
- try {
- theCRL = new X509CRLImpl(crldata);
- } catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString()));
- }
- CMS.debug("DefStore: done building x509 crl impl");
+ CMS.debug("DefStore: start building x509 crl impl");
+ try {
+ theCRL = new X509CRLImpl(crldata);
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OCSP_DECODE_CRL",
+ e.toString()));
+ }
+ CMS.debug("DefStore: done building x509 crl impl");
} else {
- CMS.debug("DefStore: using crl cache");
+ CMS.debug("DefStore: using crl cache");
}
- mCacheCRLIssuingPoints.put(new String(digest), new CRLIPContainer(theRec, theCert, theCRL));
+ mCacheCRLIssuingPoints.put(new String(digest),
+ new CRLIPContainer(theRec, theCert, theCRL));
break;
}
}
@@ -494,16 +488,19 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
if (theCert != null) {
INTEGER serialNo = cid.getSerialNumber();
- log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Status of certificate 0x" + serialNo.toString(16));
- CMS.debug("DefStore: process request 0x" + serialNo.toString(16));
+ log(ILogger.EV_AUDIT,
+ AuditFormat.LEVEL,
+ "Checked Status of certificate 0x"
+ + serialNo.toString(16));
+ CMS.debug("DefStore: process request 0x"
+ + serialNo.toString(16));
CertStatus certStatus = null;
GeneralizedTime thisUpdate = null;
if (theRec == null) {
thisUpdate = new GeneralizedTime(CMS.getCurrentDate());
} else {
- thisUpdate = new GeneralizedTime(
- theRec.getThisUpdate());
+ thisUpdate = new GeneralizedTime(theRec.getThisUpdate());
}
GeneralizedTime nextUpdate = null;
@@ -512,8 +509,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
if (theRec == null) {
nextUpdate = new GeneralizedTime(CMS.getCurrentDate());
} else {
- nextUpdate = new GeneralizedTime(
- theRec.getNextUpdate());
+ nextUpdate = new GeneralizedTime(theRec.getNextUpdate());
}
}
@@ -525,26 +521,28 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
CMS.debug("DefStore: evaluating crl cache");
Hashtable cache = theRec.getCRLCacheNoClone();
if (cache != null) {
- RevokedCertificate rc = (RevokedCertificate)
- cache.get(new BigInteger(serialNo.toString()));
- if (rc == null) {
- if (isNotFoundGood()) {
- certStatus = new GoodInfo();
- } else {
- certStatus = new UnknownInfo();
+ RevokedCertificate rc = (RevokedCertificate) cache
+ .get(new BigInteger(serialNo.toString()));
+ if (rc == null) {
+ if (isNotFoundGood()) {
+ certStatus = new GoodInfo();
+ } else {
+ certStatus = new UnknownInfo();
}
- } else {
-
+ } else {
+
certStatus = new RevokedInfo(
- new GeneralizedTime(
- rc.getRevocationDate()));
- }
+ new GeneralizedTime(
+ rc.getRevocationDate()));
+ }
}
}
-
+
} else {
- CMS.debug("DefStore: evaluating x509 crl impl");
- X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString()));
+ CMS.debug("DefStore: evaluating x509 crl impl");
+ X509CRLEntry crlentry = theCRL
+ .getRevokedCertificate(new BigInteger(serialNo
+ .toString()));
if (crlentry == null) {
// good or unknown
@@ -555,8 +553,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
} else {
certStatus = new RevokedInfo(new GeneralizedTime(
- crlentry.getRevocationDate()));
-
+ crlentry.getRevocationDate()));
+
}
}
return new SingleResponse(cid, certStatus, thisUpdate,
@@ -582,16 +580,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
public Enumeration searchAllCRLIssuingPointRecord(int maxSize)
- throws EBaseException {
+ throws EBaseException {
return searchCRLIssuingPointRecord(
- "objectclass=" +
- CMS.getCRLIssuingPointRecordName(),
- maxSize);
+ "objectclass=" + CMS.getCRLIssuingPointRecordName(), maxSize);
}
- public Enumeration searchCRLIssuingPointRecord(String filter,
- int maxSize)
- throws EBaseException {
+ public Enumeration searchCRLIssuingPointRecord(String filter, int maxSize)
+ throws EBaseException {
IDBSSession s = mDBService.createSession();
Enumeration e = null;
@@ -605,20 +600,20 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
public synchronized void modifyCRLIssuingPointRecord(String name,
- ModificationSet mods) throws EBaseException {
+ ModificationSet mods) throws EBaseException {
IDBSSession s = mDBService.createSession();
try {
- String dn = "cn=" +
- transformDN(name) + "," + getBaseDN();
+ String dn = "cn=" + transformDN(name) + "," + getBaseDN();
s.modify(dn, mods);
} catch (EBaseException e) {
- CMS.debug("modifyCRLIssuingPointRecord: error=" + e);
- CMS.debug(e);
- throw e;
+ CMS.debug("modifyCRLIssuingPointRecord: error=" + e);
+ CMS.debug(e);
+ throw e;
} finally {
- if (s != null) s.close();
+ if (s != null)
+ s.close();
}
}
@@ -626,42 +621,43 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
* Returns an issuing point.
*/
public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
- throws EBaseException {
+ throws EBaseException {
IDBSSession s = mDBService.createSession();
ICRLIssuingPointRecord rec = null;
try {
- String dn = "cn=" +
- transformDN(name) + "," + getBaseDN();
+ String dn = "cn=" + transformDN(name) + "," + getBaseDN();
if (s != null) {
rec = (ICRLIssuingPointRecord) s.read(dn);
}
} finally {
- if (s != null) s.close();
+ if (s != null)
+ s.close();
}
return rec;
}
- public ICRLIssuingPointRecord createCRLIssuingPointRecord(
- String name, BigInteger crlNumber,
- Long crlSize, Date thisUpdate, Date nextUpdate) {
- return CMS.createCRLIssuingPointRecord(
- name, crlNumber, crlSize, thisUpdate, nextUpdate);
+ public ICRLIssuingPointRecord createCRLIssuingPointRecord(String name,
+ BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) {
+ return CMS.createCRLIssuingPointRecord(name, crlNumber, crlSize,
+ thisUpdate, nextUpdate);
}
- public void deleteCRLIssuingPointRecord(String id)
- throws EBaseException {
+ public void deleteCRLIssuingPointRecord(String id) throws EBaseException {
IDBSSession s = null;
try {
s = mDBService.createSession();
- String name = "cn=" + transformDN(id) + "," + getBaseDN();
- CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name);
- if (s != null) s.delete(name);
+ String name = "cn=" + transformDN(id) + "," + getBaseDN();
+ CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: "
+ + name);
+ if (s != null)
+ s.delete(name);
} finally {
- if (s != null) s.close();
+ if (s != null)
+ s.close();
}
}
@@ -669,12 +665,11 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
* Creates a new issuing point in OCSP.
*/
public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
- throws EBaseException {
+ throws EBaseException {
IDBSSession s = mDBService.createSession();
try {
- String dn = "cn=" +
- transformDN(name) + "," + getBaseDN();
+ String dn = "cn=" + transformDN(name) + "," + getBaseDN();
s.add(dn, (ICRLIssuingPointRecord) rec);
} finally {
@@ -684,13 +679,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
public Enumeration searchRepository(String name, String filter)
- throws EBaseException {
+ throws EBaseException {
IDBSSession s = mDBService.createSession();
Enumeration e = null;
try {
- e = s.search("cn=" + transformDN(name) + "," + getBaseDN(),
- filter);
+ e = s.search("cn=" + transformDN(name) + "," + getBaseDN(), filter);
} finally {
if (s != null)
s.close();
@@ -702,13 +696,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
* Creates a new issuing point in OCSP.
*/
public void addRepository(String name, String thisUpdate,
- IRepositoryRecord rec)
- throws EBaseException {
+ IRepositoryRecord rec) throws EBaseException {
IDBSSession s = mDBService.createSession();
try {
- String dn = "ou=" + thisUpdate + ",cn=" +
- transformDN(name) + "," + getBaseDN();
+ String dn = "ou=" + thisUpdate + ",cn=" + transformDN(name) + ","
+ + getBaseDN();
s.add(dn, rec);
} finally {
@@ -717,30 +710,30 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
}
- public void modifyCertRecord(String name, String thisUpdate,
- String sno,
- ModificationSet mods) throws EBaseException {
+ public void modifyCertRecord(String name, String thisUpdate, String sno,
+ ModificationSet mods) throws EBaseException {
IDBSSession s = mDBService.createSession();
try {
- String dn = "cn=" + sno + ",ou=" + thisUpdate +
- ",cn=" + transformDN(name) + "," + getBaseDN();
+ String dn = "cn=" + sno + ",ou=" + thisUpdate + ",cn="
+ + transformDN(name) + "," + getBaseDN();
- if (s != null) s.modify(dn, mods);
+ if (s != null)
+ s.modify(dn, mods);
} finally {
- if (s != null) s.close();
+ if (s != null)
+ s.close();
}
}
public Enumeration searchCertRecord(String name, String thisUpdate,
- String filter) throws EBaseException {
+ String filter) throws EBaseException {
IDBSSession s = mDBService.createSession();
Enumeration e = null;
try {
- e = s.search("ou=" + thisUpdate + ",cn=" +
- transformDN(name) + "," + getBaseDN(),
- filter);
+ e = s.search("ou=" + thisUpdate + ",cn=" + transformDN(name) + ","
+ + getBaseDN(), filter);
} finally {
if (s != null)
s.close();
@@ -748,21 +741,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
return e;
}
- public ICertRecord readCertRecord(String name, String thisUpdate,
- String sno)
- throws EBaseException {
+ public ICertRecord readCertRecord(String name, String thisUpdate, String sno)
+ throws EBaseException {
IDBSSession s = mDBService.createSession();
ICertRecord rec = null;
try {
- String dn = "cn=" + sno + ",ou=" + thisUpdate +
- ",cn=" + transformDN(name) + "," + getBaseDN();
+ String dn = "cn=" + sno + ",ou=" + thisUpdate + ",cn="
+ + transformDN(name) + "," + getBaseDN();
if (s != null) {
rec = (ICertRecord) s.read(dn);
}
} finally {
- if (s != null) s.close();
+ if (s != null)
+ s.close();
}
return rec;
}
@@ -770,14 +763,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
/**
* Creates a new issuing point in OCSP.
*/
- public void addCertRecord(String name, String thisUpdate,
- String sno, ICertRecord rec)
- throws EBaseException {
+ public void addCertRecord(String name, String thisUpdate, String sno,
+ ICertRecord rec) throws EBaseException {
IDBSSession s = mDBService.createSession();
try {
- String dn = "cn=" + sno + ",ou=" + thisUpdate +
- ",cn=" + transformDN(name) + "," + getBaseDN();
+ String dn = "cn=" + sno + ",ou=" + thisUpdate + ",cn="
+ + transformDN(name) + "," + getBaseDN();
s.add(dn, rec);
} finally {
@@ -786,26 +778,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
}
- public NameValuePairs getConfigParameters() {
+ public NameValuePairs getConfigParameters() {
try {
- NameValuePairs params = new NameValuePairs();
+ NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_OCSPSTORE_IMPL_NAME,
- mConfig.getString("class"));
- params.add(PROP_NOT_FOUND_GOOD,
- mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
- params.add(PROP_BY_NAME,
- mConfig.getString(PROP_BY_NAME, "true"));
- params.add(PROP_INCLUDE_NEXT_UPDATE,
- mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
- return params;
+ mConfig.getString("class"));
+ params.add(PROP_NOT_FOUND_GOOD,
+ mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
+ params.add(PROP_BY_NAME, mConfig.getString(PROP_BY_NAME, "true"));
+ params.add(PROP_INCLUDE_NEXT_UPDATE,
+ mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
+ return params;
} catch (Exception e) {
return null;
}
}
- public void setConfigParameters(NameValuePairs pairs)
- throws EBaseException {
+ public void setConfigParameters(NameValuePairs pairs) throws EBaseException {
Enumeration k = pairs.getNames();
while (k.hasMoreElements()) {
@@ -822,8 +812,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
CMS.debug("DefStore: Ready to update Issuer");
try {
- if (!((X509CRLImpl)crl).areEntriesIncluded())
- crl = new X509CRLImpl(((X509CRLImpl)crl).getEncoded());
+ if (!((X509CRLImpl) crl).areEntriesIncluded())
+ crl = new X509CRLImpl(((X509CRLImpl) crl).getEncoded());
} catch (Exception e) {
CMS.debug(e);
}
@@ -833,51 +823,52 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
if (crl.getThisUpdate() != null)
mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
- Modification.MOD_REPLACE, crl.getThisUpdate());
+ Modification.MOD_REPLACE, crl.getThisUpdate());
if (crl.getNextUpdate() != null)
mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
- Modification.MOD_REPLACE, crl.getNextUpdate());
+ Modification.MOD_REPLACE, crl.getNextUpdate());
if (mUseCache) {
- if (((X509CRLImpl)crl).getListOfRevokedCertificates() != null) {
- mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE,
- Modification.MOD_REPLACE,
- ((X509CRLImpl)crl).getListOfRevokedCertificates());
- }
+ if (((X509CRLImpl) crl).getListOfRevokedCertificates() != null) {
+ mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE,
+ Modification.MOD_REPLACE,
+ ((X509CRLImpl) crl).getListOfRevokedCertificates());
+ }
}
if (((X509CRLImpl) crl).getNumberOfRevokedCertificates() < 0) {
mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
- Modification.MOD_REPLACE, Long.valueOf(0));
+ Modification.MOD_REPLACE, Long.valueOf(0));
} else {
mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
- Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates()));
+ Modification.MOD_REPLACE, Long
+ .valueOf(((X509CRLImpl) crl)
+ .getNumberOfRevokedCertificates()));
}
- BigInteger crlNumber = ((X509CRLImpl)crl).getCRLNumber();
+ BigInteger crlNumber = ((X509CRLImpl) crl).getCRLNumber();
if (crlNumber == null) {
mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
- Modification.MOD_REPLACE, new BigInteger("-1"));
+ Modification.MOD_REPLACE, new BigInteger("-1"));
} else {
mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
- Modification.MOD_REPLACE, crlNumber);
+ Modification.MOD_REPLACE, crlNumber);
}
try {
mods.add(ICRLIssuingPointRecord.ATTR_CRL,
- Modification.MOD_REPLACE, crl.getEncoded());
+ Modification.MOD_REPLACE, crl.getEncoded());
} catch (Exception e) {
// ignore
}
- CMS.debug("DefStore: ready to CRL update " +
- crl.getIssuerDN().getName());
- modifyCRLIssuingPointRecord(
- crl.getIssuerDN().getName(), mods);
- CMS.debug("DefStore: done CRL update " +
- crl.getIssuerDN().getName());
+ CMS.debug("DefStore: ready to CRL update "
+ + crl.getIssuerDN().getName());
+ modifyCRLIssuingPointRecord(crl.getIssuerDN().getName(), mods);
+ CMS.debug("DefStore: done CRL update "
+ + crl.getIssuerDN().getName());
// update cache
mCacheCRLIssuingPoints.clear();
- log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." +
- " thisUpdate=" + crl.getThisUpdate() +
- " nextUpdate=" + crl.getNextUpdate());
+ log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL."
+ + " thisUpdate=" + crl.getThisUpdate() + " nextUpdate="
+ + crl.getNextUpdate());
} finally {
mStateCount--;
@@ -890,7 +881,6 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
}
-
class DeleteOldCRLsThread extends Thread {
private DefStore mDefStore = null;
@@ -906,13 +896,13 @@ class DeleteOldCRLsThread extends Thread {
}
}
-
class CRLIPContainer {
private ICRLIssuingPointRecord mRec = null;
private X509CertImpl mCert = null;
private X509CRLImpl mCRL = null;
- public CRLIPContainer(ICRLIssuingPointRecord rec, X509CertImpl cert, X509CRLImpl crl) {
+ public CRLIPContainer(ICRLIssuingPointRecord rec, X509CertImpl cert,
+ X509CRLImpl crl) {
mRec = rec;
mCert = cert;
mCRL = crl;
diff --git a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
index 5e4e6566..88ac8c45 100644
--- a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
+++ b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.ocsp;
-
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.cert.X509CRL;
@@ -71,11 +70,10 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
import com.netscape.cmsutil.ocsp.TBSRequest;
import com.netscape.cmsutil.ocsp.UnknownInfo;
-
/**
- * This is the LDAP OCSP store. It reads CA certificate and
- * revocation list attributes from the CA entry.
- *
+ * This is the LDAP OCSP store. It reads CA certificate and revocation list
+ * attributes from the CA entry.
+ *
* @version $Revision$, $Date$
*/
public class LDAPStore implements IDefStore, IExtendedPluginInfo {
@@ -93,8 +91,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
private static final String PROP_PORT = "port";
private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood";
- private final static String PROP_INCLUDE_NEXT_UPDATE =
- "includeNextUpdate";
+ private final static String PROP_INCLUDE_NEXT_UPDATE = "includeNextUpdate";
private IOCSPAuthority mOCSPAuthority = null;
private IConfigStore mConfig = null;
@@ -111,44 +108,59 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
public LDAPStore() {
}
- public String[] getExtendedPluginInfo(Locale locale) {
- Vector v = new Vector();
-
- v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD"));
- v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE"));
- v.addElement(PROP_NUM_CONNS + ";number; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NUM_CONNS"));
- v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_BY_NAME"));
- v.addElement(PROP_CRL_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR"));
- v.addElement(PROP_CA_CERT_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR"));
- v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC"));
- v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore");
- return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
+ public String[] getExtendedPluginInfo(Locale locale) {
+ Vector v = new Vector();
+
+ v.addElement(PROP_NOT_FOUND_GOOD
+ + ";boolean; "
+ + CMS.getUserMessage(locale,
+ "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD"));
+ v.addElement(PROP_INCLUDE_NEXT_UPDATE
+ + ";boolean; "
+ + CMS.getUserMessage(locale,
+ "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE"));
+ v.addElement(PROP_NUM_CONNS
+ + ";number; "
+ + CMS.getUserMessage(locale,
+ "CMS_OCSP_LDAPSTORE_PROP_NUM_CONNS"));
+ v.addElement(PROP_BY_NAME + ";boolean; "
+ + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_BY_NAME"));
+ v.addElement(PROP_CRL_ATTR
+ + ";string; "
+ + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR"));
+ v.addElement(PROP_CA_CERT_ATTR
+ + ";string; "
+ + CMS.getUserMessage(locale,
+ "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR"));
+ v.addElement(IExtendedPluginInfo.HELP_TEXT + "; "
+ + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC"));
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ocspstores-ldapstore");
+ return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
}
/**
* Fetch CA certificate and CRL from LDAP server.
*/
- public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem owner, IConfigStore config)
+ throws EBaseException {
mOCSPAuthority = (IOCSPAuthority) owner;
mConfig = config;
mCRLAttr = mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR);
- mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR,
- DEF_CA_CERT_ATTR);
+ mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR);
mByName = mConfig.getBoolean(PROP_BY_NAME, true);
-
+
}
/**
* Locates the CA certificate.
*/
- public X509CertImpl locateCACert(LDAPConnection conn, String baseDN)
- throws EBaseException {
+ public X509CertImpl locateCACert(LDAPConnection conn, String baseDN)
+ throws EBaseException {
try {
- LDAPSearchResults results = conn.search(baseDN,
- LDAPv2.SCOPE_SUB, mCACertAttr + "=*",
- null, false);
+ LDAPSearchResults results = conn.search(baseDN, LDAPv2.SCOPE_SUB,
+ mCACertAttr + "=*", null, false);
if (!results.hasMoreElements()) {
throw new EBaseException("error - no entry");
@@ -166,8 +178,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
return caCert;
} catch (Exception e) {
CMS.debug("LDAPStore: locateCACert " + e.toString());
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OCSP_LOCATE_CA", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OCSP_LOCATE_CA", e.toString()));
}
return null;
}
@@ -175,12 +187,11 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
/**
* Locates the CRL.
*/
- public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN)
- throws EBaseException {
+ public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN)
+ throws EBaseException {
try {
- LDAPSearchResults results = conn.search(baseDN,
- LDAPv2.SCOPE_SUB, mCRLAttr + "=*",
- null, false);
+ LDAPSearchResults results = conn.search(baseDN, LDAPv2.SCOPE_SUB,
+ mCRLAttr + "=*", null, false);
if (!results.hasMoreElements()) {
throw new EBaseException("error - no entry");
@@ -198,25 +209,26 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
return crl;
} catch (Exception e) {
CMS.debug("LDAPStore: locateCRL " + e.toString());
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString()));
}
return null;
}
- public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl)
- throws EBaseException {
+ public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl)
+ throws EBaseException {
X509CRLImpl oldCRL = (X509CRLImpl) mCRLs.get(caCert);
if (oldCRL != null) {
- if (oldCRL.getThisUpdate().getTime() >=
- crl.getThisUpdate().getTime()) {
- log(ILogger.LL_INFO,
- "LDAPStore: no update, received CRL is older than current CRL");
+ if (oldCRL.getThisUpdate().getTime() >= crl.getThisUpdate()
+ .getTime()) {
+ log(ILogger.LL_INFO,
+ "LDAPStore: no update, received CRL is older than current CRL");
return; // no update
}
}
- CMS.debug("Added '" + caCert.getSubjectDN().toString() + "' into CRL hash");
+ CMS.debug("Added '" + caCert.getSubjectDN().toString()
+ + "' into CRL hash");
mCRLs.put(caCert, crl);
}
@@ -228,7 +240,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
int num = mConfig.getInteger(PROP_NUM_CONNS, 0);
for (int i = 0; i < num; i++) {
- String host = mConfig.getString(PROP_HOST + Integer.toString(i), null);
+ String host = mConfig.getString(PROP_HOST + Integer.toString(i),
+ null);
int port = mConfig.getInteger(PROP_PORT + Integer.toString(i), 0);
LDAPConnection c = new LDAPConnection();
@@ -237,11 +250,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
} catch (LDAPException e) {
throw new EBaseException("LDAP " + e);
}
- String baseDN = mConfig.getString(PROP_BASE_DN + Integer.toString(i), null);
- CRLUpdater updater = new CRLUpdater(
- this, c, baseDN,
- mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i),
- DEF_REFRESH_IN_SEC));
+ String baseDN = mConfig.getString(
+ PROP_BASE_DN + Integer.toString(i), null);
+ CRLUpdater updater = new CRLUpdater(this, c, baseDN,
+ mConfig.getInteger(
+ PROP_REFRESH_IN_SEC + Integer.toString(i),
+ DEF_REFRESH_IN_SEC));
updater.start();
}
@@ -265,10 +279,9 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
/**
* Validate an OCSP request.
*/
- public OCSPResponse validate(OCSPRequest request)
- throws EBaseException {
+ public OCSPResponse validate(OCSPRequest request) throws EBaseException {
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
mOCSPAuthority.incNumOCSPRequest(1);
long startTime = CMS.getCurrentDate().getTime();
@@ -279,13 +292,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
Vector singleResponses = new Vector();
if (statsSub != null) {
- statsSub.startTiming("lookup");
+ statsSub.startTiming("lookup");
}
long lookupStartTime = CMS.getCurrentDate().getTime();
for (int i = 0; i < tbsReq.getRequestCount(); i++) {
- com.netscape.cmsutil.ocsp.Request req =
- tbsReq.getRequestAt(i);
+ com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
CertID cid = req.getCertID();
SingleResponse sr = processRequest(cid);
@@ -293,12 +305,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
}
long lookupEndTime = CMS.getCurrentDate().getTime();
if (statsSub != null) {
- statsSub.endTiming("lookup");
+ statsSub.endTiming("lookup");
}
mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime);
if (statsSub != null) {
- statsSub.startTiming("build_response");
+ statsSub.startTiming("build_response");
}
SingleResponse res[] = new SingleResponse[singleResponses.size()];
@@ -323,14 +335,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
}
}
- ResponseData rd = new ResponseData(rid,
- new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
+ ResponseData rd = new ResponseData(rid, new GeneralizedTime(
+ CMS.getCurrentDate()), res, nonce);
if (statsSub != null) {
- statsSub.endTiming("build_response");
+ statsSub.endTiming("build_response");
}
if (statsSub != null) {
- statsSub.startTiming("signing");
+ statsSub.startTiming("signing");
}
long signStartTime = CMS.getCurrentDate().getTime();
@@ -338,13 +350,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
long signEndTime = CMS.getCurrentDate().getTime();
mOCSPAuthority.incSignTime(signEndTime - signStartTime);
if (statsSub != null) {
- statsSub.endTiming("signing");
+ statsSub.endTiming("signing");
}
OCSPResponse response = new OCSPResponse(
- OCSPResponseStatus.SUCCESSFUL,
- new ResponseBytes(ResponseBytes.OCSP_BASIC,
- new OCTET_STRING(ASN1Util.encode(basicRes))));
+ OCSPResponseStatus.SUCCESSFUL, new ResponseBytes(
+ ResponseBytes.OCSP_BASIC, new OCTET_STRING(
+ ASN1Util.encode(basicRes))));
log(ILogger.LL_INFO, "done OCSP request");
long endTime = CMS.getCurrentDate().getTime();
@@ -352,7 +364,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
return response;
} catch (Exception e) {
CMS.debug("LDAPStore: validation " + e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OCSP_REQUEST_FAILURE", e.toString()));
return null;
}
}
@@ -375,8 +388,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
}
public void addRepository(String name, String thisUpdate,
- IRepositoryRecord rec)
- throws EBaseException {
+ IRepositoryRecord rec) throws EBaseException {
throw new EBaseException("NOT SUPPORTED");
}
@@ -389,12 +401,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
}
public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
- throws EBaseException {
+ throws EBaseException {
throw new EBaseException("NOT SUPPORTED");
}
public Enumeration searchAllCRLIssuingPointRecord(int maxSize)
- throws EBaseException {
+ throws EBaseException {
Vector recs = new Vector();
Enumeration keys = mCRLs.keys();
@@ -407,26 +419,23 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
return recs.elements();
}
- public Enumeration searchCRLIssuingPointRecord(String filter,
- int maxSize)
- throws EBaseException {
+ public Enumeration searchCRLIssuingPointRecord(String filter, int maxSize)
+ throws EBaseException {
return null;
}
- public ICRLIssuingPointRecord createCRLIssuingPointRecord(
- String name, BigInteger crlNumber,
- Long crlSize, Date thisUpdate, Date nextUpdate) {
+ public ICRLIssuingPointRecord createCRLIssuingPointRecord(String name,
+ BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) {
return null;
}
public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
- throws EBaseException {
+ throws EBaseException {
throw new EBaseException("NOT SUPPORTED");
}
- public void deleteCRLIssuingPointRecord(String id)
- throws EBaseException {
- throw new EBaseException("NOT SUPPORTED");
+ public void deleteCRLIssuingPointRecord(String id) throws EBaseException {
+ throw new EBaseException("NOT SUPPORTED");
}
public boolean isNotFoundGood() {
@@ -439,7 +448,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
public boolean includeNextUpdate() throws EBaseException {
return mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE, false);
- }
+ }
public boolean isNotFoundGood1() throws EBaseException {
return mConfig.getBoolean(PROP_NOT_FOUND_GOOD, true);
@@ -464,13 +473,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
MessageDigest md = null;
try {
- md = MessageDigest.getInstance(
- mOCSPAuthority.getDigestName(cid.getHashAlgorithm()));
+ md = MessageDigest.getInstance(mOCSPAuthority.getDigestName(cid
+ .getHashAlgorithm()));
} catch (Exception e) {
}
X509Key key = (X509Key) caCert.getPublicKey();
- if( key == null ) {
+ if (key == null) {
System.out.println("LDAPStore::processRequest - key is null!");
return null;
}
@@ -494,77 +503,70 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
return null;
}
- GeneralizedTime thisUpdate = new GeneralizedTime(
- theCRL.getThisUpdate());
+ GeneralizedTime thisUpdate = new GeneralizedTime(theCRL.getThisUpdate());
GeneralizedTime nextUpdate = null;
if (includeNextUpdate()) {
- nextUpdate = new GeneralizedTime(
- theCRL.getNextUpdate());
+ nextUpdate = new GeneralizedTime(theCRL.getNextUpdate());
}
CertStatus certStatus = null;
- X509CRLEntry entry = theCRL.getRevokedCertificate(
- cid.getSerialNumber());
+ X509CRLEntry entry = theCRL
+ .getRevokedCertificate(cid.getSerialNumber());
if (entry == null) {
- if (isNotFoundGood1()) {
- certStatus = new GoodInfo();
- } else {
- certStatus = new UnknownInfo();
+ if (isNotFoundGood1()) {
+ certStatus = new GoodInfo();
+ } else {
+ certStatus = new UnknownInfo();
}
} else {
certStatus = new RevokedInfo(new GeneralizedTime(
- entry.getRevocationDate()));
+ entry.getRevocationDate()));
}
-
+
return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate);
}
/**
* Provides configuration parameters.
*/
- public NameValuePairs getConfigParameters() {
+ public NameValuePairs getConfigParameters() {
try {
- NameValuePairs params = new NameValuePairs();
+ NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_OCSPSTORE_IMPL_NAME,
- mConfig.getString("class"));
+ params.add(Constants.PR_OCSPSTORE_IMPL_NAME,
+ mConfig.getString("class"));
int num = mConfig.getInteger(PROP_NUM_CONNS, 0);
params.add(PROP_NUM_CONNS, Integer.toString(num));
for (int i = 0; i < num; i++) {
- params.add(PROP_HOST + Integer.toString(i),
- mConfig.getString(PROP_HOST +
- Integer.toString(i), ""));
- params.add(PROP_PORT + Integer.toString(i),
- mConfig.getString(PROP_PORT +
- Integer.toString(i), "389"));
- params.add(PROP_BASE_DN + Integer.toString(i),
- mConfig.getString(PROP_BASE_DN +
- Integer.toString(i), ""));
- params.add(PROP_REFRESH_IN_SEC + Integer.toString(i),
- mConfig.getString(PROP_REFRESH_IN_SEC +
- Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC)));
+ params.add(PROP_HOST + Integer.toString(i),
+ mConfig.getString(PROP_HOST + Integer.toString(i), ""));
+ params.add(PROP_PORT + Integer.toString(i), mConfig.getString(
+ PROP_PORT + Integer.toString(i), "389"));
+ params.add(PROP_BASE_DN + Integer.toString(i), mConfig
+ .getString(PROP_BASE_DN + Integer.toString(i), ""));
+ params.add(PROP_REFRESH_IN_SEC + Integer.toString(i), mConfig
+ .getString(PROP_REFRESH_IN_SEC + Integer.toString(i),
+ Integer.toString(DEF_REFRESH_IN_SEC)));
}
- params.add(PROP_BY_NAME,
- mConfig.getString(PROP_BY_NAME, "true"));
- params.add(PROP_CA_CERT_ATTR,
- mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR));
+ params.add(PROP_BY_NAME, mConfig.getString(PROP_BY_NAME, "true"));
+ params.add(PROP_CA_CERT_ATTR,
+ mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR));
params.add(PROP_CRL_ATTR,
- mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR));
+ mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR));
params.add(PROP_NOT_FOUND_GOOD,
- mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
+ mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
params.add(PROP_INCLUDE_NEXT_UPDATE,
- mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
+ mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
return params;
} catch (Exception e) {
return null;
}
}
- public void setConfigParameters(NameValuePairs pairs)
- throws EBaseException {
+ public void setConfigParameters(NameValuePairs pairs) throws EBaseException {
Enumeration k = pairs.getNames();
while (k.hasMoreElements()) {
@@ -575,15 +577,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
}
}
-
class CRLUpdater extends Thread {
private LDAPConnection mC = null;
private String mBaseDN = null;
private int mSec = 0;
private LDAPStore mStore = null;
- public CRLUpdater(LDAPStore store, LDAPConnection c,
- String baseDN, int sec) {
+ public CRLUpdater(LDAPStore store, LDAPConnection c, String baseDN, int sec) {
mC = c;
mSec = sec;
mBaseDN = baseDN;
@@ -608,7 +608,6 @@ class CRLUpdater extends Thread {
}
}
-
class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
/**
*
@@ -739,7 +738,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
return null;
}
- public void set(String name, Object obj)throws EBaseException {
+ public void set(String name, Object obj) throws EBaseException {
}
public Object get(String name) throws EBaseException {
@@ -747,7 +746,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
}
public void delete(String name) throws EBaseException {
-
+
}
public Enumeration getElements() {
diff --git a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java
index 4d59f34e..2bdf4066 100644
--- a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java
+++ b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java
@@ -17,17 +17,15 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.password;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.password.EPasswordCheckException;
import com.netscape.certsrv.password.IConfigPasswordCheck;
import com.netscape.certsrv.password.IPasswordCheck;
-
/**
* This class checks the given password if it meets the specific requirements.
- * For example, it can also specify the format of the password which has to
- * be 8 characters long and must be in alphanumeric.
+ * For example, it can also specify the format of the password which has to be 8
+ * characters long and must be in alphanumeric.
* <P>
*
* @version $Revision$, $Date$
@@ -75,9 +73,10 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
/**
* Returns true if the given password meets the quality requirement;
* otherwise returns false.
+ *
* @param mPassword The given password being checked.
* @return true if the password meets the quality requirement; otherwise
- * returns false.
+ * returns false.
*/
public boolean isGoodPassword(String mPassword) {
if (mPassword == null || mPassword.length() == 0) {
@@ -96,7 +95,9 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
/**
* Returns a reason if the password doesnt meet the quality requirement.
- * @return string as a reason if the password quality requirement is not met.
+ *
+ * @return string as a reason if the password quality requirement is not
+ * met.
*/
public String getReason(String mPassword) {
if (mPassword == null || mPassword.length() == 0) {
@@ -113,4 +114,3 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
return null;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
index d9a527d6..ae9c2f5e 100644
--- a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
+++ b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy;
-
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
@@ -42,16 +41,15 @@ import com.netscape.certsrv.request.AgentApprovals;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
-
/**
- * The abstract policy rule that concrete implementations will
- * extend.
+ * The abstract policy rule that concrete implementations will extend.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
@@ -68,15 +66,16 @@ public abstract class APolicyRule implements IPolicyRule {
/**
* Initializes the policy rule.
* <P>
- *
- * @param config The config store reference
+ *
+ * @param config The config store reference
*/
public abstract void init(ISubsystem owner, IConfigStore config)
- throws EBaseException;
+ throws EBaseException;
/**
* Gets the description for this policy rule.
* <P>
+ *
* @return The Description for this rule.
*/
public String getDescription() {
@@ -86,8 +85,8 @@ public abstract class APolicyRule implements IPolicyRule {
/**
* Sets a predicate expression for rule matching.
* <P>
- *
- * @param exp The predicate expression for the rule.
+ *
+ * @param exp The predicate expression for the rule.
*/
public void setPredicate(IExpression exp) {
mFilterExp = exp;
@@ -96,7 +95,7 @@ public abstract class APolicyRule implements IPolicyRule {
/**
* Returns the predicate expression for the rule.
* <P>
- *
+ *
* @return The predicate expression for the rule.
*/
public IExpression getPredicate() {
@@ -106,7 +105,7 @@ public abstract class APolicyRule implements IPolicyRule {
/**
* Returns the name of the policy rule.
* <P>
- *
+ *
* @return The name of the policy class.
*/
public String getName() {
@@ -114,45 +113,45 @@ public abstract class APolicyRule implements IPolicyRule {
}
/**
- * Sets the instance name for a policy rule.
+ * Sets the instance name for a policy rule.
* <P>
- *
- * @param instanceName The name of the rule instance.
+ *
+ * @param instanceName The name of the rule instance.
*/
- public void setInstanceName(String instanceName) {
+ public void setInstanceName(String instanceName) {
mInstanceName = instanceName;
}
/**
* Returns the name of the policy rule instance.
* <P>
- *
- * @return The name of the policy rule instance if set, else
- * the name of the rule class.
+ *
+ * @return The name of the policy rule instance if set, else the name of the
+ * rule class.
*/
- public String getInstanceName() {
+ public String getInstanceName() {
return mInstanceName != null ? mInstanceName : NAME;
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public abstract PolicyResult apply(IRequest req);
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public abstract Vector getInstanceParams();
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public abstract Vector getDefaultParams();
@@ -161,8 +160,7 @@ public abstract class APolicyRule implements IPolicyRule {
setPolicyException(req, format, params);
}
- public void setError(IRequest req, String format, String arg1,
- String arg2) {
+ public void setError(IRequest req, String format, String arg1, String arg2) {
Object[] np = new Object[2];
np[0] = arg1;
@@ -188,16 +186,16 @@ public abstract class APolicyRule implements IPolicyRule {
}
/**
- * determines whether a DEFERRED policy result should be returned
- * by checking the contents of the AgentApprovals attribute. This
- * call should be used by policy modules instead of returning
- * PolicyResult.DEFERRED directly.
+ * determines whether a DEFERRED policy result should be returned by
+ * checking the contents of the AgentApprovals attribute. This call should
+ * be used by policy modules instead of returning PolicyResult.DEFERRED
+ * directly.
* <p>
*/
protected PolicyResult deferred(IRequest req) {
// Try to find an agent approval
- AgentApprovals aa = AgentApprovals.fromStringVector(
- req.getExtDataInStringVector(AgentApprovals.class.getName()));
+ AgentApprovals aa = AgentApprovals.fromStringVector(req
+ .getExtDataInStringVector(AgentApprovals.class.getName()));
// Any approvals causes success
if (aa != null && aa.elements().hasMoreElements()) {
@@ -212,8 +210,8 @@ public abstract class APolicyRule implements IPolicyRule {
*/
protected boolean agentApproved(IRequest req) {
// Try to find an agent approval
- AgentApprovals aa = AgentApprovals.fromStringVector(
- req.getExtDataInStringVector(AgentApprovals.class.getName()));
+ AgentApprovals aa = AgentApprovals.fromStringVector(req
+ .getExtDataInStringVector(AgentApprovals.class.getName()));
// Any approvals causes success
if (aa != null && aa.elements().hasMoreElements()) {
@@ -223,12 +221,11 @@ public abstract class APolicyRule implements IPolicyRule {
}
}
- public void setPolicyException(IRequest req, String format,
- Object[] params) {
- if (format == null)
+ public void setPolicyException(IRequest req, String format, Object[] params) {
+ if (format == null)
return;
- EPolicyException ex;
+ EPolicyException ex;
if (params == null)
ex = new EPolicyException(format);
@@ -247,12 +244,12 @@ public abstract class APolicyRule implements IPolicyRule {
* log a message for this policy rule.
*/
protected void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
- "APolicyRule " + NAME + ": " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "APolicyRule "
+ + NAME + ": " + msg);
}
- public static KeyIdentifier createKeyIdentifier(X509Key key)
- throws NoSuchAlgorithmException, InvalidKeyException {
+ public static KeyIdentifier createKeyIdentifier(X509Key key)
+ throws NoSuchAlgorithmException, InvalidKeyException {
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(key.getEncoded());
@@ -260,79 +257,89 @@ public abstract class APolicyRule implements IPolicyRule {
}
/**
- * Form a byte array of octet string key identifier from the sha-1 hash of
+ * Form a byte array of octet string key identifier from the sha-1 hash of
* the Subject Public Key INFO. (including algorithm ID, etc.)
* <p>
+ *
* @param certInfo cert info of the certificate.
* @return A Key identifier with the sha-1 hash of subject public key.
*/
protected KeyIdentifier formSpkiSHA1KeyId(X509CertInfo certInfo)
- throws EBaseException {
+ throws EBaseException {
KeyIdentifier keyId = null;
try {
- CertificateX509Key certKey =
- (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
+ CertificateX509Key certKey = (CertificateX509Key) certInfo
+ .get(X509CertInfo.KEY);
if (certKey == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
- throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_MISSING_KEY", NAME));
}
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
if (key == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
- throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_MISSING_KEY", NAME));
}
keyId = createKeyIdentifier(key);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
}
return keyId;
}
/**
- * Form a byte array of octet string key identifier from the sha-1 hash of
+ * Form a byte array of octet string key identifier from the sha-1 hash of
* the Subject Public Key BIT STRING.
* <p>
+ *
* @param certInfo cert info of the certificate.
* @return A Key identifier with the sha-1 hash of subject public key.
*/
protected KeyIdentifier formSHA1KeyId(X509CertInfo certInfo)
- throws EBaseException {
+ throws EBaseException {
KeyIdentifier keyId = null;
try {
- CertificateX509Key certKey =
- (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
+ CertificateX509Key certKey = (CertificateX509Key) certInfo
+ .get(X509CertInfo.KEY);
if (certKey == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
- throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_MISSING_KEY", NAME));
}
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
if (key == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
- throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_MISSING_KEY", NAME));
}
byte[] rawKey = key.getKey();
@@ -341,22 +348,21 @@ public abstract class APolicyRule implements IPolicyRule {
md.update(rawKey);
keyId = new KeyIdentifier(md.digest());
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
}
return keyId;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
index 2a98f12f..39c5cc51 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Vector;
import com.netscape.certsrv.apps.CMS;
@@ -30,24 +29,22 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * AgentPolicy is an enrollment policy wraps another policy module.
- * Requests are sent first to the contained module, but if the
- * policy indicates that the request should be deferred, a check
- * for agent approvals is done. If any are found, the request
- * is approved.
+ * AgentPolicy is an enrollment policy wraps another policy module. Requests are
+ * sent first to the contained module, but if the policy indicates that the
+ * request should be deferred, a check for agent approvals is done. If any are
+ * found, the request is approved.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class AgentPolicy extends APolicyRule
- implements IEnrollmentPolicy {
+public class AgentPolicy extends APolicyRule implements IEnrollmentPolicy {
public AgentPolicy() {
NAME = "AgentPolicy";
DESC = "Agent Approval Policy";
@@ -56,19 +53,19 @@ public class AgentPolicy extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=AgentPolicy
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
- * ra.Policy.rule.<ruleName>.class=xxxx
- * ra.Policy.rule.<ruleName>.params.*
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=AgentPolicy
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+ * netscape.com ra.Policy.rule.<ruleName>.class=xxxx
+ * ra.Policy.rule.<ruleName>.params.*
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
// Create subordinate object
String className = (String) config.get("class");
@@ -83,9 +80,9 @@ public class AgentPolicy extends APolicyRule
Object o = c.newInstance();
if (!(o instanceof APolicyRule)) {
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS",
- getInstanceName(), className));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_POLICY_CLASS",
+ getInstanceName(), className));
}
APolicyRule pr = (APolicyRule) o;
@@ -97,9 +94,9 @@ public class AgentPolicy extends APolicyRule
throw e;
} catch (Exception e) {
System.err.println("Agent Policy Error: " + e);
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_LOADING_POLICY_ERROR",
- getInstanceName(), className));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_LOADING_POLICY_ERROR", getInstanceName(),
+ className));
}
}
}
@@ -107,8 +104,8 @@ public class AgentPolicy extends APolicyRule
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -125,13 +122,13 @@ public class AgentPolicy extends APolicyRule
if (result == PolicyResult.DEFERRED) {
System.err.println("Checking agent approvals");
// Try to find an agent approval
- AgentApprovals aa = AgentApprovals.fromStringVector(
- req.getExtDataInStringVector(AgentApprovals.class.getName()));
+ AgentApprovals aa = AgentApprovals.fromStringVector(req
+ .getExtDataInStringVector(AgentApprovals.class.getName()));
- //Object o = req.get("agentApprovals");
+ // Object o = req.get("agentApprovals");
// Any approvals causes success
- if (aa != null && aa.elements().hasMoreElements()) //if (o != null)
+ if (aa != null && aa.elements().hasMoreElements()) // if (o != null)
{
System.err.println("Agent approval found");
result = PolicyResult.ACCEPTED;
@@ -143,7 +140,7 @@ public class AgentPolicy extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
@@ -152,13 +149,12 @@ public class AgentPolicy extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
return null;
}
- APolicyRule mPolicy = null;
+ APolicyRule mPolicy = null;
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
index 6438dc4a..4b929148 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Locale;
@@ -44,20 +43,20 @@ import com.netscape.certsrv.request.PolicyResult;
import com.netscape.certsrv.request.RequestId;
import com.netscape.cms.policy.APolicyRule;
-
/**
* This checks if attribute present.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class AttributePresentConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class AttributePresentConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_ENABLED = "enabled";
protected static final String PROP_LDAP = "ldap";
@@ -76,50 +75,59 @@ public class AttributePresentConstraints extends APolicyRule
private LDAPConnection mCheckAttrLdapConnection = null;
public AttributePresentConstraints() {
- DESC = "Rejects request if ldap attribute is not present in the " +
- "directory.";
+ DESC = "Rejects request if ldap attribute is not present in the "
+ + "directory.";
}
public String[] getExtendedPluginInfo(Locale locale) {
String params[] = {
- PROP_ATTR + ";string,required;Ldap attribute to check presence of (default " +
- DEF_ATTR + ")",
- PROP_VALUE + ";string;if this parameter is non-empty, the attribute must " +
- "match this value for the request to proceed ",
- PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
- "under. If your user's DN is 'uid=jsmith, o=company', you " +
- "might want to use 'o=company' here",
- PROP_LDAP_HOST + ";string,required;" +
- "LDAP host to connect to",
- PROP_LDAP_PORT + ";number,required;" +
- "LDAP port number (use 389, or 636 if SSL)",
- PROP_LDAP_SSL + ";boolean;" +
- "Use SSL to connect to directory?",
- PROP_LDAP_VER + ";choice(3,2),required;" +
- "LDAP protocol version",
- PROP_LDAP_BIND + ";string;DN to bind as for attribute checking. " +
- "For example 'CN=Pincheck User'",
- PROP_LDAP_PW + ";password;Enter password used to bind as " +
- "the above user",
- PROP_LDAP_AUTH + ";choice(BasicAuth,SslClientAuth),required;" +
- "How to bind to the directory",
- PROP_LDAP_CERT + ";string;If you want to use " +
- "SSL client auth to the directory, set the client " +
- "cert nickname here",
- PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
- "under. If your user's DN is 'uid=jsmith, o=company', you " +
- "might want to use 'o=company' here",
- PROP_LDAP_MINC + ";number;number of connections " +
- "to keep open to directory server. Default " + DEF_LDAP_MINC,
- PROP_LDAP_MAXC + ";number;when needed, connection " +
- "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC,
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-pinpresent",
- IExtendedPluginInfo.HELP_TEXT +
- ";" + DESC + " This plugin can be used to " +
- "check the presence (and, optionally, the value) of any LDAP " +
- "attribute for the user. "
- };
+ PROP_ATTR
+ + ";string,required;Ldap attribute to check presence of (default "
+ + DEF_ATTR + ")",
+ PROP_VALUE
+ + ";string;if this parameter is non-empty, the attribute must "
+ + "match this value for the request to proceed ",
+ PROP_LDAP_BASE
+ + ";string,required;Base DN to start searching "
+ + "under. If your user's DN is 'uid=jsmith, o=company', you "
+ + "might want to use 'o=company' here",
+ PROP_LDAP_HOST + ";string,required;"
+ + "LDAP host to connect to",
+ PROP_LDAP_PORT + ";number,required;"
+ + "LDAP port number (use 389, or 636 if SSL)",
+ PROP_LDAP_SSL + ";boolean;"
+ + "Use SSL to connect to directory?",
+ PROP_LDAP_VER + ";choice(3,2),required;"
+ + "LDAP protocol version",
+ PROP_LDAP_BIND
+ + ";string;DN to bind as for attribute checking. "
+ + "For example 'CN=Pincheck User'",
+ PROP_LDAP_PW + ";password;Enter password used to bind as "
+ + "the above user",
+ PROP_LDAP_AUTH + ";choice(BasicAuth,SslClientAuth),required;"
+ + "How to bind to the directory",
+ PROP_LDAP_CERT + ";string;If you want to use "
+ + "SSL client auth to the directory, set the client "
+ + "cert nickname here",
+ PROP_LDAP_BASE
+ + ";string,required;Base DN to start searching "
+ + "under. If your user's DN is 'uid=jsmith, o=company', you "
+ + "might want to use 'o=company' here",
+ PROP_LDAP_MINC + ";number;number of connections "
+ + "to keep open to directory server. Default "
+ + DEF_LDAP_MINC,
+ PROP_LDAP_MAXC
+ + ";number;when needed, connection "
+ + "pool can grow to this many (multiplexed) connections. Default "
+ + DEF_LDAP_MAXC,
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-pinpresent",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";"
+ + DESC
+ + " This plugin can be used to "
+ + "check the presence (and, optionally, the value) of any LDAP "
+ + "attribute for the user. " };
return params;
}
@@ -180,9 +188,9 @@ public class AttributePresentConstraints extends APolicyRule
protected static final String PROP_VALUE = "value";
protected static final String DEF_VALUE = "";
- protected static Vector mParamNames;
+ protected static Vector mParamNames;
protected static Hashtable mParamDefault;
- protected Hashtable mParamValue = null;
+ protected Hashtable mParamValue = null;
static {
mParamNames = new Vector();
@@ -201,7 +209,7 @@ public class AttributePresentConstraints extends APolicyRule
addParam(PROP_ATTR, DEF_ATTR);
addParam(PROP_VALUE, DEF_VALUE);
};
-
+
protected static void addParam(String name, Object value) {
mParamNames.addElement(name);
mParamDefault.put(name, value);
@@ -210,40 +218,33 @@ public class AttributePresentConstraints extends APolicyRule
protected void getStringConfigParam(IConfigStore config, String paramName) {
try {
mParamValue.put(
- paramName, config.getString(paramName, (String) mParamDefault.get(paramName))
- );
+ paramName,
+ config.getString(paramName,
+ (String) mParamDefault.get(paramName)));
} catch (Exception e) {
}
}
protected void getIntConfigParam(IConfigStore config, String paramName) {
try {
- mParamValue.put(
- paramName, Integer.valueOf(
- config.getInteger(paramName,
- ((Integer) mParamDefault.get(paramName)).intValue()
- )
- )
- );
+ mParamValue.put(paramName, Integer.valueOf(config.getInteger(
+ paramName,
+ ((Integer) mParamDefault.get(paramName)).intValue())));
} catch (Exception e) {
}
}
protected void getBooleanConfigParam(IConfigStore config, String paramName) {
try {
- mParamValue.put(
- paramName, Boolean.valueOf(
- config.getBoolean(paramName,
- ((Boolean) mParamDefault.get(paramName)).booleanValue()
- )
- )
- );
+ mParamValue.put(paramName, Boolean.valueOf(config.getBoolean(
+ paramName,
+ ((Boolean) mParamDefault.get(paramName)).booleanValue())));
} catch (Exception e) {
}
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
mParamValue = new Hashtable();
@@ -277,14 +278,16 @@ public class AttributePresentConstraints extends APolicyRule
String requestType = r.getRequestType();
- if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
- requestType.equals(IRequest.RENEWAL_REQUEST)) {
+ if (requestType.equals(IRequest.ENROLLMENT_REQUEST)
+ || requestType.equals(IRequest.RENEWAL_REQUEST)) {
String uid = r.getExtDataInString(IRequest.HTTP_PARAMS, "uid");
if (uid == null) {
- log(ILogger.LL_INFO, "did not find UID parameter in request " + r.getRequestId());
- setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
+ log(ILogger.LL_INFO, "did not find UID parameter in request "
+ + r.getRequestId());
+ setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
+ "");
return PolicyResult.REJECTED;
}
@@ -292,26 +295,34 @@ public class AttributePresentConstraints extends APolicyRule
try {
String[] attrs = { (String) mParamValue.get(PROP_ATTR) };
- LDAPSearchResults searchResult =
- mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE),
- LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false);
-
+ LDAPSearchResults searchResult = mCheckAttrLdapConnection
+ .search((String) mParamValue.get(PROP_LDAP_BASE),
+ LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs,
+ false);
+
if (!searchResult.hasMoreElements()) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
- setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
+ setError(r,
+ CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
+ "");
return PolicyResult.REJECTED;
}
LDAPEntry entry = (LDAPEntry) searchResult.nextElement();
userdn = entry.getDN();
-
- LDAPAttribute attr = entry.getAttribute((String) mParamValue.get(PROP_ATTR));
+
+ LDAPAttribute attr = entry.getAttribute((String) mParamValue
+ .get(PROP_ATTR));
/* if attribute not present, reject the request */
if (attr == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
- setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
+ setError(r,
+ CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
+ "");
return PolicyResult.REJECTED;
}
String acceptedValue = ((String) mParamValue.get(PROP_VALUE));
@@ -327,17 +338,24 @@ public class AttributePresentConstraints extends APolicyRule
}
}
if (matches == 0) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
- setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMS_AUTH_NO_PIN_FOUND", userdn));
+ setError(
+ r,
+ CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
+ "");
return PolicyResult.REJECTED;
}
}
-
- CMS.debug("AttributePresentConstraints: Attribute is present for user: \"" + userdn + "\"");
+
+ CMS.debug("AttributePresentConstraints: Attribute is present for user: \""
+ + userdn + "\"");
} catch (LDAPException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_PIN_UNAUTHORIZED"));
- setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_PIN_UNAUTHORIZED"));
+ setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"),
+ "");
return PolicyResult.REJECTED;
}
@@ -383,25 +401,26 @@ public class AttributePresentConstraints extends APolicyRule
return params;
/*
- params.addElement("ldap.ldapconn.host=localhost");
- params.addElement("ldap.ldapconn.port=389");
- params.addElement("ldap.ldapconn.secureConn=false");
- params.addElement("ldap.ldapconn.version=3");
- params.addElement("ldap.ldapauth.bindDN=CN=Directory Manager");
- params.addElement("ldap.ldapauth.bindPWPrompt=");
- params.addElement("ldap.ldapauth.clientCertNickname=");
- params.addElement("ldap.ldapauth.authtype=BasicAuth");
- params.addElement("ldap.basedn=");
- params.addElement("ldap.minConns=1");
- params.addElement("ldap.maxConns=5");
+ * params.addElement("ldap.ldapconn.host=localhost");
+ * params.addElement("ldap.ldapconn.port=389");
+ * params.addElement("ldap.ldapconn.secureConn=false");
+ * params.addElement("ldap.ldapconn.version=3");
+ * params.addElement("ldap.ldapauth.bindDN=CN=Directory Manager");
+ * params.addElement("ldap.ldapauth.bindPWPrompt=");
+ * params.addElement("ldap.ldapauth.clientCertNickname=");
+ * params.addElement("ldap.ldapauth.authtype=BasicAuth");
+ * params.addElement("ldap.basedn=");
+ * params.addElement("ldap.minConns=1");
+ * params.addElement("ldap.maxConns=5");
*/
}
protected void log(int level, String msg) {
- if (mLogger == null) return;
+ if (mLogger == null)
+ return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, "AttributePresentConstraints: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level,
+ "AttributePresentConstraints: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
index 3caee615..075f7a1f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.math.BigInteger;
import java.security.interfaces.DSAParams;
import java.util.Locale;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* DSAKeyConstraints policy enforces min and max size of the key.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class DSAKeyConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class DSAKeyConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
private int mMinSize;
private int mMaxSize;
@@ -73,7 +72,7 @@ public class DSAKeyConstraints extends APolicyRule
defConfParams.addElement(PROP_MIN_SIZE + "=" + DEF_MIN_SIZE);
defConfParams.addElement(PROP_MAX_SIZE + "=" + DEF_MAX_SIZE);
}
-
+
public DSAKeyConstraints() {
NAME = "DSAKeyConstraints";
DESC = "Enforces DSA Key Constraints.";
@@ -83,11 +82,10 @@ public class DSAKeyConstraints extends APolicyRule
String[] params = {
PROP_MIN_SIZE + ";number;Minimum key size",
PROP_MAX_SIZE + ";number;Maximum key size",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-dsakeyconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Rejects request if DSA key size is out of range"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-dsakeyconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Rejects request if DSA key size is out of range" };
return params;
}
@@ -95,18 +93,19 @@ public class DSAKeyConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form
- * ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.minSize=512
- * ra.Policy.rule.<ruleName>.maxSize=1024
- * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
- *
- * @param config The config store reference
+ * ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.minSize=512
+ * ra.Policy.rule.<ruleName>.maxSize=1024
+ * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+ * netscape.com
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
// Get Min and Max sizes
mConfig = config;
@@ -119,49 +118,46 @@ public class DSAKeyConstraints extends APolicyRule
String msg = "cannot be more than " + DEF_MAX_SIZE;
log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_MAX_SIZE, msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_MAX_SIZE, msg));
}
if (mMinSize < DEF_MIN_SIZE) {
String msg = "cannot be less than " + DEF_MIN_SIZE;
log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_MIN_SIZE, msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_MIN_SIZE, msg));
}
if (mMaxSize % INCREMENT != 0) {
String msg = "must be in increments of " + INCREMENT;
log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_MIN_SIZE, msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_MIN_SIZE, msg));
}
if (mMaxSize % INCREMENT != 0) {
String msg = "must be in increments of " + INCREMENT;
log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_MIN_SIZE, msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_MIN_SIZE, msg));
}
-
+
config.putInteger(PROP_MIN_SIZE, mMinSize);
config.putInteger(PROP_MAX_SIZE, mMaxSize);
} catch (Exception e) {
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", getInstanceName(), e.toString()));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_POLICY_CONFIG", getInstanceName(),
+ e.toString()));
}
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -170,59 +166,60 @@ public class DSAKeyConstraints extends APolicyRule
try {
// Get the certificate info from the request
- X509CertInfo ci[] =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo ci[] = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
// There should be a certificate info set.
if (ci == null || ci[0] == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
return PolicyResult.REJECTED;
}
// Else check if the key size(s) are within the limit.
for (int i = 0; i < ci.length; i++) {
- CertificateX509Key certKey = (CertificateX509Key)
- ci[i].get(X509CertInfo.KEY);
+ CertificateX509Key certKey = (CertificateX509Key) ci[i]
+ .get(X509CertInfo.KEY);
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
String alg = key.getAlgorithmId().toString();
if (!alg.equalsIgnoreCase(DSA))
continue;
- // Check DSAKey parameters.
- // size refers to the p parameter.
+ // Check DSAKey parameters.
+ // size refers to the p parameter.
DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded());
DSAParams keyParams = dsaKey.getParams();
- if (keyParams == null) {
+ if (keyParams == null) {
// key parameters could not be parsed.
- Object[] params = new Object[] {
- getInstanceName(), String.valueOf(i + 1) };
+ Object[] params = new Object[] { getInstanceName(),
+ String.valueOf(i + 1) };
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEY_PARAMS", getInstanceName(), String.valueOf(i + 1)), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_NO_KEY_PARAMS", getInstanceName(),
+ String.valueOf(i + 1)), "");
return PolicyResult.REJECTED;
}
BigInteger p = keyParams.getP();
int len = p.bitLength();
- if (len < mMinSize || len > mMaxSize ||
- (len % INCREMENT) != 0) {
- String[] parms = new String[] {
- getInstanceName(),
- String.valueOf(len),
- String.valueOf(mMinSize),
- String.valueOf(mMaxSize),
- String.valueOf(INCREMENT) };
+ if (len < mMinSize || len > mMaxSize || (len % INCREMENT) != 0) {
+ String[] parms = new String[] { getInstanceName(),
+ String.valueOf(len), String.valueOf(mMinSize),
+ String.valueOf(mMaxSize), String.valueOf(INCREMENT) };
- setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION_1", parms), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_KEY_SIZE_VIOLATION_1", parms), "");
return PolicyResult.REJECTED;
}
}
} catch (Exception e) {
// e.printStackTrace();
- String[] params = { getInstanceName(), e.toString()};
+ String[] params = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -230,27 +227,29 @@ public class DSAKeyConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector confParams = new Vector();
try {
- confParams.addElement(PROP_MIN_SIZE + "=" + mConfig.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE));
- confParams.addElement(PROP_MAX_SIZE + "=" + mConfig.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE));
- } catch (EBaseException e) {;
+ confParams.addElement(PROP_MIN_SIZE + "="
+ + mConfig.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE));
+ confParams.addElement(PROP_MAX_SIZE + "="
+ + mConfig.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE));
+ } catch (EBaseException e) {
+ ;
}
return confParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
return defConfParams;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
index 3d4aedc3..e59a2d72 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Locale;
import java.util.Vector;
@@ -30,22 +29,21 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * This is the default revocation policy. Currently this does
- * nothing. We can later add checks like whether or not to
- * revoke expired certs ..etc here.
+ * This is the default revocation policy. Currently this does nothing. We can
+ * later add checks like whether or not to revoke expired certs ..etc here.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class DefaultRevocation extends APolicyRule
- implements IRevocationPolicy, IExtendedPluginInfo {
+public class DefaultRevocation extends APolicyRule implements
+ IRevocationPolicy, IExtendedPluginInfo {
public DefaultRevocation() {
NAME = "DefaultRevocation";
DESC = "Default Revocation Policy";
@@ -54,24 +52,25 @@ public class DefaultRevocation extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=DefaultRevocation
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=DefaultRevocation
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+ * netscape.com
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -80,7 +79,7 @@ public class DefaultRevocation extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
@@ -89,7 +88,7 @@ public class DefaultRevocation extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
@@ -97,11 +96,9 @@ public class DefaultRevocation extends APolicyRule
}
public String[] getExtendedPluginInfo(Locale locale) {
- String[] params = {
- IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-defaultrevocation"
- };
+ String[] params = { IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-defaultrevocation" };
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
index aed75bcd..ccdb1088 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Locale;
import java.util.Vector;
@@ -35,29 +34,29 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * IssuerConstraints is a rule for restricting the issuers of the
- * certificates used for certificate-based enrollments.
+ * IssuerConstraints is a rule for restricting the issuers of the certificates
+ * used for certificate-based enrollments.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$ $Date$
*/
-public class IssuerConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class IssuerConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
private final static String PROP_ISSUER_DN = "issuerDN";
private static final String CLIENT_ISSUER = "clientIssuer";
private X500Name mIssuerDN = null;
private String mIssuerDNString;
/**
- * checks the issuer of the ssl client-auth cert. Only one issuer
- * is allowed for now
+ * checks the issuer of the ssl client-auth cert. Only one issuer is allowed
+ * for now
*/
public IssuerConstraints() {
NAME = "IssuerConstraints";
@@ -66,13 +65,13 @@ public class IssuerConstraints extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_ISSUER_DN + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-issuerconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Rejects the request if the issuer in the certificate is" +
- "not of the one specified"
- };
+ PROP_ISSUER_DN
+ + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-issuerconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Rejects the request if the issuer in the certificate is"
+ + "not of the one specified" };
return params;
@@ -81,34 +80,33 @@ public class IssuerConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- * @param config The config store reference
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
try {
mIssuerDNString = config.getString(PROP_ISSUER_DN, null);
- if ((mIssuerDNString != null) &&
- !mIssuerDNString.equals("")) {
+ if ((mIssuerDNString != null) && !mIssuerDNString.equals("")) {
mIssuerDN = new X500Name(mIssuerDNString);
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
+ log(ILogger.LL_FAILURE,
+ NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
- String[] params = {getInstanceName(), e.toString()};
+ String[] params = { getInstanceName(), e.toString() };
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_POLICY_CONFIG", params));
}
- CMS.debug(
- NAME + ": init() done");
+ CMS.debug(NAME + ": init() done");
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -124,83 +122,86 @@ public class IssuerConstraints extends APolicyRule
X500Name ci_name = new X500Name(clientIssuerDN);
if (!ci_name.equals(mIssuerDN)) {
- setError(req,
- CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
- getInstanceName()), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_INVALID_ISSUER", getInstanceName()), "");
result = PolicyResult.REJECTED;
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
- CMS.debug(
- NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString);
+ CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
+ CMS.debug(NAME
+ + ": apply() - issuerDN mismatch: client issuerDN = "
+ + clientIssuerDN + "; expected issuerDN = "
+ + mIssuerDNString);
}
} else {
// Get the certificate info from the request
- X509CertInfo certInfo[] =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certInfo == null) {
- log(ILogger.LL_FAILURE,
- NAME + ": apply() - missing certInfo");
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
+ log(ILogger.LL_FAILURE, NAME
+ + ": apply() - missing certInfo");
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
getInstanceName()), "");
return PolicyResult.REJECTED;
}
-
+
for (int i = 0; i < certInfo.length; i++) {
- String oldIssuer = (String)
- certInfo[i].get(X509CertInfo.ISSUER).toString();
-
+ String oldIssuer = (String) certInfo[i].get(
+ X509CertInfo.ISSUER).toString();
+
if (oldIssuer == null) {
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND",
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_CLIENT_ISSUER_NOT_FOUND",
getInstanceName()), "");
result = PolicyResult.REJECTED;
- log(ILogger.LL_FAILURE,
- NAME + ": apply() - client issuerDN not found");
+ log(ILogger.LL_FAILURE, NAME
+ + ": apply() - client issuerDN not found");
}
X500Name oi_name = new X500Name(oldIssuer);
if (!oi_name.equals(mIssuerDN)) {
setError(req,
- CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
- getInstanceName()), "");
+ CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
+ getInstanceName()), "");
result = PolicyResult.REJECTED;
- log(ILogger.LL_FAILURE,
- NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString);
+ log(ILogger.LL_FAILURE,
+ NAME
+ + ": apply() - cert issuerDN mismatch: client issuerDN = "
+ + oldIssuer + "; expected issuerDN = "
+ + mIssuerDNString);
}
}
}
} catch (Exception e) {
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
if (result.equals(PolicyResult.ACCEPTED)) {
- log(ILogger.LL_INFO,
- NAME + ": apply() - accepted");
+ log(ILogger.LL_INFO, NAME + ": apply() - accepted");
}
return result;
}
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
Vector confParams = new Vector();
- confParams.addElement(PROP_ISSUER_DN + "=" +
- mIssuerDNString);
+ confParams.addElement(PROP_ISSUER_DN + "=" + mIssuerDNString);
return confParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
index 8286cf31..e17897f9 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -37,44 +36,41 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * KeyAlgorithmConstraints enforces a constraint that the RA or a CA
- * honor only the keys generated using one of the permitted algorithms
- * such as RSA, DSA or DH.
+ * KeyAlgorithmConstraints enforces a constraint that the RA or a CA honor only
+ * the keys generated using one of the permitted algorithms such as RSA, DSA or
+ * DH.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class KeyAlgorithmConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class KeyAlgorithmConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
private Vector mAlgorithms;
private final static String DEF_KEY_ALGORITHM = "RSA,DSA";
private final static String PROP_ALGORITHMS = "algorithms";
- private final static String[] supportedAlgorithms =
- {"RSA", "DSA", "DH" };
+ private final static String[] supportedAlgorithms = { "RSA", "DSA", "DH" };
private final static Vector defConfParams = new Vector();
static {
- defConfParams.addElement(PROP_ALGORITHMS + "=" +
- DEF_KEY_ALGORITHM);
+ defConfParams.addElement(PROP_ALGORITHMS + "=" + DEF_KEY_ALGORITHM);
}
public String[] getExtendedPluginInfo(Locale locale) {
String params[] = {
"algorithms;choice(RSA\\,DSA,RSA,DSA);Certificate's key can be one of these algorithms",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-keyalgorithmconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Rejects the request if the key in the certificate is " +
- "not of the type specified"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-keyalgorithmconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Rejects the request if the key in the certificate is "
+ + "not of the type specified" };
return params;
}
@@ -87,17 +83,17 @@ public class KeyAlgorithmConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form
- * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
- * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.predicate=ou==Sales
- *
- * @param config The config store reference
+ * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
+ * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
mAlgorithms = new Vector();
@@ -112,10 +108,10 @@ public class KeyAlgorithmConstraints extends APolicyRule
try {
algNames = config.getString(PROP_ALGORITHMS, null);
} catch (Exception e) {
- String[] params = {getInstanceName(), e.toString()};
+ String[] params = { getInstanceName(), e.toString() };
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_POLICY_CONFIG", params));
}
if (algNames == null) {
@@ -133,11 +129,10 @@ public class KeyAlgorithmConstraints extends APolicyRule
}
// Check if configured algorithms are supported.
- for (Enumeration e = mAlgorithms.elements();
- e.hasMoreElements();) {
+ for (Enumeration e = mAlgorithms.elements(); e.hasMoreElements();) {
int i;
String configuredAlg = (String) e.nextElement();
-
+
// See if it is a supported algorithm.
for (i = 0; i < supportedAlgorithms.length; i++) {
if (configuredAlg.equals(supportedAlgorithms[i]))
@@ -146,17 +141,17 @@ public class KeyAlgorithmConstraints extends APolicyRule
// Did we not find it?
if (i == supportedAlgorithms.length)
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_UNSUPPORTED_KEY_ALG",
- getInstanceName(), configuredAlg));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_UNSUPPORTED_KEY_ALG", getInstanceName(),
+ configuredAlg));
}
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -166,8 +161,9 @@ public class KeyAlgorithmConstraints extends APolicyRule
try {
// Get the certificate info from the request
// X509CertInfo certInfo[] = (X509CertInfo[])
- // req.get(IRequest.CERT_INFO);
- X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ // req.get(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
// We need to have a certificate info set
if (certInfo == null) {
@@ -178,22 +174,23 @@ public class KeyAlgorithmConstraints extends APolicyRule
// Else check if the key algorithm is supported.
for (int i = 0; i < certInfo.length; i++) {
- CertificateX509Key certKey = (CertificateX509Key)
- certInfo[i].get(X509CertInfo.KEY);
+ CertificateX509Key certKey = (CertificateX509Key) certInfo[i]
+ .get(X509CertInfo.KEY);
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
String alg = key.getAlgorithmId().getName().toUpperCase();
if (!mAlgorithms.contains(alg)) {
- setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION",
- getInstanceName(), alg), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_KEY_ALG_VIOLATION", getInstanceName(),
+ alg), "");
result = PolicyResult.REJECTED;
}
}
} catch (Exception e) {
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -201,10 +198,10 @@ public class KeyAlgorithmConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector v = new Vector();
StringBuffer sb = new StringBuffer();
@@ -217,14 +214,13 @@ public class KeyAlgorithmConstraints extends APolicyRule
v.addElement(PROP_ALGORITHMS + "=" + sb.toString());
return v;
}
-
+
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
return defConfParams;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
index a2bf9437..1df31a34 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Vector;
import com.netscape.certsrv.authentication.IAuthToken;
@@ -29,23 +28,22 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * ManualAuthentication is an enrollment policy that queues
- * all requests for issuing agent's approval if no authentication
- * is present. The policy rejects a request if any of the auth tokens
- * indicates authentication failure.
+ * ManualAuthentication is an enrollment policy that queues all requests for
+ * issuing agent's approval if no authentication is present. The policy rejects
+ * a request if any of the auth tokens indicates authentication failure.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class ManualAuthentication extends APolicyRule
- implements IEnrollmentPolicy {
+public class ManualAuthentication extends APolicyRule implements
+ IEnrollmentPolicy {
public ManualAuthentication() {
NAME = "ManualAuthentication";
DESC = "Manual Authentication Policy";
@@ -54,30 +52,31 @@ public class ManualAuthentication extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=ManualAuthentication
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=ManualAuthentication
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+ * netscape.com
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
IAuthToken authToken = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
- if (authToken == null)
+ if (authToken == null)
return deferred(req);
return PolicyResult.ACCEPTED;
@@ -85,7 +84,7 @@ public class ManualAuthentication extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
@@ -94,11 +93,10 @@ public class ManualAuthentication extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
return null;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
index 7f7537bf..839a8134 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * RSAKeyConstraints policy enforces min and max size of the key.
- * Optionally checks the exponents.
+ * RSAKeyConstraints policy enforces min and max size of the key. Optionally
+ * checks the exponents.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class RSAKeyConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class RSAKeyConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
private Vector mExponents;
private int mMinSize;
private int mMaxSize;
@@ -79,13 +78,13 @@ public class RSAKeyConstraints extends APolicyRule
String[] params = {
PROP_MIN_SIZE + ";number;Minimum size of user's RSA key (bits)",
PROP_MAX_SIZE + ";number;Maximum size of user's RSA key (bits)",
- PROP_EXPONENTS + ";string;Comma-separated list of permissible exponents",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-rsakeyconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Reject request if RSA key length is not within the " +
- "specified constraints"
- };
+ PROP_EXPONENTS
+ + ";string;Comma-separated list of permissible exponents",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-rsakeyconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Reject request if RSA key length is not within the "
+ + "specified constraints" };
return params;
}
@@ -98,40 +97,40 @@ public class RSAKeyConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.minSize=512
- * ra.Policy.rule.<ruleName>.maxSize=2048
- * ra.Policy.rule.<ruleName>.predicate=ou==Marketing
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.minSize=512
+ * ra.Policy.rule.<ruleName>.maxSize=2048
+ * ra.Policy.rule.<ruleName>.predicate=ou==Marketing
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
if (config == null || config.size() == 0)
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_MISSING_POLICY_CONFIG",
- getInstanceName()));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_MISSING_POLICY_CONFIG", getInstanceName()));
String exponents = null;
// Get Min and Max sizes
mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE);
mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE);
- if (mMinSize <= 0)
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE));
- if (mMaxSize <= 0)
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE));
+ if (mMinSize <= 0)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE));
+ if (mMaxSize <= 0)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE));
- if (mMinSize > mMaxSize)
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, PROP_MAX_SIZE));
+ if (mMinSize > mMaxSize)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE,
+ PROP_MAX_SIZE));
mExponents = new Vector();
@@ -149,11 +148,11 @@ public class RSAKeyConstraints extends APolicyRule
}
} catch (Exception e) {
// e.printStackTrace();
- String[] params = {getInstanceName(), exponents,
- PROP_EXPONENTS};
+ String[] params = { getInstanceName(), exponents,
+ PROP_EXPONENTS };
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_CONFIG_PARAM", params));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_CONFIG_PARAM", params));
}
}
}
@@ -161,8 +160,8 @@ public class RSAKeyConstraints extends APolicyRule
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -171,20 +170,20 @@ public class RSAKeyConstraints extends APolicyRule
try {
// Get the certificate info from the request
- X509CertInfo certInfo[] =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
// There should be a certificate info set.
if (certInfo == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
getInstanceName()), "");
return PolicyResult.REJECTED;
}
// Else check if the key size(s) are within the limit.
for (int i = 0; i < certInfo.length; i++) {
- CertificateX509Key certKey = (CertificateX509Key)
- certInfo[i].get(X509CertInfo.KEY);
+ CertificateX509Key certKey = (CertificateX509Key) certInfo[i]
+ .get(X509CertInfo.KEY);
X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
String alg = key.getAlgorithmId().toString();
@@ -193,28 +192,25 @@ public class RSAKeyConstraints extends APolicyRule
X509Key newkey = null;
try {
- newkey = new X509Key(AlgorithmId.get("RSA"),
- key.getKey());
+ newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey());
} catch (Exception e) {
- CMS.debug( "RSAKeyConstraints::apply() - "
- + "Exception="+e.toString() );
- setError( req,
- CMS.getUserMessage( "CMS_POLICY_KEY_SIZE_VIOLATION",
- getInstanceName() ),
- "" );
+ CMS.debug("RSAKeyConstraints::apply() - " + "Exception="
+ + e.toString());
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
+ getInstanceName()), "");
return PolicyResult.REJECTED;
}
RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded());
int keySize = rsaKey.getKeySize();
if (keySize < mMinSize || keySize > mMaxSize) {
- String[] params = {getInstanceName(),
- String.valueOf(keySize),
- String.valueOf(mMinSize),
- String.valueOf(mMaxSize)};
+ String[] params = { getInstanceName(),
+ String.valueOf(keySize), String.valueOf(mMinSize),
+ String.valueOf(mMaxSize) };
- setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
- params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_KEY_SIZE_VIOLATION", params), "");
result = PolicyResult.REJECTED;
}
@@ -226,26 +222,28 @@ public class RSAKeyConstraints extends APolicyRule
if (!mExponents.contains(exp)) {
StringBuffer sb = new StringBuffer();
- for (Enumeration e = mExponents.elements();
- e.hasMoreElements();) {
+ for (Enumeration e = mExponents.elements(); e
+ .hasMoreElements();) {
BigInt bi = (BigInt) e.nextElement();
sb.append(bi.toBigInteger().toString());
sb.append(" ");
}
- String[] params = {getInstanceName(),
- exp.toBigInteger().toString(), new String(sb)};
+ String[] params = { getInstanceName(),
+ exp.toBigInteger().toString(), new String(sb) };
- setError(req, CMS.getUserMessage("CMS_POLICY_EXPONENT_VIOLATION", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_EXPONENT_VIOLATION", params), "");
result = PolicyResult.REJECTED;
}
}
}
} catch (Exception e) {
// e.printStackTrace();
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -253,10 +251,10 @@ public class RSAKeyConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector confParams = new Vector();
confParams.addElement(PROP_MIN_SIZE + "=" + mMinSize);
@@ -275,11 +273,10 @@ public class RSAKeyConstraints extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
return defConfParams;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
index 08e479b8..77b50eb1 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Date;
import java.util.Locale;
import java.util.Vector;
@@ -37,21 +36,22 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* Whether to allow renewal of an expired cert.
+ *
* @version $Revision$, $Date$
- * <P>
- * <PRE>
+ * <P>
+ *
+ * <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
- * <P>
- *
+ * <P>
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class RenewalConstraints extends APolicyRule
- implements IRenewalPolicy, IExtendedPluginInfo {
+public class RenewalConstraints extends APolicyRule implements IRenewalPolicy,
+ IExtendedPluginInfo {
private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts";
private static final String PROP_RENEWAL_NOT_AFTER = "renewalNotAfter";
@@ -65,8 +65,8 @@ public class RenewalConstraints extends APolicyRule
private final static Vector defConfParams = new Vector();
static {
defConfParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "=" + true);
- defConfParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" +
- DEF_RENEWAL_NOT_AFTER);
+ defConfParams.addElement(PROP_RENEWAL_NOT_AFTER + "="
+ + DEF_RENEWAL_NOT_AFTER);
}
public RenewalConstraints() {
@@ -76,14 +76,15 @@ public class RenewalConstraints extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to renew an already-expired certificate",
- PROP_RENEWAL_NOT_AFTER + ";number;Number of days since certificate expiry after which renewal request would be rejected",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-renewalconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Permit administrator to decide policy on whether to " +
- "permit renewals for already-expired certificates"
- };
+ PROP_ALLOW_EXPIRED_CERTS
+ + ";boolean;Allow a user to renew an already-expired certificate",
+ PROP_RENEWAL_NOT_AFTER
+ + ";number;Number of days since certificate expiry after which renewal request would be rejected",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-renewalconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Permit administrator to decide policy on whether to "
+ + "permit renewals for already-expired certificates" };
return params;
@@ -92,24 +93,24 @@ public class RenewalConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
// Get min and max validity in days and configure them.
try {
- mAllowExpiredCerts =
- config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true);
+ mAllowExpiredCerts = config.getBoolean(PROP_ALLOW_EXPIRED_CERTS,
+ true);
String val = config.getString(PROP_RENEWAL_NOT_AFTER, null);
- if (val == null)
+ if (val == null)
mRenewalNotAfter = DEF_RENEWAL_NOT_AFTER * DAYS_TO_MS_FACTOR;
else {
mRenewalNotAfter = Long.parseLong(val) * DAYS_TO_MS_FACTOR;
@@ -119,14 +120,15 @@ public class RenewalConstraints extends APolicyRule
// never happen.
}
- CMS.debug("RenewalConstraints: allow expired certs " + mAllowExpiredCerts);
+ CMS.debug("RenewalConstraints: allow expired certs "
+ + mAllowExpiredCerts);
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -134,44 +136,52 @@ public class RenewalConstraints extends APolicyRule
try {
// Get the certificates being renwed.
- X509CertImpl[] oldCerts =
- req.getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl[] oldCerts = req
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
if (oldCerts == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT",
getInstanceName()), "");
return PolicyResult.REJECTED;
}
-
+
if (mAllowExpiredCerts) {
CMS.debug("checking validity of each cert");
- // check if each cert to be renewed is expired for more than // allowed days.
+ // check if each cert to be renewed is expired for more than //
+ // allowed days.
for (int i = 0; i < oldCerts.length; i++) {
- X509CertInfo oldCertInfo = (X509CertInfo)
- oldCerts[i].get(X509CertImpl.NAME + "." +
- X509CertImpl.INFO);
- CertificateValidity oldValidity = (CertificateValidity)
- oldCertInfo.get(X509CertInfo.VALIDITY);
- Date notAfter = (Date)
- oldValidity.get(CertificateValidity.NOT_AFTER);
+ X509CertInfo oldCertInfo = (X509CertInfo) oldCerts[i]
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ CertificateValidity oldValidity = (CertificateValidity) oldCertInfo
+ .get(X509CertInfo.VALIDITY);
+ Date notAfter = (Date) oldValidity
+ .get(CertificateValidity.NOT_AFTER);
// Is the Certificate eligible for renewal ?
Date now = CMS.getCurrentDate();
- Date renewedNotAfter = new Date(notAfter.getTime() +
- mRenewalNotAfter);
+ Date renewedNotAfter = new Date(notAfter.getTime()
+ + mRenewalNotAfter);
- CMS.debug("RenewalConstraints: cert " + i + " renewedNotAfter " + renewedNotAfter + " now=" + now);
+ CMS.debug("RenewalConstraints: cert " + i
+ + " renewedNotAfter " + renewedNotAfter + " now="
+ + now);
if (renewedNotAfter.before(now)) {
- CMS.debug(
- "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days");
- String params[] = { getInstanceName(), Long.toString(mRenewalNotAfter / DAYS_TO_MS_FACTOR) };
-
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD",
- params), "");
+ CMS.debug("One or more certificates is expired for more than "
+ + (mRenewalNotAfter / DAYS_TO_MS_FACTOR)
+ + " days");
+ String params[] = {
+ getInstanceName(),
+ Long.toString(mRenewalNotAfter
+ / DAYS_TO_MS_FACTOR) };
+
+ setError(
+ req,
+ CMS.getUserMessage(
+ "CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD",
+ params), "");
return PolicyResult.REJECTED;
}
}
@@ -181,35 +191,35 @@ public class RenewalConstraints extends APolicyRule
CMS.debug("RenewalConstraints: checking validity of each cert");
// check if each cert to be renewed is expired.
for (int i = 0; i < oldCerts.length; i++) {
- X509CertInfo oldCertInfo = (X509CertInfo)
- oldCerts[i].get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
- CertificateValidity oldValidity = (CertificateValidity)
- oldCertInfo.get(X509CertInfo.VALIDITY);
- Date notAfter = (Date)
- oldValidity.get(CertificateValidity.NOT_AFTER);
+ X509CertInfo oldCertInfo = (X509CertInfo) oldCerts[i]
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ CertificateValidity oldValidity = (CertificateValidity) oldCertInfo
+ .get(X509CertInfo.VALIDITY);
+ Date notAfter = (Date) oldValidity
+ .get(CertificateValidity.NOT_AFTER);
// Is the Certificate still valid?
Date now = CMS.getCurrentDate();
- CMS.debug("RenewalConstraints: cert " + i + " notAfter " + notAfter + " now=" + now);
+ CMS.debug("RenewalConstraints: cert " + i + " notAfter "
+ + notAfter + " now=" + now);
if (notAfter.before(now)) {
- CMS.debug(
- "RenewalConstraints: One or more certificates is expired.");
+ CMS.debug("RenewalConstraints: One or more certificates is expired.");
String params[] = { getInstanceName() };
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS",
- params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS", params),
+ "");
result = PolicyResult.REJECTED;
break;
}
}
} catch (Exception e) {
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -217,22 +227,22 @@ public class RenewalConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
Vector confParams = new Vector();
- confParams.addElement(
- PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
- confParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" +
- mRenewalNotAfter / DAYS_TO_MS_FACTOR);
+ confParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "="
+ + mAllowExpiredCerts);
+ confParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" + mRenewalNotAfter
+ / DAYS_TO_MS_FACTOR);
return confParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
index 3d98f3c2..8b09c767 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Date;
import java.util.Locale;
import java.util.Vector;
@@ -36,30 +35,29 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * RenewalValidityConstraints is a default rule for Certificate
- * Renewal. This policy enforces the no of days before which a
- * currently active certificate can be renewed and sets new validity
- * period for the renewed certificate starting from the the ending
- * period in the old certificate.
- *
+ * RenewalValidityConstraints is a default rule for Certificate Renewal. This
+ * policy enforces the no of days before which a currently active certificate
+ * can be renewed and sets new validity period for the renewed certificate
+ * starting from the the ending period in the old certificate.
+ *
* The main parameters are:
- *
- * The renewal leadtime in days: - i.e how many days before the
- * expiry of the current certificate can one request the renewal.
- * min and max validity duration.
+ *
+ * The renewal leadtime in days: - i.e how many days before the expiry of the
+ * current certificate can one request the renewal. min and max validity
+ * duration.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class RenewalValidityConstraints extends APolicyRule
- implements IRenewalPolicy, IExtendedPluginInfo {
+public class RenewalValidityConstraints extends APolicyRule implements
+ IRenewalPolicy, IExtendedPluginInfo {
private long mMinValidity;
private long mMaxValidity;
private long mRenewalInterval;
@@ -77,25 +75,25 @@ public class RenewalValidityConstraints extends APolicyRule
private final static Vector defConfParams = new Vector();
static {
- defConfParams.addElement(PROP_MIN_VALIDITY + "=" +
- DEF_MIN_VALIDITY);
- defConfParams.addElement(PROP_MAX_VALIDITY + "=" +
- DEF_MAX_VALIDITY);
- defConfParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
- DEF_RENEWAL_INTERVAL);
+ defConfParams.addElement(PROP_MIN_VALIDITY + "=" + DEF_MIN_VALIDITY);
+ defConfParams.addElement(PROP_MAX_VALIDITY + "=" + DEF_MAX_VALIDITY);
+ defConfParams.addElement(PROP_RENEWAL_INTERVAL + "="
+ + DEF_RENEWAL_INTERVAL);
}
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_MIN_VALIDITY + ";number;Specifies the minimum validity period, in days, for renewed certificates.",
- PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.",
- PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-renewalvalidityconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Reject renewal request if the certificate is too far " +
- "before it's expiry date"
- };
+ PROP_MIN_VALIDITY
+ + ";number;Specifies the minimum validity period, in days, for renewed certificates.",
+ PROP_MAX_VALIDITY
+ + ";number;Specifies the maximum validity period, in days, for renewed certificates.",
+ PROP_RENEWAL_INTERVAL
+ + ";number;Specifies how many days before its expiration that a certificate can be renewed.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-renewalvalidityconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Reject renewal request if the certificate is too far "
+ + "before it's expiry date" };
return params;
@@ -109,20 +107,20 @@ public class RenewalValidityConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.minValidity=30
- * ra.Policy.rule.<ruleName>.maxValidity=180
- * ra.Policy.rule.<ruleName>.renewalInterval=15
- * ra.Policy.rule.<ruleName>.predicate=ou==Sales
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.minValidity=30
+ * ra.Policy.rule.<ruleName>.maxValidity=180
+ * ra.Policy.rule.<ruleName>.renewalInterval=15
+ * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
// Get min and max validity in days and onfigure them.
try {
@@ -148,37 +146,37 @@ public class RenewalValidityConstraints extends APolicyRule
// minValidity can't be bigger than maxValidity.
if (mMinValidity > mMaxValidity) {
- String params[] = {getInstanceName(),
+ String params[] = { getInstanceName(),
String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR),
String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_RENEWAL_MIN_MAX", params));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_RENEWAL_MIN_MAX", params));
}
// Renewal interval can't be more than maxValidity.
if (mRenewalInterval > mMaxValidity) {
- String params[] = {getInstanceName(),
+ String params[] = { getInstanceName(),
String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR),
String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_RENEWAL_INTERVAL", params));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_RENEWAL_INTERVAL", params));
}
} catch (Exception e) {
// e.printStackTrace();
- String[] params = {getInstanceName(), e.toString()};
+ String[] params = { getInstanceName(), e.toString() };
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_POLICY_CONFIG", params));
}
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -190,16 +188,16 @@ public class RenewalValidityConstraints extends APolicyRule
try {
// Get the certificate info from the request
- X509CertInfo certInfo[] =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
// Get the certificates being renwed.
- X509CertImpl currentCerts[] =
- req.getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl currentCerts[] = req
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
// Both certificate info and current certs should be set
if (certInfo == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
getInstanceName()), "");
return PolicyResult.REJECTED;
}
@@ -209,21 +207,21 @@ public class RenewalValidityConstraints extends APolicyRule
return PolicyResult.REJECTED;
}
if (certInfo.length != currentCerts.length) {
- setError(req, CMS.getUserMessage("CMS_POLICY_MISMATCHED_CERTINFO",
- getInstanceName()), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_MISMATCHED_CERTINFO", getInstanceName()),
+ "");
return PolicyResult.REJECTED;
}
// Else check if the renewal interval is okay and then
// set the validity.
for (int i = 0; i < certInfo.length; i++) {
- X509CertInfo oldCertInfo = (X509CertInfo)
- currentCerts[i].get(X509CertImpl.NAME +
- "." + X509CertImpl.INFO);
- CertificateValidity oldValidity = (CertificateValidity)
- oldCertInfo.get(X509CertInfo.VALIDITY);
- Date notAfter = (Date)
- oldValidity.get(CertificateValidity.NOT_AFTER);
+ X509CertInfo oldCertInfo = (X509CertInfo) currentCerts[i]
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ CertificateValidity oldValidity = (CertificateValidity) oldCertInfo
+ .get(X509CertInfo.VALIDITY);
+ Date notAfter = (Date) oldValidity
+ .get(CertificateValidity.NOT_AFTER);
// Is the Certificate still valid?
Date now = CMS.getCurrentDate();
@@ -233,12 +231,13 @@ public class RenewalValidityConstraints extends APolicyRule
long interval = notAfter.getTime() - now.getTime();
if (interval > mRenewalInterval) {
- setError(req,
- CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME",
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_LONG_RENEWAL_LEAD_TIME",
getInstanceName(),
- String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), "");
- setError(req,
- CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS",
+ String.valueOf(mRenewalInterval
+ / DAYS_TO_MS_FACTOR)), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_EXISTING_CERT_DETAILS",
getInstanceName(),
getCertDetails(req, currentCerts[i])), "");
@@ -248,29 +247,28 @@ public class RenewalValidityConstraints extends APolicyRule
}
}
- // Else compute new validity.
+ // Else compute new validity.
Date renewedNotBef = notAfter;
- Date renewedNotAfter = new Date(notAfter.getTime() +
- mMaxValidity);
+ Date renewedNotAfter = new Date(notAfter.getTime()
+ + mMaxValidity);
- // If the new notAfter is within renewal interval days from
+ // If the new notAfter is within renewal interval days from
// today or already expired, set the notBefore to today.
- if (renewedNotAfter.before(now) ||
- (renewedNotAfter.getTime() - now.getTime()) <=
- mRenewalInterval) {
+ if (renewedNotAfter.before(now)
+ || (renewedNotAfter.getTime() - now.getTime()) <= mRenewalInterval) {
renewedNotBef = now;
- renewedNotAfter = new Date(now.getTime() +
- mMaxValidity);
+ renewedNotAfter = new Date(now.getTime() + mMaxValidity);
}
- CertificateValidity newValidity =
- new CertificateValidity(renewedNotBef, renewedNotAfter);
+ CertificateValidity newValidity = new CertificateValidity(
+ renewedNotBef, renewedNotAfter);
certInfo[i].set(X509CertInfo.VALIDITY, newValidity);
}
} catch (Exception e) {
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -278,24 +276,24 @@ public class RenewalValidityConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
Vector confParams = new Vector();
- confParams.addElement(PROP_MIN_VALIDITY + "=" +
- mMinValidity / DAYS_TO_MS_FACTOR);
- confParams.addElement(PROP_MAX_VALIDITY + "=" +
- mMaxValidity / DAYS_TO_MS_FACTOR);
- confParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
- mRenewalInterval / DAYS_TO_MS_FACTOR);
+ confParams.addElement(PROP_MIN_VALIDITY + "=" + mMinValidity
+ / DAYS_TO_MS_FACTOR);
+ confParams.addElement(PROP_MAX_VALIDITY + "=" + mMaxValidity
+ / DAYS_TO_MS_FACTOR);
+ confParams.addElement(PROP_RENEWAL_INTERVAL + "=" + mRenewalInterval
+ / DAYS_TO_MS_FACTOR);
return confParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
@@ -306,7 +304,7 @@ public class RenewalValidityConstraints extends APolicyRule
private void setDummyValidity(X509CertInfo certInfo) {
try {
certInfo.set(X509CertInfo.VALIDITY,
- new CertificateValidity(CMS.getCurrentDate(), new Date()));
+ new CertificateValidity(CMS.getCurrentDate(), new Date()));
} catch (Exception e) {
}
}
@@ -317,8 +315,8 @@ public class RenewalValidityConstraints extends APolicyRule
sb.append("\n");
sb.append("Serial No: " + cert.getSerialNumber().toString(16));
sb.append("\n");
- sb.append("Validity: " + cert.getNotBefore().toString() +
- " - " + cert.getNotAfter().toString());
+ sb.append("Validity: " + cert.getNotBefore().toString() + " - "
+ + cert.getNotAfter().toString());
sb.append("\n");
String certType = req.getExtDataInString(IRequest.CERT_TYPE);
@@ -326,11 +324,12 @@ public class RenewalValidityConstraints extends APolicyRule
certType = IRequest.SERVER_CERT;
if (certType.equals(IRequest.CLIENT_CERT)) {
- /*** Take this our - URL formulation hard to do here.
- sb.append("Use the following url with your CA/RA gateway spec to download the certificate.");
- sb.append("\n");
- sb.append("/query/certImport?op=displayByserial&serialNumber=");
- sb.append(cert.getSerialNumber().toString(16));
+ /***
+ * Take this our - URL formulation hard to do here. sb.append(
+ * "Use the following url with your CA/RA gateway spec to download the certificate."
+ * ); sb.append("\n");
+ * sb.append("/query/certImport?op=displayByserial&serialNumber=");
+ * sb.append(cert.getSerialNumber().toString(16));
***/
sb.append("\n");
} else {
@@ -342,7 +341,7 @@ public class RenewalValidityConstraints extends APolicyRule
sb.append(CERT_HEADER + encodedCert + CERT_TRAILER);
} catch (Exception e) {
- //throw new AssertionException(e.toString());
+ // throw new AssertionException(e.toString());
}
}
return sb.toString();
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
index 686529f4..546bd741 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Date;
import java.util.Locale;
import java.util.Vector;
@@ -38,20 +37,20 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* Whether to allow revocation of an expired cert.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class RevocationConstraints extends APolicyRule
- implements IRevocationPolicy, IExtendedPluginInfo {
+public class RevocationConstraints extends APolicyRule implements
+ IRevocationPolicy, IExtendedPluginInfo {
private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts";
private static final String PROP_ALLOW_ON_HOLD = "allowOnHold";
@@ -71,16 +70,18 @@ public class RevocationConstraints extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to revoke an already-expired certificate",
- PROP_ALLOW_ON_HOLD + ";boolean;Allow a user to set reason to On-Hold",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-revocationconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Allow administrator to decide policy on whether to allow " +
- "recovation of expired certificates" +
- "and set reason to On-Hold"
-
- };
+ PROP_ALLOW_EXPIRED_CERTS
+ + ";boolean;Allow a user to revoke an already-expired certificate",
+ PROP_ALLOW_ON_HOLD
+ + ";boolean;Allow a user to set reason to On-Hold",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-revocationconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Allow administrator to decide policy on whether to allow "
+ + "recovation of expired certificates"
+ + "and set reason to On-Hold"
+
+ };
return params;
@@ -89,36 +90,36 @@ public class RevocationConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
// Get min and max validity in days and onfigure them.
try {
- mAllowExpiredCerts =
- config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true);
- mAllowOnHold =
- config.getBoolean(PROP_ALLOW_ON_HOLD, true);
+ mAllowExpiredCerts = config.getBoolean(PROP_ALLOW_EXPIRED_CERTS,
+ true);
+ mAllowOnHold = config.getBoolean(PROP_ALLOW_ON_HOLD, true);
} catch (EBaseException e) {
// never happen.
}
- CMS.debug("RevocationConstraints: allow expired certs " + mAllowExpiredCerts);
+ CMS.debug("RevocationConstraints: allow expired certs "
+ + mAllowExpiredCerts);
CMS.debug("RevocationConstraints: allow on hold " + mAllowOnHold);
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -127,8 +128,8 @@ public class RevocationConstraints extends APolicyRule
CMS.debug("RevocationConstraints: apply: no revocationReason found in request");
return PolicyResult.REJECTED;
}
- RevocationReason rr = RevocationReason.fromInt(
- req.getExtDataInInteger(IRequest.REVOKED_REASON).intValue());
+ RevocationReason rr = RevocationReason.fromInt(req.getExtDataInInteger(
+ IRequest.REVOKED_REASON).intValue());
if (!mAllowOnHold && (rr != null)) {
int reason = rr.toInt();
@@ -136,37 +137,37 @@ public class RevocationConstraints extends APolicyRule
if (reason == RevocationReason.CERTIFICATE_HOLD.toInt()) {
String params[] = { getInstanceName() };
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_ON_HOLD_ALLOWED", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_NO_ON_HOLD_ALLOWED", params), "");
return PolicyResult.REJECTED;
- }
+ }
}
if (mAllowExpiredCerts)
// nothing to check.
return PolicyResult.ACCEPTED;
-
+
PolicyResult result = PolicyResult.ACCEPTED;
try {
// Get the certificates being renwed.
- X509CertImpl[] oldCerts =
- req.getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl[] oldCerts = req
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
if (oldCerts == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT"),
- getInstanceName());
+ getInstanceName());
return PolicyResult.REJECTED;
}
// check if each cert to be renewed is expired.
for (int i = 0; i < oldCerts.length; i++) {
- X509CertInfo oldCertInfo = (X509CertInfo)
- oldCerts[i].get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
- CertificateValidity oldValidity = (CertificateValidity)
- oldCertInfo.get(X509CertInfo.VALIDITY);
- Date notAfter = (Date)
- oldValidity.get(CertificateValidity.NOT_AFTER);
+ X509CertInfo oldCertInfo = (X509CertInfo) oldCerts[i]
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ CertificateValidity oldValidity = (CertificateValidity) oldCertInfo
+ .get(X509CertInfo.VALIDITY);
+ Date notAfter = (Date) oldValidity
+ .get(CertificateValidity.NOT_AFTER);
// Is the Certificate still valid?
Date now = CMS.getCurrentDate();
@@ -174,18 +175,19 @@ public class RevocationConstraints extends APolicyRule
if (notAfter.before(now)) {
String params[] = { getInstanceName() };
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS",
- params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS", params),
+ "");
result = PolicyResult.REJECTED;
break;
}
}
} catch (Exception e) {
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -193,22 +195,21 @@ public class RevocationConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
Vector confParams = new Vector();
- confParams.addElement(
- PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
- confParams.addElement(
- PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold);
+ confParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "="
+ + mAllowExpiredCerts);
+ confParams.addElement(PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold);
return confParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
index 9d519284..213212fb 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Locale;
import java.util.StringTokenizer;
import java.util.Vector;
@@ -41,23 +40,24 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * SigningAlgorithmConstraints enforces that only a supported
- * signing algorithm be requested.
+ * SigningAlgorithmConstraints enforces that only a supported signing algorithm
+ * be requested.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class SigningAlgorithmConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class SigningAlgorithmConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
private String[] mAllowedAlgs = null; // algs allowed by this policy
- static String[] mDefaultAllowedAlgs = null; // default algs allowed by this policy based on CA's key
+ static String[] mDefaultAllowedAlgs = null; // default algs allowed by this
+ // policy based on CA's key
private String[] mConfigAlgs = null; // algs listed in config file
private boolean winnowedByKey = false;
IAuthority mAuthority = null;
@@ -94,17 +94,17 @@ public class SigningAlgorithmConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form
- * ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints
- * ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.predicate=ou==Sales
- *
- * @param config The config store reference
+ * ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints
+ * ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mAuthority = (IAuthority) ((IPolicyProcessor) owner).getAuthority();
// Get allowed algorithms from config file
@@ -114,10 +114,11 @@ public class SigningAlgorithmConstraints extends APolicyRule
try {
algNames = config.getString(PROP_ALGORITHMS, null);
} catch (Exception e) {
- String[] params = {getInstanceName(), e.toString(), PROP_ALGORITHMS};
+ String[] params = { getInstanceName(), e.toString(),
+ PROP_ALGORITHMS };
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_PARAM_CONFIG_ERROR", params));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_PARAM_CONFIG_ERROR", params));
}
if (algNames != null) {
@@ -136,7 +137,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
for (int i = 0; i < itemCount; i++) {
mAllowedAlgs[i] = (String) algs.elementAt(i);
}
-
+
}
}
@@ -149,8 +150,8 @@ public class SigningAlgorithmConstraints extends APolicyRule
if (mAllowedAlgs != null) {
// winnow out unknown algorithms
- winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS,
- "CMS_POLICY_UNKNOWN_SIGNING_ALG", true);
+ winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS,
+ "CMS_POLICY_UNKNOWN_SIGNING_ALG", true);
} else {
// if nothing was in the config file, allow all known algs
mAllowedAlgs = AlgorithmId.ALL_SIGNING_ALGORITHMS;
@@ -160,8 +161,8 @@ public class SigningAlgorithmConstraints extends APolicyRule
winnowByKey();
if (mAllowedAlgs.length == 0) {
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY", NAME));
}
}
@@ -182,20 +183,20 @@ public class SigningAlgorithmConstraints extends APolicyRule
}
// get list of algorithms allowed for the key
- String[] allowedByKey =
- ((ICertAuthority) mAuthority).getCASigningAlgorithms();
+ String[] allowedByKey = ((ICertAuthority) mAuthority)
+ .getCASigningAlgorithms();
if (allowedByKey != null) {
- // don't show algorithms that don't match CA's key in UI.
+ // don't show algorithms that don't match CA's key in UI.
mDefaultAllowedAlgs = new String[allowedByKey.length];
for (int i = 0; i < allowedByKey.length; i++)
mDefaultAllowedAlgs[i] = allowedByKey[i];
- // winnow out algorithms that don't match CA's signing key
- winnowAlgs(allowedByKey,
- "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false);
+ // winnow out algorithms that don't match CA's signing key
+ winnowAlgs(allowedByKey, "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1",
+ false);
winnowedByKey = true;
} else {
- // We don't know the CA's signing algorithms. Maybe we're
+ // We don't know the CA's signing algorithms. Maybe we're
// an RA that hasn't talked to the CA yet? Try again later.
}
}
@@ -203,14 +204,15 @@ public class SigningAlgorithmConstraints extends APolicyRule
/**
* Winnows out of mAllowedAlgorithms those algorithms that aren't allowed
* for some reason.
- *
- * @param allowed An array of allowed algorithms. Only algorithms in this
- * list will survive the winnowing process.
- * @param reason A string describing the problem with an algorithm
- * that is not allowed by this list. Must be a predefined string in PolicyResources.
+ *
+ * @param allowed An array of allowed algorithms. Only algorithms in this
+ * list will survive the winnowing process.
+ * @param reason A string describing the problem with an algorithm that is
+ * not allowed by this list. Must be a predefined string in
+ * PolicyResources.
*/
- private void winnowAlgs(String[] allowed, String reason, boolean isError)
- throws EBaseException {
+ private void winnowAlgs(String[] allowed, String reason, boolean isError)
+ throws EBaseException {
int i, j, goodSize;
// validate the currently-allowed algorithms
@@ -225,12 +227,13 @@ public class SigningAlgorithmConstraints extends APolicyRule
}
// if algorithm is not allowed, log a warning
if (j == allowed.length) {
- EPolicyException e = new EPolicyException(CMS.getUserMessage(reason, NAME, mAllowedAlgs[i]));
+ EPolicyException e = new EPolicyException(CMS.getUserMessage(
+ reason, NAME, mAllowedAlgs[i]));
if (isError) {
log(ILogger.LL_FAILURE, e.toString());
- throw new EPolicyException(CMS.getUserMessage(reason,
- NAME, mAllowedAlgs[i]));
+ throw new EPolicyException(CMS.getUserMessage(reason, NAME,
+ mAllowedAlgs[i]));
} else {
log(ILogger.LL_WARN, e.toString());
}
@@ -240,7 +243,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
// convert back into an array
goodSize = goodAlgs.size();
if (mAllowedAlgs.length != goodSize) {
- mAllowedAlgs = new String[ goodSize ];
+ mAllowedAlgs = new String[goodSize];
for (i = 0; i < goodSize; i++) {
mAllowedAlgs[i] = (String) goodAlgs.elementAt(i);
}
@@ -250,8 +253,8 @@ public class SigningAlgorithmConstraints extends APolicyRule
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -262,9 +265,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
try {
// Get the certificate info from the request
- //X509CertInfo certInfo[] = (X509CertInfo[])
- // req.get(IRequest.CERT_INFO);
- X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ // X509CertInfo certInfo[] = (X509CertInfo[])
+ // req.get(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
// We need to have a certificate info set
if (certInfo == null) {
@@ -281,11 +285,11 @@ public class SigningAlgorithmConstraints extends APolicyRule
winnowByKey();
}
- CertificateAlgorithmId certAlgId = (CertificateAlgorithmId)
- certInfo[i].get(X509CertInfo.ALGORITHM_ID);
+ CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) certInfo[i]
+ .get(X509CertInfo.ALGORITHM_ID);
- AlgorithmId algId = (AlgorithmId)
- certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+ AlgorithmId algId = (AlgorithmId) certAlgId
+ .get(CertificateAlgorithmId.ALGORITHM);
String alg = algId.getName();
// test against the list of allowed algorithms
@@ -297,26 +301,28 @@ public class SigningAlgorithmConstraints extends APolicyRule
if (j == mAllowedAlgs.length) {
// if the algor doesn't match the CA's key replace
// it with one that does.
- if (mAllowedAlgs[0].equals("SHA1withDSA") ||
- alg.equals("SHA1withDSA")) {
- certInfo[i].set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(
- AlgorithmId.get(mAllowedAlgs[0])));
+ if (mAllowedAlgs[0].equals("SHA1withDSA")
+ || alg.equals("SHA1withDSA")) {
+ certInfo[i].set(
+ X509CertInfo.ALGORITHM_ID,
+ new CertificateAlgorithmId(AlgorithmId
+ .get(mAllowedAlgs[0])));
return PolicyResult.ACCEPTED;
}
// didn't find a match, alg not allowed
- setError(req, CMS.getUserMessage("CMS_POLICY_SIGNING_ALG_VIOLATION",
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_SIGNING_ALG_VIOLATION",
getInstanceName(), alg), "");
result = PolicyResult.REJECTED;
}
}
} catch (Exception e) {
// e.printStackTrace();
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -324,10 +330,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector confParams = new Vector();
StringBuffer sb = new StringBuffer();
@@ -343,10 +349,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
StringBuffer sb = new StringBuffer();
sb.append(PROP_ALGORITHMS);
sb.append("=");
@@ -365,67 +371,73 @@ public class SigningAlgorithmConstraints extends APolicyRule
}
defConfParams.addElement(sb.toString());
- return defConfParams;
+ return defConfParams;
}
public String[] getExtendedPluginInfo(Locale locale) {
if (!winnowedByKey) {
- try {
- winnowByKey();
- } catch (Exception e) {
+ try {
+ winnowByKey();
+ } catch (Exception e) {
}
}
String[] params = null;
String[] params_BOTH = {
- PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," +
- "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA,"+
- "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
- "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," +
- "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
- "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," +
- "MD2withRSA\\,MD5withRSA," +
- "MD2withRSA\\,SHA1withRSA," +
- "MD2withRSA\\,SHA1withDSA," +
- "MD5withRSA\\,SHA1withRSA," +
- "MD5withRSA\\,SHA1withDSA," +
- "SHA1withRSA\\,SHA1withDSA," +
- "MD2withRSA," +
- "MD5withRSA," +
- "SHA1withRSA," +
- "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " +
- "to be one of the algorithms supported by Certificate System",
- IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Restricts the requested signing algorithm to be one of" +
- " the algorithms supported by Certificate System"
- };
+ PROP_ALGORITHMS
+ + ";"
+ + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA,"
+ + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA,"
+ + "MD2withRSA\\,MD5withRSA\\,SHA1withRSA,"
+ + "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA,"
+ + "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA,"
+ + "MD2withRSA\\,MD5withRSA\\,SHA1withDSA,"
+ + "MD2withRSA\\,MD5withRSA,"
+ + "MD2withRSA\\,SHA1withRSA,"
+ + "MD2withRSA\\,SHA1withDSA,"
+ + "MD5withRSA\\,SHA1withRSA,"
+ + "MD5withRSA\\,SHA1withDSA,"
+ + "SHA1withRSA\\,SHA1withDSA,"
+ + "MD2withRSA,"
+ + "MD5withRSA,"
+ + "SHA1withRSA,"
+ + "SHA1withDSA);List of algorithms to restrict the requested signing algorithm "
+ + "to be one of the algorithms supported by Certificate System",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-signingalgconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Restricts the requested signing algorithm to be one of"
+ + " the algorithms supported by Certificate System" };
String[] params_RSA = {
- PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
- "MD2withRSA\\,MD5withRSA," +
- "MD2withRSA\\,SHA1withRSA," +
- "MD5withRSA\\,SHA1withRSA," +
- "MD2withRSA," +
- "MD5withRSA," +
- "SHA1withRSA);Restrict the requested signing algorithm to be " +
- "one of the algorithms supported by Certificate System",
- IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Restricts the requested signing algorithm to be one of" +
- " the algorithms supported by Certificate System"
- };
+ PROP_ALGORITHMS
+ + ";"
+ + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA,"
+ + "MD2withRSA\\,MD5withRSA,"
+ + "MD2withRSA\\,SHA1withRSA,"
+ + "MD5withRSA\\,SHA1withRSA,"
+ + "MD2withRSA,"
+ + "MD5withRSA,"
+ + "SHA1withRSA);Restrict the requested signing algorithm to be "
+ + "one of the algorithms supported by Certificate System",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-signingalgconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Restricts the requested signing algorithm to be one of"
+ + " the algorithms supported by Certificate System" };
String[] params_DSA = {
- PROP_ALGORITHMS + ";" + "choice(SHA1withDSA);Restrict the requested signing " +
- "algorithm to be one of the algorithms supported by Certificate " +
- "System",
- IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Restricts the requested signing algorithm to be one of" +
- " the algorithms supported by Certificate System"
- };
+ PROP_ALGORITHMS
+ + ";"
+ + "choice(SHA1withDSA);Restrict the requested signing "
+ + "algorithm to be one of the algorithms supported by Certificate "
+ + "System",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-signingalgconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Restricts the requested signing algorithm to be one of"
+ + " the algorithms supported by Certificate System" };
switch (mDefaultAllowedAlgs.length) {
case 1:
@@ -447,4 +459,3 @@ public class SigningAlgorithmConstraints extends APolicyRule
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
index 8e8cd4a7..4372e46a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Locale;
import java.util.Vector;
@@ -41,20 +40,21 @@ import com.netscape.certsrv.request.PolicyResult;
import com.netscape.certsrv.security.ISigningUnit;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * This simple policy checks the subordinate CA CSR to see
- * if it is the same as the local CA.
+ * This simple policy checks the subordinate CA CSR to see if it is the same as
+ * the local CA.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class SubCANameConstraints extends APolicyRule implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class SubCANameConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
public ICertificateAuthority mCA = null;
public String mIssuerNameStr = null;
@@ -65,48 +65,49 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-subcanamecheck",
- IExtendedPluginInfo.HELP_TEXT +
- ";Checks if subordinate CA request matches the local CA. There are no parameters to change"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-subcanamecheck",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Checks if subordinate CA request matches the local CA. There are no parameters to change" };
return params;
}
-
+
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form
- * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
- * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.predicate=ou==Sales
- *
- * @param config The config store reference
+ * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
+ * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
// get CA's public key to create authority key id.
- ICertAuthority certAuthority = (ICertAuthority)
- ((IPolicyProcessor) owner).getAuthority();
+ ICertAuthority certAuthority = (ICertAuthority) ((IPolicyProcessor) owner)
+ .getAuthority();
if (certAuthority == null) {
// should never get here.
log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Cannot find the Certificate Manager"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ "Cannot find the Certificate Manager"));
}
if (!(certAuthority instanceof ICertificateAuthority)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Cannot find the Certificate Manager"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ "Cannot find the Certificate Manager"));
}
mCA = (ICertificateAuthority) certAuthority;
ISigningUnit su = mCA.getSigningUnit();
- if( su == null || CMS.isPreOpMode() ) {
+ if (su == null || CMS.isPreOpMode()) {
return;
}
@@ -124,8 +125,8 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -134,39 +135,52 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
try {
// Get the certificate templates
- X509CertInfo[] certInfos = req.getExtDataInCertInfoArray(
- IRequest.CERT_INFO);
-
+ X509CertInfo[] certInfos = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
if (certInfos == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_CERT_INFO", getInstanceName()));
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME + ":" + getInstanceName()), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_NO_CERT_INFO", getInstanceName()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME
+ + ":" + getInstanceName()), "");
return PolicyResult.REJECTED;
}
// retrieve the subject name and check its unqiueness
for (int i = 0; i < certInfos.length; i++) {
- CertificateSubjectName subName = (CertificateSubjectName) certInfos[i].get(X509CertInfo.SUBJECT);
+ CertificateSubjectName subName = (CertificateSubjectName) certInfos[i]
+ .get(X509CertInfo.SUBJECT);
// if there is no name set, set one here.
if (subName == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_SUBJECT_NAME_1", getInstanceName()));
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME", NAME + ":" + getInstanceName()), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_NO_SUBJECT_NAME_1", getInstanceName()));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_NO_SUBJECT_NAME", NAME + ":"
+ + getInstanceName()), "");
return PolicyResult.REJECTED;
}
String certSubjectName = subName.toString();
if (certSubjectName.equalsIgnoreCase(mIssuerNameStr)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_SUBJECT_NAME_EXIST_1", mIssuerNameStr));
- setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", NAME + ":" + "Same As Issuer Name " + mIssuerNameStr), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_SUBJECT_NAME_EXIST_1", mIssuerNameStr));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_NAME_EXIST", NAME + ":"
+ + "Same As Issuer Name " + mIssuerNameStr),
+ "");
result = PolicyResult.REJECTED;
}
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_SUBJECT_NAME_1", getInstanceName()));
- String params[] = {getInstanceName(), e.toString()};
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_NO_SUBJECT_NAME_1", getInstanceName()));
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -174,24 +188,23 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector v = new Vector();
return v;
}
-
+
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector v = new Vector();
return v;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
index dc8ecd79..9afbf765 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
@@ -17,17 +17,15 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
-
-
/**
* This class is used to help migrate CMS4.1 to CMS4.2.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
index 4e7cefe7..189aa99f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -44,35 +43,31 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Checks the uniqueness of the subject name. This policy
- * can only be used (installed) in Certificate Authority
- * subsystem.
- *
- * This policy can perform pre-agent-approval checking or
- * post-agent-approval checking based on configuration
- * setting.
- *
- * In some situations, user may want to have 2 certificates with
- * the same subject name. For example, one key for encryption,
- * and one for signing. This policy does not deal with this case
- * directly. But it can be easily extended to do that.
+ * Checks the uniqueness of the subject name. This policy can only be used
+ * (installed) in Certificate Authority subsystem.
+ *
+ * This policy can perform pre-agent-approval checking or post-agent-approval
+ * checking based on configuration setting.
+ *
+ * In some situations, user may want to have 2 certificates with the same
+ * subject name. For example, one key for encryption, and one for signing. This
+ * policy does not deal with this case directly. But it can be easily extended
+ * to do that.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class UniqueSubjectNameConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
- protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING =
- "enablePreAgentApprovalChecking";
- protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING =
- "enableKeyUsageExtensionChecking";
+public class UniqueSubjectNameConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
+ protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING = "enablePreAgentApprovalChecking";
+ protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING = "enableKeyUsageExtensionChecking";
public ICertificateAuthority mCA = null;
@@ -82,18 +77,19 @@ public class UniqueSubjectNameConstraints extends APolicyRule
public UniqueSubjectNameConstraints() {
NAME = "UniqueSubjectName";
DESC = "Ensure the uniqueness of the subject name.";
- }
+ }
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_PRE_AGENT_APPROVAL_CHECKING + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)",
- PROP_KEY_USAGE_EXTENSION_CHECKING + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-uniquesubjectname",
- IExtendedPluginInfo.HELP_TEXT +
- ";Rejects a request if there exists an unrevoked, unexpired " +
- "certificate with the same subject name"
- };
+ PROP_PRE_AGENT_APPROVAL_CHECKING
+ + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)",
+ PROP_KEY_USAGE_EXTENSION_CHECKING
+ + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-uniquesubjectname",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Rejects a request if there exists an unrevoked, unexpired "
+ + "certificate with the same subject name" };
return params;
@@ -102,42 +98,46 @@ public class UniqueSubjectNameConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form:
- *
- * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName
- * ca.Policy.rule.<ruleName>.enable=true
- * ca.Policy.rule.<ruleName>.enable=true
- * ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true
- * ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName
+ * ca.Policy.rule.<ruleName>.enable=true
+ * ca.Policy.rule.<ruleName>.enable=true
+ * ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true
+ * ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true
+ *
+ * @param config The config store reference
*/
- public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ public void init(ISubsystem owner, IConfigStore config)
+ throws EBaseException {
// get CA's public key to create authority key id.
- ICertAuthority certAuthority = (ICertAuthority)
- ((IPolicyProcessor) owner).getAuthority();
+ ICertAuthority certAuthority = (ICertAuthority) ((IPolicyProcessor) owner)
+ .getAuthority();
if (certAuthority == null) {
// should never get here.
log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager or Registration Manager"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+ "Cannot find the Certificate Manager or Registration Manager"));
}
if (!(certAuthority instanceof ICertificateAuthority)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "Cannot find the Certificate Manager"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ "Cannot find the Certificate Manager"));
}
mCA = (ICertificateAuthority) certAuthority;
try {
- mPreAgentApprovalChecking =
- config.getBoolean(PROP_PRE_AGENT_APPROVAL_CHECKING, false);
+ mPreAgentApprovalChecking = config.getBoolean(
+ PROP_PRE_AGENT_APPROVAL_CHECKING, false);
} catch (EBaseException e) {
}
try {
- mKeyUsageExtensionChecking =
- config.getBoolean(PROP_KEY_USAGE_EXTENSION_CHECKING, true);
+ mKeyUsageExtensionChecking = config.getBoolean(
+ PROP_KEY_USAGE_EXTENSION_CHECKING, true);
} catch (EBaseException e) {
}
}
@@ -145,8 +145,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -160,47 +160,52 @@ public class UniqueSubjectNameConstraints extends APolicyRule
try {
// Get the certificate templates
- X509CertInfo[] certInfos = req.getExtDataInCertInfoArray(
- IRequest.CERT_INFO);
-
+ X509CertInfo[] certInfos = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
if (certInfos == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
getInstanceName()), "");
return PolicyResult.REJECTED;
}
// retrieve the subject name and check its unqiueness
for (int i = 0; i < certInfos.length; i++) {
- CertificateSubjectName subName = (CertificateSubjectName)
- certInfos[i].get(X509CertInfo.SUBJECT);
+ CertificateSubjectName subName = (CertificateSubjectName) certInfos[i]
+ .get(X509CertInfo.SUBJECT);
// if there is no name set, set one here.
if (subName == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME",
- getInstanceName()), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_NO_SUBJECT_NAME", getInstanceName()),
+ "");
return PolicyResult.REJECTED;
}
String certSubjectName = subName.toString();
String filter = "x509Cert.subject=" + certSubjectName;
// subject name is indexed, so we only use subject name
// in the filter
- Enumeration matched =
- mCA.getCertificateRepository().findCertRecords(filter);
+ Enumeration matched = mCA.getCertificateRepository()
+ .findCertRecords(filter);
while (matched.hasMoreElements()) {
ICertRecord rec = (ICertRecord) matched.nextElement();
String status = rec.getStatus();
- if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
- // accept this only if we have a REVOKED,
+ if (status.equals(ICertRecord.STATUS_REVOKED)
+ || status.equals(ICertRecord.STATUS_EXPIRED)
+ || status
+ .equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ // accept this only if we have a REVOKED,
// EXPIRED or REVOKED_EXPIRED certificate
continue;
-
+
}
- // you already have an VALID or INVALID (not yet valid) certificate
+ // you already have an VALID or INVALID (not yet valid)
+ // certificate
if (mKeyUsageExtensionChecking && agentApproved(req)) {
- // This request is agent approved which
- // means all requested extensions are finalized
+ // This request is agent approved which
+ // means all requested extensions are finalized
// to the request,
// We will accept duplicated subject name with
// different keyUsage extension if
@@ -210,35 +215,35 @@ public class UniqueSubjectNameConstraints extends APolicyRule
}
}
- setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST",
- getInstanceName() + " " + certSubjectName), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_NAME_EXIST", getInstanceName()
+ + " " + certSubjectName), "");
return PolicyResult.REJECTED;
}
}
} catch (Exception e) {
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
}
/**
- * Checks if the key extension in the issued certificate
- * is the same as the one in the certificate template.
+ * Checks if the key extension in the issued certificate is the same as the
+ * one in the certificate template.
*/
- private boolean sameKeyUsageExtension(ICertRecord rec,
- X509CertInfo certInfo) {
+ private boolean sameKeyUsageExtension(ICertRecord rec, X509CertInfo certInfo) {
X509CertImpl impl = rec.getCertificate();
boolean bits[] = impl.getKeyUsage();
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (IOException e) {
} catch (java.security.cert.CertificateException e) {
}
@@ -249,8 +254,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule
return false;
} else {
try {
- ext = (KeyUsageExtension) extensions.get(
- KeyUsageExtension.NAME);
+ ext = (KeyUsageExtension) extensions
+ .get(KeyUsageExtension.NAME);
} catch (IOException e) {
// extension isn't there.
}
@@ -282,25 +287,25 @@ public class UniqueSubjectNameConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
Vector confParams = new Vector();
- confParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING +
- "=" + mPreAgentApprovalChecking);
- confParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING +
- "=" + mKeyUsageExtensionChecking);
+ confParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "="
+ + mPreAgentApprovalChecking);
+ confParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING + "="
+ + mKeyUsageExtensionChecking);
return confParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
defParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "=");
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
index 62c49450..c82c8b1f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.constraints;
-
import java.util.Date;
import java.util.Locale;
import java.util.Vector;
@@ -35,26 +34,24 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * ValidityConstraints is a default rule for Enrollment and
- * Renewal that enforces minimum and maximum validity periods
- * and changes them if not met.
- *
- * Optionally the lead and lag times - i.e how far back into the
- * front or back the notBefore date could go in minutes can also
- * be specified.
+ * ValidityConstraints is a default rule for Enrollment and Renewal that
+ * enforces minimum and maximum validity periods and changes them if not met.
+ *
+ * Optionally the lead and lag times - i.e how far back into the front or back
+ * the notBefore date could go in minutes can also be specified.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class ValidityConstraints extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class ValidityConstraints extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected long mMinValidity;
protected long mMaxValidity;
protected long mLeadTime;
@@ -77,32 +74,29 @@ public class ValidityConstraints extends APolicyRule
private final static Vector defConfParams = new Vector();
static {
- defConfParams.addElement(PROP_MIN_VALIDITY + "=" +
- DEF_MIN_VALIDITY);
- defConfParams.addElement(PROP_MAX_VALIDITY + "=" +
- DEF_MAX_VALIDITY);
- defConfParams.addElement(PROP_LEAD_TIME + "=" +
- DEF_LEAD_TIME);
- defConfParams.addElement(PROP_LAG_TIME + "=" +
- DEF_LAG_TIME);
- defConfParams.addElement(PROP_NOT_BEFORE_SKEW + "=" +
- DEF_NOT_BEFORE_SKEW);
+ defConfParams.addElement(PROP_MIN_VALIDITY + "=" + DEF_MIN_VALIDITY);
+ defConfParams.addElement(PROP_MAX_VALIDITY + "=" + DEF_MAX_VALIDITY);
+ defConfParams.addElement(PROP_LEAD_TIME + "=" + DEF_LEAD_TIME);
+ defConfParams.addElement(PROP_LAG_TIME + "=" + DEF_LAG_TIME);
+ defConfParams.addElement(PROP_NOT_BEFORE_SKEW + "="
+ + DEF_NOT_BEFORE_SKEW);
}
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
PROP_MIN_VALIDITY + ";number;Minimum Validity time, in days",
PROP_MAX_VALIDITY + ";number;Maximum Validity time, in days",
- PROP_LEAD_TIME + ";number;Number of minutes in the future a request's notBefore can be",
+ PROP_LEAD_TIME
+ + ";number;Number of minutes in the future a request's notBefore can be",
PROP_LAG_TIME + ";number;NOT CURRENTLY IN USE",
- PROP_NOT_BEFORE_SKEW + ";number;Number of minutes a cert's notBefore should be in the past",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-validityconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Ensures that the user's requested validity period is " +
- "acceptable. If not specified, as is usually the case, " +
- "this policy will set the validity. See RFC 2459."
- };
+ PROP_NOT_BEFORE_SKEW
+ + ";number;Number of minutes a cert's notBefore should be in the past",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-validityconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Ensures that the user's requested validity period is "
+ + "acceptable. If not specified, as is usually the case, "
+ + "this policy will set the validity. See RFC 2459." };
return params;
@@ -116,19 +110,19 @@ public class ValidityConstraints extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries probably are of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.minValidity=30
- * ra.Policy.rule.<ruleName>.maxValidity=180
- * ra.Policy.rule.<ruleName>.predicate=ou==Sales
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.minValidity=30
+ * ra.Policy.rule.<ruleName>.maxValidity=180
+ * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EPolicyException {
+ throws EPolicyException {
// Get min and max validity in days and configure them.
try {
@@ -164,18 +158,18 @@ public class ValidityConstraints extends APolicyRule
mNotBeforeSkew = DEF_NOT_BEFORE_SKEW * MINS_TO_MS_FACTOR;
} catch (Exception e) {
// e.printStackTrace();
- String[] params = {getInstanceName(), e.toString()};
+ String[] params = { getInstanceName(), e.toString() };
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_POLICY_CONFIG", params));
}
}
/**
* Applies the policy on the given Request.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
@@ -184,9 +178,10 @@ public class ValidityConstraints extends APolicyRule
try {
// Get the certificate info from the request
- //X509CertInfo certInfo[] = (X509CertInfo[])
- // req.get(IRequest.CERT_INFO);
- X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ // X509CertInfo certInfo[] = (X509CertInfo[])
+ // req.get(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
// There should be a certificate info set.
if (certInfo == null) {
@@ -197,64 +192,67 @@ public class ValidityConstraints extends APolicyRule
// Else check if validity is within the limit
for (int i = 0; i < certInfo.length; i++) {
- CertificateValidity validity = (CertificateValidity)
- certInfo[i].get(X509CertInfo.VALIDITY);
+ CertificateValidity validity = (CertificateValidity) certInfo[i]
+ .get(X509CertInfo.VALIDITY);
Date notBefore = null, notAfter = null;
if (validity != null) {
- notBefore = (Date)
- validity.get(CertificateValidity.NOT_BEFORE);
- notAfter = (Date)
- validity.get(CertificateValidity.NOT_AFTER);
+ notBefore = (Date) validity
+ .get(CertificateValidity.NOT_BEFORE);
+ notAfter = (Date) validity
+ .get(CertificateValidity.NOT_AFTER);
}
- // If no validity is supplied yet, make one. The default
+ // If no validity is supplied yet, make one. The default
// validity is supposed to pass the following checks, so
// bypass further checking.
// (date = 0 is hack for serialization)
- if (validity == null ||
- (notBefore.getTime() == 0 && notAfter.getTime() == 0)) {
+ if (validity == null
+ || (notBefore.getTime() == 0 && notAfter.getTime() == 0)) {
certInfo[i].set(X509CertInfo.VALIDITY,
- makeDefaultValidity(req));
+ makeDefaultValidity(req));
continue;
}
Date now = CMS.getCurrentDate();
if (notBefore.getTime() > (now.getTime() + mLeadTime)) {
- setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_BEGIN_TIME",
- getInstanceName()), "");
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_INVALID_BEGIN_TIME",
+ getInstanceName()), "");
result = PolicyResult.REJECTED;
}
- if ((notAfter.getTime() - notBefore.getTime()) >
- mMaxValidity) {
- String params[] = {getInstanceName(),
- String.valueOf(
- ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
- String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR)};
-
- setError(req, CMS.getUserMessage("CMS_POLICY_MORE_THAN_MAX_VALIDITY", params), "");
+ if ((notAfter.getTime() - notBefore.getTime()) > mMaxValidity) {
+ String params[] = {
+ getInstanceName(),
+ String.valueOf(((notAfter.getTime() - notBefore
+ .getTime()) / DAYS_TO_MS_FACTOR)),
+ String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
+
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_MORE_THAN_MAX_VALIDITY", params), "");
result = PolicyResult.REJECTED;
}
- if ((notAfter.getTime() - notBefore.getTime()) <
- mMinValidity) {
- String params[] = {getInstanceName(),
- String.valueOf(
- ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
- String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR)};
-
- setError(req, CMS.getUserMessage("CMS_POLICY_LESS_THAN_MIN_VALIDITY", params), "");
+ if ((notAfter.getTime() - notBefore.getTime()) < mMinValidity) {
+ String params[] = {
+ getInstanceName(),
+ String.valueOf(((notAfter.getTime() - notBefore
+ .getTime()) / DAYS_TO_MS_FACTOR)),
+ String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR) };
+
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_LESS_THAN_MIN_VALIDITY", params), "");
result = PolicyResult.REJECTED;
}
}
} catch (Exception e) {
// e.printStackTrace();
- String params[] = {getInstanceName(), e.toString()};
+ String params[] = { getInstanceName(), e.toString() };
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- params), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
result = PolicyResult.REJECTED;
}
return result;
@@ -262,28 +260,28 @@ public class ValidityConstraints extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
Vector confParams = new Vector();
- confParams.addElement(PROP_MIN_VALIDITY + "=" +
- mMinValidity / DAYS_TO_MS_FACTOR);
- confParams.addElement(PROP_MAX_VALIDITY + "=" +
- mMaxValidity / DAYS_TO_MS_FACTOR);
- confParams.addElement(PROP_LEAD_TIME + "="
- + mLeadTime / MINS_TO_MS_FACTOR);
- confParams.addElement(PROP_LAG_TIME + "=" +
- mLagTime / MINS_TO_MS_FACTOR);
- confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" +
- mNotBeforeSkew / MINS_TO_MS_FACTOR);
+ confParams.addElement(PROP_MIN_VALIDITY + "=" + mMinValidity
+ / DAYS_TO_MS_FACTOR);
+ confParams.addElement(PROP_MAX_VALIDITY + "=" + mMaxValidity
+ / DAYS_TO_MS_FACTOR);
+ confParams.addElement(PROP_LEAD_TIME + "=" + mLeadTime
+ / MINS_TO_MS_FACTOR);
+ confParams.addElement(PROP_LAG_TIME + "=" + mLagTime
+ / MINS_TO_MS_FACTOR);
+ confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" + mNotBeforeSkew
+ / MINS_TO_MS_FACTOR);
return confParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getDefaultParams() {
@@ -292,12 +290,12 @@ public class ValidityConstraints extends APolicyRule
/**
* Create a default validity value for a request
- *
+ *
* This code can be easily overridden in a derived class, if the
* calculations here aren't accepatble.
- *
- * TODO: it might be good to base this calculation on the creation
- * time of the request.
+ *
+ * TODO: it might be good to base this calculation on the creation time of
+ * the request.
*/
protected CertificateValidity makeDefaultValidity(IRequest req) {
long now = roundTimeToSecond((CMS.getCurrentDate()).getTime());
@@ -311,13 +309,11 @@ public class ValidityConstraints extends APolicyRule
}
/**
- * convert a millisecond resolution time into one with 1 second
- * resolution. Most times in certificates are storage at 1
- * second resolution, so its better if we deal with things at
- * that level.
+ * convert a millisecond resolution time into one with 1 second resolution.
+ * Most times in certificates are storage at 1 second resolution, so its
+ * better if we deal with things at that level.
*/
protected long roundTimeToSecond(long input) {
return (input / 1000) * 1000;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
index b641d91e..25af7298 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
@@ -43,57 +42,45 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Authority Information Access extension policy.
- * If this policy is enabled, it adds an authority
- * information access extension to the certificate.
- *
+ * Authority Information Access extension policy. If this policy is enabled, it
+ * adds an authority information access extension to the certificate.
+ *
* The following listed sample configuration parameters:
*
- * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.AuthInfoAccessExt
+ * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.
+ * AuthInfoAccessExt
* ca.Policy.rule.aia.ad0_location=uriName:http://ocsp1.netscape.com
- * ca.Policy.rule.aia.ad0_method=ocsp
- * ca.Policy.rule.aia.ad1_location_type=URI
+ * ca.Policy.rule.aia.ad0_method=ocsp ca.Policy.rule.aia.ad1_location_type=URI
* ca.Policy.rule.aia.ad1_location=http://ocsp2.netscape.com
- * ca.Policy.rule.aia.ad1_method=ocsp
- * ca.Policy.rule.aia.ad2_location=
- * ca.Policy.rule.aia.ad2_method=
- * ca.Policy.rule.aia.ad3_location=
- * ca.Policy.rule.aia.ad3_method=
- * ca.Policy.rule.aia.ad4_location=
- * ca.Policy.rule.aia.ad4_method=
- * ca.Policy.rule.aia.critical=true
- * ca.Policy.rule.aia.enable=true
- * ca.Policy.rule.aia.implName=AuthInfoAccess
+ * ca.Policy.rule.aia.ad1_method=ocsp ca.Policy.rule.aia.ad2_location=
+ * ca.Policy.rule.aia.ad2_method= ca.Policy.rule.aia.ad3_location=
+ * ca.Policy.rule.aia.ad3_method= ca.Policy.rule.aia.ad4_location=
+ * ca.Policy.rule.aia.ad4_method= ca.Policy.rule.aia.critical=true
+ * ca.Policy.rule.aia.enable=true ca.Policy.rule.aia.implName=AuthInfoAccess
* ca.Policy.rule.aia.predicate=
- *
- * Currently, this policy only supports the following location:
- * uriName:[URI], dirName:[DN]
+ *
+ * Currently, this policy only supports the following location: uriName:[URI],
+ * dirName:[DN]
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class AuthInfoAccessExt extends APolicyRule implements
+public class AuthInfoAccessExt extends APolicyRule implements
IEnrollmentPolicy, IExtendedPluginInfo {
- protected static final String PROP_CRITICAL =
- "critical";
- protected static final String PROP_AD =
- "ad";
- protected static final String PROP_METHOD =
- "method";
- protected static final String PROP_LOCATION =
- "location";
- protected static final String PROP_LOCATION_TYPE =
- "location_type";
-
- protected static final String PROP_NUM_ADS =
- "numADs";
+ protected static final String PROP_CRITICAL = "critical";
+ protected static final String PROP_AD = "ad";
+ protected static final String PROP_METHOD = "method";
+ protected static final String PROP_LOCATION = "location";
+ protected static final String PROP_LOCATION_TYPE = "location_type";
+
+ protected static final String PROP_NUM_ADS = "numADs";
public static final int MAX_AD = 5;
@@ -107,19 +94,28 @@ public class AuthInfoAccessExt extends APolicyRule implements
public String[] getExtendedPluginInfo(Locale locale) {
Vector v = new Vector();
- v.addElement(PROP_CRITICAL +
- ";boolean;RFC 2459 recommendation: This extension MUST be non-critical.");
- v.addElement(PROP_NUM_ADS +
- ";number;The total number of access descriptions.");
- v.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)");
- v.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-authinfoaccess");
+ v.addElement(PROP_CRITICAL
+ + ";boolean;RFC 2459 recommendation: This extension MUST be non-critical.");
+ v.addElement(PROP_NUM_ADS
+ + ";number;The total number of access descriptions.");
+ v.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Authority Info Access Extension. Defined in RFC 2459 "
+ + "(4.2.2.1)");
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-authinfoaccess");
for (int i = 0; i < MAX_AD; i++) {
- v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD + ";string;" + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)");
- v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION_TYPE + ";" + IGeneralNameUtil.GENNAME_CHOICE_INFO);
- v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
+ v.addElement(PROP_AD
+ + Integer.toString(i)
+ + "_"
+ + PROP_METHOD
+ + ";string;"
+ + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)");
+ v.addElement(PROP_AD + Integer.toString(i) + "_"
+ + PROP_LOCATION_TYPE + ";"
+ + IGeneralNameUtil.GENNAME_CHOICE_INFO);
+ v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION
+ + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
}
return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
}
@@ -127,17 +123,17 @@ public class AuthInfoAccessExt extends APolicyRule implements
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
- * ca.Policy.rule.<ruleName>.enable=true
- * ca.Policy.rule.<ruleName>.predicate=
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
+ * ca.Policy.rule.<ruleName>.enable=true
+ * ca.Policy.rule.<ruleName>.predicate=
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
}
@@ -152,8 +148,8 @@ public class AuthInfoAccessExt extends APolicyRule implements
//
for (int i = 0;; i++) {
ObjectIdentifier methodOID = null;
- String method = mConfig.getString(PROP_AD +
- Integer.toString(i) + "_" + PROP_METHOD, null);
+ String method = mConfig.getString(PROP_AD + Integer.toString(i)
+ + "_" + PROP_METHOD, null);
if (method == null)
break;
@@ -161,23 +157,27 @@ public class AuthInfoAccessExt extends APolicyRule implements
if (method.equals(""))
break;
- //
- // method ::= ocsp | caIssuers | <OID>
- // OID ::= [object identifier]
- //
+ //
+ // method ::= ocsp | caIssuers | <OID>
+ // OID ::= [object identifier]
+ //
try {
if (method.equalsIgnoreCase("ocsp")) {
- methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.1");
+ methodOID = ObjectIdentifier
+ .getObjectIdentifier("1.3.6.1.5.5.7.48.1");
} else if (method.equalsIgnoreCase("caIssuers")) {
- methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.2");
+ methodOID = ObjectIdentifier
+ .getObjectIdentifier("1.3.6.1.5.5.7.48.2");
} else if (method.equalsIgnoreCase("renewal")) {
- methodOID = ObjectIdentifier.getObjectIdentifier("2.16.840.1.113730.1.16.1");
+ methodOID = ObjectIdentifier
+ .getObjectIdentifier("2.16.840.1.113730.1.16.1");
} else {
// it could be an object identifier, test it
methodOID = ObjectIdentifier.getObjectIdentifier(method);
}
} catch (IOException e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NAME_CAN_NOT_BE_RESOLVED", method));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_ATTRIBUTE_NAME_CAN_NOT_BE_RESOLVED", method));
}
//
@@ -185,17 +185,16 @@ public class AuthInfoAccessExt extends APolicyRule implements
// TAG ::= uriName | dirName
// VALUE ::= [value defined by TAG]
//
- String location_type = mConfig.getString(PROP_AD +
- Integer.toString(i) +
- "_" + PROP_LOCATION_TYPE, null);
- String location = mConfig.getString(PROP_AD +
- Integer.toString(i) +
- "_" + PROP_LOCATION, null);
+ String location_type = mConfig.getString(
+ PROP_AD + Integer.toString(i) + "_" + PROP_LOCATION_TYPE,
+ null);
+ String location = mConfig.getString(PROP_AD + Integer.toString(i)
+ + "_" + PROP_LOCATION, null);
if (location == null)
break;
GeneralName gn = CMS.form_GeneralName(location_type, location);
- Vector e = new Vector();
+ Vector e = new Vector();
e.addElement(methodOID);
e.addElement(gn);
@@ -205,10 +204,10 @@ public class AuthInfoAccessExt extends APolicyRule implements
}
/**
- * If this policy is enabled, add the authority information
- * access extension to the certificate.
+ * If this policy is enabled, add the authority information access extension
+ * to the certificate.
* <P>
- *
+ *
* @param req The request on which to apply policy.
* @return The policy result object.
*/
@@ -216,11 +215,11 @@ public class AuthInfoAccessExt extends APolicyRule implements
PolicyResult res = PolicyResult.ACCEPTED;
X509CertInfo certInfo;
- X509CertInfo[] ci = req.getExtDataInCertInfoArray(
- IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME),
+ "");
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -228,43 +227,45 @@ public class AuthInfoAccessExt extends APolicyRule implements
certInfo = ci[j];
if (certInfo == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, ""));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- NAME, "Configuration Info Error"), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_UNEXPECTED_POLICY_ERROR", NAME, ""));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME,
+ "Configuration Info Error"), "");
return PolicyResult.REJECTED; // unrecoverable error.
}
try {
// Find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
// add access descriptions
Enumeration e = getAccessDescriptions();
if (!e.hasMoreElements()) {
return res;
- }
-
+ }
+
if (extensions == null) {
// create extension if not exist
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
// check to see if AIA is already exist
try {
extensions.delete(AuthInfoAccessExtension.NAME);
- log(ILogger.LL_WARN, "Previous extension deleted: " + AuthInfoAccessExtension.NAME);
+ log(ILogger.LL_WARN, "Previous extension deleted: "
+ + AuthInfoAccessExtension.NAME);
} catch (IOException ex) {
}
}
// Create the extension
- AuthInfoAccessExtension aiaExt = new
- AuthInfoAccessExtension(mConfig.getBoolean(
- PROP_CRITICAL, false));
+ AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(
+ mConfig.getBoolean(PROP_CRITICAL, false));
while (e.hasMoreElements()) {
Vector ad = (Vector) e.nextElement();
@@ -276,19 +277,25 @@ public class AuthInfoAccessExt extends APolicyRule implements
extensions.set(AuthInfoAccessExtension.NAME, aiaExt);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- NAME, e.getMessage()), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME,
+ e.getMessage()), "");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- NAME, "Configuration Info Error"), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME,
+ "Configuration Info Error"), "");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- NAME, "Certificate Info Error"), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME,
+ "Certificate Info Error"), "");
return PolicyResult.REJECTED; // unrecoverable error.
}
}
@@ -298,15 +305,15 @@ public class AuthInfoAccessExt extends APolicyRule implements
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
try {
- params.addElement(PROP_CRITICAL + "=" +
- mConfig.getBoolean(PROP_CRITICAL, false));
+ params.addElement(PROP_CRITICAL + "="
+ + mConfig.getBoolean(PROP_CRITICAL, false));
} catch (EBaseException e) {
params.addElement(PROP_CRITICAL + "=false");
}
@@ -324,46 +331,41 @@ public class AuthInfoAccessExt extends APolicyRule implements
String method = null;
try {
- method = mConfig.getString(PROP_AD +
- Integer.toString(i) + "_" + PROP_METHOD,
- "");
+ method = mConfig.getString(PROP_AD + Integer.toString(i) + "_"
+ + PROP_METHOD, "");
} catch (EBaseException e) {
}
- params.addElement(PROP_AD +
- Integer.toString(i) +
- "_" + PROP_METHOD + "=" + method);
+ params.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD
+ + "=" + method);
String location_type = null;
try {
- location_type = mConfig.getString(PROP_AD +
- Integer.toString(i) + "_" + PROP_LOCATION_TYPE,
- IGeneralNameUtil.GENNAME_CHOICE_URL);
+ location_type = mConfig.getString(PROP_AD + Integer.toString(i)
+ + "_" + PROP_LOCATION_TYPE,
+ IGeneralNameUtil.GENNAME_CHOICE_URL);
} catch (EBaseException e) {
}
- params.addElement(PROP_AD +
- Integer.toString(i) +
- "_" + PROP_LOCATION_TYPE + "=" + location_type);
+ params.addElement(PROP_AD + Integer.toString(i) + "_"
+ + PROP_LOCATION_TYPE + "=" + location_type);
String location = null;
try {
- location = mConfig.getString(PROP_AD +
- Integer.toString(i) + "_" + PROP_LOCATION,
- "");
+ location = mConfig.getString(PROP_AD + Integer.toString(i)
+ + "_" + PROP_LOCATION, "");
} catch (EBaseException e) {
}
- params.addElement(PROP_AD +
- Integer.toString(i) +
- "_" + PROP_LOCATION + "=" + location);
+ params.addElement(PROP_AD + Integer.toString(i) + "_"
+ + PROP_LOCATION + "=" + location);
}
return params;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
defParams.addElement(PROP_CRITICAL + "=false");
@@ -375,14 +377,14 @@ public class AuthInfoAccessExt extends APolicyRule implements
// the CMS.cfg
//
for (int i = 0; i < MAX_AD; i++) {
- defParams.addElement(PROP_AD + Integer.toString(i) +
- "_" + PROP_METHOD + "=");
- defParams.addElement(PROP_AD + Integer.toString(i) +
- "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL);
- defParams.addElement(PROP_AD + Integer.toString(i) +
- "_" + PROP_LOCATION + "=");
+ defParams.addElement(PROP_AD + Integer.toString(i) + "_"
+ + PROP_METHOD + "=");
+ defParams.addElement(PROP_AD + Integer.toString(i) + "_"
+ + PROP_LOCATION_TYPE + "="
+ + IGeneralNameUtil.GENNAME_CHOICE_URL);
+ defParams.addElement(PROP_AD + Integer.toString(i) + "_"
+ + PROP_LOCATION + "=");
}
return defParams;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
index 612d2492..cf09af02 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -45,21 +44,21 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Authority Public Key Extension Policy
- * Adds the subject public key id extension to certificates.
+ * Authority Public Key Extension Policy Adds the subject public key id
+ * extension to certificates.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class AuthorityKeyIdentifierExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class AuthorityKeyIdentifierExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_CRITICAL = "critical";
protected static final String PROP_ALT_KEYID_TYPE = "AltKeyIdType";
@@ -77,7 +76,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
protected boolean mCritical = DEF_CRITICAL;
protected String mAltKeyIdType = DEF_ALT_KEYID_TYPE;
- // the extension to add to certs.
+ // the extension to add to certs.
protected AuthorityKeyIdentifierExtension mTheExtension = null;
// instance params for console
@@ -88,7 +87,8 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
static {
// form static default params.
mDefaultParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
- mDefaultParams.addElement(PROP_ALT_KEYID_TYPE + "=" + DEF_ALT_KEYID_TYPE);
+ mDefaultParams.addElement(PROP_ALT_KEYID_TYPE + "="
+ + DEF_ALT_KEYID_TYPE);
}
public AuthorityKeyIdentifierExt() {
@@ -97,120 +97,128 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
}
/**
- * Initializes this policy rule.
- * Reads configuration file and creates a authority key identifier
- * extension to add. Key identifier inside the extension is constructed as
- * the CA's subject key identifier extension if it exists.
- * If it does not exist this can be configured to use:
- * (1) sha-1 hash of the CA's subject public key info
- * (what communicator expects if the CA does not have a subject key
- * identifier extension) or (2) No extension set (3) Empty sequence
- * in Authority Key Identifier extension.
- *
+ * Initializes this policy rule. Reads configuration file and creates a
+ * authority key identifier extension to add. Key identifier inside the
+ * extension is constructed as the CA's subject key identifier extension if
+ * it exists. If it does not exist this can be configured to use: (1) sha-1
+ * hash of the CA's subject public key info (what communicator expects if
+ * the CA does not have a subject key identifier extension) or (2) No
+ * extension set (3) Empty sequence in Authority Key Identifier extension.
+ *
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.predicate=
- * ca.Policy.rule.<ruleName>.implName=
- * ca.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName=
+ * ca.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
- mEnabled = mConfig.getBoolean(
- IPolicyProcessor.PROP_ENABLE, false);
+ mEnabled = mConfig.getBoolean(IPolicyProcessor.PROP_ENABLE, false);
mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
- mAltKeyIdType = mConfig.getString(
- PROP_ALT_KEYID_TYPE, DEF_ALT_KEYID_TYPE);
+ mAltKeyIdType = mConfig.getString(PROP_ALT_KEYID_TYPE,
+ DEF_ALT_KEYID_TYPE);
if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_SPKISHA1))
mAltKeyIdType = ALT_KEYID_TYPE_SPKISHA1;
- /*
- else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY))
- mAltKeyIdType = ALT_KEYID_TYPE_EMPTY;
- */
+ /*
+ * else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY))
+ * mAltKeyIdType = ALT_KEYID_TYPE_EMPTY;
+ */
else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_NONE))
mAltKeyIdType = ALT_KEYID_TYPE_NONE;
else {
- log(ILogger.LL_FAILURE, NAME +
- CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE,
- "value must be one of " + ALT_KEYID_TYPE_SPKISHA1 + ", " + ALT_KEYID_TYPE_NONE));
+ log(ILogger.LL_FAILURE,
+ NAME
+ + CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE",
+ mAltKeyIdType));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE,
+ "value must be one of " + ALT_KEYID_TYPE_SPKISHA1 + ", "
+ + ALT_KEYID_TYPE_NONE));
}
// create authority key id extension.
- ICertAuthority certAuthority = (ICertAuthority)
- ((IPolicyProcessor) owner).getAuthority();
+ ICertAuthority certAuthority = (ICertAuthority) ((IPolicyProcessor) owner)
+ .getAuthority();
if (certAuthority == null) {
// should never get here.
- String msg = NAME + ": " +
- "Cannot find the Certificate Manager or Registration Manager";
+ String msg = NAME
+ + ": "
+ + "Cannot find the Certificate Manager or Registration Manager";
log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", msg));
}
if (!(certAuthority instanceof ICertificateAuthority)) {
- log(ILogger.LL_FAILURE, NAME +
- CMS.getLogMessage("POLICY_INVALID_POLICY", NAME));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- NAME + " policy can only be used in a Certificate Authority."));
- }
- //CertificateChain caChain = certAuthority.getCACertChain();
- //X509Certificate caCert = caChain.getFirstCertificate();
+ log(ILogger.LL_FAILURE,
+ NAME + CMS.getLogMessage("POLICY_INVALID_POLICY", NAME));
+ throw new EBaseException(
+ CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ NAME
+ + " policy can only be used in a Certificate Authority."));
+ }
+ // CertificateChain caChain = certAuthority.getCACertChain();
+ // X509Certificate caCert = caChain.getFirstCertificate();
X509CertImpl caCert = certAuthority.getCACert();
- if( caCert == null || CMS.isPreOpMode() ) {
+ if (caCert == null || CMS.isPreOpMode()) {
return;
}
- KeyIdentifier keyId = formKeyIdentifier(caCert);
+ KeyIdentifier keyId = formKeyIdentifier(caCert);
if (keyId != null) {
try {
- mTheExtension = new AuthorityKeyIdentifierExtension(
- mCritical, keyId, null, null);
+ mTheExtension = new AuthorityKeyIdentifierExtension(mCritical,
+ keyId, null, null);
} catch (IOException e) {
- String msg = NAME + ": " +
- "Error forming Authority Key Identifier extension: " + e;
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
+ String msg = NAME + ": "
+ + "Error forming Authority Key Identifier extension: "
+ + e;
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", msg));
}
} else {
}
- // form instance params
+ // form instance params
mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
mInstanceParams.addElement(PROP_ALT_KEYID_TYPE + "=" + mAltKeyIdType);
}
/**
- * Adds Authority Key Identifier Extension to a certificate.
- * If the extension is already there, accept it if it's from the agent,
- * else replace it.
- *
- * @param req The request on which to apply policy.
+ * Adds Authority Key Identifier Extension to a certificate. If the
+ * extension is already there, accept it if it's from the agent, else
+ * replace it.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
// get certInfo from request.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
- return PolicyResult.REJECTED;
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME),
+ "");
+ return PolicyResult.REJECTED;
}
for (int i = 0; i < ci.length; i++) {
PolicyResult certResult = applyCert(req, ci[i]);
- if (certResult == PolicyResult.REJECTED)
+ if (certResult == PolicyResult.REJECTED)
return certResult;
}
return PolicyResult.ACCEPTED;
@@ -219,135 +227,145 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
try {
- // if authority key id extension already exists, leave it if
+ // if authority key id extension already exists, leave it if
// from agent. else replace it.
AuthorityKeyIdentifierExtension authorityKeyIdExt = null;
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
try {
if (extensions != null) {
- authorityKeyIdExt = (AuthorityKeyIdentifierExtension)
- extensions.get(AuthorityKeyIdentifierExtension.NAME);
+ authorityKeyIdExt = (AuthorityKeyIdentifierExtension) extensions
+ .get(AuthorityKeyIdentifierExtension.NAME);
}
} catch (IOException e) {
- // extension isn't there.
+ // extension isn't there.
}
if (authorityKeyIdExt != null) {
if (agentApproved(req)) {
- CMS.debug(
- "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() +
- " already has authority key id extension with value " +
- authorityKeyIdExt);
+ CMS.debug("AuthorityKeyIdentifierKeyExt: agent approved request id "
+ + req.getRequestId()
+ + " already has authority key id extension with value "
+ + authorityKeyIdExt);
return PolicyResult.ACCEPTED;
} else {
- CMS.debug(
- "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() +
- " had authority key identifier - deleted");
+ CMS.debug("AuthorityKeyIdentifierKeyExt: request id from user "
+ + req.getRequestId()
+ + " had authority key identifier - deleted");
extensions.delete(AuthorityKeyIdentifierExtension.NAME);
}
}
- // if no authority key identifier should be set b/c CA does not
- // have a subject key identifier, return here.
- if (mTheExtension == null)
+ // if no authority key identifier should be set b/c CA does not
+ // have a subject key identifier, return here.
+ if (mTheExtension == null)
return PolicyResult.ACCEPTED;
- // add authority key id extension.
+ // add authority key id extension.
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
- extensions.set(
- AuthorityKeyIdentifierExtension.NAME, mTheExtension);
- CMS.debug(
- "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId());
+ extensions.set(AuthorityKeyIdentifierExtension.NAME, mTheExtension);
+ CMS.debug("AuthorityKeyIdentifierKeyExt: added authority key id ext to request "
+ + req.getRequestId());
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- NAME, e.getMessage()), "");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME,
+ e.toString()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
+ NAME, e.getMessage()), "");
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
- NAME, "Certificate Info Error"), "");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage()));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_UNEXPECTED_POLICY_ERROR", NAME,
+ "Certificate Info Error"), "");
return PolicyResult.REJECTED;
}
}
/**
- * Form the Key Identifier in the Authority Key Identifier extension.
- * from the CA's cert.
+ * Form the Key Identifier in the Authority Key Identifier extension. from
+ * the CA's cert.
* <p>
+ *
* @param caCertImpl Certificate Info
* @return A Key Identifier.
* @throws com.netscape.certsrv.base.EBaseException on error
*/
protected KeyIdentifier formKeyIdentifier(X509CertImpl caCertImpl)
- throws EBaseException {
+ throws EBaseException {
KeyIdentifier keyId = null;
// get CA's certInfo.
X509CertInfo certInfo = null;
try {
- certInfo = (X509CertInfo) caCertImpl.get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
- if (certInfo == null) {
- String msg = "Bad CA certificate encountered. " +
- "TBS Certificate missing.";
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + ": " + msg));
+ certInfo = (X509CertInfo) caCertImpl.get(X509CertImpl.NAME + "."
+ + X509CertImpl.INFO);
+ if (certInfo == null) {
+ String msg = "Bad CA certificate encountered. "
+ + "TBS Certificate missing.";
+
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", NAME + ": " + msg));
}
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, NAME + ": " +
- CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- NAME + " Error decoding the CA Certificate: " + e));
+ log(ILogger.LL_FAILURE,
+ NAME
+ + ": "
+ + CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1",
+ e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", NAME
+ + " Error decoding the CA Certificate: " + e));
}
// get Key Id from CA's Subject Key Id extension in CA's CertInfo.
keyId = getKeyIdentifier(certInfo);
- if (keyId != null)
+ if (keyId != null)
return keyId;
- // if none exists use the configured alternate.
+ // if none exists use the configured alternate.
if (mAltKeyIdType == ALT_KEYID_TYPE_SPKISHA1) {
keyId = formSpkiSHA1KeyId(certInfo);
} /*
- else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) {
- keyId = formEmptyKeyId(certInfo);
- }
- */ else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) {
+ * else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) { keyId =
+ * formEmptyKeyId(certInfo); }
+ */else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) {
keyId = null;
} else {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- mAltKeyIdType,
- "Unknown Alternate Key Identifier type."));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", mAltKeyIdType,
+ "Unknown Alternate Key Identifier type."));
}
return keyId;
}
/**
- * Get the Key Identifier in a subject key identifier extension from a
+ * Get the Key Identifier in a subject key identifier extension from a
* CertInfo.
+ *
* @param certInfo the CertInfo structure.
* @return Key Identifier in a Subject Key Identifier extension if any.
*/
- protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo)
- throws EBaseException {
+ protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo)
+ throws EBaseException {
CertificateExtensions exts = null;
SubjectKeyIdentifierExtension subjKeyIdExt = null;
KeyIdentifier keyId = null;
try {
- exts = (CertificateExtensions) certInfo.get(X509CertInfo.EXTENSIONS);
+ exts = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (IOException e) {
// extension isn't there.
CMS.debug(NAME + ": " + "No extensions found. Error " + e);
@@ -357,71 +375,77 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
CMS.debug(NAME + ": " + "No extensions found. Error " + e);
return null;
}
- if (exts == null)
+ if (exts == null)
return null;
try {
- subjKeyIdExt = (SubjectKeyIdentifierExtension)
- exts.get(SubjectKeyIdentifierExtension.NAME);
+ subjKeyIdExt = (SubjectKeyIdentifierExtension) exts
+ .get(SubjectKeyIdentifierExtension.NAME);
} catch (IOException e) {
// extension isn't there.
- CMS.debug(
- "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e);
+ CMS.debug("AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: "
+ + e);
return null;
}
if (subjKeyIdExt == null)
return null;
try {
- keyId = (KeyIdentifier) subjKeyIdExt.get(
- SubjectKeyIdentifierExtension.KEY_ID);
+ keyId = (KeyIdentifier) subjKeyIdExt
+ .get(SubjectKeyIdentifierExtension.KEY_ID);
} catch (IOException e) {
- // no key identifier in subject key id extension.
- String msg = NAME + ": " +
- "Bad Subject Key Identifier Extension found. Error: " + e;
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
+ // no key identifier in subject key id extension.
+ String msg = NAME + ": "
+ + "Bad Subject Key Identifier Extension found. Error: " + e;
+
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", msg));
}
return keyId;
}
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
return mInstanceParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefaultParams;
}
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_CRITICAL + ";boolean;" +
- "RFC 2459 recommendation: MUST NOT be marked critical.",
- PROP_ALT_KEYID_TYPE + ";" +
- "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" +
- "Specifies whether to use a SHA1 hash of the CA's subject " +
- "public key info for key identifier or leave out the " +
- "authority key identifier extension if the CA certificate " +
- "does not have a Subject Key Identifier extension.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-authkeyid",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds Authority Key Identifier Extension. " +
- "See RFC 2459 (4.2.1.1)"
- };
+ PROP_CRITICAL
+ + ";boolean;"
+ + "RFC 2459 recommendation: MUST NOT be marked critical.",
+ PROP_ALT_KEYID_TYPE
+ + ";"
+ + "choice("
+ + ALT_KEYID_TYPE_SPKISHA1
+ + ","
+ + ALT_KEYID_TYPE_NONE
+ + ");"
+ + "Specifies whether to use a SHA1 hash of the CA's subject "
+ + "public key info for key identifier or leave out the "
+ + "authority key identifier extension if the CA certificate "
+ + "does not have a Subject Key Identifier extension.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-authkeyid",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Authority Key Identifier Extension. "
+ + "See RFC 2459 (4.2.1.1)" };
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
index 4c2eb464..e146a0cf 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -47,103 +46,100 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Basic Constraints policy.
- * Adds the Basic constraints extension.
+ * Basic Constraints policy. Adds the Basic constraints extension.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class BasicConstraintsExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class BasicConstraintsExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_MAXPATHLEN = "maxPathLen";
protected static final String PROP_IS_CA = "isCA";
protected static final String PROP_IS_CRITICAL = "critical";
protected static final String ARG_PATHLEN = "BasicConstraintsPathLen";
- protected int mMaxPathLen = 0; // < 0 means unlimited
+ protected int mMaxPathLen = 0; // < 0 means unlimited
protected String mOrigMaxPathLen = ""; // for UI display only
protected boolean mCritical = true;
- protected int mDefaultMaxPathLen = 0; // depends on the CA's path length.
- protected int mCAPathLen = 0;
+ protected int mDefaultMaxPathLen = 0; // depends on the CA's path length.
+ protected int mCAPathLen = 0;
protected boolean mRemoveExt = true;
protected boolean mIsCA = true;
public static final boolean DEFAULT_CRITICALITY = true;
/**
- * Adds the basic constraints extension as a critical extension in
- * CA certificates i.e. certype is ca, with either a requested
- * or configured path len.
- * The requested or configured path length cannot be greater than
- * or equal to the CA's basic constraints path length.
- * If the CA path length is 0, all requests for CA certs are rejected.
+ * Adds the basic constraints extension as a critical extension in CA
+ * certificates i.e. certype is ca, with either a requested or configured
+ * path len. The requested or configured path length cannot be greater than
+ * or equal to the CA's basic constraints path length. If the CA path length
+ * is 0, all requests for CA certs are rejected.
*/
public BasicConstraintsExt() {
NAME = "BasicConstraintsExt";
- DESC =
- "Sets critical basic constraints extension in subordinate CA certs";
+ DESC = "Sets critical basic constraints extension in subordinate CA certs";
}
/**
* Initializes this policy rule.
* <p>
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl
- * ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined.
- * ca.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl
+ * ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined.
+ * ca.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
// get the CA's path len to check against configured max path len.
- ICertAuthority certAuthority = (ICertAuthority)
- ((IPolicyProcessor) owner).getAuthority();
+ ICertAuthority certAuthority = (ICertAuthority) ((IPolicyProcessor) owner)
+ .getAuthority();
if (certAuthority == null) {
// should never get here.
log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Cannot find the Certificate Manager or Registration Manager"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+ "Cannot find the Certificate Manager or Registration Manager"));
}
if (certAuthority instanceof IRegistrationAuthority) {
- log(ILogger.LL_WARN,
- "default basic constraints extension path len to -1.");
+ log(ILogger.LL_WARN,
+ "default basic constraints extension path len to -1.");
mCAPathLen = -1;
} else {
CertificateChain caChain = certAuthority.getCACertChain();
- if( caChain == null || CMS.isPreOpMode() ) {
+ if (caChain == null || CMS.isPreOpMode()) {
return;
}
X509Certificate caCert = caChain.getFirstCertificate();
mCAPathLen = caCert.getBasicConstraints();
}
- // set default to one less than the CA's pathlen or 0 if CA's
- // pathlen is 0.
+ // set default to one less than the CA's pathlen or 0 if CA's
+ // pathlen is 0.
// If it's unlimited default the max pathlen also to unlimited.
- if (mCAPathLen < 0)
+ if (mCAPathLen < 0)
mDefaultMaxPathLen = -1;
- else if (mCAPathLen > 0)
+ else if (mCAPathLen > 0)
mDefaultMaxPathLen = mCAPathLen - 1;
- else // (mCAPathLen == 0)
+ else // (mCAPathLen == 0)
{
- log(ILogger.LL_WARN,
- CMS.getLogMessage("POLICY_PATHLEN_ZERO"));
- //return;
+ log(ILogger.LL_WARN, CMS.getLogMessage("POLICY_PATHLEN_ZERO"));
+ // return;
}
- // get configured max path len, use defaults if not configured.
+ // get configured max path len, use defaults if not configured.
boolean pathLenConfigured = true;
try {
@@ -151,19 +147,19 @@ public class BasicConstraintsExt extends APolicyRule
mIsCA = config.getBoolean(PROP_IS_CA, true);
mMaxPathLen = config.getInteger(PROP_MAXPATHLEN);
if (mMaxPathLen < 0) {
- log(ILogger.LL_MISCONF,
- CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "",
+ log(ILogger.LL_MISCONF, CMS.getLogMessage(
+ "POLICY_INVALID_MAXPATHLEN_4", "",
+ String.valueOf(mMaxPathLen)));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_MAXPATHLEN_1", NAME,
String.valueOf(mMaxPathLen)));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN_1",
- NAME, String.valueOf(mMaxPathLen)));
}
mOrigMaxPathLen = Integer.toString(mMaxPathLen);
} catch (EBaseException e) {
- if (!(e instanceof EPropertyNotFound) &&
- !(e instanceof EPropertyNotDefined)) {
- log(ILogger.LL_MISCONF,
- CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN"));
+ if (!(e instanceof EPropertyNotFound)
+ && !(e instanceof EPropertyNotDefined)) {
+ log(ILogger.LL_MISCONF,
+ CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN"));
throw e;
}
@@ -175,53 +171,52 @@ public class BasicConstraintsExt extends APolicyRule
// check if configured path len is valid.
if (pathLenConfigured) {
- // if CA's pathlen is unlimited, any max pathlen is ok.
- // else maxPathlen must be at most one less than the CA's
- // pathlen or 0 if CA's pathlen is 0.
-
- if (mCAPathLen > 0 &&
- (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) {
- String maxStr = (mMaxPathLen < 0) ?
- String.valueOf(mMaxPathLen) + "(unlimited)" :
- String.valueOf(mMaxPathLen);
-
- log(ILogger.LL_MISCONF,
- CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "",
- maxStr,
+ // if CA's pathlen is unlimited, any max pathlen is ok.
+ // else maxPathlen must be at most one less than the CA's
+ // pathlen or 0 if CA's pathlen is 0.
+
+ if (mCAPathLen > 0
+ && (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) {
+ String maxStr = (mMaxPathLen < 0) ? String.valueOf(mMaxPathLen)
+ + "(unlimited)" : String.valueOf(mMaxPathLen);
+
+ log(ILogger.LL_MISCONF, CMS.getLogMessage(
+ "POLICY_MAXPATHLEN_TOO_BIG_3", "", maxStr,
String.valueOf(mCAPathLen)));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG_1",
- NAME, maxStr, Integer.toString(mCAPathLen)));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_MAXPATHLEN_TOO_BIG_1", NAME, maxStr,
+ Integer.toString(mCAPathLen)));
} else if (mCAPathLen == 0 && mMaxPathLen != 0) {
- log(ILogger.LL_MISCONF,
- CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen)));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN",
- NAME, String.valueOf(mMaxPathLen)));
+ log(ILogger.LL_MISCONF, CMS.getLogMessage(
+ "POLICY_INVALID_MAXPATHLEN_2", "",
+ String.valueOf(mMaxPathLen)));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_INVALID_MAXPATHLEN", NAME,
+ String.valueOf(mMaxPathLen)));
}
}
}
/**
- * Checks if the basic contraints extension in certInfo is valid and
- * add the basic constraints extension for CA certs if none exists.
- * Non-CA certs do not get a basic constraints extension.
- *
- * @param req The request on which to apply policy.
+ * Checks if the basic contraints extension in certInfo is valid and add the
+ * basic constraints extension for CA certs if none exists. Non-CA certs do
+ * not get a basic constraints extension.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
// get cert info.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
X509CertInfo certInfo = null;
if (ci == null || (certInfo = ci[0]) == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME),
+ "");
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -229,24 +224,22 @@ public class BasicConstraintsExt extends APolicyRule
boolean isCA = mIsCA;
/**
- boolean isCA = false;
- String type = (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
- if (type != null && type.equalsIgnoreCase(IRequest.CA_CERT)) {
- isCA = true;
- }
+ * boolean isCA = false; String type =
+ * (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); if (type
+ * != null && type.equalsIgnoreCase(IRequest.CA_CERT)) { isCA = true; }
**/
for (int i = 0; i < ci.length; i++) {
PolicyResult certResult = applyCert(req, isCA, certInfo);
- if (certResult == PolicyResult.REJECTED)
+ if (certResult == PolicyResult.REJECTED)
return certResult;
}
return PolicyResult.ACCEPTED;
}
- public PolicyResult applyCert(
- IRequest req, boolean isCA, X509CertInfo certInfo) {
+ public PolicyResult applyCert(IRequest req, boolean isCA,
+ X509CertInfo certInfo) {
// get basic constraints extension from cert info if any.
CertificateExtensions extensions = null;
@@ -254,11 +247,11 @@ public class BasicConstraintsExt extends APolicyRule
try {
// get basic constraints extension if any.
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
if (extensions != null) {
- basicExt = (BasicConstraintsExtension)
- extensions.get(BasicConstraintsExtension.NAME);
+ basicExt = (BasicConstraintsExtension) extensions
+ .get(BasicConstraintsExtension.NAME);
}
} catch (IOException e) {
// no extensions or basic constraints extension.
@@ -266,19 +259,19 @@ public class BasicConstraintsExt extends APolicyRule
// no extensions or basic constraints extension.
}
- // for non-CA certs, pkix says it SHOULD NOT have the extension
+ // for non-CA certs, pkix says it SHOULD NOT have the extension
// so remove it.
if (!isCA) {
if (extensions == null) {
try {
// create extensions set if none.
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} catch (CertificateException e) {
} catch (IOException e) {
- // not possible
+ // not possible
}
}
if (basicExt != null) {
@@ -291,56 +284,62 @@ public class BasicConstraintsExt extends APolicyRule
BasicConstraintsExtension critExt;
try {
- critExt = new BasicConstraintsExtension(isCA, mCritical, mMaxPathLen);
+ critExt = new BasicConstraintsExtension(isCA, mCritical,
+ mMaxPathLen);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2",
- e.toString()));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2",
+ e.toString()));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
return PolicyResult.REJECTED; // unrecoverable error.
}
-
+
try {
extensions.set(BasicConstraintsExtension.NAME, critExt);
} catch (IOException e) {
}
- CMS.debug(
- "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
- req.getRequestId());
+ CMS.debug("BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request "
+ + req.getRequestId());
return PolicyResult.ACCEPTED;
}
// For CA certs, check if existing extension is valid, and adjust.
- // Extension must be marked critial and pathlen must be < CA's pathlen.
+ // Extension must be marked critial and pathlen must be < CA's pathlen.
// if CA's pathlen is 0 all ca certs are rejected.
if (mCAPathLen == 0) {
- // reject all subordinate CA cert requests because CA's
+ // reject all subordinate CA cert requests because CA's
// path length is 0.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME));
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), "");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), "");
return PolicyResult.REJECTED;
}
- if (basicExt != null) {
+ if (basicExt != null) {
try {
- boolean extIsCA =
- ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue();
- int pathLen =
- ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue();
+ boolean extIsCA = ((Boolean) basicExt
+ .get(BasicConstraintsExtension.IS_CA)).booleanValue();
+ int pathLen = ((Integer) basicExt
+ .get(BasicConstraintsExtension.PATH_LEN)).intValue();
if (mMaxPathLen > -1) {
if (pathLen > mMaxPathLen || pathLen < 0) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen)));
- if (pathLen < 0)
- setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG",
- NAME, "unlimited", Integer.toString(mMaxPathLen)), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_MAXPATHLEN_TOO_BIG_3", NAME,
+ "unlimited", String.valueOf(pathLen)));
+ if (pathLen < 0)
+ setError(req,
+ CMS.getUserMessage(
+ "CMS_POLICY_MAXPATHLEN_TOO_BIG",
+ NAME, "unlimited",
+ Integer.toString(mMaxPathLen)), "");
else
- setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG",
- NAME, Integer.toString(pathLen),
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_MAXPATHLEN_TOO_BIG", NAME,
+ Integer.toString(pathLen),
Integer.toString(mMaxPathLen)), "");
return PolicyResult.REJECTED;
}
@@ -348,20 +347,20 @@ public class BasicConstraintsExt extends APolicyRule
// adjust isCA field
if (!extIsCA) {
- basicExt.set(BasicConstraintsExtension.IS_CA,
- Boolean.valueOf(true));
+ basicExt.set(BasicConstraintsExtension.IS_CA,
+ Boolean.valueOf(true));
}
// adjust path length field.
if (mMaxPathLen == 0) {
if (pathLen != 0) {
- basicExt.set(BasicConstraintsExtension.PATH_LEN,
- Integer.valueOf(0));
+ basicExt.set(BasicConstraintsExtension.PATH_LEN,
+ Integer.valueOf(0));
pathLen = 0;
}
} else if (mMaxPathLen > 0 && pathLen > mMaxPathLen) {
- basicExt.set(BasicConstraintsExtension.PATH_LEN,
- Integer.valueOf(mMaxPathLen));
+ basicExt.set(BasicConstraintsExtension.PATH_LEN,
+ Integer.valueOf(mMaxPathLen));
pathLen = mMaxPathLen;
}
@@ -370,12 +369,13 @@ public class BasicConstraintsExt extends APolicyRule
BasicConstraintsExtension critExt;
try {
- critExt = new BasicConstraintsExtension(isCA, mCritical, pathLen);
+ critExt = new BasicConstraintsExtension(isCA,
+ mCritical, pathLen);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
return PolicyResult.REJECTED; // unrecoverable error.
}
extensions.delete(BasicConstraintsExtension.NAME);
@@ -384,9 +384,8 @@ public class BasicConstraintsExt extends APolicyRule
} catch (IOException e) {
// not possible in these cases.
}
- CMS.debug(
- "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
- req.getRequestId());
+ CMS.debug("BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request "
+ + req.getRequestId());
return PolicyResult.ACCEPTED;
}
@@ -394,14 +393,14 @@ public class BasicConstraintsExt extends APolicyRule
if (extensions == null) {
try {
// create extensions set if none.
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} catch (CertificateException e) {
// not possible
} catch (IOException e) {
- // not possible
+ // not possible
}
}
@@ -413,29 +412,28 @@ public class BasicConstraintsExt extends APolicyRule
if (reqPathLenStr == null) {
reqPathLen = mMaxPathLen;
} else {
- try {
- reqPathLen = Integer.parseInt(reqPathLenStr);
- if ((mMaxPathLen == 0 && reqPathLen != 0) ||
- (mMaxPathLen > 0 &&
- (reqPathLen > mMaxPathLen || reqPathLen < 0))) {
- String plenStr =
- ((reqPathLen < 0) ?
- reqPathLenStr + "(unlimited)" : reqPathLenStr);
-
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr,
+ try {
+ reqPathLen = Integer.parseInt(reqPathLenStr);
+ if ((mMaxPathLen == 0 && reqPathLen != 0)
+ || (mMaxPathLen > 0 && (reqPathLen > mMaxPathLen || reqPathLen < 0))) {
+ String plenStr = ((reqPathLen < 0) ? reqPathLenStr
+ + "(unlimited)" : reqPathLenStr);
+
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_PATHLEN_TOO_BIG_3", plenStr,
String.valueOf(mMaxPathLen)));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG",
- NAME, plenStr, String.valueOf(mMaxPathLen)), "");
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_PATHLEN_TOO_BIG", NAME, plenStr,
+ String.valueOf(mMaxPathLen)), "");
return PolicyResult.REJECTED;
}
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr));
- setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT",
- NAME, reqPathLenStr), "");
- return PolicyResult.REJECTED;
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_INVALID_PATHLEN_FORMAT", NAME,
+ reqPathLenStr), "");
+ return PolicyResult.REJECTED;
}
}
BasicConstraintsExtension newExt;
@@ -443,29 +441,29 @@ public class BasicConstraintsExt extends APolicyRule
try {
newExt = new BasicConstraintsExtension(isCA, mCritical, reqPathLen);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString()));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2",
+ e.toString()));
+ setError(req, CMS.getUserMessage(
+ "CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
return PolicyResult.REJECTED; // unrecoverable error.
}
try {
extensions.set(BasicConstraintsExtension.NAME, newExt);
- }catch (IOException e) {
+ } catch (IOException e) {
// doesn't happen.
}
- CMS.debug(
- "BasicConstraintsExt: added the extension to request " +
- req.getRequestId());
+ CMS.debug("BasicConstraintsExt: added the extension to request "
+ + req.getRequestId());
return PolicyResult.ACCEPTED;
}
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
// Because of one of the UI bugs 385273, we should leave the empty space
@@ -478,10 +476,10 @@ public class BasicConstraintsExt extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
defParams.addElement(PROP_IS_CRITICAL + "=true");
@@ -492,19 +490,20 @@ public class BasicConstraintsExt extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_MAXPATHLEN + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.",
- PROP_IS_CRITICAL + ";boolean;" +
- "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.",
- PROP_IS_CA + ";boolean;" +
- "Identifies the subject of the certificate is a CA or not.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-basicconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)"
- };
+ PROP_MAXPATHLEN
+ + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.",
+ PROP_IS_CRITICAL
+ + ";boolean;"
+ + "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.",
+ PROP_IS_CA
+ + ";boolean;"
+ + "Identifies the subject of the certificate is a CA or not.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-basicconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)" };
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
index cec8051b..400a6d35 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Hashtable;
@@ -50,18 +49,18 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * The type of the distribution point or issuer name. The name is expressed
- * as a simple string in the configuration file, so this attribute is needed
- * to tell whether the simple string should be stored in an X.500 Name,
- * a URL, or an RDN.
+ * The type of the distribution point or issuer name. The name is expressed as a
+ * simple string in the configuration file, so this attribute is needed to tell
+ * whether the simple string should be stored in an X.500 Name, a URL, or an
+ * RDN.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
@@ -69,7 +68,7 @@ class NameType {
private NameType() {
} // no default constructor
- private String stringRep; // string representation of this type
+ private String stringRep; // string representation of this type
private NameType(String s) {
map.put(s, this);
@@ -79,8 +78,8 @@ class NameType {
private static Hashtable map = new Hashtable();
/**
- * Looks up a NameType from its string representation. Returns null
- * if no matching NameType was found.
+ * Looks up a NameType from its string representation. Returns null if no
+ * matching NameType was found.
*/
public static NameType fromString(String s) {
return (NameType) map.get(s);
@@ -92,15 +91,14 @@ class NameType {
public static final NameType DIRECTORY_NAME = new NameType("DirectoryName");
public static final NameType URI = new NameType("URI");
- public static final NameType RELATIVE_TO_ISSUER =
- new NameType("RelativeToIssuer");
+ public static final NameType RELATIVE_TO_ISSUER = new NameType(
+ "RelativeToIssuer");
}
-
/**
- * These are the parameters that may be given in the configuration file
- * for each distribution point. They are parsed by DPParamsToDP().
- * Any of them may be null.
+ * These are the parameters that may be given in the configuration file for each
+ * distribution point. They are parsed by DPParamsToDP(). Any of them may be
+ * null.
*/
class DistPointParams {
public String pointName;
@@ -124,13 +122,12 @@ class DistPointParams {
}
-
/**
- * CRL Distribution Points policy.
- * Adds the CRL Distribution Points extension to the certificate.
+ * CRL Distribution Points policy. Adds the CRL Distribution Points extension to
+ * the certificate.
*/
-public class CRLDistributionPointsExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class CRLDistributionPointsExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
public static final String PROP_IS_CRITICAL = "critical";
public static final String PROP_NUM_POINTS = "numPoints";
@@ -172,32 +169,40 @@ public class CRLDistributionPointsExt extends APolicyRule
// should replace MAX_POINTS with mNumPoints if bug 385118 is fixed
for (int i = 0; i < MAX_POINTS; i++) {
- v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" +
- "DirectoryName,URI,RelativeToIssuer);" +
- "The type of the CRL distribution point.");
- v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" +
- "The name of the CRL distribution point depending on the CRLDP type.");
- v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" +
- "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
- v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" +
- "DirectoryName,URI);" +
- "The type of the issuer that has signed the CRL maintained at this distribution point.");
- v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" +
- "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
+ v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice("
+ + "DirectoryName,URI,RelativeToIssuer);"
+ + "The type of the CRL distribution point.");
+ v.addElement(PROP_POINT_NAME
+ + Integer.toString(i)
+ + ";string;"
+ + "The name of the CRL distribution point depending on the CRLDP type.");
+ v.addElement(PROP_REASONS
+ + Integer.toString(i)
+ + ";string;"
+ + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
+ v.addElement(PROP_ISSUER_TYPE
+ + Integer.toString(i)
+ + ";choice("
+ + "DirectoryName,URI);"
+ + "The type of the issuer that has signed the CRL maintained at this distribution point.");
+ v.addElement(PROP_ISSUER_NAME
+ + Integer.toString(i)
+ + ";string;"
+ + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
}
- v.addElement(PROP_NUM_POINTS +
- ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
- v.addElement(PROP_IS_CRITICAL +
- ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
- v.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-crldistributionpoints");
- v.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";This policy inserts the CRL Distribution Points " +
- "Extension into the certificate. See RFC 2459 (4.2.1.14). "
- );
-
- mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
+ v.addElement(PROP_NUM_POINTS
+ + ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
+ v.addElement(PROP_IS_CRITICAL
+ + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-crldistributionpoints");
+ v.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";This policy inserts the CRL Distribution Points "
+ + "Extension into the certificate. See RFC 2459 (4.2.1.14). ");
+
+ mExtParams = com.netscape.cmsutil.util.Utils
+ .getStringArrayFromVector(v);
}
public String[] getExtendedPluginInfo(Locale locale) {
@@ -212,13 +217,13 @@ public class CRLDistributionPointsExt extends APolicyRule
* Performs one-time initialization of the policy.
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
// Register the CRL Distribution Points extension.
try {
netscape.security.x509.OIDMap.addAttribute(
- CRLDistributionPointsExtension.class.getName(),
- CRLDistributionPointsExtension.OID,
- CRLDistributionPointsExtension.NAME);
+ CRLDistributionPointsExtension.class.getName(),
+ CRLDistributionPointsExtension.OID,
+ CRLDistributionPointsExtension.NAME);
} catch (CertificateException e) {
// ignore, just means it has already been added
}
@@ -242,11 +247,15 @@ public class CRLDistributionPointsExt extends APolicyRule
DistPointParams configparams = new DistPointParams(params);
CRLDistributionPoint crldp = DPParamsToDP(params);
- mParams.addElement(PROP_POINT_TYPE + i + "=" + configparams.pointType);
- mParams.addElement(PROP_POINT_NAME + i + "=" + configparams.pointName);
+ mParams.addElement(PROP_POINT_TYPE + i + "="
+ + configparams.pointType);
+ mParams.addElement(PROP_POINT_NAME + i + "="
+ + configparams.pointName);
mParams.addElement(PROP_REASONS + i + "=" + configparams.reasons);
- mParams.addElement(PROP_ISSUER_TYPE + i + "=" + configparams.issuerType);
- mParams.addElement(PROP_ISSUER_NAME + i + "=" + configparams.issuerName);
+ mParams.addElement(PROP_ISSUER_TYPE + i + "="
+ + configparams.issuerType);
+ mParams.addElement(PROP_ISSUER_NAME + i + "="
+ + configparams.issuerName);
// add the distribution point to the extension
if (mCrldpExt == null) {
@@ -256,8 +265,7 @@ public class CRLDistributionPointsExt extends APolicyRule
}
}
- boolean crit = config.getBoolean(PROP_IS_CRITICAL,
- DEFAULT_CRITICALITY);
+ boolean crit = config.getBoolean(PROP_IS_CRITICAL, DEFAULT_CRITICALITY);
mParams.addElement(PROP_IS_CRITICAL + "=" + crit);
if (mCrldpExt != null) {
@@ -269,11 +277,11 @@ public class CRLDistributionPointsExt extends APolicyRule
}
/**
- * Parses the parameters in the config file to create an
- * actual CRL Distribution Point object.
+ * Parses the parameters in the config file to create an actual CRL
+ * Distribution Point object.
*/
private CRLDistributionPoint DPParamsToDP(DistPointParams params)
- throws EBaseException {
+ throws EBaseException {
CRLDistributionPoint crlDP = new CRLDistributionPoint();
try {
@@ -302,33 +310,39 @@ public class CRLDistributionPointsExt extends APolicyRule
if (nType == null) {
String err = "Unknown name type: " + params.pointType;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.pointType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CA_UNKNOWN_NAME_TYPE", params.pointType));
throw new EBaseException(err);
}
if (nType == NameType.DIRECTORY_NAME) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new X500Name(params.pointName)));
+ gen.addElement(new GeneralName(new X500Name(
+ params.pointName)));
crlDP.setFullName(gen);
} else if (nType == NameType.URI) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new URIName(params.pointName)));
+ gen.addElement(new GeneralName(
+ new URIName(params.pointName)));
crlDP.setFullName(gen);
} else if (nType == NameType.RELATIVE_TO_ISSUER) {
crlDP.setRelativeName(new RDN(params.pointName));
} else {
String err = "Unknown name type: " + nType.toString();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE",
+ nType.toString()));
throw new EBaseException(err);
}
}
// deal with the reasons
if (params.reasons != null) {
- StringTokenizer tok = new StringTokenizer(params.reasons, ", \t");
+ StringTokenizer tok = new StringTokenizer(params.reasons,
+ ", \t");
byte reasonBits = 0;
while (tok.hasMoreTokens()) {
@@ -336,15 +350,15 @@ public class CRLDistributionPointsExt extends APolicyRule
Reason r = Reason.fromString(s);
if (r == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s));
- throw new EBaseException("Unknown reason: " + s);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_UNKNOWN_REASON", s));
+ throw new EBaseException("Unknown reason: " + s);
} else {
reasonBits |= r.getBitMask();
}
}
if (reasonBits != 0) {
- BitArray ba = new BitArray(8, new byte[] { reasonBits }
- );
+ BitArray ba = new BitArray(8, new byte[] { reasonBits });
crlDP.setReasons(ba);
}
@@ -358,24 +372,29 @@ public class CRLDistributionPointsExt extends APolicyRule
if (nType == null) {
String err = "Unknown name type: " + params.issuerType;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.issuerType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CA_UNKNOWN_NAME_TYPE", params.issuerType));
throw new EBaseException(err);
}
if (nType == NameType.DIRECTORY_NAME) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new X500Name(params.issuerName)));
+ gen.addElement(new GeneralName(new X500Name(
+ params.issuerName)));
crlDP.setCRLIssuer(gen);
} else if (nType == NameType.URI) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new URIName(params.issuerName)));
+ gen.addElement(new GeneralName(new URIName(
+ params.issuerName)));
crlDP.setCRLIssuer(gen);
} else {
String err = "Unknown name type: " + nType.toString();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE",
+ nType.toString()));
throw new EBaseException(err);
}
}
@@ -420,16 +439,16 @@ public class CRLDistributionPointsExt extends APolicyRule
try {
// find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
// prepare the extensions data structure
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
// remove any previously computed version of the extension
@@ -444,15 +463,19 @@ public class CRLDistributionPointsExt extends APolicyRule
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
- e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME,
+ e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
- e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
- e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
}
}
@@ -471,7 +494,7 @@ public class CRLDistributionPointsExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
index 4490b25e..ac32550e 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -50,21 +49,20 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Certificate Policies.
- * Adds certificate policies extension.
+ * Certificate Policies. Adds certificate policies extension.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class CertificatePoliciesExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class CertificatePoliciesExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_CRITICAL = "critical";
protected static final String PROP_NUM_CERTPOLICIES = "numCertPolicies";
@@ -91,42 +89,46 @@ public class CertificatePoliciesExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.predicate=certType==ca
- * ca.Policy.rule.<ruleName>.implName=
- * ca.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.predicate=certType==ca
+ * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
- mEnabled = mConfig.getBoolean(
- IPolicyProcessor.PROP_ENABLE, false);
+ mEnabled = mConfig.getBoolean(IPolicyProcessor.PROP_ENABLE, false);
mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
- mNumCertPolicies = mConfig.getInteger(
- PROP_NUM_CERTPOLICIES, DEF_NUM_CERTPOLICIES);
+ mNumCertPolicies = mConfig.getInteger(PROP_NUM_CERTPOLICIES,
+ DEF_NUM_CERTPOLICIES);
if (mNumCertPolicies < 1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_ATTR_VALUE_2", NAME, ""));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_NUM_CERTPOLICIES,
- "value must be greater than or equal to 1"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_ATTR_VALUE_2", NAME, ""));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_NUM_CERTPOLICIES,
+ "value must be greater than or equal to 1"));
}
- // init Policy Mappings, check values if enabled.
+ // init Policy Mappings, check values if enabled.
mCertPolicies = new CertPolicy[mNumCertPolicies];
for (int i = 0; i < mNumCertPolicies; i++) {
String subtreeName = PROP_CERTPOLICY + i;
try {
- mCertPolicies[i] = new CertPolicy(subtreeName, mConfig, mEnabled);
+ mCertPolicies[i] = new CertPolicy(subtreeName, mConfig,
+ mEnabled);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, NAME + ": " +
- CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString()));
+ log(ILogger.LL_FAILURE,
+ NAME
+ + ": "
+ + CMS.getLogMessage(
+ "POLICY_ERROR_CREATE_CERT_POLICY",
+ e.toString()));
throw e;
}
}
@@ -137,22 +139,22 @@ public class CertificatePoliciesExt extends APolicyRule
Vector CertPolicies = new Vector();
for (int j = 0; j < mNumCertPolicies; j++) {
- CertPolicies.addElement(
- mCertPolicies[j].mCertificatePolicyInfo);
+ CertPolicies
+ .addElement(mCertPolicies[j].mCertificatePolicyInfo);
}
- mCertificatePoliciesExtension =
- new CertificatePoliciesExtension(mCritical, CertPolicies);
+ mCertificatePoliciesExtension = new CertificatePoliciesExtension(
+ mCritical, CertPolicies);
} catch (IOException e) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Error initializing " + NAME + " Error: " + e));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", "Error initializing " + NAME
+ + " Error: " + e));
}
}
- // form instance params
+ // form instance params
mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
- mInstanceParams.addElement(
- PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies);
+ mInstanceParams.addElement(PROP_NUM_CERTPOLICIES + "="
+ + mNumCertPolicies);
for (int i = 0; i < mNumCertPolicies; i++) {
mCertPolicies[i].getInstanceParams(mInstanceParams);
}
@@ -161,19 +163,18 @@ public class CertificatePoliciesExt extends APolicyRule
/**
* Applies the policy on the given Request.
* <p>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
// get certInfo from request.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
- return PolicyResult.REJECTED;
+ return PolicyResult.REJECTED;
}
for (int i = 0; i < ci.length; i++) {
@@ -189,13 +190,13 @@ public class CertificatePoliciesExt extends APolicyRule
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
if (extensions == null) {
extensions = new CertificateExtensions();
try {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} catch (Exception e) {
}
@@ -204,8 +205,9 @@ public class CertificatePoliciesExt extends APolicyRule
try {
extensions.delete(CertificatePoliciesExtension.NAME);
} catch (IOException e) {
- // this is the hack: for some reason, the key which is the name
- // of the policy has been converted into the OID
+ // this is the hack: for some reason, the key which is the
+ // name
+ // of the policy has been converted into the OID
try {
extensions.delete("2.5.29.32");
} catch (IOException ee) {
@@ -213,24 +215,33 @@ public class CertificatePoliciesExt extends APolicyRule
}
}
extensions.set(CertificatePoliciesExtension.NAME,
- mCertificatePoliciesExtension);
+ mCertificatePoliciesExtension);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
- e.toString()));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
+ e.toString()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"),
+ NAME);
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
- e.toString()));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
+ e.toString()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"),
+ NAME);
return PolicyResult.REJECTED;
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
- e.toString()));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
+ e.toString()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"),
+ NAME);
return PolicyResult.REJECTED;
}
return PolicyResult.ACCEPTED;
@@ -238,74 +249,82 @@ public class CertificatePoliciesExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
return mInstanceParams;
}
/**
- * Default config parameters.
- * To add more permitted or excluded subtrees,
- * increase the num to greater than 0 and more configuration params
- * will show up in the console.
+ * Default config parameters. To add more permitted or excluded subtrees,
+ * increase the num to greater than 0 and more configuration params will
+ * show up in the console.
*/
private static Vector mDefParams = new Vector();
static {
mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
- mDefParams.addElement(
- PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES);
+ mDefParams.addElement(PROP_NUM_CERTPOLICIES + "="
+ + DEF_NUM_CERTPOLICIES);
String certPolicy0Dot = PROP_CERTPOLICY + "0.";
- mDefParams.addElement(
- certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + "");
- mDefParams.addElement(
- certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + "");
- mDefParams.addElement(
- certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + "");
- mDefParams.addElement(
- certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + "");
- mDefParams.addElement(
- certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + "");
+ mDefParams.addElement(certPolicy0Dot
+ + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + "");
+ mDefParams.addElement(certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG
+ + "=" + "");
+ mDefParams.addElement(certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS
+ + "=" + "");
+ mDefParams.addElement(certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT
+ + "=" + "");
+ mDefParams.addElement(certPolicy0Dot + CertPolicy.PROP_CPS_URI + "="
+ + "");
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefParams;
}
public String[] getExtendedPluginInfo(Locale locale) {
Vector theparams = new Vector();
-
- theparams.addElement(PROP_CRITICAL + ";boolean;RFC 3280 recommendation: MUST be non-critical.");
- theparams.addElement(PROP_NUM_CERTPOLICIES + ";number; Number of certificate policies. The value must be greater than or equal to 1");
+
+ theparams.addElement(PROP_CRITICAL
+ + ";boolean;RFC 3280 recommendation: MUST be non-critical.");
+ theparams
+ .addElement(PROP_NUM_CERTPOLICIES
+ + ";number; Number of certificate policies. The value must be greater than or equal to 1");
for (int k = 0; k < 5; k++) {
String certPolicykDot = PROP_CERTPOLICY + k + ".";
- theparams.addElement(certPolicykDot +
- CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n");
- theparams.addElement(certPolicykDot +
- CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5");
- theparams.addElement(certPolicykDot +
- CertPolicy.PROP_NOTICE_REF_NUMS +
- ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5");
- theparams.addElement(certPolicykDot +
- CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5");
- theparams.addElement(certPolicykDot +
- CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5");
+ theparams
+ .addElement(certPolicykDot
+ + CertPolicy.PROP_POLICY_IDENTIFIER
+ + ";string,required;An object identifier in the form n.n.n.n");
+ theparams.addElement(certPolicykDot
+ + CertPolicy.PROP_NOTICE_REF_ORG
+ + ";string;See RFC 3280 sec 4.2.1.5");
+ theparams
+ .addElement(certPolicykDot
+ + CertPolicy.PROP_NOTICE_REF_NUMS
+ + ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5");
+ theparams.addElement(certPolicykDot
+ + CertPolicy.PROP_USER_NOTICE_TEXT
+ + ";string;See RFC 3280 sec 4.2.1.5");
+ theparams.addElement(certPolicykDot + CertPolicy.PROP_CPS_URI
+ + ";string;See RFC 3280 sec 4.2.1.5");
}
- theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-certificatepolicies");
- theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)");
+ theparams.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-certificatepolicies");
+ theparams
+ .addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)");
String[] params = new String[theparams.size()];
@@ -314,7 +333,6 @@ public class CertificatePoliciesExt extends APolicyRule
}
}
-
class CertPolicy {
protected static final String PROP_POLICY_IDENTIFIER = "policyId";
@@ -337,34 +355,35 @@ class CertPolicy {
/**
* forms policy map parameters.
+ *
* @param name name of this policy map, for example certPolicy0
* @param config parent's config from where we find this configuration.
* @param enabled whether policy was enabled.
*/
- protected CertPolicy(String name, IConfigStore config, boolean enabled)
- throws EBaseException {
+ protected CertPolicy(String name, IConfigStore config, boolean enabled)
+ throws EBaseException {
mName = name;
mConfig = config.getSubStore(mName);
mNameDot = mName + ".";
- if( mConfig == null ) {
- CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig is " +
- "null!" );
- throw new EBaseException( "mConfig is null" );
+ if (mConfig == null) {
+ CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig is "
+ + "null!");
+ throw new EBaseException("mConfig is null");
}
// if there's no configuration for this policy put it there.
if (mConfig.size() == 0) {
- config.putString(mNameDot + PROP_POLICY_IDENTIFIER, "");
- config.putString(mNameDot + PROP_NOTICE_REF_ORG, "");
- config.putString(mNameDot + PROP_NOTICE_REF_NUMS, "");
- config.putString(mNameDot + PROP_USER_NOTICE_TEXT, "");
- config.putString(mNameDot + PROP_CPS_URI, "");
+ config.putString(mNameDot + PROP_POLICY_IDENTIFIER, "");
+ config.putString(mNameDot + PROP_NOTICE_REF_ORG, "");
+ config.putString(mNameDot + PROP_NOTICE_REF_NUMS, "");
+ config.putString(mNameDot + PROP_USER_NOTICE_TEXT, "");
+ config.putString(mNameDot + PROP_CPS_URI, "");
mConfig = config.getSubStore(mName);
- if(mConfig == null || mConfig.size() == 0) {
- CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig " +
- "is null or empty!" );
- throw new EBaseException( "mConfig is null or empty" );
+ if (mConfig == null || mConfig.size() == 0) {
+ CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig "
+ + "is null or empty!");
+ throw new EBaseException("mConfig is null or empty");
}
}
@@ -376,71 +395,71 @@ class CertPolicy {
mCpsUri = mConfig.getString(PROP_CPS_URI, null);
// adjust for "" and console returning "null"
- if (mPolicyId != null &&
- (mPolicyId.length() == 0 ||
- mPolicyId.equals("null"))) {
+ if (mPolicyId != null
+ && (mPolicyId.length() == 0 || mPolicyId.equals("null"))) {
mPolicyId = null;
}
- if (mNoticeRefOrg != null &&
- (mNoticeRefOrg.length() == 0 ||
- mNoticeRefOrg.equals("null"))) {
+ if (mNoticeRefOrg != null
+ && (mNoticeRefOrg.length() == 0 || mNoticeRefOrg.equals("null"))) {
mNoticeRefOrg = null;
}
- if (mNoticeRefNums != null &&
- (mNoticeRefNums.length() == 0 ||
- mNoticeRefNums.equals("null"))) {
+ if (mNoticeRefNums != null
+ && (mNoticeRefNums.length() == 0 || mNoticeRefNums
+ .equals("null"))) {
mNoticeRefNums = null;
}
- if (mNoticeRefExplicitText != null &&
- (mNoticeRefExplicitText.length() == 0 ||
- mNoticeRefExplicitText.equals("null"))) {
+ if (mNoticeRefExplicitText != null
+ && (mNoticeRefExplicitText.length() == 0 || mNoticeRefExplicitText
+ .equals("null"))) {
mNoticeRefExplicitText = null;
}
- if (mCpsUri != null &&
- (mCpsUri.length() == 0 ||
- mCpsUri.equals("null"))) {
+ if (mCpsUri != null
+ && (mCpsUri.length() == 0 || mCpsUri.equals("null"))) {
mCpsUri = null;
}
// policy ids cannot be null if policy is enabled.
String msg = "value cannot be null.";
- if (mPolicyId == null && enabled)
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- mNameDot + PROP_POLICY_IDENTIFIER, msg));
+ if (mPolicyId == null && enabled)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", mNameDot
+ + PROP_POLICY_IDENTIFIER, msg));
msg = "NoticeReference is optional; If chosen to include, NoticeReference must at least has 'organization'";
- if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled)
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- mNameDot + PROP_NOTICE_REF_ORG, msg));
-
- // if a policy id is not null check that it is a valid OID.
+ if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", mNameDot
+ + PROP_NOTICE_REF_ORG, msg));
+
+ // if a policy id is not null check that it is a valid OID.
ObjectIdentifier policyId = null;
- if (mPolicyId != null)
- policyId = CMS.checkOID(
- mNameDot + PROP_POLICY_IDENTIFIER, mPolicyId);
-
- // if enabled, form CertificatePolicyInfo to be encoded in
- // extension. Policy ids should be all set.
+ if (mPolicyId != null)
+ policyId = CMS.checkOID(mNameDot + PROP_POLICY_IDENTIFIER,
+ mPolicyId);
+
+ // if enabled, form CertificatePolicyInfo to be encoded in
+ // extension. Policy ids should be all set.
if (enabled) {
- CMS.debug("CertPolicy: in CertPolicy");
+ CMS.debug("CertPolicy: in CertPolicy");
DisplayText displayText = null;
- if (mNoticeRefExplicitText != null &&
- !mNoticeRefExplicitText.equals(""))
- displayText = new DisplayText(DisplayText.tag_VisibleString, mNoticeRefExplicitText);
- // new DisplayText(DisplayText.tag_IA5String, mNoticeRefExplicitText);
+ if (mNoticeRefExplicitText != null
+ && !mNoticeRefExplicitText.equals(""))
+ displayText = new DisplayText(DisplayText.tag_VisibleString,
+ mNoticeRefExplicitText);
+ // new DisplayText(DisplayText.tag_IA5String,
+ // mNoticeRefExplicitText);
DisplayText orgName = null;
- if (mNoticeRefOrg != null &&
- !mNoticeRefOrg.equals(""))
- orgName =
- new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
- // new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
+ if (mNoticeRefOrg != null && !mNoticeRefOrg.equals(""))
+ orgName = new DisplayText(DisplayText.tag_VisibleString,
+ mNoticeRefOrg);
+ // new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
- int[] nums = new int[0];;
- if (mNoticeRefNums != null &&
- !mNoticeRefNums.equals("")) {
+ int[] nums = new int[0];
+ ;
+ if (mNoticeRefNums != null && !mNoticeRefNums.equals("")) {
// should add a method to NoticeReference to take a
// Vector...but let's do this for now
@@ -466,26 +485,27 @@ class CertPolicy {
CertificatePolicyId cpolicyId = null;
try {
- cpolicyId = new CertificatePolicyId(ObjectIdentifier.getObjectIdentifier(mPolicyId));
+ cpolicyId = new CertificatePolicyId(
+ ObjectIdentifier.getObjectIdentifier(mPolicyId));
} catch (Exception e) {
- throw new
- EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId));
}
PolicyQualifiers policyQualifiers = new PolicyQualifiers();
-
+
NoticeReference noticeReference = null;
-
+
if (orgName != null)
noticeReference = new NoticeReference(orgName, nums);
UserNotice userNotice = null;
if (displayText != null || noticeReference != null) {
- userNotice = new UserNotice (noticeReference, displayText);
-
- PolicyQualifierInfo policyQualifierInfo1 =
- new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice);
+ userNotice = new UserNotice(noticeReference, displayText);
+
+ PolicyQualifierInfo policyQualifierInfo1 = new PolicyQualifierInfo(
+ PolicyQualifierInfo.QT_UNOTICE, userNotice);
policyQualifiers.add(policyQualifierInfo1);
}
@@ -493,46 +513,48 @@ class CertPolicy {
CPSuri cpsUri = null;
if (mCpsUri != null && mCpsUri.length() > 0) {
- cpsUri = new CPSuri (mCpsUri);
- PolicyQualifierInfo policyQualifierInfo2 =
- new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri);
-
+ cpsUri = new CPSuri(mCpsUri);
+ PolicyQualifierInfo policyQualifierInfo2 = new PolicyQualifierInfo(
+ PolicyQualifierInfo.QT_CPS, cpsUri);
+
policyQualifiers.add(policyQualifierInfo2);
}
- if ((mNoticeRefOrg == null || mNoticeRefOrg.equals("")) &&
- (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) &&
- (mCpsUri == null || mCpsUri.equals(""))) {
- CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg);
- CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText);
- CMS.debug("CertPolicy mCpsUri = "+mCpsUri);
+ if ((mNoticeRefOrg == null || mNoticeRefOrg.equals(""))
+ && (mNoticeRefExplicitText == null || mNoticeRefExplicitText
+ .equals(""))
+ && (mCpsUri == null || mCpsUri.equals(""))) {
+ CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg);
+ CMS.debug("CertPolicy mNoticeRefExplicitText = "
+ + mNoticeRefExplicitText);
+ CMS.debug("CertPolicy mCpsUri = " + mCpsUri);
mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId);
} else {
- CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg);
- CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText);
- CMS.debug("CertPolicy mCpsUri = "+mCpsUri);
- mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId, policyQualifiers);
+ CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg);
+ CMS.debug("CertPolicy mNoticeRefExplicitText = "
+ + mNoticeRefExplicitText);
+ CMS.debug("CertPolicy mCpsUri = " + mCpsUri);
+ mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId,
+ policyQualifiers);
}
}
}
protected void getInstanceParams(Vector instanceParams) {
- instanceParams.addElement(
- mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" :
- mPolicyId));
- instanceParams.addElement(
- mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" :
- mNoticeRefOrg));
- instanceParams.addElement(
- mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" :
- mNoticeRefNums));
- instanceParams.addElement(
- mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" :
- mNoticeRefExplicitText));
- instanceParams.addElement(
- mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" :
- mCpsUri));
+ instanceParams.addElement(mNameDot + PROP_POLICY_IDENTIFIER + "="
+ + (mPolicyId == null ? "" : mPolicyId));
+ instanceParams.addElement(mNameDot + PROP_NOTICE_REF_ORG + "="
+ + (mNoticeRefOrg == null ? "" : mNoticeRefOrg));
+ instanceParams.addElement(mNameDot + PROP_NOTICE_REF_NUMS + "="
+ + (mNoticeRefNums == null ? "" : mNoticeRefNums));
+ instanceParams
+ .addElement(mNameDot
+ + PROP_USER_NOTICE_TEXT
+ + "="
+ + (mNoticeRefExplicitText == null ? ""
+ : mNoticeRefExplicitText));
+ instanceParams.addElement(mNameDot + PROP_CPS_URI + "="
+ + (mCpsUri == null ? "" : mCpsUri));
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
index c5a24d63..bb665d9e 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Date;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* Certificate Renewal Window Extension Policy
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class CertificateRenewalWindowExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class CertificateRenewalWindowExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_END_TIME = "relativeEndTime";
protected static final String PROP_BEGIN_TIME = "relativeBeginTime";
@@ -64,9 +63,8 @@ public class CertificateRenewalWindowExt extends APolicyRule
protected String mEndTime;
/**
- * Adds the Netscape comment in the end-entity certificates or
- * CA certificates. The policy is set to be non-critical with the
- * provided OID.
+ * Adds the Netscape comment in the end-entity certificates or CA
+ * certificates. The policy is set to be non-critical with the provided OID.
*/
public CertificateRenewalWindowExt() {
NAME = "CertificateRenewalWindowExt";
@@ -75,11 +73,11 @@ public class CertificateRenewalWindowExt extends APolicyRule
/**
* Initializes this policy rule.
- *
- * @param config The config store reference
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mCritical = config.getBoolean(PROP_CRITICAL, false);
mBeginTime = config.getString(PROP_BEGIN_TIME, null);
mEndTime = config.getString(PROP_END_TIME, null);
@@ -89,16 +87,15 @@ public class CertificateRenewalWindowExt extends APolicyRule
/**
* Applies the policy on the given Request.
* <p>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
// get cert info.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -119,8 +116,8 @@ public class CertificateRenewalWindowExt extends APolicyRule
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (IOException e) {
} catch (CertificateException e) {
}
@@ -128,8 +125,8 @@ public class CertificateRenewalWindowExt extends APolicyRule
if (extensions == null) {
extensions = new CertificateExtensions();
try {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} catch (Exception e) {
}
@@ -137,10 +134,10 @@ public class CertificateRenewalWindowExt extends APolicyRule
// remove any previously computed version of the extension
try {
extensions.delete(CertificateRenewalWindowExtension.NAME);
-
+
} catch (IOException e) {
// this is the hack: for some reason, the key which is the name
- // of the policy has been converted into the OID
+ // of the policy has been converted into the OID
try {
extensions.delete("2.16.840.1.113730.1.15");
} catch (IOException ee) {
@@ -153,23 +150,21 @@ public class CertificateRenewalWindowExt extends APolicyRule
CertificateRenewalWindowExtension crwExt = null;
if (mEndTime == null || mEndTime.equals("")) {
- crwExt = new CertificateRenewalWindowExtension(
- mCritical,
- getDateValue(now, mBeginTime),
- null);
+ crwExt = new CertificateRenewalWindowExtension(mCritical,
+ getDateValue(now, mBeginTime), null);
} else {
- crwExt = new CertificateRenewalWindowExtension(
- mCritical,
- getDateValue(now, mBeginTime),
- getDateValue(now, mEndTime));
+ crwExt = new CertificateRenewalWindowExtension(mCritical,
+ getDateValue(now, mBeginTime), getDateValue(now,
+ mEndTime));
}
- extensions.set(CertificateRenewalWindowExtension.NAME,
- crwExt);
+ extensions.set(CertificateRenewalWindowExtension.NAME, crwExt);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"),
+ NAME);
return PolicyResult.REJECTED;
}
return PolicyResult.ACCEPTED;
@@ -179,20 +174,18 @@ public class CertificateRenewalWindowExt extends APolicyRule
long time;
if (s.endsWith("s")) {
- time = 1000 * Long.parseLong(s.substring(0,
- s.length() - 1));
+ time = 1000 * Long.parseLong(s.substring(0, s.length() - 1));
} else if (s.endsWith("m")) {
- time = 60 * 1000 * Long.parseLong(s.substring(0,
- s.length() - 1));
+ time = 60 * 1000 * Long.parseLong(s.substring(0, s.length() - 1));
} else if (s.endsWith("h")) {
- time = 60 * 60 * 1000 * Long.parseLong(s.substring(0,
- s.length() - 1));
+ time = 60 * 60 * 1000 * Long.parseLong(s.substring(0,
+ s.length() - 1));
} else if (s.endsWith("D")) {
- time = 24 * 60 * 60 * 1000 * Long.parseLong(
- s.substring(0, s.length() - 1));
+ time = 24 * 60 * 60 * 1000
+ * Long.parseLong(s.substring(0, s.length() - 1));
} else if (s.endsWith("M")) {
- time = 30 * 60 * 60 * 1000 * Long.parseLong(
- s.substring(0, s.length() - 1));
+ time = 30 * 60 * 60 * 1000
+ * Long.parseLong(s.substring(0, s.length() - 1));
} else {
time = 1000 * Long.parseLong(s);
}
@@ -202,14 +195,16 @@ public class CertificateRenewalWindowExt extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
- PROP_BEGIN_TIME + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
- PROP_END_TIME + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-certificaterenewalwindow",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds 'Certificate Renewal Window' extension. See manual"
- };
+ PROP_CRITICAL
+ + ";boolean;Netscape recommendation: non-critical.",
+ PROP_BEGIN_TIME
+ + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
+ PROP_END_TIME
+ + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-certificaterenewalwindow",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds 'Certificate Renewal Window' extension. See manual" };
return params;
@@ -217,10 +212,10 @@ public class CertificateRenewalWindowExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
params.addElement(PROP_CRITICAL + "=" + mCritical);
@@ -239,10 +234,10 @@ public class CertificateRenewalWindowExt extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
defParams.addElement(PROP_CRITICAL + "=false");
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
index e6cbddf6..a1721229 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -43,31 +42,26 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Certificate Scope Of Use extension policy. This extension
- * is defined in draft-thayes-cert-scope-00.txt
+ * Certificate Scope Of Use extension policy. This extension is defined in
+ * draft-thayes-cert-scope-00.txt
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class CertificateScopeOfUseExt extends APolicyRule implements
+public class CertificateScopeOfUseExt extends APolicyRule implements
IEnrollmentPolicy, IExtendedPluginInfo {
- protected static final String PROP_CRITICAL =
- "critical";
- protected static final String PROP_ENTRY =
- "entry";
- protected static final String PROP_NAME =
- "name";
- protected static final String PROP_NAME_TYPE =
- "name_type";
- protected static final String PROP_PORT_NUMBER =
- "port_number";
+ protected static final String PROP_CRITICAL = "critical";
+ protected static final String PROP_ENTRY = "entry";
+ protected static final String PROP_NAME = "name";
+ protected static final String PROP_NAME_TYPE = "name_type";
+ protected static final String PROP_PORT_NUMBER = "port_number";
public static final int MAX_ENTRY = 5;
@@ -81,17 +75,22 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
public String[] getExtendedPluginInfo(Locale locale) {
Vector v = new Vector();
- v.addElement(PROP_CRITICAL +
- ";boolean; This extension may be either critical or non-critical.");
- v.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-certificatescopeofuse");
- v.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Adds Certificate Scope of Use Extension.");
+ v.addElement(PROP_CRITICAL
+ + ";boolean; This extension may be either critical or non-critical.");
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-certificatescopeofuse");
+ v.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Certificate Scope of Use Extension.");
for (int i = 0; i < MAX_ENTRY; i++) {
- v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
- v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME_TYPE + ";" + IGeneralNameUtil.GENNAME_CHOICE_INFO);
- v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_PORT_NUMBER + ";string;" + "The port number (optional).");
+ v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME
+ + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
+ v.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME_TYPE + ";"
+ + IGeneralNameUtil.GENNAME_CHOICE_INFO);
+ v.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_PORT_NUMBER + ";string;"
+ + "The port number (optional).");
}
return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
}
@@ -99,17 +98,17 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
- * ca.Policy.rule.<ruleName>.enable=true
- * ca.Policy.rule.<ruleName>.predicate=
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
+ * ca.Policy.rule.<ruleName>.enable=true
+ * ca.Policy.rule.<ruleName>.predicate=
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
}
@@ -124,8 +123,8 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
//
for (int i = 0;; i++) {
// get port number (optional)
- String port = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) + "_" + PROP_PORT_NUMBER, null);
+ String port = mConfig.getString(PROP_ENTRY + Integer.toString(i)
+ + "_" + PROP_PORT_NUMBER, null);
BigInt portNumber = null;
if (port != null && !port.equals("")) {
@@ -137,12 +136,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
// TAG ::= uriName | dirName
// VALUE ::= [value defined by TAG]
//
- String name_type = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_NAME_TYPE, null);
- String name = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_NAME, null);
+ String name_type = mConfig.getString(
+ PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME_TYPE,
+ null);
+ String name = mConfig.getString(PROP_ENTRY + Integer.toString(i)
+ + "_" + PROP_NAME, null);
if (name == null || name.equals(""))
break;
@@ -154,10 +152,10 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
}
/**
- * If this policy is enabled, add the authority information
- * access extension to the certificate.
+ * If this policy is enabled, add the authority information access extension
+ * to the certificate.
* <P>
- *
+ *
* @param req The request on which to apply policy.
* @return The policy result object.
*/
@@ -165,11 +163,10 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
PolicyResult res = PolicyResult.ACCEPTED;
X509CertInfo certInfo;
- X509CertInfo[] ci = req.getExtDataInCertInfoArray(
- IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -177,64 +174,73 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
certInfo = ci[j];
if (certInfo == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Configuration Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Configuration Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
try {
// Find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
// add access descriptions
Vector entries = getScopeEntries();
if (entries.size() == 0) {
return res;
- }
-
+ }
+
if (extensions == null) {
// create extension if not exist
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
// check to see if AIA is already exist
try {
extensions.delete(CertificateScopeOfUseExtension.NAME);
- log(ILogger.LL_INFO, "Previous extension deleted: " + CertificateScopeOfUseExtension.NAME);
+ log(ILogger.LL_INFO, "Previous extension deleted: "
+ + CertificateScopeOfUseExtension.NAME);
} catch (IOException ex) {
}
}
// Create the extension
- CertificateScopeOfUseExtension suExt = new
- CertificateScopeOfUseExtension(mConfig.getBoolean(
- PROP_CRITICAL, false), entries);
+ CertificateScopeOfUseExtension suExt = new CertificateScopeOfUseExtension(
+ mConfig.getBoolean(PROP_CRITICAL, false), entries);
extensions.set(CertificateScopeOfUseExtension.NAME, suExt);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED; // unrecoverable error.
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- "Configuration Info Error encountered: " +
- e.getMessage());
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Configuration Info Error");
+ log(ILogger.LL_FAILURE,
+ "Configuration Info Error encountered: "
+ + e.getMessage());
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Configuration Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
}
@@ -244,15 +250,15 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
try {
- params.addElement(PROP_CRITICAL + "=" +
- mConfig.getBoolean(PROP_CRITICAL, false));
+ params.addElement(PROP_CRITICAL + "="
+ + mConfig.getBoolean(PROP_CRITICAL, false));
} catch (EBaseException e) {
}
@@ -260,50 +266,44 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
String name_type = null;
try {
- name_type = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) + "_" + PROP_NAME_TYPE,
- null);
+ name_type = mConfig.getString(PROP_ENTRY + Integer.toString(i)
+ + "_" + PROP_NAME_TYPE, null);
} catch (EBaseException e) {
}
if (name_type == null)
break;
- params.addElement(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_NAME_TYPE + "=" + name_type);
+ params.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME_TYPE + "=" + name_type);
String name = null;
try {
- name = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) + "_" + PROP_NAME,
- null);
+ name = mConfig.getString(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME, null);
} catch (EBaseException e) {
}
if (name == null)
break;
- params.addElement(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_NAME + "=" + name);
+ params.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME + "=" + name);
String port = null;
try {
- port = mConfig.getString(PROP_ENTRY +
- Integer.toString(i) + "_" + PROP_PORT_NUMBER,
- "");
+ port = mConfig.getString(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_PORT_NUMBER, "");
} catch (EBaseException e) {
}
- params.addElement(PROP_ENTRY +
- Integer.toString(i) +
- "_" + PROP_PORT_NUMBER + "=" + port);
+ params.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_PORT_NUMBER + "=" + port);
}
return params;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
defParams.addElement(PROP_CRITICAL + "=false");
@@ -314,14 +314,13 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
// the CMS.cfg
//
for (int i = 0; i < MAX_ENTRY; i++) {
- defParams.addElement(PROP_ENTRY + Integer.toString(i) +
- "_" + PROP_NAME_TYPE + "=");
- defParams.addElement(PROP_ENTRY + Integer.toString(i) +
- "_" + PROP_NAME + "=");
- defParams.addElement(PROP_ENTRY + Integer.toString(i) +
- "_" + PROP_PORT_NUMBER + "=");
+ defParams.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME_TYPE + "=");
+ defParams.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_NAME + "=");
+ defParams.addElement(PROP_ENTRY + Integer.toString(i) + "_"
+ + PROP_PORT_NUMBER + "=");
}
return defParams;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
index b5c4176d..660c0026 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* This implements the extended key usage extension.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class ExtendedKeyUsageExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class ExtendedKeyUsageExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
public static final String PROP_CRITICAL = "critical";
protected static final String PROP_PURPOSE_ID = "id";
protected static final String PROP_NUM_IDS = "numIds";
@@ -63,7 +62,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
private Vector mUsages = null;
private String[] mParams = null;
-
+
// PKIX specifies the that the extension SHOULD NOT be critical
public static final boolean DEFAULT_CRITICALITY = false;
@@ -81,7 +80,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
* Performs one-time initialization of the policy.
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
setExtendedPluginInfo();
setupParams();
@@ -98,8 +97,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
return PolicyResult.ACCEPTED;
}
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -118,16 +116,16 @@ public class ExtendedKeyUsageExt extends APolicyRule
public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
try {
// find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
// prepare the extensions data structure
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
try {
@@ -141,19 +139,22 @@ public class ExtendedKeyUsageExt extends APolicyRule
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
- e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
- e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
- e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
}
}
-
+
/**
* Returns instance specific parameters.
*/
@@ -172,16 +173,15 @@ public class ExtendedKeyUsageExt extends APolicyRule
for (int i = 0; i < numIds; i++) {
if (mUsages.size() <= i) {
- params.addElement(PROP_PURPOSE_ID +
- Integer.toString(i) + "=");
+ params.addElement(PROP_PURPOSE_ID + Integer.toString(i) + "=");
} else {
usage = ((ObjectIdentifier) mUsages.elementAt(i)).toString();
if (usage == null) {
- params.addElement(PROP_PURPOSE_ID +
- Integer.toString(i) + "=");
+ params.addElement(PROP_PURPOSE_ID + Integer.toString(i)
+ + "=");
} else {
- params.addElement(PROP_PURPOSE_ID +
- Integer.toString(i) + "=" + usage);
+ params.addElement(PROP_PURPOSE_ID + Integer.toString(i)
+ + "=" + usage);
}
}
}
@@ -199,18 +199,20 @@ public class ExtendedKeyUsageExt extends APolicyRule
}
}
for (int i = 0; i < mNum; i++) {
- v.addElement(PROP_PURPOSE_ID + Integer.toString(i) + ";string;" +
- "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99");
+ v.addElement(PROP_PURPOSE_ID
+ + Integer.toString(i)
+ + ";string;"
+ + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99");
}
v.addElement(PROP_NUM_IDS + ";number;The total number of policy IDs.");
- v.addElement(PROP_CRITICAL +
- ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical.");
- v.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-extendedkeyusage");
- v.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Adds Extended Key Usage Extension. Defined in RFC 2459 " +
- "(4.2.1.13)");
+ v.addElement(PROP_CRITICAL
+ + ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical.");
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-extendedkeyusage");
+ v.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Extended Key Usage Extension. Defined in RFC 2459 "
+ + "(4.2.1.13)");
mParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
}
@@ -221,7 +223,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
}
return mParams;
}
-
+
/**
* Returns default parameters.
*/
@@ -235,44 +237,48 @@ public class ExtendedKeyUsageExt extends APolicyRule
}
return defParams;
}
-
+
/**
* Setups parameters.
*/
private void setupParams() throws EBaseException {
-
+
mCritical = mConfig.getBoolean(PROP_CRITICAL, false);
if (mUsages == null) {
mUsages = new Vector();
}
-
+
int mNum = mConfig.getInteger(PROP_NUM_IDS, MAX_PURPOSE_ID);
for (int i = 0; i < mNum; i++) {
ObjectIdentifier usageOID = null;
-
- String usage = mConfig.getString(PROP_PURPOSE_ID +
- Integer.toString(i), null);
+
+ String usage = mConfig.getString(
+ PROP_PURPOSE_ID + Integer.toString(i), null);
try {
-
- if (usage == null) break;
+
+ if (usage == null)
+ break;
usage = usage.trim();
- if (usage.equals("")) break;
+ if (usage.equals(""))
+ break;
if (usage.equalsIgnoreCase("ocspsigning")) {
- usageOID = ObjectIdentifier.getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning);
+ usageOID = ObjectIdentifier
+ .getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning);
} else if (usage.equalsIgnoreCase("codesigning")) {
- usageOID = ObjectIdentifier.getObjectIdentifier(ExtendedKeyUsageExtension.OID_CODESigning);
+ usageOID = ObjectIdentifier
+ .getObjectIdentifier(ExtendedKeyUsageExtension.OID_CODESigning);
} else {
// it could be an object identifier, test it
usageOID = ObjectIdentifier.getObjectIdentifier(usage);
}
} catch (IOException ex) {
- throw new EBaseException(this.getClass().getName() + ":" +
- ex.getMessage());
+ throw new EBaseException(this.getClass().getName() + ":"
+ + ex.getMessage());
} catch (NumberFormatException ex) {
- throw new EBaseException(this.getClass().getName() + ":" +
- "OID '" + usage + "' format error");
+ throw new EBaseException(this.getClass().getName() + ":"
+ + "OID '" + usage + "' format error");
}
mUsages.addElement(usageOID);
}
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
index 47e3de0c..0ce9362a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
@@ -46,12 +45,10 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Private Integer extension policy.
- * If this policy is enabled, it adds an Private Integer
- * extension to the certificate.
- *
+ * Private Integer extension policy. If this policy is enabled, it adds an
+ * Private Integer extension to the certificate.
+ *
* The following listed sample configuration parameters:
*
* ca.Policy.impl.privateInteger.class=com.netscape.certsrv.policy.genericASNExt
@@ -78,101 +75,242 @@ import com.netscape.cms.policy.APolicyRule;
* ca.Policy.rule.genericASNExt.implName=genericASNExt
* ca.Policy.rule.genericASNExt.predicate=
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class GenericASN1Ext extends APolicyRule implements
- IEnrollmentPolicy, IExtendedPluginInfo {
+public class GenericASN1Ext extends APolicyRule implements IEnrollmentPolicy,
+ IExtendedPluginInfo {
protected static final int MAX_ATTR = 10;
- protected static final String PROP_CRITICAL =
- "critical";
- protected static final String PROP_NAME =
- "name";
- protected static final String PROP_OID =
- "oid";
- protected static final String PROP_PATTERN =
- "pattern";
- protected static final String PROP_ATTRIBUTE =
- "attribute";
- protected static final String PROP_TYPE =
- "type";
- protected static final String PROP_SOURCE =
- "source";
- protected static final String PROP_VALUE =
- "value";
- protected static final String PROP_PREDICATE =
- "predicate";
-
- protected static final String PROP_ENABLE =
- "enable";
+ protected static final String PROP_CRITICAL = "critical";
+ protected static final String PROP_NAME = "name";
+ protected static final String PROP_OID = "oid";
+ protected static final String PROP_PATTERN = "pattern";
+ protected static final String PROP_ATTRIBUTE = "attribute";
+ protected static final String PROP_TYPE = "type";
+ protected static final String PROP_SOURCE = "source";
+ protected static final String PROP_VALUE = "value";
+ protected static final String PROP_PREDICATE = "predicate";
+
+ protected static final String PROP_ENABLE = "enable";
public IConfigStore mConfig = null;
private String pattern = null;
-
+
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
"enable" + ";boolean;Enable this policy",
"predicate" + ";string;",
PROP_CRITICAL + ";boolean;",
- PROP_NAME + ";string;Name for this extension.",
- PROP_OID + ";string;OID number for this extension. It should be unique.",
+ PROP_NAME + ";string;Name for this extension.",
+ PROP_OID
+ + ";string;OID number for this extension. It should be unique.",
PROP_PATTERN + ";string;Pattern for extension; {012}34",
// Attribute 0
- PROP_ATTRIBUTE + "." + "0" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "0" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "0" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ PROP_ATTRIBUTE
+ + "."
+ + "0"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "0"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "0"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
// Attribute 1
- PROP_ATTRIBUTE + "." + "1" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "1" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "1" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ PROP_ATTRIBUTE
+ + "."
+ + "1"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "1"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "1"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
// Attribute 2
- PROP_ATTRIBUTE + "." + "2" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "2" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "2" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ PROP_ATTRIBUTE
+ + "."
+ + "2"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "2"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "2"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
// Attribute 3
- PROP_ATTRIBUTE + "." + "3" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "3" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "3" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ PROP_ATTRIBUTE
+ + "."
+ + "3"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "3"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "3"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
// Attribute 4
- PROP_ATTRIBUTE + "." + "4" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "4" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "4" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ PROP_ATTRIBUTE
+ + "."
+ + "4"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "4"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "4"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
// Attribute 5
- PROP_ATTRIBUTE + "." + "5" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "5" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "5" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ PROP_ATTRIBUTE
+ + "."
+ + "5"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "5"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "5"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
// Attribute 6
- PROP_ATTRIBUTE + "." + "6" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "6" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "6" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ PROP_ATTRIBUTE
+ + "."
+ + "6"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "6"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "6"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
// Attribute 7
- PROP_ATTRIBUTE + "." + "7" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "7" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "7" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ PROP_ATTRIBUTE
+ + "."
+ + "7"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "7"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "7"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
// Attribute 8
- PROP_ATTRIBUTE + "." + "8" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "8" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "8" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ PROP_ATTRIBUTE
+ + "."
+ + "8"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "8"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "8"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
// Attribute 9
- PROP_ATTRIBUTE + "." + "9" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
- PROP_ATTRIBUTE + "." + "9" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
- PROP_ATTRIBUTE + "." + "9" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-genericasn1ext",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds Private extension based on ASN1. See manual"
- };
+ PROP_ATTRIBUTE
+ + "."
+ + "9"
+ + "."
+ + PROP_TYPE
+ + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
+ PROP_ATTRIBUTE
+ + "."
+ + "9"
+ + "."
+ + PROP_SOURCE
+ + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
+ PROP_ATTRIBUTE
+ + "."
+ + "9"
+ + "."
+ + PROP_VALUE
+ + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-genericasn1ext",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Private extension based on ASN1. See manual" };
return s;
}
-
+
public GenericASN1Ext() {
NAME = "GenericASN1Ext";
DESC = "Sets Generic extension for certificates";
@@ -181,17 +319,17 @@ public class GenericASN1Ext extends APolicyRule implements
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.implName=genericASNExt
- * ca.Policy.rule.<ruleName>.enable=true
- * ca.Policy.rule.<ruleName>.predicate=
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.implName=genericASNExt
+ * ca.Policy.rule.<ruleName>.enable=true
+ * ca.Policy.rule.<ruleName>.predicate=
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
if (mConfig == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
@@ -202,33 +340,33 @@ public class GenericASN1Ext extends APolicyRule implements
if (enable == false)
return;
-
+
String oid = mConfig.getString(PROP_OID, null);
if ((oid == null) || (oid.length() == 0)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
return;
}
-
+
String name = mConfig.getString(PROP_NAME, null);
if ((name == null) || (name.length() == 0)) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
return;
}
-
+
try {
if (File.separatorChar == '\\') {
pattern = mConfig.getString(PROP_PATTERN, null);
checkFilename(0);
- }
+ }
} catch (IOException e) {
log(ILogger.LL_FAILURE, "" + e.toString());
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, "" + e.toString());
}
-
- // Check OID value
+
+ // Check OID value
CMS.checkOID(name, oid);
pattern = mConfig.getString(PROP_PATTERN, null);
checkOID(0);
@@ -237,18 +375,19 @@ public class GenericASN1Ext extends APolicyRule implements
ObjectIdentifier tmpid = new ObjectIdentifier(oid);
if (OIDMap.getName(tmpid) == null)
- OIDMap.addAttribute("netscape.security.extensions.GenericASN1Extension", oid, name);
+ OIDMap.addAttribute(
+ "netscape.security.extensions.GenericASN1Extension",
+ oid, name);
} catch (CertificateException e) {
log(ILogger.LL_FAILURE, "" + e.toString());
}
-
+
}
// Check filename
- private int checkFilename(int index)
- throws IOException, EBaseException {
+ private int checkFilename(int index) throws IOException, EBaseException {
String source = null;
-
+
while (index < pattern.length()) {
char ch = pattern.charAt(index);
@@ -262,28 +401,30 @@ public class GenericASN1Ext extends APolicyRule implements
return index;
default:
- source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null);
+ source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "."
+ + PROP_SOURCE, null);
if ((source != null) && (source.equalsIgnoreCase("file"))) {
- String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);
+ String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch
+ + "." + PROP_VALUE, null);
String nValue = oValue.replace('\\', '/');
- mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue);
+ mConfig.putString(PROP_ATTRIBUTE + "." + ch + "."
+ + PROP_VALUE, nValue);
FileInputStream fis = new FileInputStream(nValue);
fis.close();
- }
+ }
}
index++;
- }
+ }
return index;
}
// Check oid
- private int checkOID(int index)
- throws EBaseException {
+ private int checkOID(int index) throws EBaseException {
String type = null;
String oid = null;
-
+
while (index < pattern.length()) {
char ch = pattern.charAt(index);
@@ -297,23 +438,25 @@ public class GenericASN1Ext extends APolicyRule implements
return index;
default:
- type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null);
+ type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "."
+ + PROP_TYPE, null);
if ((type != null) && (type.equalsIgnoreCase("OID"))) {
- oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);
+ oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "."
+ + PROP_VALUE, null);
CMS.checkOID(oid, oid);
- }
+ }
}
index++;
- }
+ }
return index;
}
-
+
/**
- * If this policy is enabled, add the private Integer
- * information extension to the certificate.
+ * If this policy is enabled, add the private Integer information extension
+ * to the certificate.
* <P>
- *
+ *
* @param req The request on which to apply policy.
* @return The policy result object.
*/
@@ -321,9 +464,9 @@ public class GenericASN1Ext extends APolicyRule implements
PolicyResult res = PolicyResult.ACCEPTED;
X509CertInfo certInfo;
X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
+
if (ci == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -331,19 +474,24 @@ public class GenericASN1Ext extends APolicyRule implements
certInfo = ci[j];
if (certInfo == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", ""));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, "Configuration Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", ""));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Configuration Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
try {
// Find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions) certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
if (extensions == null) {
// create extension if not exist
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
@@ -358,35 +506,50 @@ public class GenericASN1Ext extends APolicyRule implements
// Create the extension
GenericASN1Extension priExt = mkExtension();
-
+
extensions.set(GenericASN1Extension.NAME, priExt);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED; // unrecoverable error.
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Configuration Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Configuration Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (ParseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Pattern parsing error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_EXTENSION_ERROR",
+ e.getMessage()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Pattern parsing error");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Unknown Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION",
+ e.getMessage()));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Unknown Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
}
@@ -396,8 +559,8 @@ public class GenericASN1Ext extends APolicyRule implements
/**
* Construct GenericASN1Extension with value from CMS.cfg
*/
- protected GenericASN1Extension mkExtension()
- throws IOException, EBaseException, ParseException {
+ protected GenericASN1Extension mkExtension() throws IOException,
+ EBaseException, ParseException {
GenericASN1Extension ext;
Hashtable h = new Hashtable();
@@ -413,41 +576,52 @@ public class GenericASN1Ext extends APolicyRule implements
String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE;
String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE;
String propvalue = PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE;
-
+
h.put(proptype, mConfig.getString(proptype, null));
h.put(propsource, mConfig.getString(propsource, null));
h.put(propvalue, mConfig.getString(propvalue, null));
}
ext = new GenericASN1Extension(h);
return ext;
- }
-
+ }
+
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
int idx = 0;
Vector params = new Vector();
try {
- params.addElement(PROP_CRITICAL + "=" + mConfig.getBoolean(PROP_CRITICAL, false));
- params.addElement(PROP_NAME + "=" + mConfig.getString(PROP_NAME, null));
- params.addElement(PROP_OID + "=" + mConfig.getString(PROP_OID, null));
- params.addElement(PROP_PATTERN + "=" + mConfig.getString(PROP_PATTERN, null));
-
+ params.addElement(PROP_CRITICAL + "="
+ + mConfig.getBoolean(PROP_CRITICAL, false));
+ params.addElement(PROP_NAME + "="
+ + mConfig.getString(PROP_NAME, null));
+ params.addElement(PROP_OID + "="
+ + mConfig.getString(PROP_OID, null));
+ params.addElement(PROP_PATTERN + "="
+ + mConfig.getString(PROP_PATTERN, null));
+
for (idx = 0; idx < MAX_ATTR; idx++) {
String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE;
- String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE;
- String propvalue = PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE;
-
- params.addElement(proptype + "=" + mConfig.getString(proptype, null));
- params.addElement(propsource + "=" + mConfig.getString(propsource, null));
- params.addElement(propvalue + "=" + mConfig.getString(propvalue, null));
+ String propsource = PROP_ATTRIBUTE + "." + idx + "."
+ + PROP_SOURCE;
+ String propvalue = PROP_ATTRIBUTE + "." + idx + "."
+ + PROP_VALUE;
+
+ params.addElement(proptype + "="
+ + mConfig.getString(proptype, null));
+ params.addElement(propsource + "="
+ + mConfig.getString(propsource, null));
+ params.addElement(propvalue + "="
+ + mConfig.getString(propvalue, null));
}
- params.addElement(PROP_PREDICATE + "=" + mConfig.getString(PROP_PREDICATE, null));
- } catch (EBaseException e) {;
+ params.addElement(PROP_PREDICATE + "="
+ + mConfig.getString(PROP_PREDICATE, null));
+ } catch (EBaseException e) {
+ ;
}
return params;
@@ -455,26 +629,28 @@ public class GenericASN1Ext extends APolicyRule implements
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
int idx = 0;
-
+
Vector defParams = new Vector();
defParams.addElement(PROP_CRITICAL + "=false");
defParams.addElement(PROP_NAME + "=");
defParams.addElement(PROP_OID + "=");
defParams.addElement(PROP_PATTERN + "=");
-
+
for (idx = 0; idx < MAX_ATTR; idx++) {
- defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE + "=");
- defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE + "=");
- defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE + "=");
+ defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE
+ + "=");
+ defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE
+ + "=");
+ defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE
+ + "=");
}
-
+
return defParams;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
index cc2751c0..bdf1701f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -41,23 +40,23 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* Issuer Alt Name Extension policy.
*
- * This extension is used to associate Internet-style identities
- * with the Certificate issuer.
+ * This extension is used to associate Internet-style identities with the
+ * Certificate issuer.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class IssuerAltNameExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class IssuerAltNameExt extends APolicyRule implements IEnrollmentPolicy,
+ IExtendedPluginInfo {
public static final String PROP_CRITICAL = "critical";
// PKIX specifies the that the extension SHOULD NOT be critical
@@ -69,15 +68,16 @@ public class IssuerAltNameExt extends APolicyRule
static {
defaultParams.addElement(PROP_CRITICAL + "=" + DEFAULT_CRITICALITY);
CMS.getGeneralNamesConfigDefaultParams(null, true, defaultParams);
-
+
Vector info = new Vector();
- info.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD NOT be marked critical.");
- info.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-issueraltname");
- info.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";This policy inserts the Issuer Alternative Name " +
- "Extension into the certificate. See RFC 2459 (4.2.1.8). ");
+ info.addElement(PROP_CRITICAL
+ + ";boolean;RFC 2459 recommendation: SHOULD NOT be marked critical.");
+ info.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-issueraltname");
+ info.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";This policy inserts the Issuer Alternative Name "
+ + "Extension into the certificate. See RFC 2459 (4.2.1.8). ");
CMS.getGeneralNamesConfigExtendedPluginInfo(null, true, info);
@@ -102,61 +102,60 @@ public class IssuerAltNameExt extends APolicyRule
/**
* Initializes this policy rule.
- * @param config The config store reference
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
// get criticality
mCritical = mConfig.getBoolean(PROP_CRITICAL, DEFAULT_CRITICALITY);
// get enabled.
- mEnabled = mConfig.getBoolean(
- IPolicyProcessor.PROP_ENABLE, false);
+ mEnabled = mConfig.getBoolean(IPolicyProcessor.PROP_ENABLE, false);
// form general names.
mGNs = CMS.createGeneralNamesConfig(null, config, true, mEnabled);
// form extension
try {
- if (mEnabled &&
- mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) {
- mExtension =
- new IssuerAlternativeNameExtension(
- Boolean.valueOf(mCritical), mGNs.getGeneralNames());
+ if (mEnabled && mGNs.getGeneralNames() != null
+ && !mGNs.getGeneralNames().isEmpty()) {
+ mExtension = new IssuerAlternativeNameExtension(
+ Boolean.valueOf(mCritical), mGNs.getGeneralNames());
}
} catch (Exception e) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
// init instance params
- mParams.addElement(PROP_CRITICAL + "=" + mCritical);
+ mParams.addElement(PROP_CRITICAL + "=" + mCritical);
mGNs.getInstanceParams(mParams);
return;
}
/**
- * Adds a extension if none exists.
- *
- * @param req The request on which to apply policy.
+ * Adds a extension if none exists.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
- if (mEnabled == false || mExtension == null)
+ if (mEnabled == false || mExtension == null)
return res;
- // get cert info.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ // get cert info.
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
X509CertInfo certInfo = null;
if (ci == null || (certInfo = ci[0]) == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -176,8 +175,8 @@ public class IssuerAltNameExt extends APolicyRule
try {
// get extension if any.
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (IOException e) {
// no extensions.
} catch (CertificateException e) {
@@ -187,8 +186,8 @@ public class IssuerAltNameExt extends APolicyRule
if (extensions == null) {
extensions = new CertificateExtensions();
try {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} catch (CertificateException e) {
// not possible
@@ -214,11 +213,13 @@ public class IssuerAltNameExt extends APolicyRule
try {
extensions.set(IssuerAlternativeNameExtension.NAME, mExtension);
} catch (Exception e) {
- if (e instanceof RuntimeException)
+ if (e instanceof RuntimeException)
throw (RuntimeException) e;
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
- setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT",
+ e.toString()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
return PolicyResult.REJECTED;
}
return PolicyResult.ACCEPTED;
@@ -226,21 +227,21 @@ public class IssuerAltNameExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return Empty Vector since this policy has no configuration parameters.
- * for this policy instance.
+ * for this policy instance.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
return mParams;
}
/**
* Return default parameters for a policy implementation.
- *
- * @return Empty Vector since this policy implementation has no
- * configuration parameters.
+ *
+ * @return Empty Vector since this policy implementation has no
+ * configuration parameters.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return defaultParams;
}
@@ -249,4 +250,3 @@ public class IssuerAltNameExt extends APolicyRule
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
index 4f7a72c4..b6311eaa 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -44,25 +43,24 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Policy to add Key Usage Extension.
- * Adds the key usage extension based on what's requested.
+ * Policy to add Key Usage Extension. Adds the key usage extension based on
+ * what's requested.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class KeyUsageExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class KeyUsageExt extends APolicyRule implements IEnrollmentPolicy,
+ IExtendedPluginInfo {
private final static String HTTP_INPUT = "HTTP_INPUT";
- protected static final boolean[] DEF_BITS =
- new boolean[KeyUsageExtension.NBITS];
+ protected static final boolean[] DEF_BITS = new boolean[KeyUsageExtension.NBITS];
protected int mCAPathLen = -1;
protected IConfigStore mConfig = null;
protected static final String PROP_CRITICAL = "critical";
@@ -97,35 +95,35 @@ public class KeyUsageExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.implName=KeyUsageExt
- * ca.Policy.rule.<ruleName>.enable=true
- * ca.Policy.rule.<ruleName>.
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.implName=KeyUsageExt
+ * ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
- ICertAuthority certAuthority = (ICertAuthority)
- ((IPolicyProcessor) owner).getAuthority();
+ ICertAuthority certAuthority = (ICertAuthority) ((IPolicyProcessor) owner)
+ .getAuthority();
if (certAuthority == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Cannot find the Certificate Manager or Registration Manager"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+ "Cannot find the Certificate Manager or Registration Manager"));
}
if (certAuthority instanceof ICertificateAuthority) {
CertificateChain caChain = certAuthority.getCACertChain();
X509Certificate caCert = null;
- // Note that in RA the chain could be null if CA was not up when
- // RA was started. In that case just set the length to -1 and let
- // CA reject if it does not allow any subordinate CA certs.
+ // Note that in RA the chain could be null if CA was not up when
+ // RA was started. In that case just set the length to -1 and let
+ // CA reject if it does not allow any subordinate CA certs.
if (caChain != null) {
caCert = caChain.getFirstCertificate();
mCAPathLen = caCert.getBasicConstraints();
@@ -133,10 +131,12 @@ public class KeyUsageExt extends APolicyRule
}
mCritical = mConfig.getBoolean(PROP_CRITICAL, true);
- mDigitalSignature = mConfig.getString(PROP_DIGITAL_SIGNATURE, HTTP_INPUT);
+ mDigitalSignature = mConfig.getString(PROP_DIGITAL_SIGNATURE,
+ HTTP_INPUT);
mNonRepudiation = mConfig.getString(PROP_NON_REPUDIATION, HTTP_INPUT);
mKeyEncipherment = mConfig.getString(PROP_KEY_ENCIPHERMENT, HTTP_INPUT);
- mDataEncipherment = mConfig.getString(PROP_DATA_ENCIPHERMENT, HTTP_INPUT);
+ mDataEncipherment = mConfig.getString(PROP_DATA_ENCIPHERMENT,
+ HTTP_INPUT);
mKeyAgreement = mConfig.getString(PROP_KEY_AGREEMENT, HTTP_INPUT);
mKeyCertsign = mConfig.getString(PROP_KEY_CERTSIGN, HTTP_INPUT);
mCrlSign = mConfig.getString(PROP_CRL_SIGN, HTTP_INPUT);
@@ -145,30 +145,28 @@ public class KeyUsageExt extends APolicyRule
}
/**
- * Adds the key usage extension if not set already.
- * (CRMF, agent, authentication (currently) or PKCS#10 (future)
- * or RA could have set the extension.)
- * If not set, set from http input parameters or use default if
+ * Adds the key usage extension if not set already. (CRMF, agent,
+ * authentication (currently) or PKCS#10 (future) or RA could have set the
+ * extension.) If not set, set from http input parameters or use default if
* no http input parameters are set.
*
- * Note: this allows any bits requested - does not check if user
- * authenticated is allowed to have a Key Usage Extension with
- * those bits. Unless the CA's certificate path length is 0, then
- * we do not allow CA sign or CRL sign bits in any request.
+ * Note: this allows any bits requested - does not check if user
+ * authenticated is allowed to have a Key Usage Extension with those bits.
+ * Unless the CA's certificate path length is 0, then we do not allow CA
+ * sign or CRL sign bits in any request.
*
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -183,31 +181,30 @@ public class KeyUsageExt extends APolicyRule
public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
try {
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
KeyUsageExtension ext = null;
if (extensions != null) {
try {
- ext = (KeyUsageExtension)
- extensions.get(KeyUsageExtension.NAME);
+ ext = (KeyUsageExtension) extensions
+ .get(KeyUsageExtension.NAME);
} catch (IOException e) {
// extension isn't there.
ext = null;
}
- // check if CA does not allow subordinate CA certs.
+ // check if CA does not allow subordinate CA certs.
// otherwise accept existing key usage extension.
if (ext != null) {
if (mCAPathLen == 0) {
boolean[] bits = ext.getBits();
- if ((bits.length > KeyUsageExtension.KEY_CERTSIGN_BIT &&
- bits[KeyUsageExtension.KEY_CERTSIGN_BIT] == true) ||
- (bits.length > KeyUsageExtension.CRL_SIGN_BIT &&
- bits[KeyUsageExtension.CRL_SIGN_BIT] == true)) {
- setError(req,
- CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"),
- NAME);
+ if ((bits.length > KeyUsageExtension.KEY_CERTSIGN_BIT && bits[KeyUsageExtension.KEY_CERTSIGN_BIT] == true)
+ || (bits.length > KeyUsageExtension.CRL_SIGN_BIT && bits[KeyUsageExtension.CRL_SIGN_BIT] == true)) {
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"),
+ NAME);
return PolicyResult.REJECTED;
}
}
@@ -216,8 +213,8 @@ public class KeyUsageExt extends APolicyRule
} else {
// create extensions set if none.
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
@@ -225,41 +222,45 @@ public class KeyUsageExt extends APolicyRule
boolean[] bits = new boolean[KeyUsageExtension.NBITS];
- bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature",
- mDigitalSignature, req);
- bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation",
- mNonRepudiation, req);
- bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment",
- mKeyEncipherment, req);
- bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment",
- mDataEncipherment, req);
- bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement",
- mKeyAgreement, req);
- bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign",
- mKeyCertsign, req);
- bits[KeyUsageExtension.CRL_SIGN_BIT] = getBit("crl_sign", mCrlSign, req);
+ bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit(
+ "digital_signature", mDigitalSignature, req);
+ bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit(
+ "non_repudiation", mNonRepudiation, req);
+ bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit(
+ "key_encipherment", mKeyEncipherment, req);
+ bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit(
+ "data_encipherment", mDataEncipherment, req);
+ bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement",
+ mKeyAgreement, req);
+ bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign",
+ mKeyCertsign, req);
+ bits[KeyUsageExtension.CRL_SIGN_BIT] = getBit("crl_sign", mCrlSign,
+ req);
bits[KeyUsageExtension.ENCIPHER_ONLY_BIT] = getBit("encipher_only",
- mEncipherOnly, req);
- bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only",
- mDecipherOnly, req);
-
- // don't allow no bits set or the extension does not
+ mEncipherOnly, req);
+ bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only",
+ mDecipherOnly, req);
+
+ // don't allow no bits set or the extension does not
// encode/decode properlly.
boolean bitset = false;
for (int i = 0; i < bits.length; i++) {
if (bits[i]) {
- bitset = true;
+ bitset = true;
break;
}
}
if (!bitset) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME));
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET"),
- NAME);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET"),
+ NAME);
return PolicyResult.REJECTED;
}
-
+
// create the extension.
try {
mKeyUsage = new KeyUsageExtension(mCritical, bits);
@@ -268,24 +269,28 @@ public class KeyUsageExt extends APolicyRule
extensions.set(KeyUsageExtension.NAME, mKeyUsage);
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
}
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
params.addElement(PROP_CRITICAL + "=" + mCritical);
@@ -317,32 +322,42 @@ public class KeyUsageExt extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD be critical",
- PROP_DIGITAL_SIGNATURE + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
- PROP_NON_REPUDIATION + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
- PROP_KEY_ENCIPHERMENT + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
- PROP_DATA_ENCIPHERMENT + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
- PROP_KEY_AGREEMENT + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
- PROP_KEY_CERTSIGN + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
- PROP_CRL_SIGN + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
- PROP_ENCIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
- PROP_DECIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-keyusage",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)"
-
- };
+ PROP_CRITICAL
+ + ";boolean;RFC 2459 recommendation: SHOULD be critical",
+ PROP_DIGITAL_SIGNATURE
+ + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
+ PROP_NON_REPUDIATION
+ + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
+ PROP_KEY_ENCIPHERMENT
+ + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
+ PROP_DATA_ENCIPHERMENT
+ + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
+ PROP_KEY_AGREEMENT
+ + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
+ PROP_KEY_CERTSIGN
+ + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
+ PROP_CRL_SIGN
+ + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
+ PROP_ENCIPHER_ONLY
+ + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
+ PROP_DECIPHER_ONLY
+ + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-keyusage",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)"
+
+ };
return params;
}
-
+
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefParams;
}
@@ -355,4 +370,3 @@ public class KeyUsageExt extends APolicyRule
return Boolean.valueOf(choice).booleanValue();
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
index 68f5d875..752581f9 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
@@ -45,21 +44,20 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Netscape comment
- * Adds Netscape comment policy
+ * Netscape comment Adds Netscape comment policy
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class NSCCommentExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class NSCCommentExt extends APolicyRule implements IEnrollmentPolicy,
+ IExtendedPluginInfo {
protected static final String PROP_USER_NOTICE_DISPLAY_TEXT = "displayText";
protected static final String PROP_COMMENT_FILE = "commentFile";
@@ -68,19 +66,18 @@ public class NSCCommentExt extends APolicyRule
protected static final String TEXT = "Text";
protected static final String FILE = "File";
- protected String mUserNoticeDisplayText;
- protected String mCommentFile;
- protected String mInputType;
+ protected String mUserNoticeDisplayText;
+ protected String mCommentFile;
+ protected String mInputType;
protected boolean mCritical;
private Vector mParams = new Vector();
- protected String tempCommentFile;
+ protected String tempCommentFile;
protected boolean certApplied = false;
/**
- * Adds the Netscape comment in the end-entity certificates or
- * CA certificates. The policy is set to be non-critical with the
- * provided OID.
+ * Adds the Netscape comment in the end-entity certificates or CA
+ * certificates. The policy is set to be non-critical with the provided OID.
*/
public NSCCommentExt() {
NAME = "NSCCommentExt";
@@ -91,16 +88,16 @@ public class NSCCommentExt extends APolicyRule
* Initializes this policy rule.
* <p>
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl
- * ca.Policy.rule.<ruleName>.displayText=<n>
- * ca.Policy.rule.<ruleName>.commentFile=<n>
- * ca.Policy.rule.<ruleName>.enable=false
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl
+ * ca.Policy.rule.<ruleName>.displayText=<n>
+ * ca.Policy.rule.<ruleName>.commentFile=<n>
+ * ca.Policy.rule.<ruleName>.enable=false
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
FileInputStream fileStream = null;
@@ -111,8 +108,10 @@ public class NSCCommentExt extends APolicyRule
mInputType = config.getString(PROP_INPUT_TYPE, null);
mParams.addElement(PROP_INPUT_TYPE + "=" + mInputType);
- mUserNoticeDisplayText = config.getString(PROP_USER_NOTICE_DISPLAY_TEXT, "");
- mParams.addElement(PROP_USER_NOTICE_DISPLAY_TEXT + "=" + mUserNoticeDisplayText);
+ mUserNoticeDisplayText = config.getString(
+ PROP_USER_NOTICE_DISPLAY_TEXT, "");
+ mParams.addElement(PROP_USER_NOTICE_DISPLAY_TEXT + "="
+ + mUserNoticeDisplayText);
tempCommentFile = config.getString(PROP_COMMENT_FILE, "");
@@ -138,29 +137,33 @@ public class NSCCommentExt extends APolicyRule
mParams.addElement(PROP_COMMENT_FILE + "=" + mCommentFile);
} catch (FileNotFoundException e) {
- Object[] params = {getInstanceName(), "File not found : " + tempCommentFile};
+ Object[] params = { getInstanceName(),
+ "File not found : " + tempCommentFile };
- throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"),
+ params);
} catch (Exception e) {
- Object[] params = {getInstanceName(), e.getMessage()};
+ Object[] params = { getInstanceName(), e.getMessage() };
- throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
+ throw new EPolicyException(
+ CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"),
+ params);
}
}
/**
* Applies the policy on the given Request.
* <p>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
// get cert info.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -182,8 +185,8 @@ public class NSCCommentExt extends APolicyRule
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (IOException e) {
} catch (CertificateException e) {
}
@@ -191,8 +194,8 @@ public class NSCCommentExt extends APolicyRule
if (extensions == null) {
extensions = new CertificateExtensions();
try {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} catch (Exception e) {
}
@@ -200,10 +203,10 @@ public class NSCCommentExt extends APolicyRule
// remove any previously computed version of the extension
try {
extensions.delete(NSCCommentExtension.NAME);
-
+
} catch (IOException e) {
// this is the hack: for some reason, the key which is the name
- // of the policy has been converted into the OID
+ // of the policy has been converted into the OID
try {
extensions.delete("2.16.840.1.113730.1.13");
} catch (IOException ee) {
@@ -211,10 +214,12 @@ public class NSCCommentExt extends APolicyRule
}
}
if (mInputType.equals("File")) {
- // if ((mUserNoticeDisplayText.equals("")) && !(mCommentFile.equals(""))) {
+ // if ((mUserNoticeDisplayText.equals("")) &&
+ // !(mCommentFile.equals(""))) {
try {
// Read the comments file
- BufferedReader fis = new BufferedReader(new FileReader(mCommentFile));
+ BufferedReader fis = new BufferedReader(new FileReader(
+ mCommentFile));
String line = null;
StringBuffer buffer = new StringBuffer();
@@ -224,10 +229,13 @@ public class NSCCommentExt extends APolicyRule
mUserNoticeDisplayText = new String(buffer);
fis.close();
} catch (IOException e) {
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, " Comment Text file not found : " + mCommentFile);
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, " Comment Text file not found : " + mCommentFile);
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString()));
+ CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND",
+ e.toString()));
return PolicyResult.REJECTED;
}
@@ -235,20 +243,22 @@ public class NSCCommentExt extends APolicyRule
}
certApplied = true;
-
- DisplayText displayText =
- new DisplayText(DisplayText.tag_IA5String, mUserNoticeDisplayText);
+
+ DisplayText displayText = new DisplayText(DisplayText.tag_IA5String,
+ mUserNoticeDisplayText);
try {
- NSCCommentExtension cpExt =
- new NSCCommentExtension(mCritical, mUserNoticeDisplayText);
+ NSCCommentExtension cpExt = new NSCCommentExtension(mCritical,
+ mUserNoticeDisplayText);
extensions.set(NSCCommentExtension.NAME, cpExt);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
- setError(req,
- CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"),
+ NAME);
return PolicyResult.REJECTED;
}
return PolicyResult.ACCEPTED;
@@ -256,19 +266,22 @@ public class NSCCommentExt extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
- PROP_INPUT_TYPE + ";choice(Text,File);Whether the comments " +
- "would be entered in the displayText field or come from " +
- "a file.",
- PROP_USER_NOTICE_DISPLAY_TEXT + ";string;The comment that may be " +
- "displayed to the user when the certificate is viewed.",
- PROP_COMMENT_FILE + ";string; If data source is 'File', specify " +
- "the file name with full path.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-nsccomment",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds 'netscape comment' extension. See manual"
- };
+ PROP_CRITICAL
+ + ";boolean;Netscape recommendation: non-critical.",
+ PROP_INPUT_TYPE
+ + ";choice(Text,File);Whether the comments "
+ + "would be entered in the displayText field or come from "
+ + "a file.",
+ PROP_USER_NOTICE_DISPLAY_TEXT
+ + ";string;The comment that may be "
+ + "displayed to the user when the certificate is viewed.",
+ PROP_COMMENT_FILE
+ + ";string; If data source is 'File', specify "
+ + "the file name with full path.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-nsccomment",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds 'netscape comment' extension. See manual" };
return params;
@@ -276,19 +289,19 @@ public class NSCCommentExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
return mParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
defParams.addElement(PROP_CRITICAL + "=false");
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
index 2ececcf9..f920b47b 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -46,45 +45,44 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * NS Cert Type policy.
- * Adds the ns cert type extension depending on cert type requested.
+ * NS Cert Type policy. Adds the ns cert type extension depending on cert type
+ * requested.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class NSCertTypeExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class NSCertTypeExt extends APolicyRule implements IEnrollmentPolicy,
+ IExtendedPluginInfo {
protected static final String PROP_SET_DEFAULT_BITS = "setDefaultBits";
protected static final boolean DEF_SET_DEFAULT_BITS = true;
- protected static final String DEF_SET_DEFAULT_BITS_VAL =
- Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString();
+ protected static final String DEF_SET_DEFAULT_BITS_VAL = Boolean.valueOf(
+ DEF_SET_DEFAULT_BITS).toString();
protected static final int DEF_PATHLEN = -1;
- protected static final boolean[] DEF_BITS =
- new boolean[NSCertTypeExtension.NBITS];
+ protected static final boolean[] DEF_BITS = new boolean[NSCertTypeExtension.NBITS];
- // XXX for future use. currenlty always allow.
+ // XXX for future use. currenlty always allow.
protected static final String PROP_AGENT_OVERR = "allowAgentOverride";
protected static final String PROP_EE_OVERR = "AllowEEOverride";
- // XXX for future use. currently always critical
- // (standard says SHOULD be marked critical if included.)
+ // XXX for future use. currently always critical
+ // (standard says SHOULD be marked critical if included.)
protected static final String PROP_CRITICAL = "critical";
- // XXX for future use to allow overrides from forms.
+ // XXX for future use to allow overrides from forms.
// request must be agent approved or authenticated.
protected boolean mAllowAgentOverride = false;
protected boolean mAllowEEOverride = false;
- // XXX for future use. currently always non-critical
+ // XXX for future use. currently always non-critical
protected boolean mCritical = false;
protected int mCAPathLen = -1;
@@ -112,25 +110,25 @@ public class NSCertTypeExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt
- * ra.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt
+ * ra.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
// XXX future use.
- //mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
- //mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
+ // mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
+ // mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
mCritical = config.getBoolean(PROP_CRITICAL, false);
- ICertAuthority certAuthority = (ICertAuthority)
- ((IPolicyProcessor) owner).getAuthority();
+ ICertAuthority certAuthority = (ICertAuthority) ((IPolicyProcessor) owner)
+ .getAuthority();
if (certAuthority instanceof ICertificateAuthority) {
CertificateChain caChain = certAuthority.getCACertChain();
@@ -141,35 +139,34 @@ public class NSCertTypeExt extends APolicyRule
// CA reject if it does not allow any subordinate CA certs.
if (caChain != null) {
caCert = caChain.getFirstCertificate();
- if (caCert != null)
+ if (caCert != null)
mCAPathLen = caCert.getBasicConstraints();
}
}
- mSetDefaultBits = mConfig.getBoolean(
- PROP_SET_DEFAULT_BITS, DEF_SET_DEFAULT_BITS);
+ mSetDefaultBits = mConfig.getBoolean(PROP_SET_DEFAULT_BITS,
+ DEF_SET_DEFAULT_BITS);
}
/**
- * Adds the ns cert type if not set already.
- * reads ns cert type choices from form. If no choices from form
- * will defaults to all.
+ * Adds the ns cert type if not set already. reads ns cert type choices from
+ * form. If no choices from form will defaults to all.
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
- CMS.debug("NSCertTypeExt: Impl: " + NAME + ", Instance: " + getInstanceName() + "::apply()");
+ CMS.debug("NSCertTypeExt: Impl: " + NAME + ", Instance: "
+ + getInstanceName() + "::apply()");
PolicyResult res = PolicyResult.ACCEPTED;
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
X509CertInfo certInfo = null;
if (ci == null || (certInfo = ci[0]) == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -184,30 +181,29 @@ public class NSCertTypeExt extends APolicyRule
public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
try {
- String certType =
- req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ String certType = req.getExtDataInString(IRequest.HTTP_PARAMS,
+ IRequest.CERT_TYPE);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
NSCertTypeExtension nsCertTypeExt = null;
if (extensions != null) {
// See if extension is already set and contains correct values.
try {
- nsCertTypeExt = (NSCertTypeExtension)
- extensions.get(NSCertTypeExtension.NAME);
+ nsCertTypeExt = (NSCertTypeExtension) extensions
+ .get(NSCertTypeExtension.NAME);
} catch (IOException e) {
// extension isn't there.
nsCertTypeExt = null;
}
// XXX agent servlet currently sets this. it should be
// delayed to here.
- if (nsCertTypeExt != null &&
- extensionIsGood(nsCertTypeExt, req)) {
- CMS.debug(
- "NSCertTypeExt: already has correct ns cert type ext");
+ if (nsCertTypeExt != null
+ && extensionIsGood(nsCertTypeExt, req)) {
+ CMS.debug("NSCertTypeExt: already has correct ns cert type ext");
return PolicyResult.ACCEPTED;
- } else if ((nsCertTypeExt != null) &&
- (certType.equals("ocspResponder"))) {
+ } else if ((nsCertTypeExt != null)
+ && (certType.equals("ocspResponder"))) {
// Fix for #528732 : Always delete
// this extension from OCSP signing cert
extensions.delete(NSCertTypeExtension.NAME);
@@ -216,12 +212,11 @@ public class NSCertTypeExt extends APolicyRule
} else {
// create extensions set if none.
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
- CMS.debug(
- "NSCertTypeExt: Created extensions for adding ns cert type..");
+ CMS.debug("NSCertTypeExt: Created extensions for adding ns cert type..");
}
}
// add ns cert type extension if not set or not set correctly.
@@ -229,13 +224,15 @@ public class NSCertTypeExt extends APolicyRule
bits = getBitsFromRequest(req, mSetDefaultBits);
- // check if ca doesn't allow any subordinate ca
- if (mCAPathLen == 0 && bits != null) {
- if (bits[NSCertTypeExtension.SSL_CA_BIT] ||
- bits[NSCertTypeExtension.EMAIL_CA_BIT] ||
- bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) {
- setError(req,
- CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME);
+ // check if ca doesn't allow any subordinate ca
+ if (mCAPathLen == 0 && bits != null) {
+ if (bits[NSCertTypeExtension.SSL_CA_BIT]
+ || bits[NSCertTypeExtension.EMAIL_CA_BIT]
+ || bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) {
+ setError(
+ req,
+ CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"),
+ NAME);
return PolicyResult.REJECTED;
}
}
@@ -249,11 +246,11 @@ public class NSCertTypeExt extends APolicyRule
int j;
for (j = 0; bits != null && j < bits.length; j++)
- if (bits[j]) break;
+ if (bits[j])
+ break;
if (bits == null || j == bits.length) {
if (!mSetDefaultBits) {
- CMS.debug(
- "NSCertTypeExt: no bits requested, not setting default.");
+ CMS.debug("NSCertTypeExt: no bits requested, not setting default.");
return PolicyResult.ACCEPTED;
} else
bits = DEF_BITS;
@@ -263,39 +260,40 @@ public class NSCertTypeExt extends APolicyRule
extensions.set(NSCertTypeExtension.NAME, nsCertTypeExt);
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
}
/**
- * check if ns cert type extension is set correctly,
- * correct bits if not.
- * if not authorized to set extension, bits will be replaced.
+ * check if ns cert type extension is set correctly, correct bits if not. if
+ * not authorized to set extension, bits will be replaced.
*/
- protected boolean extensionIsGood(
- NSCertTypeExtension nsCertTypeExt, IRequest req)
- throws IOException, CertificateException {
+ protected boolean extensionIsGood(NSCertTypeExtension nsCertTypeExt,
+ IRequest req) throws IOException, CertificateException {
// always return false for now to make sure minimum is set.
// agents and ee can add others.
- // must be agent approved or authenticated for allowing extensions
+ // must be agent approved or authenticated for allowing extensions
// which is always the case if we get to this point.
IAuthToken token = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
if (!agentApproved(req) && token == null) {
// don't know where this came from.
// set all bits to false to reset.
- CMS.debug(
- "NSCertTypeExt: unknown origin: setting ns cert type bits to false");
+ CMS.debug("NSCertTypeExt: unknown origin: setting ns cert type bits to false");
boolean[] bits = new boolean[8];
for (int i = bits.length - 1; i >= 0; i--) {
@@ -315,37 +313,37 @@ public class NSCertTypeExt extends APolicyRule
return true;
}
if (certType.equals(IRequest.CA_CERT)) {
- if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CA_BIT) &&
- !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) &&
- !nsCertTypeExt.isSet(
- NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) {
+ if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CA_BIT)
+ && !nsCertTypeExt
+ .isSet(NSCertTypeExtension.EMAIL_CA_BIT)
+ && !nsCertTypeExt
+ .isSet(NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) {
// min not set so set all.
- CMS.debug(
- "NSCertTypeExt: is extension good: no ca bits set. set all");
+ CMS.debug("NSCertTypeExt: is extension good: no ca bits set. set all");
- nsCertTypeExt.set(NSCertTypeExtension.SSL_CA,
- Boolean.valueOf(true));
+ nsCertTypeExt.set(NSCertTypeExtension.SSL_CA,
+ Boolean.valueOf(true));
nsCertTypeExt.set(NSCertTypeExtension.EMAIL_CA,
- Boolean.valueOf(true));
+ Boolean.valueOf(true));
nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING_CA,
- Boolean.valueOf(true));
+ Boolean.valueOf(true));
}
return true;
} else if (certType.equals(IRequest.CLIENT_CERT)) {
- if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CLIENT_BIT) &&
- !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) &&
- !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) &&
- !nsCertTypeExt.isSet(
- NSCertTypeExtension.OBJECT_SIGNING_BIT)) {
+ if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CLIENT_BIT)
+ && !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT)
+ && !nsCertTypeExt
+ .isSet(NSCertTypeExtension.SSL_SERVER_BIT)
+ && !nsCertTypeExt
+ .isSet(NSCertTypeExtension.OBJECT_SIGNING_BIT)) {
// min not set so set all.
- CMS.debug(
- "NSCertTypeExt: is extension good: no cl bits set. set all");
- nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT,
- new Boolean(true));
- nsCertTypeExt.set(NSCertTypeExtension.EMAIL,
- new Boolean(true));
+ CMS.debug("NSCertTypeExt: is extension good: no cl bits set. set all");
+ nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT,
+ new Boolean(true));
+ nsCertTypeExt.set(NSCertTypeExtension.EMAIL, new Boolean(
+ true));
nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING,
- new Boolean(true));
+ new Boolean(true));
}
return true;
} else if (certType.equals(IRequest.SERVER_CERT)) {
@@ -358,14 +356,13 @@ public class NSCertTypeExt extends APolicyRule
}
/**
- * Gets ns cert type bits from request.
- * If none set, use cert type to determine correct bits.
- * If no cert type, use default.
- */
+ * Gets ns cert type bits from request. If none set, use cert type to
+ * determine correct bits. If no cert type, use default.
+ */
protected boolean[] getBitsFromRequest(IRequest req, boolean setDefault) {
boolean[] bits = null;
-
+
CMS.debug("NSCertTypeExt: ns cert type getting ns cert type vars");
bits = getNSCertTypeBits(req);
if (bits == null && setDefault) {
@@ -388,34 +385,31 @@ public class NSCertTypeExt extends APolicyRule
boolean[] bits = new boolean[NSCertTypeExtension.NBITS];
bits[NSCertTypeExtension.SSL_CLIENT_BIT] =
- // XXX should change this to is ns cert type ssl_client defn.
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.SSL_CLIENT, false);
+ // XXX should change this to is ns cert type ssl_client defn.
+ req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
+ NSCertTypeExtension.SSL_CLIENT, false);
- bits[NSCertTypeExtension.SSL_SERVER_BIT] =
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.SSL_SERVER, false);
+ bits[NSCertTypeExtension.SSL_SERVER_BIT] = req.getExtDataInBoolean(
+ IRequest.HTTP_PARAMS, NSCertTypeExtension.SSL_SERVER, false);
bits[NSCertTypeExtension.EMAIL_BIT] =
- // XXX should change this to is ns cert type ssl_client defn.
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.EMAIL, false);
+ // XXX should change this to is ns cert type ssl_client defn.
+ req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
+ NSCertTypeExtension.EMAIL, false);
bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] =
- // XXX should change this to is ns cert type ssl_client defn.
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.OBJECT_SIGNING, false);
+ // XXX should change this to is ns cert type ssl_client defn.
+ req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
+ NSCertTypeExtension.OBJECT_SIGNING, false);
- bits[NSCertTypeExtension.SSL_CA_BIT] =
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.SSL_CA, false);
+ bits[NSCertTypeExtension.SSL_CA_BIT] = req.getExtDataInBoolean(
+ IRequest.HTTP_PARAMS, NSCertTypeExtension.SSL_CA, false);
- bits[NSCertTypeExtension.EMAIL_CA_BIT] =
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
- NSCertTypeExtension.EMAIL_CA, false);
+ bits[NSCertTypeExtension.EMAIL_CA_BIT] = req.getExtDataInBoolean(
+ IRequest.HTTP_PARAMS, NSCertTypeExtension.EMAIL_CA, false);
- bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT] =
- req.getExtDataInBoolean(IRequest.HTTP_PARAMS,
+ bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT] = req
+ .getExtDataInBoolean(IRequest.HTTP_PARAMS,
NSCertTypeExtension.OBJECT_SIGNING_CA, false);
// if nothing set, return null.
@@ -439,24 +433,24 @@ public class NSCertTypeExt extends APolicyRule
* get cert type bits according to cert type.
*/
protected boolean[] getCertTypeBits(IRequest req) {
- String certType =
- req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+ String certType = req.getExtDataInString(IRequest.HTTP_PARAMS,
+ IRequest.CERT_TYPE);
- if (certType == null || certType.length() == 0)
+ if (certType == null || certType.length() == 0)
return null;
boolean[] bits = new boolean[KeyUsageExtension.NBITS];
- for (int i = bits.length - 1; i >= 0; i--)
+ for (int i = bits.length - 1; i >= 0; i--)
bits[i] = false;
if (certType.equals(IRequest.CLIENT_CERT)) {
CMS.debug("NSCertTypeExt: setting bits for client cert");
- // we can only guess here when it's client.
+ // we can only guess here when it's client.
// sets all client bit for default.
bits[NSCertTypeExtension.SSL_CLIENT_BIT] = true;
bits[NSCertTypeExtension.EMAIL_BIT] = true;
- //bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true;
+ // bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true;
} else if (certType.equals(IRequest.SERVER_CERT)) {
CMS.debug("NSCertTypeExt: setting bits for server cert");
bits[NSCertTypeExtension.SSL_SERVER_BIT] = true;
@@ -477,9 +471,8 @@ public class NSCertTypeExt extends APolicyRule
}
/**
- * merge bits with those set from form.
- * make sure required minimum is set. Agent or auth can set others.
- * XXX form shouldn't set the extension
+ * merge bits with those set from form. make sure required minimum is set.
+ * Agent or auth can set others. XXX form shouldn't set the extension
*/
public void mergeBits(NSCertTypeExtension nsCertTypeExt, boolean[] bits) {
for (int i = bits.length - 1; i >= 0; i--) {
@@ -492,49 +485,47 @@ public class NSCertTypeExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
params.addElement(PROP_CRITICAL + "=" + mCritical);
params.addElement(PROP_SET_DEFAULT_BITS + "=" + mSetDefaultBits);
- //new Boolean(mSetDefaultBits).toString());
+ // new Boolean(mSetDefaultBits).toString());
return params;
}
private static Vector mDefParams = new Vector();
static {
- mDefParams.addElement(
- PROP_CRITICAL + "=false");
- mDefParams.addElement(
- PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS);
+ mDefParams.addElement(PROP_CRITICAL + "=false");
+ mDefParams.addElement(PROP_SET_DEFAULT_BITS + "="
+ + DEF_SET_DEFAULT_BITS);
}
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
- PROP_SET_DEFAULT_BITS + ";boolean;Specify whether to set the Netscape certificate " +
- "type extension with default bits ('ssl client' and 'email') in certificates " +
- "specified by the predicate " +
- "expression.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-nscerttype",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds Netscape Certificate Type extension."
- };
+ PROP_CRITICAL
+ + ";boolean;Netscape recommendation: non-critical.",
+ PROP_SET_DEFAULT_BITS
+ + ";boolean;Specify whether to set the Netscape certificate "
+ + "type extension with default bits ('ssl client' and 'email') in certificates "
+ + "specified by the predicate " + "expression.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-nscerttype",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Netscape Certificate Type extension." };
return params;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefParams;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
index 35106de4..fa3183ed 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -43,22 +42,21 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Name Constraints Extension Policy
- * Adds the name constraints extension to a (CA) certificate.
- * Filtering of CA certificates is done through predicates.
+ * Name Constraints Extension Policy Adds the name constraints extension to a
+ * (CA) certificate. Filtering of CA certificates is done through predicates.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class NameConstraintsExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class NameConstraintsExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_CRITICAL = "critical";
protected static final String PROP_NUM_PERMITTEDSUBTREES = "numPermittedSubtrees";
protected static final String PROP_NUM_EXCLUDEDSUBTREES = "numExcludedSubtrees";
@@ -90,69 +88,62 @@ public class NameConstraintsExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.predicate=certType==ca
- * ca.Policy.rule.<ruleName>.implName=
- * ca.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.predicate=certType==ca
+ * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
- // XXX should do do this ?
- // if CA does not allow subordinate CAs by way of basic constraints,
- // this policy always rejects
+ // XXX should do do this ?
+ // if CA does not allow subordinate CAs by way of basic constraints,
+ // this policy always rejects
/*****
- ICertAuthority certAuthority = (ICertAuthority)
- ((IPolicyProcessor)owner).getAuthority();
- if (certAuthority instanceof ICertificateAuthority) {
- CertificateChain caChain = certAuthority.getCACertChain();
- X509Certificate caCert = null;
- // Note that in RA the chain could be null if CA was not up when
- // RA was started. In that case just set the length to -1 and let
- // CA reject if it does not allow any subordinate CA certs.
- if (caChain != null) {
- caCert = caChain.getFirstCertificate();
- if (caCert != null)
- mCAPathLen = caCert.getBasicConstraints();
- }
- }
+ * ICertAuthority certAuthority = (ICertAuthority)
+ * ((IPolicyProcessor)owner).getAuthority(); if (certAuthority
+ * instanceof ICertificateAuthority) { CertificateChain caChain =
+ * certAuthority.getCACertChain(); X509Certificate caCert = null; //
+ * Note that in RA the chain could be null if CA was not up when // RA
+ * was started. In that case just set the length to -1 and let // CA
+ * reject if it does not allow any subordinate CA certs. if (caChain !=
+ * null) { caCert = caChain.getFirstCertificate(); if (caCert != null)
+ * mCAPathLen = caCert.getBasicConstraints(); } }
****/
- mEnabled = mConfig.getBoolean(
- IPolicyProcessor.PROP_ENABLE, false);
+ mEnabled = mConfig.getBoolean(IPolicyProcessor.PROP_ENABLE, false);
mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
- mNumPermittedSubtrees = mConfig.getInteger(
- PROP_NUM_PERMITTEDSUBTREES, DEF_NUM_PERMITTEDSUBTREES);
- mNumExcludedSubtrees = mConfig.getInteger(
- PROP_NUM_EXCLUDEDSUBTREES, DEF_NUM_EXCLUDEDSUBTREES);
+ mNumPermittedSubtrees = mConfig.getInteger(PROP_NUM_PERMITTEDSUBTREES,
+ DEF_NUM_PERMITTEDSUBTREES);
+ mNumExcludedSubtrees = mConfig.getInteger(PROP_NUM_EXCLUDEDSUBTREES,
+ DEF_NUM_EXCLUDEDSUBTREES);
if (mNumPermittedSubtrees < 0) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_NUM_PERMITTEDSUBTREES,
- "value must be greater than or equal to 0"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_NUM_PERMITTEDSUBTREES,
+ "value must be greater than or equal to 0"));
}
if (mNumExcludedSubtrees < 0) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_NUM_EXCLUDEDSUBTREES,
- "value must be greater than or equal to 0"));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_NUM_EXCLUDEDSUBTREES,
+ "value must be greater than or equal to 0"));
}
// init permitted subtrees if any.
if (mNumPermittedSubtrees > 0) {
- mPermittedSubtrees =
- form_subtrees(PROP_PERMITTEDSUBTREES, mNumPermittedSubtrees);
+ mPermittedSubtrees = form_subtrees(PROP_PERMITTEDSUBTREES,
+ mNumPermittedSubtrees);
CMS.debug("NameConstraintsExt: formed permitted subtrees");
}
// init excluded subtrees if any.
if (mNumExcludedSubtrees > 0) {
- mExcludedSubtrees =
- form_subtrees(PROP_EXCLUDEDSUBTREES, mNumExcludedSubtrees);
+ mExcludedSubtrees = form_subtrees(PROP_EXCLUDEDSUBTREES,
+ mNumExcludedSubtrees);
CMS.debug("NameConstraintsExt: formed excluded subtrees");
}
@@ -162,14 +153,14 @@ public class NameConstraintsExt extends APolicyRule
Vector permittedSubtrees = new Vector();
for (int i = 0; i < mNumPermittedSubtrees; i++) {
- permittedSubtrees.addElement(
- mPermittedSubtrees[i].mGeneralSubtree);
+ permittedSubtrees
+ .addElement(mPermittedSubtrees[i].mGeneralSubtree);
}
Vector excludedSubtrees = new Vector();
for (int j = 0; j < mNumExcludedSubtrees; j++) {
- excludedSubtrees.addElement(
- mExcludedSubtrees[j].mGeneralSubtree);
+ excludedSubtrees
+ .addElement(mExcludedSubtrees[j].mGeneralSubtree);
}
GeneralSubtrees psb = null;
@@ -181,44 +172,41 @@ public class NameConstraintsExt extends APolicyRule
if (excludedSubtrees.size() > 0) {
esb = new GeneralSubtrees(excludedSubtrees);
}
- mNameConstraintsExtension =
- new NameConstraintsExtension(mCritical,
- psb,
- esb);
- CMS.debug("NameConstraintsExt: formed Name Constraints Extension " +
- mNameConstraintsExtension);
+ mNameConstraintsExtension = new NameConstraintsExtension(
+ mCritical, psb, esb);
+ CMS.debug("NameConstraintsExt: formed Name Constraints Extension "
+ + mNameConstraintsExtension);
} catch (IOException e) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Error initializing Name Constraints Extension: " + e));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ "Error initializing Name Constraints Extension: " + e));
}
}
- // form instance params
+ // form instance params
mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
- mInstanceParams.addElement(
- PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees);
- mInstanceParams.addElement(
- PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees);
+ mInstanceParams.addElement(PROP_NUM_PERMITTEDSUBTREES + "="
+ + mNumPermittedSubtrees);
+ mInstanceParams.addElement(PROP_NUM_EXCLUDEDSUBTREES + "="
+ + mNumExcludedSubtrees);
if (mNumPermittedSubtrees > 0) {
- for (int i = 0; i < mPermittedSubtrees.length; i++)
+ for (int i = 0; i < mPermittedSubtrees.length; i++)
mPermittedSubtrees[i].getInstanceParams(mInstanceParams);
}
if (mNumExcludedSubtrees > 0) {
- for (int j = 0; j < mExcludedSubtrees.length; j++)
+ for (int j = 0; j < mExcludedSubtrees.length; j++)
mExcludedSubtrees[j].getInstanceParams(mInstanceParams);
}
}
- Subtree[] form_subtrees(String subtreesName, int numSubtrees)
- throws EBaseException {
+ Subtree[] form_subtrees(String subtreesName, int numSubtrees)
+ throws EBaseException {
Subtree[] subtrees = new Subtree[numSubtrees];
for (int i = 0; i < numSubtrees; i++) {
String subtreeName = subtreesName + i;
IConfigStore subtreeConfig = mConfig.getSubStore(subtreeName);
- Subtree subtree =
- new Subtree(subtreeName, subtreeConfig, mEnabled);
+ Subtree subtree = new Subtree(subtreeName, subtreeConfig, mEnabled);
subtrees[i] = subtree;
}
@@ -228,28 +216,27 @@ public class NameConstraintsExt extends APolicyRule
/**
* Adds Name Constraints Extension to a (CA) certificate.
*
- * If a Name constraints Extension is already there, accept it if
- * it's been approved by agent, else replace it.
- *
- * @param req The request on which to apply policy.
+ * If a Name constraints Extension is already there, accept it if it's been
+ * approved by agent, else replace it.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
- // if extension hasn't been properly configured reject requests until
+ // if extension hasn't been properly configured reject requests until
// it has been resolved (or disabled).
if (mNameConstraintsExtension == null) {
- //setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
- //return PolicyResult.REJECTED;
+ // setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
+ // return PolicyResult.REJECTED;
return PolicyResult.ACCEPTED;
}
// get certInfo from request.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
- return PolicyResult.REJECTED;
+ return PolicyResult.REJECTED;
}
for (int i = 0; i < ci.length; i++) {
@@ -268,80 +255,82 @@ public class NameConstraintsExt extends APolicyRule
// else ignore.
try {
NameConstraintsExtension nameConstraintsExt = null;
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
try {
if (extensions != null) {
- nameConstraintsExt = (NameConstraintsExtension)
- extensions.get(NameConstraintsExtension.NAME);
+ nameConstraintsExt = (NameConstraintsExtension) extensions
+ .get(NameConstraintsExtension.NAME);
}
} catch (IOException e) {
- // extension isn't there.
+ // extension isn't there.
}
if (nameConstraintsExt != null) {
if (agentApproved(req)) {
- CMS.debug(
- "NameConstraintsExt: request id from agent " + req.getRequestId() +
- " already has name constraints - accepted");
+ CMS.debug("NameConstraintsExt: request id from agent "
+ + req.getRequestId()
+ + " already has name constraints - accepted");
return PolicyResult.ACCEPTED;
} else {
- CMS.debug(
- "NameConstraintsExt: request id " + req.getRequestId() + " from user " +
- " already has name constraints - deleted");
+ CMS.debug("NameConstraintsExt: request id "
+ + req.getRequestId() + " from user "
+ + " already has name constraints - deleted");
extensions.delete(NameConstraintsExtension.NAME);
}
}
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
- extensions.set(
- NameConstraintsExtension.NAME, mNameConstraintsExtension);
- CMS.debug(
- "NameConstraintsExt: added Name Constraints Extension to request " +
- req.getRequestId());
+ extensions.set(NameConstraintsExtension.NAME,
+ mNameConstraintsExtension);
+ CMS.debug("NameConstraintsExt: added Name Constraints Extension to request "
+ + req.getRequestId());
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION",
+ e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED;
}
}
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
return mInstanceParams;
}
/**
- * Default config parameters.
- * To add more permitted or excluded subtrees,
- * increase the num to greater than 0 and more configuration params
- * will show up in the console.
+ * Default config parameters. To add more permitted or excluded subtrees,
+ * increase the num to greater than 0 and more configuration params will
+ * show up in the console.
*/
private static Vector mDefParams = new Vector();
static {
mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
- mDefParams.addElement(
- PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES);
- mDefParams.addElement(
- PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES);
+ mDefParams.addElement(PROP_NUM_PERMITTEDSUBTREES + "="
+ + DEF_NUM_PERMITTEDSUBTREES);
+ mDefParams.addElement(PROP_NUM_EXCLUDEDSUBTREES + "="
+ + DEF_NUM_EXCLUDEDSUBTREES);
for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) {
Subtree.getDefaultParams(PROP_PERMITTEDSUBTREES + k, mDefParams);
}
@@ -352,21 +341,22 @@ public class NameConstraintsExt extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefParams;
}
public String[] getExtendedPluginInfo(Locale locale) {
Vector theparams = new Vector();
- theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be critical.");
- theparams.addElement(
- PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
- theparams.addElement(
- PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
+ theparams.addElement(PROP_CRITICAL
+ + ";boolean;RFC 2459 recommendation: MUST be critical.");
+ theparams.addElement(PROP_NUM_PERMITTEDSUBTREES
+ + ";number;See RFC 2459 sec 4.2.1.11");
+ theparams.addElement(PROP_NUM_EXCLUDEDSUBTREES
+ + ";number;See RFC 2459 sec 4.2.1.11");
// now do the subtrees.
for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) {
@@ -375,10 +365,10 @@ public class NameConstraintsExt extends APolicyRule
for (int l = 0; l < DEF_NUM_EXCLUDEDSUBTREES; l++) {
Subtree.getExtendedPluginInfo(PROP_EXCLUDEDSUBTREES + l, theparams);
}
- theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-nameconstraints");
- theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Adds Name Constraints Extension. See RFC 2459");
+ theparams.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-nameconstraints");
+ theparams.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Name Constraints Extension. See RFC 2459");
String[] info = new String[theparams.size()];
@@ -387,9 +377,8 @@ public class NameConstraintsExt extends APolicyRule
}
}
-
/**
- * subtree configuration
+ * subtree configuration
*/
class Subtree {
@@ -400,8 +389,7 @@ class Subtree {
protected static final int DEF_MIN = 0;
protected static final int DEF_MAX = -1; // -1 (less than 0) means not set.
- protected static final String
- MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11";
+ protected static final String MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11";
String mName = null;
IConfigStore mConfig = null;
@@ -413,14 +401,13 @@ class Subtree {
String mNameDotMin = null;
String mNameDotMax = null;
- public Subtree(
- String subtreeName, IConfigStore config, boolean policyEnabled)
- throws EBaseException {
+ public Subtree(String subtreeName, IConfigStore config,
+ boolean policyEnabled) throws EBaseException {
mName = subtreeName;
mConfig = config;
if (mName != null) {
- mNameDot = mName + ".";
+ mNameDot = mName + ".";
mNameDotMin = mNameDot + PROP_MIN;
mNameDotMax = mNameDot + PROP_MAX;
} else {
@@ -439,14 +426,14 @@ class Subtree {
// if policy enabled get values to form the general subtree.
mMin = mConfig.getInteger(PROP_MIN, DEF_MIN);
mMax = mConfig.getInteger(PROP_MAX, DEF_MAX);
- if (mMax < -1) mMax = -1;
- mBase = CMS.createGeneralNameAsConstraintsConfig(
- mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE),
- true, policyEnabled);
+ if (mMax < -1)
+ mMax = -1;
+ mBase = CMS.createGeneralNameAsConstraintsConfig(mNameDot + PROP_BASE,
+ mConfig.getSubStore(PROP_BASE), true, policyEnabled);
if (policyEnabled) {
- mGeneralSubtree =
- new GeneralSubtree(mBase.getGeneralName(), mMin, mMax);
+ mGeneralSubtree = new GeneralSubtree(mBase.getGeneralName(), mMin,
+ mMax);
}
}
@@ -471,9 +458,9 @@ class Subtree {
if (name != null && name.length() > 0)
nameDot = name + ".";
- CMS.getGeneralNameConfigExtendedPluginInfo(nameDot + PROP_BASE, true, info);
+ CMS.getGeneralNameConfigExtendedPluginInfo(nameDot + PROP_BASE, true,
+ info);
info.addElement(nameDot + PROP_MIN + ";" + MINMAX_INFO);
info.addElement(nameDot + PROP_MAX + ";" + MINMAX_INFO);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
index e5cbab53..fd0f8999 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -39,25 +38,25 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * This implements an OCSP Signing policy, it
- * adds the OCSP Signing extension to the certificate.
+ * This implements an OCSP Signing policy, it adds the OCSP Signing extension to
+ * the certificate.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$ $Date$
*/
-public class OCSPNoCheckExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
-
+public class OCSPNoCheckExt extends APolicyRule implements IEnrollmentPolicy,
+ IExtendedPluginInfo {
+
public static final String PROP_CRITICAL = "critical";
private boolean mCritical = false;
-
+
// PKIX specifies the that the extension SHOULD NOT be critical
public static final boolean DEFAULT_CRITICALITY = false;
@@ -73,12 +72,12 @@ public class OCSPNoCheckExt extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_CRITICAL + ";boolean;RFC 2560 recommendation: SHOULD be non-critical.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-ocspnocheck",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds OCSP signing extension to certificate"
- };
+ PROP_CRITICAL
+ + ";boolean;RFC 2560 recommendation: SHOULD be non-critical.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-ocspnocheck",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds OCSP signing extension to certificate" };
return params;
@@ -88,13 +87,12 @@ public class OCSPNoCheckExt extends APolicyRule
* Performs one-time initialization of the policy.
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mOCSPNoCheck = new OCSPNoCheckExtension();
-
+
if (mOCSPNoCheck != null) {
// configure the extension itself
- mCritical = config.getBoolean(PROP_CRITICAL,
- DEFAULT_CRITICALITY);
+ mCritical = config.getBoolean(PROP_CRITICAL, DEFAULT_CRITICALITY);
mOCSPNoCheck.setCritical(mCritical);
}
}
@@ -109,8 +107,7 @@ public class OCSPNoCheckExt extends APolicyRule
return PolicyResult.ACCEPTED;
}
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -130,23 +127,24 @@ public class OCSPNoCheckExt extends APolicyRule
try {
// find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
// prepare the extensions data structure
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
try {
extensions.delete(OCSPNoCheckExtension.NAME);
} catch (IOException ex) {
// OCSPNoCheck extension is not already there
- // log(ILogger.LL_FAILURE, "No previous extension: "+OCSPNoCheckExtension.NAME+" "+ex.getMessage());
+ // log(ILogger.LL_FAILURE,
+ // "No previous extension: "+OCSPNoCheckExtension.NAME+" "+ex.getMessage());
}
}
@@ -155,18 +153,22 @@ public class OCSPNoCheckExt extends APolicyRule
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
- e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
- e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
}
}
-
+
/**
* Returns instance parameters.
*/
@@ -175,9 +177,9 @@ public class OCSPNoCheckExt extends APolicyRule
params.addElement(PROP_CRITICAL + "=" + mCritical);
return params;
-
+
}
-
+
/**
* Returns default parameters.
*/
@@ -186,6 +188,6 @@ public class OCSPNoCheckExt extends APolicyRule
defParams.addElement(PROP_CRITICAL + "=false");
return defParams;
-
+
}
}
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
index 717c19f7..733b7525 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -40,31 +39,28 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Policy Constraints Extension Policy
- * Adds the policy constraints extension to (CA) certificates.
- * Filtering of CA certificates is done through predicates.
+ * Policy Constraints Extension Policy Adds the policy constraints extension to
+ * (CA) certificates. Filtering of CA certificates is done through predicates.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class PolicyConstraintsExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class PolicyConstraintsExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_CRITICAL = "critical";
- protected static final String
- PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy";
- protected static final String
- PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping";
+ protected static final String PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy";
+ protected static final String PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping";
protected static final boolean DEF_CRITICAL = false;
- protected static final int DEF_REQ_EXPLICIT_POLICY = -1; // not set
- protected static final int DEF_INHIBIT_POLICY_MAPPING = -1; // not set
+ protected static final int DEF_REQ_EXPLICIT_POLICY = -1; // not set
+ protected static final int DEF_INHIBIT_POLICY_MAPPING = -1; // not set
protected boolean mEnabled = false;
protected IConfigStore mConfig = null;
@@ -79,10 +75,10 @@ public class PolicyConstraintsExt extends APolicyRule
protected static Vector mDefaultParams = new Vector();
static {
mDefaultParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
- mDefaultParams.addElement(
- PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY);
- mDefaultParams.addElement(
- PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING);
+ mDefaultParams.addElement(PROP_REQ_EXPLICIT_POLICY + "="
+ + DEF_REQ_EXPLICIT_POLICY);
+ mDefaultParams.addElement(PROP_INHIBIT_POLICY_MAPPING + "="
+ + DEF_INHIBIT_POLICY_MAPPING);
}
public PolicyConstraintsExt() {
@@ -93,100 +89,90 @@ public class PolicyConstraintsExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.predicate=certType==ca
- * ca.Policy.rule.<ruleName>.implName=
- * ca.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.predicate=certType==ca
+ * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
- // XXX should do do this ?
- // if CA does not allow subordinate CAs by way of basic constraints,
- // this policy always rejects
+ // XXX should do do this ?
+ // if CA does not allow subordinate CAs by way of basic constraints,
+ // this policy always rejects
/*****
- ICertAuthority certAuthority = (ICertAuthority)
- ((GenericPolicyProcessor)owner).mAuthority;
- if (certAuthority instanceof ICertificateAuthority) {
- CertificateChain caChain = certAuthority.getCACertChain();
- X509Certificate caCert = null;
- // Note that in RA the chain could be null if CA was not up when
- // RA was started. In that case just set the length to -1 and let
- // CA reject if it does not allow any subordinate CA certs.
- if (caChain != null) {
- caCert = caChain.getFirstCertificate();
- if (caCert != null)
- mCAPathLen = caCert.getBasicConstraints();
- }
- }
+ * ICertAuthority certAuthority = (ICertAuthority)
+ * ((GenericPolicyProcessor)owner).mAuthority; if (certAuthority
+ * instanceof ICertificateAuthority) { CertificateChain caChain =
+ * certAuthority.getCACertChain(); X509Certificate caCert = null; //
+ * Note that in RA the chain could be null if CA was not up when // RA
+ * was started. In that case just set the length to -1 and let // CA
+ * reject if it does not allow any subordinate CA certs. if (caChain !=
+ * null) { caCert = caChain.getFirstCertificate(); if (caCert != null)
+ * mCAPathLen = caCert.getBasicConstraints(); } }
****/
- mEnabled = mConfig.getBoolean(
- IPolicyProcessor.PROP_ENABLE, false);
+ mEnabled = mConfig.getBoolean(IPolicyProcessor.PROP_ENABLE, false);
mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
- mReqExplicitPolicy = mConfig.getInteger(
- PROP_REQ_EXPLICIT_POLICY, DEF_REQ_EXPLICIT_POLICY);
- mInhibitPolicyMapping = mConfig.getInteger(
- PROP_INHIBIT_POLICY_MAPPING, DEF_INHIBIT_POLICY_MAPPING);
+ mReqExplicitPolicy = mConfig.getInteger(PROP_REQ_EXPLICIT_POLICY,
+ DEF_REQ_EXPLICIT_POLICY);
+ mInhibitPolicyMapping = mConfig.getInteger(PROP_INHIBIT_POLICY_MAPPING,
+ DEF_INHIBIT_POLICY_MAPPING);
- if (mReqExplicitPolicy < -1)
+ if (mReqExplicitPolicy < -1)
mReqExplicitPolicy = -1;
- if (mInhibitPolicyMapping < -1)
+ if (mInhibitPolicyMapping < -1)
mInhibitPolicyMapping = -1;
-
- // create instance of policy constraings extension
+
+ // create instance of policy constraings extension
try {
- mPolicyConstraintsExtension =
- new PolicyConstraintsExtension(mCritical,
- mReqExplicitPolicy, mInhibitPolicyMapping);
- CMS.debug(
- "PolicyConstraintsExt: Created Policy Constraints Extension: " +
- mPolicyConstraintsExtension);
+ mPolicyConstraintsExtension = new PolicyConstraintsExtension(
+ mCritical, mReqExplicitPolicy, mInhibitPolicyMapping);
+ CMS.debug("PolicyConstraintsExt: Created Policy Constraints Extension: "
+ + mPolicyConstraintsExtension);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString()));
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Could not init Policy Constraints Extension. Error: " + e));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ "Could not init Policy Constraints Extension. Error: " + e));
}
- // form instance params
+ // form instance params
mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
- mInstanceParams.addElement(
- PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
- mInstanceParams.addElement(
- PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
+ mInstanceParams.addElement(PROP_REQ_EXPLICIT_POLICY + "="
+ + mReqExplicitPolicy);
+ mInstanceParams.addElement(PROP_INHIBIT_POLICY_MAPPING + "="
+ + mInhibitPolicyMapping);
}
/**
* Adds Policy Constraints Extension to a (CA) certificate.
*
- * If a Policy constraints Extension is already there, accept it if
- * it's been approved by agent, else replace it.
- *
- * @param req The request on which to apply policy.
+ * If a Policy constraints Extension is already there, accept it if it's
+ * been approved by agent, else replace it.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
- // if extension hasn't been properly configured reject requests until
+ // if extension hasn't been properly configured reject requests until
// it has been resolved (or disabled).
if (mPolicyConstraintsExtension == null) {
return PolicyResult.ACCEPTED;
}
// get certInfo from request.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
- return PolicyResult.REJECTED;
+ return PolicyResult.REJECTED;
}
for (int i = 0; i < ci.length; i++) {
@@ -205,16 +191,16 @@ public class PolicyConstraintsExt extends APolicyRule
// else ignore.
try {
PolicyConstraintsExtension policyConstraintsExt = null;
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
try {
if (extensions != null) {
- policyConstraintsExt = (PolicyConstraintsExtension)
- extensions.get(PolicyConstraintsExtension.NAME);
+ policyConstraintsExt = (PolicyConstraintsExtension) extensions
+ .get(PolicyConstraintsExtension.NAME);
}
} catch (IOException e) {
- // extension isn't there.
+ // extension isn't there.
}
if (policyConstraintsExt != null) {
@@ -226,65 +212,69 @@ public class PolicyConstraintsExt extends APolicyRule
}
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
- extensions.set(
- "PolicyConstriantsExt", mPolicyConstraintsExtension);
+ extensions.set("PolicyConstriantsExt", mPolicyConstraintsExtension);
CMS.debug("PolicyConstraintsExt: added our policy constraints extension");
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED;
}
}
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
return mInstanceParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefaultParams;
}
/**
- * gets plugin info for pretty console edit displays.
+ * gets plugin info for pretty console edit displays.
*/
public String[] getExtendedPluginInfo(Locale locale) {
mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
- mInstanceParams.addElement(
- PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
- mInstanceParams.addElement(
- PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
+ mInstanceParams.addElement(PROP_REQ_EXPLICIT_POLICY + "="
+ + mReqExplicitPolicy);
+ mInstanceParams.addElement(PROP_INHIBIT_POLICY_MAPPING + "="
+ + mInhibitPolicyMapping);
String[] params = {
- PROP_CRITICAL + ";boolean;RFC 2459 recommendation: may be critical or non-critical.",
- PROP_REQ_EXPLICIT_POLICY + ";integer;Number of addional certificates that may appear in the path before an explicit policy is required. If less than 0 this field is unset in the extension.",
- PROP_INHIBIT_POLICY_MAPPING + ";integer;Number of addional certificates that may appear in the path before policy mapping is no longer permitted. If less than 0 this field is unset in the extension.",
- IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-policyconstraints"
- };
+ PROP_CRITICAL
+ + ";boolean;RFC 2459 recommendation: may be critical or non-critical.",
+ PROP_REQ_EXPLICIT_POLICY
+ + ";integer;Number of addional certificates that may appear in the path before an explicit policy is required. If less than 0 this field is unset in the extension.",
+ PROP_INHIBIT_POLICY_MAPPING
+ + ";integer;Number of addional certificates that may appear in the path before policy mapping is no longer permitted. If less than 0 this field is unset in the extension.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-policyconstraints" };
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
index 452a9a3f..24f202f3 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -43,22 +42,21 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Policy Mappings Extension Policy
- * Adds the Policy Mappings extension to a (CA) certificate.
- * Filtering of CA certificates is done through predicates.
+ * Policy Mappings Extension Policy Adds the Policy Mappings extension to a (CA)
+ * certificate. Filtering of CA certificates is done through predicates.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class PolicyMappingsExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class PolicyMappingsExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_CRITICAL = "critical";
protected static final String PROP_NUM_POLICYMAPPINGS = "numPolicyMappings";
@@ -85,53 +83,47 @@ public class PolicyMappingsExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.predicate=certType==ca
- * ca.Policy.rule.<ruleName>.implName=
- * ca.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.predicate=certType==ca
+ * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
- // XXX should do do this ?
- // if CA does not allow subordinate CAs by way of basic constraints,
- // this policy always rejects
+ // XXX should do do this ?
+ // if CA does not allow subordinate CAs by way of basic constraints,
+ // this policy always rejects
/*****
- ICertAuthority certAuthority = (ICertAuthority)
- ((IPolicyProcessor)owner).getAuthority();
- if (certAuthority instanceof ICertificateAuthority) {
- CertificateChain caChain = certAuthority.getCACertChain();
- X509Certificate caCert = null;
- // Note that in RA the chain could be null if CA was not up when
- // RA was started. In that case just set the length to -1 and let
- // CA reject if it does not allow any subordinate CA certs.
- if (caChain != null) {
- caCert = caChain.getFirstCertificate();
- if (caCert != null)
- mCAPathLen = caCert.getBasicConstraints();
- }
- }
+ * ICertAuthority certAuthority = (ICertAuthority)
+ * ((IPolicyProcessor)owner).getAuthority(); if (certAuthority
+ * instanceof ICertificateAuthority) { CertificateChain caChain =
+ * certAuthority.getCACertChain(); X509Certificate caCert = null; //
+ * Note that in RA the chain could be null if CA was not up when // RA
+ * was started. In that case just set the length to -1 and let // CA
+ * reject if it does not allow any subordinate CA certs. if (caChain !=
+ * null) { caCert = caChain.getFirstCertificate(); if (caCert != null)
+ * mCAPathLen = caCert.getBasicConstraints(); } }
****/
- mEnabled = mConfig.getBoolean(
- IPolicyProcessor.PROP_ENABLE, false);
+ mEnabled = mConfig.getBoolean(IPolicyProcessor.PROP_ENABLE, false);
mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
- mNumPolicyMappings = mConfig.getInteger(
- PROP_NUM_POLICYMAPPINGS, DEF_NUM_POLICYMAPPINGS);
+ mNumPolicyMappings = mConfig.getInteger(PROP_NUM_POLICYMAPPINGS,
+ DEF_NUM_POLICYMAPPINGS);
if (mNumPolicyMappings < 1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_ATTR_VALUE_2", NAME, ""));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_NUM_POLICYMAPPINGS,
- "value must be greater than or equal to 1"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_ATTR_VALUE_2", NAME, ""));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", PROP_NUM_POLICYMAPPINGS,
+ "value must be greater than or equal to 1"));
}
- // init Policy Mappings, check values if enabled.
+ // init Policy Mappings, check values if enabled.
mPolicyMaps = new PolicyMap[mNumPolicyMappings];
for (int i = 0; i < mNumPolicyMappings; i++) {
String subtreeName = PROP_POLICYMAP + i;
@@ -139,8 +131,11 @@ public class PolicyMappingsExt extends APolicyRule
try {
mPolicyMaps[i] = new PolicyMap(subtreeName, mConfig, mEnabled);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, NAME + ": " +
- CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString()));
+ log(ILogger.LL_FAILURE,
+ NAME
+ + ": "
+ + CMS.getLogMessage("POLICY_ERROR_CREATE_MAP",
+ e.toString()));
throw e;
}
}
@@ -151,22 +146,22 @@ public class PolicyMappingsExt extends APolicyRule
Vector certPolicyMaps = new Vector();
for (int j = 0; j < mNumPolicyMappings; j++) {
- certPolicyMaps.addElement(
- mPolicyMaps[j].mCertificatePolicyMap);
+ certPolicyMaps
+ .addElement(mPolicyMaps[j].mCertificatePolicyMap);
}
- mPolicyMappingsExtension =
- new PolicyMappingsExtension(mCritical, certPolicyMaps);
+ mPolicyMappingsExtension = new PolicyMappingsExtension(
+ mCritical, certPolicyMaps);
} catch (IOException e) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Error initializing " + NAME + " Error: " + e));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", "Error initializing " + NAME
+ + " Error: " + e));
}
}
- // form instance params
+ // form instance params
mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
- mInstanceParams.addElement(
- PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings);
+ mInstanceParams.addElement(PROP_NUM_POLICYMAPPINGS + "="
+ + mNumPolicyMappings);
for (int i = 0; i < mNumPolicyMappings; i++) {
mPolicyMaps[i].getInstanceParams(mInstanceParams);
}
@@ -175,28 +170,27 @@ public class PolicyMappingsExt extends APolicyRule
/**
* Adds policy mappings Extension to a (CA) certificate.
*
- * If a policy mappings Extension is already there, accept it if
- * it's been approved by agent, else replace it.
- *
- * @param req The request on which to apply policy.
+ * If a policy mappings Extension is already there, accept it if it's been
+ * approved by agent, else replace it.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
- // if extension hasn't been properly configured reject requests until
+ // if extension hasn't been properly configured reject requests until
// it has been resolved (or disabled).
if (mPolicyMappingsExtension == null) {
- //setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
- //return PolicyResult.REJECTED;
+ // setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
+ // return PolicyResult.REJECTED;
return PolicyResult.ACCEPTED;
}
// get certInfo from request.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
- return PolicyResult.REJECTED;
+ return PolicyResult.REJECTED;
}
for (int i = 0; i < ci.length; i++) {
@@ -214,16 +208,16 @@ public class PolicyMappingsExt extends APolicyRule
// else ignore.
try {
PolicyMappingsExtension policyMappingsExt = null;
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
try {
if (extensions != null) {
- policyMappingsExt = (PolicyMappingsExtension)
- extensions.get(PolicyMappingsExtension.NAME);
+ policyMappingsExt = (PolicyMappingsExtension) extensions
+ .get(PolicyMappingsExtension.NAME);
}
} catch (IOException e) {
- // extension isn't there.
+ // extension isn't there.
}
if (policyMappingsExt != null) {
@@ -235,88 +229,93 @@ public class PolicyMappingsExt extends APolicyRule
}
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
- extensions.set(
- PolicyMappingsExtension.NAME, mPolicyMappingsExtension);
+ extensions.set(PolicyMappingsExtension.NAME,
+ mPolicyMappingsExtension);
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT",
+ e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED;
}
}
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
return mInstanceParams;
}
/**
- * Default config parameters.
- * To add more permitted or excluded subtrees,
- * increase the num to greater than 0 and more configuration params
- * will show up in the console.
+ * Default config parameters. To add more permitted or excluded subtrees,
+ * increase the num to greater than 0 and more configuration params will
+ * show up in the console.
*/
private static Vector mDefParams = new Vector();
static {
mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
- mDefParams.addElement(
- PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS);
+ mDefParams.addElement(PROP_NUM_POLICYMAPPINGS + "="
+ + DEF_NUM_POLICYMAPPINGS);
String policyMap0Dot = PROP_POLICYMAP + "0.";
- mDefParams.addElement(
- policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + "");
- mDefParams.addElement(
- policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + "");
+ mDefParams.addElement(policyMap0Dot
+ + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + "");
+ mDefParams.addElement(policyMap0Dot
+ + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + "");
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefParams;
}
public String[] getExtendedPluginInfo(Locale locale) {
Vector theparams = new Vector();
-
- theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be non-critical.");
- theparams.addElement(PROP_NUM_POLICYMAPPINGS + ";number; Number of policy mappings. The value must be greater than or equal to 1");
- String policyInfo =
- ";string;An object identifier in the form n.n.n.n";
+ theparams.addElement(PROP_CRITICAL
+ + ";boolean;RFC 2459 recommendation: MUST be non-critical.");
+ theparams
+ .addElement(PROP_NUM_POLICYMAPPINGS
+ + ";number; Number of policy mappings. The value must be greater than or equal to 1");
+
+ String policyInfo = ";string;An object identifier in the form n.n.n.n";
for (int k = 0; k < 5; k++) {
String policyMapkDot = PROP_POLICYMAP + k + ".";
- theparams.addElement(policyMapkDot +
- PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo);
- theparams.addElement(policyMapkDot +
- PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo);
+ theparams.addElement(policyMapkDot
+ + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo);
+ theparams.addElement(policyMapkDot
+ + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo);
}
- theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-policymappings");
- theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)");
+ theparams.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-policymappings");
+ theparams.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)");
String[] params = new String[theparams.size()];
@@ -325,7 +324,6 @@ public class PolicyMappingsExt extends APolicyRule
}
}
-
class PolicyMap {
protected static String PROP_ISSUER_DOMAIN_POLICY = "issuerDomainPolicy";
@@ -340,89 +338,89 @@ class PolicyMap {
/**
* forms policy map parameters.
+ *
* @param name name of this policy map, for example policyMap0
* @param config parent's config from where we find this configuration.
* @param enabled whether policy was enabled.
*/
- protected PolicyMap(String name, IConfigStore config, boolean enabled)
- throws EBaseException {
+ protected PolicyMap(String name, IConfigStore config, boolean enabled)
+ throws EBaseException {
mName = name;
mConfig = config.getSubStore(mName);
mNameDot = mName + ".";
- if( mConfig == null ) {
- CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig is null!" );
+ if (mConfig == null) {
+ CMS.debug("PolicyMappingsExt::PolicyMap - mConfig is null!");
return;
}
// if there's no configuration for this map put it there.
if (mConfig.size() == 0) {
- config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, "");
- config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, "");
+ config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, "");
+ config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, "");
mConfig = config.getSubStore(mName);
if (mConfig == null || mConfig.size() == 0) {
- CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig " +
- "is null or empty!" );
+ CMS.debug("PolicyMappingsExt::PolicyMap - mConfig "
+ + "is null or empty!");
return;
}
}
// get policy ids from configuration.
- mIssuerDomainPolicy =
- mConfig.getString(PROP_ISSUER_DOMAIN_POLICY, null);
- mSubjectDomainPolicy =
- mConfig.getString(PROP_SUBJECT_DOMAIN_POLICY, null);
+ mIssuerDomainPolicy = mConfig
+ .getString(PROP_ISSUER_DOMAIN_POLICY, null);
+ mSubjectDomainPolicy = mConfig.getString(PROP_SUBJECT_DOMAIN_POLICY,
+ null);
// adjust for "" and console returning "null"
- if (mIssuerDomainPolicy != null &&
- (mIssuerDomainPolicy.length() == 0 ||
- mIssuerDomainPolicy.equals("null"))) {
+ if (mIssuerDomainPolicy != null
+ && (mIssuerDomainPolicy.length() == 0 || mIssuerDomainPolicy
+ .equals("null"))) {
mIssuerDomainPolicy = null;
}
- if (mSubjectDomainPolicy != null &&
- (mSubjectDomainPolicy.length() == 0 ||
- mSubjectDomainPolicy.equals("null"))) {
+ if (mSubjectDomainPolicy != null
+ && (mSubjectDomainPolicy.length() == 0 || mSubjectDomainPolicy
+ .equals("null"))) {
mSubjectDomainPolicy = null;
}
// policy ids cannot be null if policy is enabled.
String msg = "value cannot be null.";
- if (mIssuerDomainPolicy == null && enabled)
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- mNameDot + PROP_ISSUER_DOMAIN_POLICY, msg));
- if (mSubjectDomainPolicy == null && enabled)
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- mNameDot + PROP_SUBJECT_DOMAIN_POLICY, msg));
+ if (mIssuerDomainPolicy == null && enabled)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", mNameDot
+ + PROP_ISSUER_DOMAIN_POLICY, msg));
+ if (mSubjectDomainPolicy == null && enabled)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", mNameDot
+ + PROP_SUBJECT_DOMAIN_POLICY, msg));
- // if a policy id is not null check that it is a valid OID.
+ // if a policy id is not null check that it is a valid OID.
ObjectIdentifier issuerPolicyId = null;
ObjectIdentifier subjectPolicyId = null;
- if (mIssuerDomainPolicy != null)
- issuerPolicyId = CMS.checkOID(
- mNameDot + PROP_ISSUER_DOMAIN_POLICY, mIssuerDomainPolicy);
- if (mSubjectDomainPolicy != null)
- subjectPolicyId = CMS.checkOID(
- mNameDot + PROP_SUBJECT_DOMAIN_POLICY, mSubjectDomainPolicy);
-
- // if enabled, form CertificatePolicyMap to be encoded in extension.
- // policy ids should be all set.
+ if (mIssuerDomainPolicy != null)
+ issuerPolicyId = CMS.checkOID(mNameDot + PROP_ISSUER_DOMAIN_POLICY,
+ mIssuerDomainPolicy);
+ if (mSubjectDomainPolicy != null)
+ subjectPolicyId = CMS.checkOID(mNameDot
+ + PROP_SUBJECT_DOMAIN_POLICY, mSubjectDomainPolicy);
+
+ // if enabled, form CertificatePolicyMap to be encoded in extension.
+ // policy ids should be all set.
if (enabled) {
mCertificatePolicyMap = new CertificatePolicyMap(
- new CertificatePolicyId(issuerPolicyId),
- new CertificatePolicyId(subjectPolicyId));
+ new CertificatePolicyId(issuerPolicyId),
+ new CertificatePolicyId(subjectPolicyId));
}
}
protected void getInstanceParams(Vector instanceParams) {
- instanceParams.addElement(
- mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" :
- mIssuerDomainPolicy));
- instanceParams.addElement(
- mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" :
- mSubjectDomainPolicy));
+ instanceParams.addElement(mNameDot + PROP_ISSUER_DOMAIN_POLICY + "="
+ + (mIssuerDomainPolicy == null ? "" : mIssuerDomainPolicy));
+ instanceParams.addElement(mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "="
+ + (mSubjectDomainPolicy == null ? "" : mSubjectDomainPolicy));
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
index 41f08963..b88027a4 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.util.Locale;
import java.util.Vector;
@@ -32,11 +31,12 @@ import com.netscape.cms.policy.APolicyRule;
/**
* Checks extension presence.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
@@ -77,7 +77,7 @@ public class PresenceExt extends APolicyRule {
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
mCritical = config.getBoolean(PROP_IS_CRITICAL, false);
@@ -97,19 +97,18 @@ public class PresenceExt extends APolicyRule {
PolicyResult res = PolicyResult.ACCEPTED;
/*
- PresenceServerExtension ext = new PresenceServerExtension(mCritical,
- mOID, mVersion, mStreetAddress,
- mTelephoneNumber, mRFC822Name, mID,
- mHostName, mPortNumber, mMaxUsers, mServiceLevel);
+ * PresenceServerExtension ext = new PresenceServerExtension(mCritical,
+ * mOID, mVersion, mStreetAddress, mTelephoneNumber, mRFC822Name, mID,
+ * mHostName, mPortNumber, mMaxUsers, mServiceLevel);
*/
-
+
return res;
}
- public Vector getInstanceParams() {
- Vector params = new Vector();
+ public Vector getInstanceParams() {
+ Vector params = new Vector();
- params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
+ params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
params.addElement(PROP_OID + "=" + mOID);
params.addElement(PROP_VERSION + "=" + mVersion);
params.addElement(PROP_STREET_ADDRESS + "=" + mStreetAddress);
@@ -136,22 +135,22 @@ public class PresenceExt extends APolicyRule {
PROP_PORT_NUMBER + ";string; port number",
PROP_MAX_USERS + ";string; max users",
PROP_SERVICE_LEVEL + ";string; service level",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-presenceext",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds Presence Server Extension;"
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-presenceext",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Presence Server Extension;"
- };
+ };
return params;
}
-
+
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefParams;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
index ff0d5749..d4639c83 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.text.SimpleDateFormat;
@@ -42,20 +41,20 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* PrivateKeyUsagePeriod Identifier Extension policy.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class PrivateKeyUsagePeriodExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class PrivateKeyUsagePeriodExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
private final static String PROP_NOT_BEFORE = "notBefore";
private final static String PROP_NOT_AFTER = "notAfter";
@@ -93,18 +92,20 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_IS_CRITICAL + ";boolean;RFC 2459 recommendation: The profile " +
- "recommends against the use of this extension. CAs " +
- "conforming to the profile MUST NOT generate certs with " +
- "critical private key usage period extensions.",
- PROP_NOT_BEFORE + ";string; Date before which the Private Key is invalid.",
- PROP_NOT_AFTER + ";string; Date after which the Private Key is invalid.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-privatekeyusageperiod",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds (deprecated) Private Key Usage Period Extension. " +
- "Defined in RFC 2459 (4.2.1.4)"
- };
+ PROP_IS_CRITICAL
+ + ";boolean;RFC 2459 recommendation: The profile "
+ + "recommends against the use of this extension. CAs "
+ + "conforming to the profile MUST NOT generate certs with "
+ + "critical private key usage period extensions.",
+ PROP_NOT_BEFORE
+ + ";string; Date before which the Private Key is invalid.",
+ PROP_NOT_AFTER
+ + ";string; Date after which the Private Key is invalid.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-privatekeyusageperiod",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds (deprecated) Private Key Usage Period Extension. "
+ + "Defined in RFC 2459 (4.2.1.4)" };
return params;
}
@@ -119,17 +120,17 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
/**
* Initializes this policy rule.
- * ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension
- * ra.Policy.rule.<ruleName>.enable=true
- * ra.Policy.rule.<ruleName>.notBefore=30
- * ra.Policy.rule.<ruleName>.notAfter=180
- * ra.Policy.rule.<ruleName>.critical=false
- * ra.Policy.rule.<ruleName>.predicate=ou==Sales
- *
- * @param config The config store reference
+ * ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension
+ * ra.Policy.rule.<ruleName>.enable=true
+ * ra.Policy.rule.<ruleName>.notBefore=30
+ * ra.Policy.rule.<ruleName>.notAfter=180
+ * ra.Policy.rule.<ruleName>.critical=false
+ * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
try {
// Get params.
@@ -145,29 +146,29 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
notAfter = formatter.format(formatter.parse(mNotAfter.trim()));
} catch (Exception e) {
// e.printStackTrace();
- Object[] params = {getInstanceName(), e};
+ Object[] params = { getInstanceName(), e };
throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
+ CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"),
+ params);
}
}
/**
- * Adds a private key usage extension if none exists.
- *
- * @param req The request on which to apply policy.
+ * Adds a private key usage extension if none exists.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
// get cert info.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
if (ci == null || ci[0] == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -187,8 +188,8 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
try {
// get subject key id extension if any.
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (IOException e) {
// no extensions or subject key identifier extension.
} catch (CertificateException e) {
@@ -201,25 +202,26 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
// remove any previously computed version of the extension
try {
extensions.delete(PrivateKeyUsageExtension.NAME);
-
+
} catch (IOException e) {
}
}
try {
- ext = new PrivateKeyUsageExtension(
- formatter.parse(mNotBefore),
- formatter.parse(mNotAfter));
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ ext = new PrivateKeyUsageExtension(formatter.parse(mNotBefore),
+ formatter.parse(mNotAfter));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions.set(PrivateKeyUsageExtension.NAME, ext);
} catch (Exception e) {
- if (e instanceof RuntimeException)
+ if (e instanceof RuntimeException)
throw (RuntimeException) e;
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString()));
- setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT",
+ e.toString()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
return PolicyResult.REJECTED;
}
return PolicyResult.ACCEPTED;
@@ -227,11 +229,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return Empty Vector since this policy has no configuration parameters.
- * for this policy instance.
+ * for this policy instance.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
@@ -242,11 +244,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
- * @return Empty Vector since this policy implementation has no
- * configuration parameters.
+ *
+ * @return Empty Vector since this policy implementation has no
+ * configuration parameters.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
defParams.addElement(PROP_IS_CRITICAL + "=" + DEFAULT_CRITICALITY);
@@ -255,4 +257,3 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
return defParams;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
index de39cccd..f2a2c25c 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -37,66 +36,64 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Remove Basic Constraints policy.
- * Adds the Basic constraints extension.
+ * Remove Basic Constraints policy. Adds the Basic constraints extension.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class RemoveBasicConstraintsExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class RemoveBasicConstraintsExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
public RemoveBasicConstraintsExt() {
NAME = "RemoveBasicConstraintsExt";
DESC = "Remove Basic Constraints extension";
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
}
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
// get cert info.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
X509CertInfo certInfo = null;
if (ci == null || (certInfo = ci[0]) == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
for (int i = 0; i < ci.length; i++) {
PolicyResult certResult = applyCert(req, certInfo);
- if (certResult == PolicyResult.REJECTED)
+ if (certResult == PolicyResult.REJECTED)
return certResult;
}
return PolicyResult.ACCEPTED;
}
- public PolicyResult applyCert(
- IRequest req, X509CertInfo certInfo) {
+ public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
// get basic constraints extension from cert info if any.
CertificateExtensions extensions = null;
try {
// get basic constraints extension if any.
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
if (extensions != null) {
try {
extensions.delete(BasicConstraintsExtension.NAME);
- CMS.debug("PolicyRule RemoveBasicConstraintsExt: removed the extension from request " + req.getRequestId().toString());
+ CMS.debug("PolicyRule RemoveBasicConstraintsExt: removed the extension from request "
+ + req.getRequestId().toString());
} catch (IOException e) {
}
}
@@ -110,10 +107,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
return params;
@@ -121,10 +118,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
return defParams;
@@ -132,14 +129,12 @@ public class RemoveBasicConstraintsExt extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-removebasicconstraints",
- IExtendedPluginInfo.HELP_TEXT +
- ";Removes the Basic Constraints extension."
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-removebasicconstraints",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Removes the Basic Constraints extension." };
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
index c9ce68f6..f4fac64f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -42,56 +41,53 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
*
- * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2.
- * New Policy is com.netscape.certsrv.policy.SubjectAltNameExt.
+ * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2. New Policy is
+ * com.netscape.certsrv.policy.SubjectAltNameExt.
* <p>
*
* Subject Alternative Name extension policy in CMS 4.1.
- *
- * Adds the subject alternative name extension depending on the
- * certificate type requested.
- *
- * Two forms are supported. 1) For S/MIME certificates, email
- * addresses are copied from data stored in the request by the
- * authentication component. Both 'e' and 'altEmail' are supported
- * so that both the primary address and alternative forms may be
- * certified. Only the primary goes in the subjectName position (which
- * should be phased out).
- *
- * e
- * mailAlternateAddress
+ *
+ * Adds the subject alternative name extension depending on the certificate type
+ * requested.
+ *
+ * Two forms are supported. 1) For S/MIME certificates, email addresses are
+ * copied from data stored in the request by the authentication component. Both
+ * 'e' and 'altEmail' are supported so that both the primary address and
+ * alternative forms may be certified. Only the primary goes in the subjectName
+ * position (which should be phased out).
+ *
+ * e mailAlternateAddress
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class SubjAltNameExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
- // for future use. currently always allow.
+public class SubjAltNameExt extends APolicyRule implements IEnrollmentPolicy,
+ IExtendedPluginInfo {
+ // for future use. currently always allow.
protected static final String PROP_AGENT_OVERR = "allowAgentOverride";
protected static final String PROP_EE_OVERR = "AllowEEOverride";
- protected static final String PROP_ENABLE_MANUAL_VALUES =
- "enableManualValues";
+ protected static final String PROP_ENABLE_MANUAL_VALUES = "enableManualValues";
- // for future use. currently always non-critical
- // (standard says SHOULD be marked critical if included.)
+ // for future use. currently always non-critical
+ // (standard says SHOULD be marked critical if included.)
protected static final String PROP_CRITICAL = "critical";
- // for future use to allow overrides from forms.
+ // for future use to allow overrides from forms.
// request must be agent approved or authenticated.
protected boolean mAllowAgentOverride = false;
protected boolean mAllowEEOverride = false;
protected boolean mEnableManualValues = false;
- // for future use. currently always critical
- // (standard says SHOULD be marked critical if included.)
+ // for future use. currently always critical
+ // (standard says SHOULD be marked critical if included.)
protected boolean mCritical = false;
public SubjAltNameExt() {
@@ -101,18 +97,18 @@ public class SubjAltNameExt extends APolicyRule
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_CRITICAL + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-subjaltname",
- IExtendedPluginInfo.HELP_TEXT +
- ";This policy inserts the Subject Alternative Name " +
- "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
- "* Note: you probably want to use this policy in " +
- "conjunction with an authentication manager which sets " +
- "the 'mail' or 'mailalternateaddress' values in the authToken. " +
- "See the 'ldapStringAttrs' parameter in the Directory-based " +
- "authentication plugin"
- };
+ PROP_CRITICAL
+ + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-subjaltname",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This policy inserts the Subject Alternative Name "
+ + "Extension into the certificate. See RFC 2459 (4.2.1.7). "
+ + "* Note: you probably want to use this policy in "
+ + "conjunction with an authentication manager which sets "
+ + "the 'mail' or 'mailalternateaddress' values in the authToken. "
+ + "See the 'ldapStringAttrs' parameter in the Directory-based "
+ + "authentication plugin" };
return params;
@@ -121,40 +117,40 @@ public class SubjAltNameExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=SubjAltNameExt
- * ra.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=SubjAltNameExt
+ * ra.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
// future use.
mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
mCritical = config.getBoolean(PROP_CRITICAL, false);
- // mEnableManualValues = config.getBoolean(PROP_ENABLE_MANUAL_VALUES, false);
+ // mEnableManualValues = config.getBoolean(PROP_ENABLE_MANUAL_VALUES,
+ // false);
}
/**
* Adds the subject alternative names extension if not set already.
- *
+ *
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
// Find the X509CertInfo object in the request
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -174,12 +170,11 @@ public class SubjAltNameExt extends APolicyRule
//
// General error handling block
//
- apply:
- try {
+ apply: try {
// Find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
if (extensions != null) {
//
@@ -193,17 +188,16 @@ public class SubjAltNameExt extends APolicyRule
}
//
- // Determine the type of the request. For future expansion
+ // Determine the type of the request. For future expansion
// this test should dispatch to a specialized object to
- // handle each particular type. For now just return for
+ // handle each particular type. For now just return for
// non-client certs, and implement client certs directly here.
//
- String certType =
- req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+ String certType = req.getExtDataInString(IRequest.HTTP_PARAMS,
+ IRequest.CERT_TYPE);
- if (certType == null ||
- !certType.equals(IRequest.CLIENT_CERT) ||
- !req.getExtDataInBoolean(IRequest.SMIME, false)) {
+ if (certType == null || !certType.equals(IRequest.CLIENT_CERT)
+ || !req.getExtDataInBoolean(IRequest.SMIME, false)) {
break apply;
}
@@ -212,30 +206,36 @@ public class SubjAltNameExt extends APolicyRule
IAuthToken tok = findAuthToken(req, null);
- if (tok == null) break apply;
+ if (tok == null)
+ break apply;
Vector emails = getEmailList(tok);
- if (emails == null) break apply;
+ if (emails == null)
+ break apply;
- // Create the extension
+ // Create the extension
SubjectAlternativeNameExtension subjAltNameExt = mkExt(emails);
if (extensions == null)
extensions = createCertificateExtensions(certInfo);
- extensions.set(SubjectAlternativeNameExtension.NAME,
- subjAltNameExt);
+ extensions
+ .set(SubjectAlternativeNameExtension.NAME, subjAltNameExt);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -243,18 +243,17 @@ public class SubjAltNameExt extends APolicyRule
}
/**
- * Find a particular authentication token by manager name.
- * If the token is not present return null
+ * Find a particular authentication token by manager name. If the token is
+ * not present return null
*/
- protected IAuthToken
- findAuthToken(IRequest req, String authMgrName) {
+ protected IAuthToken findAuthToken(IRequest req, String authMgrName) {
return req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
}
/**
- * Generate a String Vector containing all the email addresses
- * found in this Authentication token
+ * Generate a String Vector containing all the email addresses found in this
+ * Authentication token
*/
protected Vector /* of String */
getEmailList(IAuthToken tok) {
@@ -264,7 +263,8 @@ public class SubjAltNameExt extends APolicyRule
addValues(tok, "mail", v);
addValues(tok, "mailalternateaddress", v);
- if (v.size() == 0) return null;
+ if (v.size() == 0)
+ return null;
return v;
}
@@ -272,11 +272,11 @@ public class SubjAltNameExt extends APolicyRule
/**
* Add attribute values from an LDAP attribute to a vector
*/
- protected void
- addValues(IAuthToken tok, String attrName, Vector v) {
+ protected void addValues(IAuthToken tok, String attrName, Vector v) {
String attr[] = tok.getInStringArray(attrName);
- if (attr == null) return;
+ if (attr == null)
+ return;
for (int i = 0; i < attr.length; i++) {
v.addElement(attr[i]);
@@ -286,9 +286,8 @@ public class SubjAltNameExt extends APolicyRule
/**
* Make a Subject name extension given a list of email addresses
*/
- protected SubjectAlternativeNameExtension
- mkExt(Vector emails)
- throws IOException {
+ protected SubjectAlternativeNameExtension mkExt(Vector emails)
+ throws IOException {
SubjectAlternativeNameExtension sa;
GeneralNames gns = new GeneralNames();
@@ -304,19 +303,17 @@ public class SubjAltNameExt extends APolicyRule
}
/**
- * Create a new SET of extensions in the certificate info
- * object.
- *
+ * Create a new SET of extensions in the certificate info object.
+ *
* This should be a method in the X509CertInfo object
*/
- protected CertificateExtensions
- createCertificateExtensions(X509CertInfo certInfo)
- throws IOException, CertificateException {
+ protected CertificateExtensions createCertificateExtensions(
+ X509CertInfo certInfo) throws IOException, CertificateException {
CertificateExtensions extensions;
// Force version to V3
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -326,34 +323,33 @@ public class SubjAltNameExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
Vector params = new Vector();
- //params.addElement("PROP_AGENT_OVERR = " + mAllowAgentOverride);
- //params.addElement("PROP_EE_OVERR = " + mAllowEEOverride);
+ // params.addElement("PROP_AGENT_OVERR = " + mAllowAgentOverride);
+ // params.addElement("PROP_EE_OVERR = " + mAllowEEOverride);
params.addElement(PROP_CRITICAL + "=" + mCritical);
// params.addElement(PROP_ENABLE_MANUAL_VALUES + " = " +
- // mEnableManualValues);
+ // mEnableManualValues);
return params;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
Vector defParams = new Vector();
- //defParams.addElement("PROP_AGENT_OVERR = " + DEF_AGENT_OVERR);
- //defParams.addElement("PROP_EE_OVERR = " + DEF_EE_OVERR);
+ // defParams.addElement("PROP_AGENT_OVERR = " + DEF_AGENT_OVERR);
+ // defParams.addElement("PROP_EE_OVERR = " + DEF_EE_OVERR);
defParams.addElement(PROP_CRITICAL + "=false");
// defParams.addElement(PROP_ENABLE_MANUAL_VALUES + "= false");
return defParams;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
index 7ff1a6c9..5340c5c2 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
@@ -45,33 +44,31 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* Subject Alternative Name extension policy.
- *
+ *
* Adds the subject alternative name extension as configured.
- *
- * Two forms are supported. 1) For S/MIME certificates, email
- * addresses are copied from data stored in the request by the
- * authentication component. Both 'e' and 'altEmail' are supported
- * so that both the primary address and alternative forms may be
- * certified. Only the primary goes in the subjectName position (which
- * should be phased out).
- *
- * e
- * mailAlternateAddress
+ *
+ * Two forms are supported. 1) For S/MIME certificates, email addresses are
+ * copied from data stored in the request by the authentication component. Both
+ * 'e' and 'altEmail' are supported so that both the primary address and
+ * alternative forms may be certified. Only the primary goes in the subjectName
+ * position (which should be phased out).
+ *
+ * e mailAlternateAddress
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class SubjectAltNameExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
- // (standard says SHOULD be marked critical if included.)
+public class SubjectAltNameExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
+ // (standard says SHOULD be marked critical if included.)
protected static final String PROP_CRITICAL = "critical";
protected static final boolean DEF_CRITICAL = false;
@@ -88,12 +85,11 @@ public class SubjectAltNameExt extends APolicyRule
static {
// default params.
mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
- mDefParams.addElement(
- IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" +
- IGeneralNameUtil.DEF_NUM_GENERALNAMES);
+ mDefParams.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES + "="
+ + IGeneralNameUtil.DEF_NUM_GENERALNAMES);
for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) {
CMS.getSubjAltNameConfigDefaultParams(
- IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams);
+ IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams);
}
}
@@ -107,31 +103,30 @@ public class SubjectAltNameExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt
- * ra.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt
+ * ra.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
// get criticality
mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
// get enabled
- mEnabled = mConfig.getBoolean(
- IPolicyProcessor.PROP_ENABLE, false);
+ mEnabled = mConfig.getBoolean(IPolicyProcessor.PROP_ENABLE, false);
// get general names configuration.
- mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES);
+ mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES);
if (mNumGNs <= 0) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER",
- IGeneralNameUtil.PROP_NUM_GENERALNAMES));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_MUST_BE_POSITIVE_NUMBER",
+ IGeneralNameUtil.PROP_NUM_GENERALNAMES));
}
mGNs = new ISubjAltNameConfig[mNumGNs];
for (int i = 0; i < mNumGNs; i++) {
@@ -143,8 +138,8 @@ public class SubjectAltNameExt extends APolicyRule
// init instance params.
mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
- mInstanceParams.addElement(
- IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs);
+ mInstanceParams.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES + "="
+ + mNumGNs);
for (int j = 0; j < mGNs.length; j++) {
mGNs[j].getInstanceParams(mInstanceParams);
}
@@ -152,21 +147,20 @@ public class SubjectAltNameExt extends APolicyRule
/**
* Adds the subject alternative names extension if not set already.
- *
+ *
* <P>
- *
- * @param req The request on which to apply policy.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
// Find the X509CertInfo object in the request
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
- setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
+ setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
return PolicyResult.REJECTED; // unrecoverable error.
}
@@ -185,16 +179,16 @@ public class SubjectAltNameExt extends APolicyRule
try {
// Find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
// Remove any previously computed version of the extension
- // unless it is from RA. If from RA, accept what RA put in
+ // unless it is from RA. If from RA, accept what RA put in
// request and don't add our own.
if (extensions != null) {
String sourceId = req.getSourceId();
- if (sourceId != null && sourceId.length() > 0)
+ if (sourceId != null && sourceId.length() > 0)
return res; // accepted
try {
extensions.delete(SubjectAlternativeNameExtension.NAME);
@@ -209,7 +203,8 @@ public class SubjectAltNameExt extends APolicyRule
for (int i = 0; i < mNumGNs; i++) {
Object value = null;
- value = req.getExtDataInString(mGNs[i].getPfx(), mGNs[i].getAttr());
+ value = req.getExtDataInString(mGNs[i].getPfx(),
+ mGNs[i].getAttr());
if (value == null) {
continue;
}
@@ -223,8 +218,8 @@ public class SubjectAltNameExt extends APolicyRule
}
// nothing was found in request to put into extension
- if (gns.size() == 0)
- return res; // accepted
+ if (gns.size() == 0)
+ return res; // accepted
String subject = certInfo.get(X509CertInfo.SUBJECT).toString();
@@ -233,10 +228,10 @@ public class SubjectAltNameExt extends APolicyRule
if (subject.equals("")) {
curCritical = true;
}
-
- // make the extension
- SubjectAlternativeNameExtension
- sa = new SubjectAlternativeNameExtension(curCritical, gns);
+
+ // make the extension
+ SubjectAlternativeNameExtension sa = new SubjectAlternativeNameExtension(
+ curCritical, gns);
// add it to certInfo.
if (extensions == null)
@@ -247,38 +242,41 @@ public class SubjectAltNameExt extends APolicyRule
return res; // accepted.
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED; // unrecoverable error.
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Internal Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Internal Error");
return PolicyResult.REJECTED; // unrecoverable error.
}
}
/**
- * Create a new SET of extensions in the certificate info
- * object.
- *
+ * Create a new SET of extensions in the certificate info object.
+ *
* This should be a method in the X509CertInfo object
*/
- protected CertificateExtensions
- createCertificateExtensions(X509CertInfo certInfo)
- throws IOException, CertificateException {
+ protected CertificateExtensions createCertificateExtensions(
+ X509CertInfo certInfo) throws IOException, CertificateException {
CertificateExtensions extensions;
// Force version to V3
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -288,19 +286,19 @@ public class SubjectAltNameExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
return mInstanceParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefParams;
}
@@ -309,26 +307,26 @@ public class SubjectAltNameExt extends APolicyRule
// extended plugin info.
Vector info = new Vector();
- info.addElement(PROP_CRITICAL + ";boolean;RFC2459 recommendation: If the certificate subject field contains an empty sequence, the extension MUST be marked critical.");
+ info.addElement(PROP_CRITICAL
+ + ";boolean;RFC2459 recommendation: If the certificate subject field contains an empty sequence, the extension MUST be marked critical.");
info.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES_INFO);
for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) {
CMS.getSubjAltNameConfigExtendedPluginInfo(
- IGeneralNameUtil.PROP_GENERALNAME + i, info);
+ IGeneralNameUtil.PROP_GENERALNAME + i, info);
}
- info.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-subjaltname");
- info.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";This policy inserts the Subject Alternative Name " +
- "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
- "* Note: you probably want to use this policy in " +
- "conjunction with an authentication manager which sets " +
- "the 'mail' or 'mailalternateaddress' values in the authToken. " +
- "See the 'ldapStringAttrs' parameter in the Directory-based " +
- "authentication plugin");
+ info.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-subjaltname");
+ info.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";This policy inserts the Subject Alternative Name "
+ + "Extension into the certificate. See RFC 2459 (4.2.1.7). "
+ + "* Note: you probably want to use this policy in "
+ + "conjunction with an authentication manager which sets "
+ + "the 'mail' or 'mailalternateaddress' values in the authToken. "
+ + "See the 'ldapStringAttrs' parameter in the Directory-based "
+ + "authentication plugin");
mExtendedPluginInfo = new String[info.size()];
info.copyInto(mExtendedPluginInfo);
return mExtendedPluginInfo;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
index f3ef687d..7f1df06d 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
@@ -46,20 +45,20 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
* Policy to add the subject directory attributes extension.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class SubjectDirectoryAttributesExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class SubjectDirectoryAttributesExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_CRITICAL = "critical";
protected static final String PROP_ATTRIBUTE = "attribute";
protected static final String PROP_NUM_ATTRIBUTES = "numAttributes";
@@ -76,7 +75,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
protected SubjectDirAttributesExtension mExt = null;
protected Vector mParams = new Vector();
- private String[] mEPI = null; // extended plugin info
+ private String[] mEPI = null; // extended plugin info
protected static Vector mDefParams = new Vector();
static {
@@ -86,20 +85,21 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
public SubjectDirectoryAttributesExt() {
NAME = "SubjectDirectoryAttributesExtPolicy";
DESC = "Sets Subject Directory Attributes Extension in certificates.";
- setExtendedPluginInfo();
+ setExtendedPluginInfo();
}
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
boolean enabled = config.getBoolean("enabled", false);
mConfig = config;
- mCritical = mConfig.getBoolean(PROP_CRITICAL, false);
- mNumAttributes = mConfig.getInteger(PROP_NUM_ATTRIBUTES, DEF_NUM_ATTRIBUTES);
+ mCritical = mConfig.getBoolean(PROP_CRITICAL, false);
+ mNumAttributes = mConfig.getInteger(PROP_NUM_ATTRIBUTES,
+ DEF_NUM_ATTRIBUTES);
if (mNumAttributes < 1) {
- EBaseException ex = new EBaseException(
- CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_NUM_ATTRIBUTES));
+ EBaseException ex = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_NUM_ATTRIBUTES));
log(ILogger.LL_FAILURE, NAME + " Error: " + ex.toString());
throw ex;
@@ -111,14 +111,15 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
mAttributes[i] = new AttributeConfig(name, c, enabled);
}
- if (enabled) {
+ if (enabled) {
try {
mExt = formExt(null);
} catch (IOException e) {
log(ILogger.LL_FAILURE, NAME + " Error: " + e.getMessage());
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
- "Error forming Subject Directory Attributes Extension. " +
- "See log file for details."));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR",
+ "Error forming Subject Directory Attributes Extension. "
+ + "See log file for details."));
}
}
setInstanceParams();
@@ -126,8 +127,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
public PolicyResult apply(IRequest req) {
PolicyResult res = PolicyResult.ACCEPTED;
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -137,7 +137,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
for (int i = 0; i < ci.length; i++) {
PolicyResult r = applyCert(req, ci[i]);
- if (r == PolicyResult.REJECTED)
+ if (r == PolicyResult.REJECTED)
return r;
}
return PolicyResult.ACCEPTED;
@@ -149,18 +149,19 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
try {
// get extension and remove if exists.
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
if (extensions == null) {
extensions = new CertificateExtensions();
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
try {
extensions.delete(SubjectDirAttributesExtension.NAME);
} catch (IOException ee) {
- // if name is not found, try deleting the extension using the OID
+ // if name is not found, try deleting the extension using
+ // the OID
try {
extensions.delete("2.5.29.9");
} catch (IOException eee) {
@@ -174,22 +175,27 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
} else {
SubjectDirAttributesExtension ext = formExt(req);
- if (ext != null)
- extensions.set(SubjectDirAttributesExtension.NAME, formExt(req));
+ if (ext != null)
+ extensions.set(SubjectDirAttributesExtension.NAME,
+ formExt(req));
}
return PolicyResult.ACCEPTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED; // unrecoverable error.
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "IOException Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "IOException Error");
return PolicyResult.REJECTED;
- }
+ }
}
private Vector formValues(String val) {
@@ -197,7 +203,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
Vector v = new Vector();
while (tokenizer.hasMoreElements()) {
- String s = (String) tokenizer.nextElement();
+ String s = (String) tokenizer.nextElement();
v.addElement(s);
}
@@ -213,12 +219,12 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
}
public String[] getExtendedPluginInfo(Locale locale) {
- return mEPI; // inited in the constructor.
+ return mEPI; // inited in the constructor.
}
private void setInstanceParams() {
- mParams.addElement(PROP_CRITICAL + "=" + mCritical);
- mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes);
+ mParams.addElement(PROP_CRITICAL + "=" + mCritical);
+ mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes);
for (int i = 0; i < mNumAttributes; i++) {
mAttributes[i].getInstanceParams(mParams);
}
@@ -229,8 +235,8 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
}
private static void setDefaultParams() {
- mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
- mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES);
+ mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
+ mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES);
for (int i = 0; i < DEF_NUM_ATTRIBUTES; i++) {
AttributeConfig.getDefaultParams(PROP_ATTRIBUTE + i, mDefParams);
}
@@ -239,33 +245,32 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
private void setExtendedPluginInfo() {
Vector v = new Vector();
- v.addElement(PROP_CRITICAL + ";boolean;" +
- "RFC 2459 recommendation: MUST be non-critical.");
- v.addElement(PROP_NUM_ATTRIBUTES + ";number;" +
- "Number of Attributes in the extension.");
+ v.addElement(PROP_CRITICAL + ";boolean;"
+ + "RFC 2459 recommendation: MUST be non-critical.");
+ v.addElement(PROP_NUM_ATTRIBUTES + ";number;"
+ + "Number of Attributes in the extension.");
for (int i = 0; i < MAX_NUM_ATTRIBUTES; i++) {
AttributeConfig.getExtendedPluginInfo(PROP_ATTRIBUTE + i, v);
}
- v.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-subjectdirectoryattributes");
- v.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments.");
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-subjectdirectoryattributes");
+ v.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments.");
mEPI = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
}
- private SubjectDirAttributesExtension formExt(IRequest req)
- throws IOException {
+ private SubjectDirAttributesExtension formExt(IRequest req)
+ throws IOException {
Vector attrs = new Vector();
// if we're called from init and one attribute is from request attribute
// the ext can't be formed yet.
if (req == null) {
for (int i = 0; i < mNumAttributes; i++) {
- if (mAttributes[i].mWhereToGetValue ==
- AttributeConfig.USE_REQUEST_ATTR)
+ if (mAttributes[i].mWhereToGetValue == AttributeConfig.USE_REQUEST_ATTR)
return null;
}
}
@@ -277,24 +282,23 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
// skip attribute if request attribute doesn't exist.
Attribute a = mAttributes[i].formAttr(req);
- if (a == null)
+ if (a == null)
continue;
attrs.addElement(a);
}
}
- if (attrs.size() == 0)
+ if (attrs.size() == 0)
return null;
Attribute[] attrList = new Attribute[attrs.size()];
attrs.copyInto(attrList);
- SubjectDirAttributesExtension ext =
- new SubjectDirAttributesExtension(attrList);
+ SubjectDirAttributesExtension ext = new SubjectDirAttributesExtension(
+ attrList);
return ext;
}
}
-
class AttributeConfig {
protected static final String PROP_ATTRIBUTE_NAME = "attributeName";
@@ -317,50 +321,56 @@ class AttributeConfig {
protected Attribute mAttribute = null;
protected static final String ATTRIBUTE_NAME_INFO = "Attribute name.";
- protected static final String WTG_VALUE_INFO =
- PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" +
- "Get value from a request attribute or use a fixed value specified below.";
- protected static final String VALUE_INFO =
- PROP_VALUE + ";string;" +
- "Request attribute name or a fixed value to put into the extension.";
-
- public AttributeConfig(String name, IConfigStore config, boolean enabled)
- throws EBaseException {
+ protected static final String WTG_VALUE_INFO = PROP_WTG_VALUE
+ + ";choice("
+ + USE_REQUEST_ATTR
+ + ","
+ + USE_FIXED
+ + ");"
+ + "Get value from a request attribute or use a fixed value specified below.";
+ protected static final String VALUE_INFO = PROP_VALUE
+ + ";string;"
+ + "Request attribute name or a fixed value to put into the extension.";
+
+ public AttributeConfig(String name, IConfigStore config, boolean enabled)
+ throws EBaseException {
X500NameAttrMap map = X500NameAttrMap.getDefault();
mName = name;
mConfig = config;
if (enabled) {
- mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME);
+ mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME);
mWhereToGetValue = mConfig.getString(PROP_WTG_VALUE);
mValue = mConfig.getString(PROP_VALUE);
} else {
mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME, "");
- mWhereToGetValue = mConfig.getString(PROP_WTG_VALUE, USE_REQUEST_ATTR);
+ mWhereToGetValue = mConfig.getString(PROP_WTG_VALUE,
+ USE_REQUEST_ATTR);
mValue = mConfig.getString(PROP_VALUE, "");
}
if (mAttributeName.length() > 0) {
mAttributeOID = map.getOid(mAttributeName);
- if (mAttributeOID == null)
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mAttributeName));
+ if (mAttributeOID == null)
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTRIBUTE", mAttributeName));
}
if (mWhereToGetValue.equalsIgnoreCase(USE_REQUEST_ATTR)) {
mWhereToGetValue = USE_REQUEST_ATTR;
if (enabled && mValue.length() == 0) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", PROP_VALUE));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_GET_PROPERTY_FAILED", PROP_VALUE));
}
int dot = mValue.indexOf('.');
if (dot != -1) {
mPrefix = mValue.substring(0, dot);
mReqAttr = mValue.substring(dot + 1);
- if (mPrefix == null || mPrefix.length() == 0 ||
- mReqAttr == null || mReqAttr.length() == 0) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mValue));
+ if (mPrefix == null || mPrefix.length() == 0
+ || mReqAttr == null || mReqAttr.length() == 0) {
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTRIBUTE", mValue));
}
} else {
mPrefix = null;
@@ -369,18 +379,20 @@ class AttributeConfig {
} else if (mWhereToGetValue.equalsIgnoreCase(USE_FIXED)) {
mWhereToGetValue = USE_FIXED;
if (mAttributeOID != null) {
- try {
- checkValue(mAttributeOID, mValue);
- mAttribute = new Attribute(mAttributeOID, mValue);
+ try {
+ checkValue(mAttributeOID, mValue);
+ mAttribute = new Attribute(mAttributeOID, mValue);
} catch (Exception e) {
- throw new EBaseException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- mAttributeName, e.getMessage()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", mAttributeName,
+ e.getMessage()));
}
}
} else if (enabled || mWhereToGetValue.length() > 0) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE,
- "Must be either '" + USE_REQUEST_ATTR + "' or '" + USE_FIXED + "'."));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE,
+ "Must be either '" + USE_REQUEST_ATTR + "' or '"
+ + USE_FIXED + "'."));
}
}
@@ -396,8 +408,8 @@ class AttributeConfig {
String nameDot = name + ".";
String attrChoices = getAllNames();
- v.addElement(nameDot + PROP_ATTRIBUTE_NAME + ";choice(" + attrChoices + ");" +
- ATTRIBUTE_NAME_INFO);
+ v.addElement(nameDot + PROP_ATTRIBUTE_NAME + ";choice(" + attrChoices
+ + ");" + ATTRIBUTE_NAME_INFO);
v.addElement(nameDot + WTG_VALUE_INFO);
v.addElement(nameDot + VALUE_INFO);
}
@@ -410,14 +422,13 @@ class AttributeConfig {
v.addElement(nameDot + PROP_VALUE + "=" + mValue);
}
- public Attribute formAttr(IRequest req)
- throws IOException {
+ public Attribute formAttr(IRequest req) throws IOException {
String val = req.getExtDataInString(mPrefix, mReqAttr);
if (val == null || val.length() == 0) {
return null;
}
- checkValue(mAttributeOID, val);
+ checkValue(mAttributeOID, val);
return new Attribute(mAttributeOID, val);
}
@@ -433,9 +444,10 @@ class AttributeConfig {
return sb.toString();
}
- private static void checkValue(ObjectIdentifier oid, String val)
- throws IOException {
- AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid);
+ private static void checkValue(ObjectIdentifier oid, String val)
+ throws IOException {
+ AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(
+ oid);
DerValue derval;
derval = c.getValue(val); // errs encountered will get thrown.
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
index 0c763b8a..31aaa21a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -46,21 +45,21 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * Subject Public Key Extension Policy
- * Adds the subject public key id extension to certificates.
+ * Subject Public Key Extension Policy Adds the subject public key id extension
+ * to certificates.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
-public class SubjectKeyIdentifierExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class SubjectKeyIdentifierExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
protected static final String PROP_CRITICAL = "critical";
protected static final String PROP_KEYID_TYPE = "keyIdentifierType";
protected static final String PROP_REQATTR_NAME = "requestAttrName";
@@ -90,7 +89,7 @@ public class SubjectKeyIdentifierExt extends APolicyRule
mDefaultParams.addElement(PROP_KEYID_TYPE + "=" + DEF_KEYID_TYPE);
/*
- mDefaultParams.addElement(PROP_REQATTR_NAME+"="+DEF_REQATTR_NAME);
+ * mDefaultParams.addElement(PROP_REQATTR_NAME+"="+DEF_REQATTR_NAME);
*/
}
@@ -102,76 +101,74 @@ public class SubjectKeyIdentifierExt extends APolicyRule
/**
* Initializes this policy rule.
* <P>
- *
+ *
* The entries may be of the form:
- *
- * ca.Policy.rule.<ruleName>.predicate=
- * ca.Policy.rule.<ruleName>.implName=
- * ca.Policy.rule.<ruleName>.enable=true
- *
- * @param config The config store reference
+ *
+ * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName=
+ * ca.Policy.rule.<ruleName>.enable=true
+ *
+ * @param config The config store reference
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
mConfig = config;
- mEnabled = mConfig.getBoolean(
- IPolicyProcessor.PROP_ENABLE, false);
+ mEnabled = mConfig.getBoolean(IPolicyProcessor.PROP_ENABLE, false);
mCritical = mConfig.getBoolean(PROP_CRITICAL, DEF_CRITICAL);
mKeyIdType = mConfig.getString(PROP_KEYID_TYPE, DEF_KEYID_TYPE);
/*
- mReqAttrName = mConfig.getString(PROP_REQATTR_NAME, DEF_REQATTR_NAME);
+ * mReqAttrName = mConfig.getString(PROP_REQATTR_NAME,
+ * DEF_REQATTR_NAME);
*/
// parse key id type
- if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1))
+ if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1))
mKeyIdType = KEYID_TYPE_SHA1;
- else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD))
+ else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD))
mKeyIdType = KEYID_TYPE_TYPEFIELD;
- /*
- else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR)
- mKeyIdType = KEYID_TYPE_REQATTR;
- */
- else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1))
+ /*
+ * else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR) mKeyIdType =
+ * KEYID_TYPE_REQATTR;
+ */
+ else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1))
mKeyIdType = KEYID_TYPE_SPKISHA1;
else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- PROP_KEYID_TYPE,
- "value must be one of " +
- KEYID_TYPE_SHA1 + ", " +
- KEYID_TYPE_TYPEFIELD + ", " +
- KEYID_TYPE_SPKISHA1));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+ PROP_KEYID_TYPE, "value must be one of "
+ + KEYID_TYPE_SHA1 + ", "
+ + KEYID_TYPE_TYPEFIELD + ", "
+ + KEYID_TYPE_SPKISHA1));
}
- // form instance params
+ // form instance params
mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
mInstanceParams.addElement(PROP_KEYID_TYPE + "=" + mKeyIdType);
/*
- mInstanceParams.addElement(PROP_REQATTR_NAME+"="+mReqAttrName);
+ * mInstanceParams.addElement(PROP_REQATTR_NAME+"="+mReqAttrName);
*/
}
/**
- * Adds Subject Key identifier Extension to a certificate.
- * If the extension is already there, accept it.
- *
- * @param req The request on which to apply policy.
+ * Adds Subject Key identifier Extension to a certificate. If the extension
+ * is already there, accept it.
+ *
+ * @param req The request on which to apply policy.
* @return The policy result object.
*/
public PolicyResult apply(IRequest req) {
// get certInfo from request.
- X509CertInfo[] ci =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-
+ X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
if (ci == null || ci[0] == null) {
setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
- return PolicyResult.REJECTED;
+ return PolicyResult.REJECTED;
}
for (int i = 0; i < ci.length; i++) {
@@ -188,28 +185,28 @@ public class SubjectKeyIdentifierExt extends APolicyRule
try {
// if subject key id extension already exists, leave it if approved.
SubjectKeyIdentifierExtension subjectKeyIdExt = null;
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
try {
if (extensions != null) {
- subjectKeyIdExt = (SubjectKeyIdentifierExtension)
- extensions.get(SubjectKeyIdentifierExtension.NAME);
+ subjectKeyIdExt = (SubjectKeyIdentifierExtension) extensions
+ .get(SubjectKeyIdentifierExtension.NAME);
}
} catch (IOException e) {
- // extension isn't there.
+ // extension isn't there.
}
if (subjectKeyIdExt != null) {
if (agentApproved(req)) {
- CMS.debug(
- "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() +
- " already has subject key id extension with value " +
- subjectKeyIdExt);
+ CMS.debug("SubjectKeyIdentifierExt: agent approved request id "
+ + req.getRequestId()
+ + " already has subject key id extension with value "
+ + subjectKeyIdExt);
return PolicyResult.ACCEPTED;
} else {
- CMS.debug(
- "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() +
- " had subject key identifier - deleted to be replaced");
+ CMS.debug("SubjectKeyIdentifierExt: request id from user "
+ + req.getRequestId()
+ + " had subject key identifier - deleted to be replaced");
extensions.delete(SubjectKeyIdentifierExtension.NAME);
}
}
@@ -217,38 +214,40 @@ public class SubjectKeyIdentifierExt extends APolicyRule
// create subject key id extension.
KeyIdentifier keyId = null;
- try {
- keyId = formKeyIdentifier(certInfo, req);
+ try {
+ keyId = formKeyIdentifier(certInfo, req);
} catch (EBaseException e) {
setPolicyException(req, e);
return PolicyResult.REJECTED;
}
- subjectKeyIdExt =
- new SubjectKeyIdentifierExtension(
- mCritical, keyId.getIdentifier());
+ subjectKeyIdExt = new SubjectKeyIdentifierExtension(mCritical,
+ keyId.getIdentifier());
// add subject key id extension.
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
- extensions.set(
- SubjectKeyIdentifierExtension.NAME, subjectKeyIdExt);
- CMS.debug(
- "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId());
+ extensions.set(SubjectKeyIdentifierExtension.NAME, subjectKeyIdExt);
+ CMS.debug("SubjectKeyIdentifierExt: added subject key id ext to request "
+ + req.getRequestId());
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME",
+ e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
- NAME, "Certificate Info Error");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, "Certificate Info Error");
return PolicyResult.REJECTED;
}
}
@@ -256,12 +255,13 @@ public class SubjectKeyIdentifierExt extends APolicyRule
/**
* Form the Key Identifier in the Subject Key Identifier extension.
* <p>
+ *
* @param certInfo Certificate Info
* @param req request
* @return A Key Identifier.
*/
- protected KeyIdentifier formKeyIdentifier(
- X509CertInfo certInfo, IRequest req) throws EBaseException {
+ protected KeyIdentifier formKeyIdentifier(X509CertInfo certInfo,
+ IRequest req) throws EBaseException {
KeyIdentifier keyId = null;
if (mKeyIdType == KEYID_TYPE_SHA1) {
@@ -269,55 +269,62 @@ public class SubjectKeyIdentifierExt extends APolicyRule
} else if (mKeyIdType == KEYID_TYPE_TYPEFIELD) {
keyId = formTypeFieldKeyId(certInfo);
} /*
- else if (mKeyIdType == KEYID_TYPE_REQATTR) {
- keyId = formReqAttrKeyId(certInfo, req);
- }
- */ else if (mKeyIdType == KEYID_TYPE_SPKISHA1) {
+ * else if (mKeyIdType == KEYID_TYPE_REQATTR) { keyId =
+ * formReqAttrKeyId(certInfo, req); }
+ */else if (mKeyIdType == KEYID_TYPE_SPKISHA1) {
keyId = formSpkiSHA1KeyId(certInfo);
} else {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
- mKeyIdType, "Unknown Key Identifier type."));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTR_VALUE", mKeyIdType,
+ "Unknown Key Identifier type."));
}
return keyId;
}
/**
- * Form key identifier from a type field value of 0100 followed by
- * the least significate 60 bits of the sha-1 hash of the subject
- * public key BIT STRING in accordance with RFC 2459.
+ * Form key identifier from a type field value of 0100 followed by the least
+ * significate 60 bits of the sha-1 hash of the subject public key BIT
+ * STRING in accordance with RFC 2459.
* <p>
+ *
* @param certInfo - certificate info
* @return A Key Identifier with value formulatd as described.
*/
protected KeyIdentifier formTypeFieldKeyId(X509CertInfo certInfo)
- throws EBaseException {
+ throws EBaseException {
KeyIdentifier keyId = null;
X509Key key = null;
try {
- CertificateX509Key certKey =
- (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
+ CertificateX509Key certKey = (CertificateX509Key) certInfo
+ .get(X509CertInfo.KEY);
if (certKey == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME));
- throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_MISSING_KEY", NAME));
}
key = (X509Key) certKey.get(CertificateX509Key.KEY);
if (key == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME));
- throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_MISSING_KEY", NAME));
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT",
+ e.toString()));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT",
+ e.toString()));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
}
try {
byte[] octetString = new byte[8];
@@ -330,50 +337,47 @@ public class SubjectKeyIdentifierExt extends APolicyRule
octetString[0] &= (0x08f & octetString[0]);
keyId = new KeyIdentifier(octetString);
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
- throw new EPolicyException(
- CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+ throw new EPolicyException(CMS.getUserMessage(
+ "CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
}
return keyId;
}
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getInstanceParams() {
+ public Vector getInstanceParams() {
return mInstanceParams;
}
/**
* Return default parameters for a policy implementation.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
- public Vector getDefaultParams() {
+ public Vector getDefaultParams() {
return mDefaultParams;
}
/**
- * Gets extended plugin info for pretty Console displays.
+ * Gets extended plugin info for pretty Console displays.
*/
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST NOT be marked critical.",
- PROP_KEYID_TYPE + ";" +
- "choice(" + KEYID_TYPE_SHA1 + "," +
- KEYID_TYPE_TYPEFIELD + "," +
- KEYID_TYPE_SPKISHA1 + ");" +
- "Method to derive the Key Identifier.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-subjectkeyidentifier",
- IExtendedPluginInfo.HELP_TEXT +
- ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)"
- };
+ PROP_CRITICAL
+ + ";boolean;RFC 2459 recommendation: MUST NOT be marked critical.",
+ PROP_KEYID_TYPE + ";" + "choice(" + KEYID_TYPE_SHA1 + ","
+ + KEYID_TYPE_TYPEFIELD + "," + KEYID_TYPE_SPKISHA1
+ + ");" + "Method to derive the Key Identifier.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-subjectkeyidentifier",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)" };
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
index acaf9772..57832486 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Locale;
@@ -49,10 +48,9 @@ import com.netscape.certsrv.registry.IPluginRegistry;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestStatus;
-
/**
* This class implements a basic profile.
- *
+ *
* @version $Revision$, $Date$
*/
public abstract class BasicProfile implements IProfile {
@@ -76,8 +74,8 @@ public abstract class BasicProfile implements IProfile {
public static final String PROP_NAME = "name";
public static final String PROP_DESC = "desc";
public static final String PROP_NO_DEFAULT = "noDefaultImpl";
- public static final String PROP_NO_CONSTRAINT= "noConstraintImpl";
- public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl";
+ public static final String PROP_NO_CONSTRAINT = "noConstraintImpl";
+ public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl";
protected IProfileSubsystem mOwner = null;
protected IConfigStore mConfig = null;
@@ -144,21 +142,19 @@ public abstract class BasicProfile implements IProfile {
public IProfileAuthenticator getAuthenticator() throws EProfileException {
try {
- IAuthSubsystem authSub = (IAuthSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
- IProfileAuthenticator auth = (IProfileAuthenticator)
- authSub.get(mAuthInstanceId);
-
- if (mAuthInstanceId != null && mAuthInstanceId.length() > 0
- && auth == null) {
- throw new EProfileException("Cannot load " +
- mAuthInstanceId);
+ IAuthSubsystem authSub = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IProfileAuthenticator auth = (IProfileAuthenticator) authSub
+ .get(mAuthInstanceId);
+
+ if (mAuthInstanceId != null && mAuthInstanceId.length() > 0
+ && auth == null) {
+ throw new EProfileException("Cannot load " + mAuthInstanceId);
}
return auth;
} catch (Exception e) {
if (mAuthInstanceId != null) {
- throw new EProfileException("Cannot load " +
- mAuthInstanceId);
+ throw new EProfileException("Cannot load " + mAuthInstanceId);
}
return null;
}
@@ -167,7 +163,7 @@ public abstract class BasicProfile implements IProfile {
public String getRequestorDN(IRequest request) {
return null;
}
-
+
public String getAuthenticatorId() {
return mAuthInstanceId;
}
@@ -185,7 +181,7 @@ public abstract class BasicProfile implements IProfile {
* Initializes this profile.
*/
public void init(IProfileSubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
CMS.debug("BasicProfile: start init");
mOwner = owner;
mConfig = config;
@@ -204,17 +200,19 @@ public abstract class BasicProfile implements IProfile {
// policy.p1.default.class=com.netscape.cms.profile.defaults.SubjectName
// policy.p1.default.params.x1=x1
// policy.p1.default.params.x2=x2
- // policy.p1.constraint.class= ... .cms.profile.constraints.ValidityRange
+ // policy.p1.constraint.class= ...
+ // .cms.profile.constraints.ValidityRange
// policy.p1.constraint.params.x1=x1
// policy.p1.constraint.params.x2=x2
- // handle profile authentication plugins
+ // handle profile authentication plugins
try {
- mAuthInstanceId = config.getString("auth." + PROP_INSTANCE_ID, null);
+ mAuthInstanceId = config
+ .getString("auth." + PROP_INSTANCE_ID, null);
mAuthzAcl = config.getString("authz.acl", "");
} catch (EBaseException e) {
- CMS.debug("BasicProfile: authentication class not found " +
- e.toString());
+ CMS.debug("BasicProfile: authentication class not found "
+ + e.toString());
}
// handle profile input plugins
@@ -224,8 +222,8 @@ public abstract class BasicProfile implements IProfile {
while (input_st.hasMoreTokens()) {
String input_id = (String) input_st.nextToken();
- String inputClassId = inputStore.getString(input_id + "." +
- PROP_CLASS_ID);
+ String inputClassId = inputStore.getString(input_id + "."
+ + PROP_CLASS_ID);
IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput",
inputClassId);
String inputClass = inputInfo.getClassName();
@@ -233,13 +231,12 @@ public abstract class BasicProfile implements IProfile {
IProfileInput input = null;
try {
- input = (IProfileInput)
- Class.forName(inputClass).newInstance();
+ input = (IProfileInput) Class.forName(inputClass).newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: input plugin Class.forName " +
- inputClass + " " + e.toString());
- throw new EBaseException( e.toString() );
+ CMS.debug("BasicProfile: input plugin Class.forName "
+ + inputClass + " " + e.toString());
+ throw new EBaseException(e.toString());
}
IConfigStore inputConfig = inputStore.getSubStore(input_id);
input.init(this, inputConfig);
@@ -255,8 +252,8 @@ public abstract class BasicProfile implements IProfile {
while (output_st.hasMoreTokens()) {
String output_id = (String) output_st.nextToken();
- String outputClassId = outputStore.getString(output_id + "." +
- PROP_CLASS_ID);
+ String outputClassId = outputStore.getString(output_id + "."
+ + PROP_CLASS_ID);
IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput",
outputClassId);
String outputClass = outputInfo.getClassName();
@@ -264,13 +261,13 @@ public abstract class BasicProfile implements IProfile {
IProfileOutput output = null;
try {
- output = (IProfileOutput)
- Class.forName(outputClass).newInstance();
+ output = (IProfileOutput) Class.forName(outputClass)
+ .newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: output plugin Class.forName " +
- outputClass + " " + e.toString());
- throw new EBaseException( e.toString() );
+ CMS.debug("BasicProfile: output plugin Class.forName "
+ + outputClass + " " + e.toString());
+ throw new EBaseException(e.toString());
}
IConfigStore outputConfig = outputStore.getSubStore(output_id);
output.init(this, outputConfig);
@@ -286,22 +283,22 @@ public abstract class BasicProfile implements IProfile {
while (updater_st.hasMoreTokens()) {
String updater_id = (String) updater_st.nextToken();
- String updaterClassId = updaterStore.getString(updater_id + "." +
- PROP_CLASS_ID);
+ String updaterClassId = updaterStore.getString(updater_id + "."
+ + PROP_CLASS_ID);
IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater",
- updaterClassId);
+ updaterClassId);
String updaterClass = updaterInfo.getClassName();
IProfileUpdater updater = null;
try {
- updater = (IProfileUpdater)
- Class.forName(updaterClass).newInstance();
+ updater = (IProfileUpdater) Class.forName(updaterClass)
+ .newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: updater plugin Class.forName " +
- updaterClass + " " + e.toString());
- throw new EBaseException( e.toString() );
+ CMS.debug("BasicProfile: updater plugin Class.forName "
+ + updaterClass + " " + e.toString());
+ throw new EBaseException(e.toString());
}
IConfigStore updaterConfig = updaterStore.getSubStore(updater_id);
updater.init(this, updaterConfig);
@@ -325,15 +322,15 @@ public abstract class BasicProfile implements IProfile {
String id = (String) st1.nextToken();
String defaultRoot = id + "." + PROP_DEFAULT;
- String defaultClassId = policyStore.getString(defaultRoot + "." +
- PROP_CLASS_ID);
+ String defaultClassId = policyStore.getString(defaultRoot + "."
+ + PROP_CLASS_ID);
String constraintRoot = id + "." + PROP_CONSTRAINT;
- String constraintClassId =
- policyStore.getString(constraintRoot + "." + PROP_CLASS_ID);
+ String constraintClassId = policyStore.getString(constraintRoot
+ + "." + PROP_CLASS_ID);
- createProfilePolicy(setId, id, defaultClassId,
- constraintClassId, false);
+ createProfilePolicy(setId, id, defaultClassId,
+ constraintClassId, false);
}
}
CMS.debug("BasicProfile: done init");
@@ -380,20 +377,20 @@ public abstract class BasicProfile implements IProfile {
}
public String getInput(String name, Locale locale, IRequest request)
- throws EProfileException {
+ throws EProfileException {
return null;
}
public void setInput(String name, Locale locale, IRequest request,
- String value) throws EProfileException {
+ String value) throws EProfileException {
}
public Enumeration getProfilePolicySetIds() {
return mPolicySet.keys();
}
- public void deleteProfilePolicy(String setId, String policyId)
- throws EProfileException {
+ public void deleteProfilePolicy(String setId, String policyId)
+ throws EProfileException {
Vector policies = (Vector) mPolicySet.get(setId);
if (policies == null) {
@@ -436,26 +433,28 @@ public abstract class BasicProfile implements IProfile {
policies.removeElementAt(i);
if (size == 1) {
mPolicySet.remove(setId);
- String setlist = policySetSubStore.getString(PROP_POLICY_LIST, null);
+ String setlist = policySetSubStore.getString(
+ PROP_POLICY_LIST, null);
StringTokenizer st1 = new StringTokenizer(setlist, ",");
String newlist1 = "";
while (st1.hasMoreTokens()) {
String e = st1.nextToken();
- if (!e.equals(setId))
+ if (!e.equals(setId))
newlist1 = newlist1 + e + ",";
}
- if (!newlist1.equals(""))
- newlist1 = newlist1.substring(0, newlist1.length() - 1);
+ if (!newlist1.equals(""))
+ newlist1 = newlist1.substring(0,
+ newlist1.length() - 1);
policySetSubStore.putString(PROP_POLICY_LIST, newlist1);
}
break;
}
}
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (Exception e) {
}
@@ -496,8 +495,8 @@ public abstract class BasicProfile implements IProfile {
mInputs.remove(inputId);
mConfig.putString("input." + PROP_INPUT_LIST, newlist);
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (Exception e) {
}
@@ -537,24 +536,22 @@ public abstract class BasicProfile implements IProfile {
mOutputs.remove(outputId);
mConfig.putString("output." + PROP_OUTPUT_LIST, newlist);
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (Exception e) {
}
}
- public IProfileOutput createProfileOutput(String id, String outputId,
- NameValuePairs nvps)
- throws EProfileException {
- return createProfileOutput(id, outputId, nvps, true);
+ public IProfileOutput createProfileOutput(String id, String outputId,
+ NameValuePairs nvps) throws EProfileException {
+ return createProfileOutput(id, outputId, nvps, true);
}
public IProfileOutput createProfileOutput(String id, String outputId,
- NameValuePairs nvps, boolean createConfig)
+ NameValuePairs nvps, boolean createConfig)
-
- throws EProfileException {
+ throws EProfileException {
IConfigStore outputStore = mConfig.getSubStore("output");
String output_list = null;
@@ -576,8 +573,7 @@ public abstract class BasicProfile implements IProfile {
IProfileOutput output = null;
try {
- output = (IProfileOutput)
- Class.forName(outputClass).newInstance();
+ output = (IProfileOutput) Class.forName(outputClass).newInstance();
} catch (Exception e) {
// throw Exception
CMS.debug(e.toString());
@@ -610,7 +606,8 @@ public abstract class BasicProfile implements IProfile {
String pid = st1.nextToken();
if (pid.equals(id)) {
- throw new EProfileException("Duplicate output id: " + id);
+ throw new EProfileException("Duplicate output id: "
+ + id);
}
}
outputStore.putString(PROP_OUTPUT_LIST, list + "," + id);
@@ -618,7 +615,7 @@ public abstract class BasicProfile implements IProfile {
String prefix = id + ".";
outputStore.putString(prefix + "name",
- outputInfo.getName(Locale.getDefault()));
+ outputInfo.getName(Locale.getDefault()));
outputStore.putString(prefix + "class_id", outputId);
Enumeration enum1 = nvps.getNames();
@@ -626,19 +623,20 @@ public abstract class BasicProfile implements IProfile {
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
- outputStore.putString(prefix + "params." + name, nvps.getValue(name));
+ outputStore.putString(prefix + "params." + name,
+ nvps.getValue(name));
try {
- if (output != null) {
- output.setConfig(name, nvps.getValue(name));
- }
+ if (output != null) {
+ output.setConfig(name, nvps.getValue(name));
+ }
} catch (EBaseException e) {
- CMS.debug(e.toString());
+ CMS.debug(e.toString());
}
}
try {
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (EBaseException e) {
CMS.debug(e.toString());
@@ -648,15 +646,13 @@ public abstract class BasicProfile implements IProfile {
return output;
}
- public IProfileInput createProfileInput(String id, String inputId,
- NameValuePairs nvps)
- throws EProfileException {
- return createProfileInput(id, inputId, nvps, true);
+ public IProfileInput createProfileInput(String id, String inputId,
+ NameValuePairs nvps) throws EProfileException {
+ return createProfileInput(id, inputId, nvps, true);
}
public IProfileInput createProfileInput(String id, String inputId,
- NameValuePairs nvps, boolean createConfig)
- throws EProfileException {
+ NameValuePairs nvps, boolean createConfig) throws EProfileException {
IConfigStore inputStore = mConfig.getSubStore("input");
String input_list = null;
@@ -666,8 +662,8 @@ public abstract class BasicProfile implements IProfile {
} catch (Exception ee) {
}
- IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput",
- inputId);
+ IPluginInfo inputInfo = mRegistry
+ .getPluginInfo("profileInput", inputId);
if (inputInfo == null) {
CMS.debug("Cannot find " + inputId);
@@ -679,8 +675,7 @@ public abstract class BasicProfile implements IProfile {
IProfileInput input = null;
try {
- input = (IProfileInput)
- Class.forName(inputClass).newInstance();
+ input = (IProfileInput) Class.forName(inputClass).newInstance();
} catch (Exception e) {
// throw Exception
CMS.debug(e.toString());
@@ -720,28 +715,29 @@ public abstract class BasicProfile implements IProfile {
}
String prefix = id + ".";
- inputStore.putString(prefix + "name",
- inputInfo.getName(Locale.getDefault()));
+ inputStore.putString(prefix + "name",
+ inputInfo.getName(Locale.getDefault()));
inputStore.putString(prefix + "class_id", inputId);
-
+
Enumeration enum1 = nvps.getNames();
while (enum1.hasMoreElements()) {
String name = (String) enum1.nextElement();
- inputStore.putString(prefix + "params." + name, nvps.getValue(name));
+ inputStore.putString(prefix + "params." + name,
+ nvps.getValue(name));
try {
- if (input != null) {
- input.setConfig(name, nvps.getValue(name));
- }
+ if (input != null) {
+ input.setConfig(name, nvps.getValue(name));
+ }
} catch (EBaseException e) {
- CMS.debug(e.toString());
+ CMS.debug(e.toString());
}
}
try {
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
mConfig.commit(false);
} catch (EBaseException e) {
CMS.debug(e.toString());
@@ -754,23 +750,25 @@ public abstract class BasicProfile implements IProfile {
/**
* Creates a profile policy
*/
- public IProfilePolicy createProfilePolicy(String setId, String id,
- String defaultClassId, String constraintClassId)
- throws EProfileException {
- return createProfilePolicy(setId, id, defaultClassId,
+ public IProfilePolicy createProfilePolicy(String setId, String id,
+ String defaultClassId, String constraintClassId)
+ throws EProfileException {
+ return createProfilePolicy(setId, id, defaultClassId,
constraintClassId, true);
}
- public IProfilePolicy createProfilePolicy(String setId, String id,
- String defaultClassId, String constraintClassId,
- boolean createConfig)
- throws EProfileException {
-
+ public IProfilePolicy createProfilePolicy(String setId, String id,
+ String defaultClassId, String constraintClassId,
+ boolean createConfig) throws EProfileException {
+
// String setId ex: policyset.set1
- // String id Id of policy : examples: p1,p2,p3
- // String defaultClassId : id of the default plugin ex: validityDefaultImpl
- // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl
- // boolean createConfig : true : being called from the console. false: being called from server startup code
+ // String id Id of policy : examples: p1,p2,p3
+ // String defaultClassId : id of the default plugin ex:
+ // validityDefaultImpl
+ // String constraintClassId : if of the constraint plugin ex:
+ // basicConstraintsExtConstraintImpl
+ // boolean createConfig : true : being called from the console. false:
+ // being called from server startup code
Vector policies = (Vector) mPolicySet.get(setId);
@@ -778,9 +776,9 @@ public abstract class BasicProfile implements IProfile {
if (policies == null) {
policies = new Vector();
mPolicySet.put(setId, policies);
- if (createConfig) {
+ if (createConfig) {
// re-create policyset.list
- StringBuffer setlist =new StringBuffer();
+ StringBuffer setlist = new StringBuffer();
Enumeration keys = mPolicySet.keys();
while (keys.hasMoreElements()) {
@@ -794,62 +792,64 @@ public abstract class BasicProfile implements IProfile {
mConfig.putString("policyset.list", setlist.toString());
}
} else {
- String ids = null;
+ String ids = null;
- try {
- ids = policyStore.getString(PROP_POLICY_LIST, "");
- } catch (Exception ee) {
- }
+ try {
+ ids = policyStore.getString(PROP_POLICY_LIST, "");
+ } catch (Exception ee) {
+ }
- if( ids == null ) {
- CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" );
- return null;
- }
+ if (ids == null) {
+ CMS.debug("BasicProfile::createProfilePolicy() - ids is null!");
+ return null;
+ }
- StringTokenizer st1 = new StringTokenizer(ids, ",");
- int appearances = 0;
- int appearancesTooMany = 0;
- if (createConfig)
- appearancesTooMany = 1;
- else
- appearancesTooMany = 2;
+ StringTokenizer st1 = new StringTokenizer(ids, ",");
+ int appearances = 0;
+ int appearancesTooMany = 0;
+ if (createConfig)
+ appearancesTooMany = 1;
+ else
+ appearancesTooMany = 2;
- while (st1.hasMoreTokens()) {
- String pid = st1.nextToken();
- if (pid.equals(id)) {
- appearances++;
- if (appearances >= appearancesTooMany) {
- CMS.debug("WARNING detected duplicate policy id: " + id + " Profile: " + mId);
- if (createConfig) {
- throw new EProfileException("Duplicate policy id: " + id);
- }
+ while (st1.hasMoreTokens()) {
+ String pid = st1.nextToken();
+ if (pid.equals(id)) {
+ appearances++;
+ if (appearances >= appearancesTooMany) {
+ CMS.debug("WARNING detected duplicate policy id: "
+ + id + " Profile: " + mId);
+ if (createConfig) {
+ throw new EProfileException("Duplicate policy id: "
+ + id);
}
}
}
+ }
}
// Now make sure we aren't trying to add a policy that already exists
IConfigStore policySetStore = mConfig.getSubStore("policyset");
- String setlist = null;
+ String setlist = null;
try {
setlist = policySetStore.getString("list", "");
} catch (Exception e) {
}
StringTokenizer st = new StringTokenizer(setlist, ",");
- int matches = 0;
+ int matches = 0;
while (st.hasMoreTokens()) {
String sId = (String) st.nextToken();
- //Only search the setId set. Ex: encryptionCertSet
+ // Only search the setId set. Ex: encryptionCertSet
if (!sId.equals(setId)) {
continue;
}
IConfigStore pStore = policySetStore.getSubStore(sId);
-
+
String list = null;
try {
- list = pStore.getString(PROP_POLICY_LIST, "");
+ list = pStore.getString(PROP_POLICY_LIST, "");
} catch (Exception e) {
CMS.debug("WARNING, can't get policy id list!");
}
@@ -862,38 +862,48 @@ public abstract class BasicProfile implements IProfile {
String defaultRoot = curId + "." + PROP_DEFAULT;
String curDefaultClassId = null;
try {
- curDefaultClassId = pStore.getString(defaultRoot + "." +
- PROP_CLASS_ID);
- } catch(Exception e) {
+ curDefaultClassId = pStore.getString(defaultRoot + "."
+ + PROP_CLASS_ID);
+ } catch (Exception e) {
CMS.debug("WARNING, can't get default plugin id!");
}
String constraintRoot = curId + "." + PROP_CONSTRAINT;
String curConstraintClassId = null;
try {
- curConstraintClassId = pStore.getString(constraintRoot + "." + PROP_CLASS_ID);
+ curConstraintClassId = pStore.getString(constraintRoot
+ + "." + PROP_CLASS_ID);
} catch (Exception e) {
CMS.debug("WARNING, can't get constraint plugin id!");
}
- //Disallow duplicate defaults with the following exceptions:
+ // Disallow duplicate defaults with the following exceptions:
// noDefaultImpl, genericExtDefaultImpl
- if ((curDefaultClassId.equals(defaultClassId) &&
- !curDefaultClassId.equals(PROP_NO_DEFAULT) &&
- !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) {
+ if ((curDefaultClassId.equals(defaultClassId)
+ && !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId
+ .equals(PROP_GENERIC_EXT_DEFAULT))) {
matches++;
if (createConfig) {
if (matches == 1) {
- CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId +
- " Contact System Administrator.");
- throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId);
+ CMS.debug("WARNING attempt to add duplicate Policy "
+ + defaultClassId
+ + ":"
+ + constraintClassId
+ + " Contact System Administrator.");
+ throw new EProfileException(
+ "Attempt to add duplicate Policy : "
+ + defaultClassId + ":"
+ + constraintClassId);
}
} else {
- if( matches > 1) {
- CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId +
- " Contact System Administrator.");
+ if (matches > 1) {
+ CMS.debug("WARNING attempt to add duplicate Policy "
+ + defaultClassId
+ + ":"
+ + constraintClassId
+ + " Contact System Administrator.");
}
}
}
@@ -915,12 +925,11 @@ public abstract class BasicProfile implements IProfile {
IPolicyDefault def = null;
try {
- def = (IPolicyDefault)
- Class.forName(defaultClass).newInstance();
+ def = (IPolicyDefault) Class.forName(defaultClass).newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: default policy " +
- defaultClass + " " + e.toString());
+ CMS.debug("BasicProfile: default policy " + defaultClass + " "
+ + e.toString());
}
if (def == null) {
CMS.debug("BasicProfile: failed to create " + defaultClass);
@@ -931,18 +940,18 @@ public abstract class BasicProfile implements IProfile {
def.init(this, defStore);
}
- IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy",
+ IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy",
constraintClassId);
String constraintClass = conInfo.getClassName();
IPolicyConstraint constraint = null;
try {
- constraint = (IPolicyConstraint)
- Class.forName(constraintClass).newInstance();
+ constraint = (IPolicyConstraint) Class.forName(constraintClass)
+ .newInstance();
} catch (Exception e) {
// throw Exception
- CMS.debug("BasicProfile: constraint policy " +
- constraintClass + " " + e.toString());
+ CMS.debug("BasicProfile: constraint policy " + constraintClass
+ + " " + e.toString());
}
ProfilePolicy policy = null;
if (constraint == null) {
@@ -968,21 +977,20 @@ public abstract class BasicProfile implements IProfile {
} else {
policyStore.putString(PROP_POLICY_LIST, list + "," + id);
}
- policyStore.putString(id + ".default.name",
- defInfo.getName(Locale.getDefault()));
- policyStore.putString(id + ".default.class_id",
- defaultClassId);
- policyStore.putString(id + ".constraint.name",
- conInfo.getName(Locale.getDefault()));
- policyStore.putString(id + ".constraint.class_id",
- constraintClassId);
+ policyStore.putString(id + ".default.name",
+ defInfo.getName(Locale.getDefault()));
+ policyStore.putString(id + ".default.class_id", defaultClassId);
+ policyStore.putString(id + ".constraint.name",
+ conInfo.getName(Locale.getDefault()));
+ policyStore.putString(id + ".constraint.class_id",
+ constraintClassId);
try {
- mConfig.putString("lastModified",
- Long.toString(CMS.getCurrentDate().getTime()));
+ mConfig.putString("lastModified",
+ Long.toString(CMS.getCurrentDate().getTime()));
policyStore.commit(false);
} catch (EBaseException e) {
- CMS.debug("BasicProfile: commiting config store " +
- e.toString());
+ CMS.debug("BasicProfile: commiting config store "
+ + e.toString());
}
}
@@ -1038,7 +1046,7 @@ public abstract class BasicProfile implements IProfile {
* Creates request.
*/
public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale)
- throws EProfileException;
+ throws EProfileException;
/**
* Returns the profile description.
@@ -1056,12 +1064,12 @@ public abstract class BasicProfile implements IProfile {
}
public void populateInput(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
Enumeration ids = getProfileInputIds();
while (ids.hasMoreElements()) {
String id = (String) ids.nextElement();
- IProfileInput input = getProfileInput(id);
+ IProfileInput input = getProfileInput(id);
input.populate(ctx, request);
}
@@ -1074,36 +1082,32 @@ public abstract class BasicProfile implements IProfile {
}
/**
- * Passes the request to the set of default policies that
- * populate the profile information against the profile.
- */
- public void populate(IRequest request)
- throws EProfileException {
+ * Passes the request to the set of default policies that populate the
+ * profile information against the profile.
+ */
+ public void populate(IRequest request) throws EProfileException {
String setId = getPolicySetId(request);
Vector policies = getPolicies(setId);
- CMS.debug("BasicProfile: populate() policy setid ="+ setId);
+ CMS.debug("BasicProfile: populate() policy setid =" + setId);
for (int i = 0; i < policies.size(); i++) {
- ProfilePolicy policy = (ProfilePolicy)
- policies.elementAt(i);
+ ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i);
policy.getDefault().populate(request);
}
}
/**
- * Passes the request to the set of constraint policies
- * that validate the request against the profile.
- */
- public void validate(IRequest request)
- throws ERejectException {
+ * Passes the request to the set of constraint policies that validate the
+ * request against the profile.
+ */
+ public void validate(IRequest request) throws ERejectException {
String setId = getPolicySetId(request);
- CMS.debug("BasicProfile: validate start on setId="+ setId);
+ CMS.debug("BasicProfile: validate start on setId=" + setId);
Vector policies = getPolicies(setId);
for (int i = 0; i < policies.size(); i++) {
- ProfilePolicy policy = (ProfilePolicy)
- policies.elementAt(i);
+ ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i);
policy.getConstraint().validate(request);
}
@@ -1129,25 +1133,23 @@ public abstract class BasicProfile implements IProfile {
Vector v = new Vector();
for (int i = 0; i < policies.size(); i++) {
- ProfilePolicy policy = (ProfilePolicy)
- policies.elementAt(i);
+ ProfilePolicy policy = (ProfilePolicy) policies.elementAt(i);
- v.addElement(policy.getId());
+ v.addElement(policy.getId());
}
return v.elements();
}
- public void execute(IRequest request)
- throws EProfileException {
+ public void execute(IRequest request) throws EProfileException {
}
/**
* Signed Audit Log
- *
- * This method is inherited by all extended "BasicProfile"s,
- * and is called to store messages to the signed audit log.
+ *
+ * This method is inherited by all extended "BasicProfile"s, and is called
+ * to store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -1158,21 +1160,17 @@ public abstract class BasicProfile implements IProfile {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is inherited by all extended "BasicProfile"s,
- * and is called to obtain the "SubjectID" for
- * a signed audit log message.
+ *
+ * This method is inherited by all extended "BasicProfile"s, and is called
+ * to obtain the "SubjectID" for a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -1187,8 +1185,7 @@ public abstract class BasicProfile implements IProfile {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String)
- auditContext.get(SessionContext.USER_ID);
+ subjectID = (String) auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
@@ -1202,4 +1199,3 @@ public abstract class BasicProfile implements IProfile {
return subjectID;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
index 681f2b4a..f589e7ef 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.common.NameValuePairs;
@@ -28,103 +27,97 @@ import com.netscape.certsrv.profile.IProfileInput;
import com.netscape.certsrv.profile.IProfileOutput;
import com.netscape.certsrv.profile.IProfilePolicy;
-
/**
- * This class implements a Certificate Manager enrollment
- * profile for CA Certificates.
- *
+ * This class implements a Certificate Manager enrollment profile for CA
+ * Certificates.
+ *
* @version $Revision$, $Date$
*/
-public class CACertCAEnrollProfile extends CAEnrollProfile
- implements IProfileEx {
+public class CACertCAEnrollProfile extends CAEnrollProfile implements
+ IProfileEx {
/**
- * Called after initialization. It populates default
- * policies, inputs, and outputs.
+ * Called after initialization. It populates default policies, inputs, and
+ * outputs.
*/
- public void populate() throws EBaseException
- {
+ public void populate() throws EBaseException {
// create inputs
NameValuePairs inputParams1 = new NameValuePairs();
- IProfileInput input1 =
- createProfileInput("i1", "certReqInputImpl", inputParams1);
+ IProfileInput input1 = createProfileInput("i1", "certReqInputImpl",
+ inputParams1);
NameValuePairs inputParams2 = new NameValuePairs();
- IProfileInput input2 =
- createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
+ IProfileInput input2 = createProfileInput("i2",
+ "submitterInfoInputImpl", inputParams2);
- // create outputs
+ // create outputs
NameValuePairs outputParams1 = new NameValuePairs();
- IProfileOutput output1 =
- createProfileOutput("o1", "certOutputImpl", outputParams1);
+ IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl",
+ outputParams1);
// create policies
- IProfilePolicy policy1 =
- createProfilePolicy("set1", "p1",
- "userSubjectNameDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy1 = createProfilePolicy("set1", "p1",
+ "userSubjectNameDefaultImpl", "noConstraintImpl");
IPolicyDefault def1 = policy1.getDefault();
IConfigStore defConfig1 = def1.getConfigStore();
IPolicyConstraint con1 = policy1.getConstraint();
IConfigStore conConfig1 = con1.getConfigStore();
- IProfilePolicy policy2 =
- createProfilePolicy("set1", "p2",
- "validityDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy2 = createProfilePolicy("set1", "p2",
+ "validityDefaultImpl", "noConstraintImpl");
IPolicyDefault def2 = policy2.getDefault();
IConfigStore defConfig2 = def2.getConfigStore();
- defConfig2.putString("params.range","180");
- defConfig2.putString("params.startTime","0");
+ defConfig2.putString("params.range", "180");
+ defConfig2.putString("params.startTime", "0");
IPolicyConstraint con2 = policy2.getConstraint();
IConfigStore conConfig2 = con2.getConfigStore();
- IProfilePolicy policy3 =
- createProfilePolicy("set1", "p3",
- "userKeyDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy3 = createProfilePolicy("set1", "p3",
+ "userKeyDefaultImpl", "noConstraintImpl");
IPolicyDefault def3 = policy3.getDefault();
IConfigStore defConfig3 = def3.getConfigStore();
- defConfig3.putString("params.keyType","RSA");
- defConfig3.putString("params.keyMinLength","512");
- defConfig3.putString("params.keyMaxLength","4096");
+ defConfig3.putString("params.keyType", "RSA");
+ defConfig3.putString("params.keyMinLength", "512");
+ defConfig3.putString("params.keyMaxLength", "4096");
IPolicyConstraint con3 = policy3.getConstraint();
IConfigStore conConfig3 = con3.getConfigStore();
- IProfilePolicy policy4 =
- createProfilePolicy("set1", "p4",
- "signingAlgDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy4 = createProfilePolicy("set1", "p4",
+ "signingAlgDefaultImpl", "noConstraintImpl");
IPolicyDefault def4 = policy4.getDefault();
IConfigStore defConfig4 = def4.getConfigStore();
- defConfig4.putString("params.signingAlg","-");
- defConfig4.putString("params.signingAlgsAllowed",
- "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC");
+ defConfig4.putString("params.signingAlg", "-");
+ defConfig4
+ .putString(
+ "params.signingAlgsAllowed",
+ "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC");
IPolicyConstraint con4 = policy4.getConstraint();
IConfigStore conConfig4 = con4.getConfigStore();
// extensions
- IProfilePolicy policy5 =
- createProfilePolicy("set1", "p5",
- "keyUsageExtDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy5 = createProfilePolicy("set1", "p5",
+ "keyUsageExtDefaultImpl", "noConstraintImpl");
IPolicyDefault def5 = policy5.getDefault();
IConfigStore defConfig5 = def5.getConfigStore();
- defConfig5.putString("params.keyUsageCritical","true");
- defConfig5.putString("params.keyUsageCrlSign","true");
- defConfig5.putString("params.keyUsageDataEncipherment","false");
- defConfig5.putString("params.keyUsageDecipherOnly","false");
- defConfig5.putString("params.keyUsageDigitalSignature","true");
- defConfig5.putString("params.keyUsageEncipherOnly","false");
- defConfig5.putString("params.keyUsageKeyAgreement","false");
- defConfig5.putString("params.keyUsageKeyCertSign","true");
- defConfig5.putString("params.keyUsageKeyEncipherment","false");
- defConfig5.putString("params.keyUsageNonRepudiation","true");
+ defConfig5.putString("params.keyUsageCritical", "true");
+ defConfig5.putString("params.keyUsageCrlSign", "true");
+ defConfig5.putString("params.keyUsageDataEncipherment", "false");
+ defConfig5.putString("params.keyUsageDecipherOnly", "false");
+ defConfig5.putString("params.keyUsageDigitalSignature", "true");
+ defConfig5.putString("params.keyUsageEncipherOnly", "false");
+ defConfig5.putString("params.keyUsageKeyAgreement", "false");
+ defConfig5.putString("params.keyUsageKeyCertSign", "true");
+ defConfig5.putString("params.keyUsageKeyEncipherment", "false");
+ defConfig5.putString("params.keyUsageNonRepudiation", "true");
IPolicyConstraint con5 = policy5.getConstraint();
IConfigStore conConfig5 = con5.getConfigStore();
- IProfilePolicy policy6 =
- createProfilePolicy("set1", "p6",
- "basicConstraintsExtDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy6 = createProfilePolicy("set1", "p6",
+ "basicConstraintsExtDefaultImpl", "noConstraintImpl");
IPolicyDefault def6 = policy6.getDefault();
IConfigStore defConfig6 = def6.getConfigStore();
- defConfig6.putString("params.basicConstraintsPathLen","-1");
- defConfig6.putString("params.basicConstraintsIsCA","true");
- defConfig6.putString("params.basicConstraintsPathLen","-1");
+ defConfig6.putString("params.basicConstraintsPathLen", "-1");
+ defConfig6.putString("params.basicConstraintsIsCA", "true");
+ defConfig6.putString("params.basicConstraintsPathLen", "-1");
IPolicyConstraint con6 = policy6.getConstraint();
IConfigStore conConfig6 = con6.getConfigStore();
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
index 32cd51b5..20d5f4de 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import java.util.Enumeration;
import netscape.security.x509.X500Name;
@@ -41,27 +40,21 @@ import com.netscape.certsrv.profile.IProfileUpdater;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestStatus;
-
/**
- * This class implements a Certificate Manager enrollment
- * profile.
- *
+ * This class implements a Certificate Manager enrollment profile.
+ *
* @version $Revision$, $Date$
*/
public class CAEnrollProfile extends EnrollProfile {
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
-
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
public CAEnrollProfile() {
super();
}
public IAuthority getAuthority() {
- IAuthority authority = (IAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
if (authority == null)
return null;
@@ -69,18 +62,17 @@ public class CAEnrollProfile extends EnrollProfile {
}
public X500Name getIssuerName() {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
X500Name issuerName = ca.getX500Name();
return issuerName;
}
- public void execute(IRequest request)
- throws EProfileException {
+ public void execute(IRequest request) throws EProfileException {
long startTime = CMS.getCurrentDate().getTime();
-
+
if (!isEnable()) {
CMS.debug("CAEnrollProfile: Profile Not Enabled");
throw new EProfileException("Profile Not Enabled");
@@ -91,14 +83,13 @@ public class CAEnrollProfile extends EnrollProfile {
String auditRequesterID = auditRequesterID(request);
String auditArchiveID = ILogger.UNIDENTIFIED;
-
String id = request.getRequestId().toString();
if (id != null) {
auditArchiveID = id.trim();
}
- CMS.debug("CAEnrollProfile: execute reqId=" +
- request.getRequestId().toString());
+ CMS.debug("CAEnrollProfile: execute reqId="
+ + request.getRequestId().toString());
ICertificateAuthority ca = (ICertificateAuthority) getAuthority();
ICAService caService = (ICAService) ca.getCAService();
@@ -108,64 +99,59 @@ public class CAEnrollProfile extends EnrollProfile {
// if PKI Archive Option present, send this request
// to DRM
- byte optionsData[] = request.getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS);
+ byte optionsData[] = request
+ .getExtDataInByteArray(REQUEST_ARCHIVE_OPTIONS);
// do not archive keys for renewal requests
- if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) {
- PKIArchiveOptions options = (PKIArchiveOptions)
- toPKIArchiveOptions(optionsData);
+ if ((optionsData != null)
+ && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) {
+ PKIArchiveOptions options = (PKIArchiveOptions) toPKIArchiveOptions(optionsData);
if (options != null) {
- CMS.debug("CAEnrollProfile: execute found " +
- "PKIArchiveOptions");
+ CMS.debug("CAEnrollProfile: execute found "
+ + "PKIArchiveOptions");
try {
IConnector kraConnector = caService.getKRAConnector();
if (kraConnector == null) {
- CMS.debug("CAEnrollProfile: KRA connector " +
- "not configured");
+ CMS.debug("CAEnrollProfile: KRA connector "
+ + "not configured");
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditArchiveID);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditArchiveID);
audit(auditMessage);
-
+
} else {
CMS.debug("CAEnrollProfile: execute send request");
kraConnector.send(request);
-
-
// check response
if (!request.isSuccess()) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditArchiveID);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditArchiveID);
audit(auditMessage);
throw new ERejectException(
request.getError(getLocale(request)));
}
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditArchiveID);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID, auditArchiveID);
audit(auditMessage);
}
} catch (Exception e) {
-
if (e instanceof ERejectException) {
throw (ERejectException) e;
}
@@ -174,9 +160,7 @@ public class CAEnrollProfile extends EnrollProfile {
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
auditArchiveID);
audit(auditMessage);
@@ -189,17 +173,17 @@ public class CAEnrollProfile extends EnrollProfile {
X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
X509CertImpl theCert = null;
- // #615460 - added audit log (transaction)
+ // #615460 - added audit log (transaction)
SessionContext sc = SessionContext.getExistingContext();
sc.put("profileId", getId());
String setId = request.getExtDataInString("profileSetId");
if (setId != null) {
- sc.put("profileSetId", setId);
+ sc.put("profileSetId", setId);
}
try {
- theCert = caService.issueX509Cert(info, getId() /* profileId */,
- id /* requestId */);
+ theCert = caService
+ .issueX509Cert(info, getId() /* profileId */, id /* requestId */);
} catch (EBaseException e) {
CMS.debug(e.toString());
@@ -209,26 +193,27 @@ public class CAEnrollProfile extends EnrollProfile {
long endTime = CMS.getCurrentDate().getTime();
- String initiative = AuditFormat.FROMAGENT
- + " userID: "
- + (String)sc.get(SessionContext.USER_ID);
- String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID);
+ String initiative = AuditFormat.FROMAGENT + " userID: "
+ + (String) sc.get(SessionContext.USER_ID);
+ String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID);
ILogger logger = CMS.getLogger();
- if( logger != null ) {
- logger.log( ILogger.EV_AUDIT,
- ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT,
- new Object[] {
- request.getRequestType(),
- request.getRequestId(),
- initiative,
- authMgr,
- "completed",
- theCert.getSubjectDN(),
- "cert issued serial number: 0x" +
- theCert.getSerialNumber().toString(16) +
- " time: " + (endTime - startTime) }
- );
+ if (logger != null) {
+ logger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ request.getRequestType(),
+ request.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ theCert.getSubjectDN(),
+ "cert issued serial number: 0x"
+ + theCert.getSerialNumber().toString(16)
+ + " time: " + (endTime - startTime) });
}
request.setRequestStatus(RequestStatus.COMPLETE);
@@ -236,9 +221,9 @@ public class CAEnrollProfile extends EnrollProfile {
// notifies updater plugins
Enumeration updaterIds = getProfileUpdaterIds();
while (updaterIds.hasMoreElements()) {
- String updaterId = (String)updaterIds.nextElement();
- IProfileUpdater updater = getProfileUpdater(updaterId);
- updater.update(request, RequestStatus.COMPLETE);
+ String updaterId = (String) updaterIds.nextElement();
+ IProfileUpdater updater = getProfileUpdater(updaterId);
+ updater.update(request, RequestStatus.COMPLETE);
}
// set value for predicate value - checking in getRule
@@ -248,4 +233,3 @@ public class CAEnrollProfile extends EnrollProfile {
request.setExtData("isEncryptionCert", "false");
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
index 95c360f8..e0c86303 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -100,21 +99,19 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cmsutil.util.HMACDigest;
-
/**
* This class implements a generic enrollment profile.
- *
+ *
* @version $Revision$, $Date$
*/
-public abstract class EnrollProfile extends BasicProfile
- implements IEnrollProfile {
+public abstract class EnrollProfile extends BasicProfile implements
+ IEnrollProfile {
- private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
- "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
- private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
- "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+ private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
private PKIData mCMCData;
+
public EnrollProfile() {
super();
}
@@ -135,11 +132,11 @@ public abstract class EnrollProfile extends BasicProfile
* Creates request.
*/
public IRequest[] createRequests(IProfileContext context, Locale locale)
- throws EProfileException {
+ throws EProfileException {
EnrollProfileContext ctx = (EnrollProfileContext) context;
// determine how many requests should be created
- String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE);
+ String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE);
String cert_request = ctx.get(CTX_CERT_REQUEST);
String is_renewal = ctx.get(CTX_RENEWAL);
Integer renewal_seq_num = 0;
@@ -169,17 +166,16 @@ public abstract class EnrollProfile extends BasicProfile
num_requests = msgs.length;
}
- // only 1 request for renewal
+ // only 1 request for renewal
if ((is_renewal != null) && (is_renewal.equals("true"))) {
num_requests = 1;
String renewal_seq_num_str = ctx.get(CTX_RENEWAL_SEQ_NUM);
if (renewal_seq_num_str != null) {
renewal_seq_num = Integer.parseInt(renewal_seq_num_str);
} else {
- renewal_seq_num =0;
+ renewal_seq_num = 0;
}
}
-
// populate requests with appropriate content
IRequest result[] = new IRequest[num_requests];
@@ -187,7 +183,7 @@ public abstract class EnrollProfile extends BasicProfile
for (int i = 0; i < num_requests; i++) {
result[i] = createEnrollmentRequest();
if ((is_renewal != null) && (is_renewal.equals("true"))) {
- result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num);
+ result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num);
} else {
result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i));
}
@@ -208,36 +204,35 @@ public abstract class EnrollProfile extends BasicProfile
// retrieve issuer name
X500Name issuerName = getIssuerName();
- byte[] dummykey = new byte[] {
- 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5,
- 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66,
- -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108,
- 42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24,
- -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101,
- -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53,
- -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1};
+ byte[] dummykey = new byte[] { 48, 92, 48, 13, 6, 9, 42, -122, 72,
+ -122, -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65, 0, -65,
+ 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44, -48,
+ -104, 103, -47, -108, 42, -38, 46, -8, 32, 49, -29, -26, -112,
+ -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51,
+ -125, -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71,
+ -124, -85, 105, -53, -103, -59, -67, -38, -83, 118, 65, 2, 3,
+ 1, 0, 1 };
// default values into x509 certinfo. This thing is
// not serializable by default
try {
- info.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
- info.set(X509CertInfo.SERIAL_NUMBER,
- new CertificateSerialNumber(new BigInteger("0")));
- info.set(X509CertInfo.ISSUER,
- new CertificateIssuerName(issuerName));
- info.set(X509CertInfo.KEY,
- new CertificateX509Key(X509Key.parse(new DerValue(dummykey))));
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(issuerName));
- info.set(X509CertInfo.VALIDITY,
- new CertificateValidity(new Date(), new Date()));
- info.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(
+ info.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
+ info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(
+ new BigInteger("0")));
+ info.set(X509CertInfo.ISSUER, new CertificateIssuerName(issuerName));
+ info.set(
+ X509CertInfo.KEY,
+ new CertificateX509Key(X509Key
+ .parse(new DerValue(dummykey))));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ issuerName));
+ info.set(X509CertInfo.VALIDITY, new CertificateValidity(new Date(),
+ new Date()));
+ info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(
AlgorithmId.getAlgorithmId("MD5withRSA")));
// add default extension container
- info.set(X509CertInfo.EXTENSIONS,
- new CertificateExtensions());
+ info.set(X509CertInfo.EXTENSIONS, new CertificateExtensions());
} catch (Exception e) {
// throw exception - add key to template
CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString());
@@ -246,8 +241,7 @@ public abstract class EnrollProfile extends BasicProfile
req.setExtData(REQUEST_CERTINFO, info);
}
- public IRequest createEnrollmentRequest()
- throws EProfileException {
+ public IRequest createEnrollmentRequest() throws EProfileException {
IRequest req = null;
try {
@@ -256,22 +250,20 @@ public abstract class EnrollProfile extends BasicProfile
setDefaultCertInfo(req);
// put the certificate info into request
- req.setExtData(REQUEST_EXTENSIONS,
- new CertificateExtensions());
+ req.setExtData(REQUEST_EXTENSIONS, new CertificateExtensions());
- CMS.debug("EnrollProfile: createRequest " +
- req.getRequestId().toString());
+ CMS.debug("EnrollProfile: createRequest "
+ + req.getRequestId().toString());
} catch (EBaseException e) {
// raise exception
- CMS.debug("EnrollProfile: create new enroll request " +
- e.toString());
+ CMS.debug("EnrollProfile: create new enroll request "
+ + e.toString());
}
return req;
}
- public abstract void execute(IRequest request)
- throws EProfileException;
+ public abstract void execute(IRequest request) throws EProfileException;
/**
* Perform simple policy set assignment.
@@ -298,8 +290,8 @@ public abstract class EnrollProfile extends BasicProfile
X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
try {
- CertificateSubjectName sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ CertificateSubjectName sn = (CertificateSubjectName) info
+ .get(X509CertInfo.SUBJECT);
return sn.toString();
} catch (Exception e) {
@@ -309,35 +301,34 @@ public abstract class EnrollProfile extends BasicProfile
}
/**
- * This method is called after the user submits the
- * request from the end-entity page.
+ * This method is called after the user submits the request from the
+ * end-entity page.
*/
public void submit(IAuthToken token, IRequest request)
- throws EDeferException, EProfileException {
+ throws EDeferException, EProfileException {
// Request Submission Logic:
//
// if (Authentication Failed) {
- // return Error
+ // return Error
+ // } else {
+ // if (No Auth Token) {
+ // queue request
// } else {
- // if (No Auth Token) {
- // queue request
- // } else {
- // process request
- // }
+ // process request
+ // }
// }
- IAuthority authority = (IAuthority)
- getAuthority();
+ IAuthority authority = (IAuthority) getAuthority();
IRequestQueue queue = authority.getRequestQueue();
- // this profile queues request that is authenticated
- // by NoAuth
- try {
- queue.updateRequest(request);
- } catch (EBaseException e) {
- // save request to disk
- CMS.debug("EnrollProfile: Update request " + e.toString());
- }
+ // this profile queues request that is authenticated
+ // by NoAuth
+ try {
+ queue.updateRequest(request);
+ } catch (EBaseException e) {
+ // save request to disk
+ CMS.debug("EnrollProfile: Update request " + e.toString());
+ }
if (token == null) {
CMS.debug("EnrollProfile: auth token is null");
@@ -346,7 +337,8 @@ public abstract class EnrollProfile extends BasicProfile
try {
queue.updateRequest(request);
} catch (EBaseException e) {
- CMS.debug("EnrollProfile: Update request (after validation) " + e.toString());
+ CMS.debug("EnrollProfile: Update request (after validation) "
+ + e.toString());
}
throw new EDeferException("defer request");
@@ -360,12 +352,12 @@ public abstract class EnrollProfile extends BasicProfile
}
public TaggedRequest[] parseCMC(Locale locale, String certreq)
- throws EProfileException {
+ throws EProfileException {
/* cert request must not be null */
if (certreq == null) {
CMS.debug("EnrollProfile: parseCMC() certreq null");
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
}
CMS.debug("EnrollProfile: Start parseCMC(): " + certreq);
@@ -375,22 +367,24 @@ public abstract class EnrollProfile extends BasicProfile
String creq = normalizeCertReq(certreq);
try {
byte data[] = CMS.AtoB(creq);
- ByteArrayInputStream cmcBlobIn =
- new ByteArrayInputStream(data);
-
- org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
- org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
- org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent();
- org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
+ ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(data);
+
+ org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo
+ .getTemplate().decode(cmcBlobIn);
+ org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq
+ .getInterpretedContent();
+ org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq
+ .getContentInfo();
OBJECT_IDENTIFIER id = ci.getContentType();
OCTET_STRING content = ci.getContent();
-
- ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
+
+ ByteArrayInputStream s = new ByteArrayInputStream(
+ content.toByteArray());
PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
mCMCData = pkiData;
- //PKIData pkiData = (PKIData)
- // (new PKIData.Template()).decode(cmcBlobIn);
+ // PKIData pkiData = (PKIData)
+ // (new PKIData.Template()).decode(cmcBlobIn);
SEQUENCE controlSeq = pkiData.getControlSequence();
int numcontrols = controlSeq.size();
SEQUENCE reqSeq = pkiData.getReqSequence();
@@ -400,22 +394,24 @@ public abstract class EnrollProfile extends BasicProfile
if (numcontrols > 0) {
context.put("numOfControls", Integer.valueOf(numcontrols));
TaggedAttribute[] attributes = new TaggedAttribute[numcontrols];
- for (int i=0; i<numcontrols; i++) {
- attributes[i] = (TaggedAttribute)controlSeq.elementAt(i);
+ for (int i = 0; i < numcontrols; i++) {
+ attributes[i] = (TaggedAttribute) controlSeq
+ .elementAt(i);
OBJECT_IDENTIFIER oid = attributes[i].getType();
if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) {
- boolean valid = verifyIdentityProof(attributes[i],
- reqSeq);
+ boolean valid = verifyIdentityProof(attributes[i],
+ reqSeq);
if (!valid) {
- SEQUENCE bpids = getRequestBpids(reqSeq);
+ SEQUENCE bpids = getRequestBpids(reqSeq);
context.put("identityProof", bpids);
return null;
}
- } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) {
+ } else if (oid
+ .equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) {
SET vals = attributes[i].getValues();
- OCTET_STRING ostr =
- (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
+ OCTET_STRING ostr = (OCTET_STRING) (ASN1Util
+ .decode(OCTET_STRING.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
randomSeed = ostr.toByteArray();
} else {
context.put(attributes[i].getType(), attributes[i]);
@@ -423,18 +419,19 @@ public abstract class EnrollProfile extends BasicProfile
}
}
}
-
+
SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence();
int numOtherMsgs = otherMsgSeq.size();
if (!context.containsKey("numOfOtherMsgs")) {
context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs));
- for (int i=0; i<numOtherMsgs; i++) {
- OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(),
- ASN1Util.encode(otherMsgSeq.elementAt(i))));
- context.put("otherMsg"+i, omsg);
+ for (int i = 0; i < numOtherMsgs; i++) {
+ OtherMsg omsg = (OtherMsg) (ASN1Util.decode(
+ OtherMsg.getTemplate(),
+ ASN1Util.encode(otherMsgSeq.elementAt(i))));
+ context.put("otherMsg" + i, omsg);
}
}
-
+
int nummsgs = reqSeq.size();
if (nummsgs > 0) {
msgs = new TaggedRequest[reqSeq.size()];
@@ -444,10 +441,11 @@ public abstract class EnrollProfile extends BasicProfile
msgs[i] = (TaggedRequest) reqSeq.elementAt(i);
if (!context.containsKey("POPLinkWitness")) {
if (randomSeed != null) {
- valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids);
+ valid = verifyPOPLinkWitness(randomSeed, msgs[i],
+ bpids);
if (!valid || bpids.size() > 0) {
context.put("POPLinkWitness", bpids);
- return null;
+ return null;
}
}
}
@@ -458,13 +456,13 @@ public abstract class EnrollProfile extends BasicProfile
return msgs;
} catch (Exception e) {
CMS.debug("EnrollProfile: parseCMC " + e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
}
}
private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req,
- SEQUENCE bpids) {
+ SEQUENCE bpids) {
ISharedToken tokenClass = null;
boolean sharedSecretFound = true;
String name = null;
@@ -479,15 +477,15 @@ public abstract class EnrollProfile extends BasicProfile
}
try {
- tokenClass = (ISharedToken)Class.forName(name).newInstance();
+ tokenClass = (ISharedToken) Class.forName(name).newInstance();
} catch (ClassNotFoundException e) {
- CMS.debug("EnrollProfile: Failed to find class name: "+name);
+ CMS.debug("EnrollProfile: Failed to find class name: " + name);
sharedSecretFound = false;
} catch (InstantiationException e) {
- CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+ CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
sharedSecretFound = false;
} catch (IllegalAccessException e) {
- CMS.debug("EnrollProfile: Illegal access: "+name);
+ CMS.debug("EnrollProfile: Illegal access: " + name);
sharedSecretFound = false;
}
@@ -496,7 +494,7 @@ public abstract class EnrollProfile extends BasicProfile
String sharedSecret = null;
if (tokenClass != null)
sharedSecret = tokenClass.getSharedToken(mCMCData);
- if (req.getType().equals(TaggedRequest.PKCS10)) {
+ if (req.getType().equals(TaggedRequest.PKCS10)) {
TaggedCertificationRequest tcr = req.getTcr();
if (!sharedSecretFound) {
bpids.addElement(tcr.getBodyPartID());
@@ -505,25 +503,27 @@ public abstract class EnrollProfile extends BasicProfile
CertificationRequest creq = tcr.getCertificationRequest();
CertificationRequestInfo cinfo = creq.getInfo();
SET attrs = cinfo.getAttributes();
- for (int j=0; j<attrs.size(); j++) {
- Attribute pkcs10Attr = (Attribute)attrs.elementAt(j);
- if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
+ for (int j = 0; j < attrs.size(); j++) {
+ Attribute pkcs10Attr = (Attribute) attrs.elementAt(j);
+ if (pkcs10Attr.getType().equals(
+ OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
SET witnessVal = pkcs10Attr.getValues();
if (witnessVal.size() > 0) {
try {
- OCTET_STRING str =
- (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(witnessVal.elementAt(0))));
+ OCTET_STRING str = (OCTET_STRING) (ASN1Util
+ .decode(OCTET_STRING.getTemplate(),
+ ASN1Util.encode(witnessVal
+ .elementAt(0))));
bv = str.toByteArray();
return verifyDigest(sharedSecret.getBytes(),
- randomSeed, bv);
+ randomSeed, bv);
} catch (InvalidBERException ex) {
return false;
}
}
- }
+ }
}
-
+
return false;
}
} else if (req.getType().equals(TaggedRequest.CRMF)) {
@@ -537,14 +537,15 @@ public abstract class EnrollProfile extends BasicProfile
for (int i = 0; i < certReq.numControls(); i++) {
AVA ava = certReq.controlAt(i);
- if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
+ if (ava.getOID().equals(
+ OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
ASN1Value value = ava.getValue();
ByteArrayInputStream bis = new ByteArrayInputStream(
- ASN1Util.encode(value));
+ ASN1Util.encode(value));
OCTET_STRING ostr = null;
try {
- ostr = (OCTET_STRING)
- (new OCTET_STRING.Template()).decode(bis);
+ ostr = (OCTET_STRING) (new OCTET_STRING.Template())
+ .decode(bis);
bv = ostr.toByteArray();
} catch (Exception e) {
bpids.addElement(reqId);
@@ -552,7 +553,7 @@ public abstract class EnrollProfile extends BasicProfile
}
boolean valid = verifyDigest(sharedSecret.getBytes(),
- randomSeed, bv);
+ randomSeed, bv);
if (!valid) {
bpids.addElement(reqId);
return valid;
@@ -571,7 +572,7 @@ public abstract class EnrollProfile extends BasicProfile
MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
key = SHA1Digest.digest(sharedSecret);
} catch (NoSuchAlgorithmException ex) {
- CMS.debug("EnrollProfile: No such algorithm for this message digest.");
+ CMS.debug("EnrollProfile: No such algorithm for this message digest.");
return false;
}
@@ -582,7 +583,7 @@ public abstract class EnrollProfile extends BasicProfile
hmacDigest.update(text);
finalDigest = hmacDigest.digest();
} catch (NoSuchAlgorithmException ex) {
- CMS.debug("EnrollProfile: No such algorithm for this message digest.");
+ CMS.debug("EnrollProfile: No such algorithm for this message digest.");
return false;
}
@@ -591,9 +592,9 @@ public abstract class EnrollProfile extends BasicProfile
return false;
}
- for (int j=0; j<bv.length; j++) {
+ for (int j = 0; j < bv.length; j++) {
if (bv[j] != finalDigest[j]) {
- CMS.debug("EnrollProfile: The content of two HMAC digest are not the same.");
+ CMS.debug("EnrollProfile: The content of two HMAC digest are not the same.");
return false;
}
}
@@ -635,23 +636,24 @@ public abstract class EnrollProfile extends BasicProfile
else {
ISharedToken tokenClass = null;
try {
- tokenClass = (ISharedToken)Class.forName(name).newInstance();
+ tokenClass = (ISharedToken) Class.forName(name).newInstance();
} catch (ClassNotFoundException e) {
- CMS.debug("EnrollProfile: Failed to find class name: "+name);
+ CMS.debug("EnrollProfile: Failed to find class name: " + name);
return false;
} catch (InstantiationException e) {
- CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+ CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
return false;
} catch (IllegalAccessException e) {
- CMS.debug("EnrollProfile: Illegal access: "+name);
+ CMS.debug("EnrollProfile: Illegal access: " + name);
return false;
}
-
+
String token = tokenClass.getSharedToken(mCMCData);
OCTET_STRING ostr = null;
try {
- ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
+ ostr = (OCTET_STRING) (ASN1Util.decode(
+ OCTET_STRING.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
} catch (InvalidBERException e) {
CMS.debug("EnrollProfile: Failed to decode the byte value.");
return false;
@@ -663,35 +665,33 @@ public abstract class EnrollProfile extends BasicProfile
}
}
- public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info,
- IRequest req)
- throws EProfileException {
+ public void fillTaggedRequest(Locale locale, TaggedRequest tagreq,
+ X509CertInfo info, IRequest req) throws EProfileException {
TaggedRequest.Type type = tagreq.getType();
- if (type.equals(TaggedRequest.PKCS10)) {
+ if (type.equals(TaggedRequest.PKCS10)) {
try {
- TaggedCertificationRequest tcr = tagreq.getTcr();
- CertificationRequest p10 = tcr.getCertificationRequest();
- ByteArrayOutputStream ostream = new ByteArrayOutputStream();
+ TaggedCertificationRequest tcr = tagreq.getTcr();
+ CertificationRequest p10 = tcr.getCertificationRequest();
+ ByteArrayOutputStream ostream = new ByteArrayOutputStream();
- p10.encode(ostream);
+ p10.encode(ostream);
PKCS10 pkcs10 = new PKCS10(ostream.toByteArray());
req.setExtData("bodyPartId", tcr.getBodyPartID());
fillPKCS10(locale, pkcs10, info, req);
} catch (Exception e) {
- CMS.debug("EnrollProfile: fillTaggedRequest " +
- e.toString());
+ CMS.debug("EnrollProfile: fillTaggedRequest " + e.toString());
}
- } else if (type.equals(TaggedRequest.CRMF)) {
- CertReqMsg crm = tagreq.getCrm();
+ } else if (type.equals(TaggedRequest.CRMF)) {
+ CertReqMsg crm = tagreq.getCrm();
SessionContext context = SessionContext.getContext();
- Integer nums = (Integer)(context.get("numOfControls"));
+ Integer nums = (Integer) (context.get("numOfControls"));
// check if the LRA POP Witness Control attribute exists
if (nums != null && nums.intValue() > 0) {
- TaggedAttribute attr =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
+ TaggedAttribute attr = (TaggedAttribute) (context
+ .get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
if (attr != null) {
parseLRAPopWitness(locale, crm, attr);
} else {
@@ -705,53 +705,58 @@ public abstract class EnrollProfile extends BasicProfile
fillCertReqMsg(locale, crm, info, req);
} else {
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
}
}
- private void parseLRAPopWitness(Locale locale, CertReqMsg crm,
- TaggedAttribute attr) throws EProfileException {
+ private void parseLRAPopWitness(Locale locale, CertReqMsg crm,
+ TaggedAttribute attr) throws EProfileException {
SET vals = attr.getValues();
boolean donePOP = false;
INTEGER reqId = null;
if (vals.size() > 0) {
LraPopWitness lraPop = null;
try {
- lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
+ lraPop = (LraPopWitness) (ASN1Util.decode(
+ LraPopWitness.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
} catch (InvalidBERException e) {
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_ENCODING_ERROR"));
}
SEQUENCE bodyIds = lraPop.getBodyIds();
reqId = crm.getCertReq().getCertReqId();
- for (int i=0; i<bodyIds.size(); i++) {
- INTEGER num = (INTEGER)(bodyIds.elementAt(i));
+ for (int i = 0; i < bodyIds.size(); i++) {
+ INTEGER num = (INTEGER) (bodyIds.elementAt(i));
if (num.toString().equals(reqId.toString())) {
donePOP = true;
- CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found.");
+ CMS.debug("EnrollProfile: skip POP for request: "
+ + reqId.toString()
+ + " because LRA POP Witness control is found.");
break;
}
}
}
if (!donePOP) {
- CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control.");
+ CMS.debug("EnrollProfile: not skip POP for request: "
+ + reqId.toString()
+ + " because this request id is not part of the body list in LRA Pop witness control.");
verifyPOP(locale, crm);
}
}
public CertReqMsg[] parseCRMF(Locale locale, String certreq)
- throws EProfileException {
+ throws EProfileException {
/* cert request must not be null */
if (certreq == null) {
CMS.debug("EnrollProfile: parseCRMF() certreq null");
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
}
CMS.debug("EnrollProfile: Start parseCRMF(): " + certreq);
@@ -759,11 +764,9 @@ public abstract class EnrollProfile extends BasicProfile
String creq = normalizeCertReq(certreq);
try {
byte data[] = CMS.AtoB(creq);
- ByteArrayInputStream crmfBlobIn =
- new ByteArrayInputStream(data);
- SEQUENCE crmfMsgs = (SEQUENCE)
- new SEQUENCE.OF_Template(new
- CertReqMsg.Template()).decode(crmfBlobIn);
+ ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(data);
+ SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template(
+ new CertReqMsg.Template()).decode(crmfBlobIn);
int nummsgs = crmfMsgs.size();
if (nummsgs <= 0)
@@ -775,24 +778,23 @@ public abstract class EnrollProfile extends BasicProfile
return msgs;
} catch (Exception e) {
CMS.debug("EnrollProfile: parseCRMF " + e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
}
}
- private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID =
- new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4}
- );
+ private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID = new OBJECT_IDENTIFIER(
+ new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 });
- protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) {
- ASN1Value archVal = ava.getValue();
+ protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) {
+ ASN1Value archVal = ava.getValue();
ByteArrayInputStream bis = new ByteArrayInputStream(
- ASN1Util.encode(archVal));
+ ASN1Util.encode(archVal));
PKIArchiveOptions archOpts = null;
- try {
- archOpts = (PKIArchiveOptions)
- (new PKIArchiveOptions.Template()).decode(bis);
+ try {
+ archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template())
+ .decode(bis);
} catch (Exception e) {
CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString());
}
@@ -803,22 +805,21 @@ public abstract class EnrollProfile extends BasicProfile
ByteArrayInputStream bis = new ByteArrayInputStream(options);
PKIArchiveOptions archOpts = null;
- try {
- archOpts = (PKIArchiveOptions)
- (new PKIArchiveOptions.Template()).decode(bis);
+ try {
+ archOpts = (PKIArchiveOptions) (new PKIArchiveOptions.Template())
+ .decode(bis);
} catch (Exception e) {
CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString());
}
return archOpts;
}
- public byte[] toByteArray(PKIArchiveOptions options) {
+ public byte[] toByteArray(PKIArchiveOptions options) {
return ASN1Util.encode(options);
}
- public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info,
- IRequest req)
- throws EProfileException {
+ public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg,
+ X509CertInfo info, IRequest req) throws EProfileException {
try {
CMS.debug("Start parseCertReqMsg ");
CertRequest certReq = certReqMsg.getCertReq();
@@ -827,12 +828,11 @@ public abstract class EnrollProfile extends BasicProfile
for (int i = 0; i < certReq.numControls(); i++) {
AVA ava = certReq.controlAt(i);
- if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) {
+ if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) {
PKIArchiveOptions opt = getPKIArchiveOptions(ava);
- //req.set(REQUEST_ARCHIVE_OPTIONS, opt);
- req.setExtData(REQUEST_ARCHIVE_OPTIONS,
- toByteArray(opt));
+ // req.set(REQUEST_ARCHIVE_OPTIONS, opt);
+ req.setExtData(REQUEST_ARCHIVE_OPTIONS, toByteArray(opt));
}
}
@@ -849,23 +849,24 @@ public abstract class EnrollProfile extends BasicProfile
key.decode(keybytes);
// XXX - kmccarth - this may simply undo the decoding above
- // but for now it's unclear whether X509Key
- // changest the format when decoding.
+ // but for now it's unclear whether X509Key
+ // changest the format when decoding.
CertificateX509Key certKey = new CertificateX509Key(key);
ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream();
certKey.encode(certKeyOut);
req.setExtData(REQUEST_KEY, certKeyOut.toByteArray());
// parse validity
- if (certTemplate.getNotBefore() != null ||
- certTemplate.getNotAfter() != null) {
- CMS.debug("EnrollProfile: requested notBefore: " + certTemplate.getNotBefore());
- CMS.debug("EnrollProfile: requested notAfter: " + certTemplate.getNotAfter());
+ if (certTemplate.getNotBefore() != null
+ || certTemplate.getNotAfter() != null) {
+ CMS.debug("EnrollProfile: requested notBefore: "
+ + certTemplate.getNotBefore());
+ CMS.debug("EnrollProfile: requested notAfter: "
+ + certTemplate.getNotAfter());
CMS.debug("EnrollProfile: current CA time: " + new Date());
CertificateValidity certValidity = new CertificateValidity(
certTemplate.getNotBefore(), certTemplate.getNotAfter());
- ByteArrayOutputStream certValidityOut =
- new ByteArrayOutputStream();
+ ByteArrayOutputStream certValidityOut = new ByteArrayOutputStream();
certValidity.encode(certValidityOut);
req.setExtData(REQUEST_VALIDITY, certValidityOut.toByteArray());
} else {
@@ -875,31 +876,32 @@ public abstract class EnrollProfile extends BasicProfile
// parse subject
if (certTemplate.hasSubject()) {
Name subjectdn = certTemplate.getSubject();
- ByteArrayOutputStream subjectEncStream =
- new ByteArrayOutputStream();
+ ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream();
subjectdn.encode(subjectEncStream);
byte[] subjectEnc = subjectEncStream.toByteArray();
X500Name subject = new X500Name(subjectEnc);
- //info.set(X509CertInfo.SUBJECT,
- // new CertificateSubjectName(subject));
+ // info.set(X509CertInfo.SUBJECT,
+ // new CertificateSubjectName(subject));
req.setExtData(REQUEST_SUBJECT_NAME,
new CertificateSubjectName(subject));
try {
- String subjectCN = subject.getCommonName();
- if (subjectCN == null) subjectCN = "";
- req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN);
+ String subjectCN = subject.getCommonName();
+ if (subjectCN == null)
+ subjectCN = "";
+ req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
} catch (Exception ee) {
- req.setExtData(REQUEST_SUBJECT_NAME+".cn", "");
+ req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
}
try {
String subjectUID = subject.getUserID();
- if (subjectUID == null) subjectUID = "";
- req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID);
+ if (subjectUID == null)
+ subjectUID = "";
+ req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
} catch (Exception ee) {
- req.setExtData(REQUEST_SUBJECT_NAME+".uid", "");
+ req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
}
}
@@ -908,11 +910,11 @@ public abstract class EnrollProfile extends BasicProfile
// try {
extensions = req.getExtDataInCertExts(REQUEST_EXTENSIONS);
- // } catch (CertificateException e) {
- // extensions = null;
+ // } catch (CertificateException e) {
+ // extensions = null;
// } catch (IOException e) {
- // extensions = null;
- // }
+ // extensions = null;
+ // }
if (certTemplate.hasExtensions()) {
// put each extension from CRMF into CertInfo.
// index by extension name, consistent with
@@ -922,57 +924,54 @@ public abstract class EnrollProfile extends BasicProfile
int numexts = certTemplate.numExtensions();
for (int j = 0; j < numexts; j++) {
- org.mozilla.jss.pkix.cert.Extension jssext =
- certTemplate.extensionAt(j);
+ org.mozilla.jss.pkix.cert.Extension jssext = certTemplate
+ .extensionAt(j);
boolean isCritical = jssext.getCritical();
- org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
- jssext.getExtnId();
+ org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext
+ .getExtnId();
long[] numbers = jssoid.getNumbers();
int[] oidNumbers = new int[numbers.length];
for (int k = numbers.length - 1; k >= 0; k--) {
oidNumbers[k] = (int) numbers[k];
}
- ObjectIdentifier oid =
- new ObjectIdentifier(oidNumbers);
- org.mozilla.jss.asn1.OCTET_STRING jssvalue =
- jssext.getExtnValue();
- ByteArrayOutputStream jssvalueout =
- new ByteArrayOutputStream();
+ ObjectIdentifier oid = new ObjectIdentifier(oidNumbers);
+ org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext
+ .getExtnValue();
+ ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream();
jssvalue.encode(jssvalueout);
byte[] extValue = jssvalueout.toByteArray();
- Extension ext =
- new Extension(oid, isCritical, extValue);
+ Extension ext = new Extension(oid, isCritical, extValue);
extensions.parseExtension(ext);
}
- // info.set(X509CertInfo.EXTENSIONS, extensions);
+ // info.set(X509CertInfo.EXTENSIONS, extensions);
req.setExtData(REQUEST_EXTENSIONS, extensions);
}
} catch (IOException e) {
CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
} catch (InvalidKeyException e) {
CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
- // } catch (CertificateException e) {
- // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
- // throw new EProfileException(e.toString());
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
+ // } catch (CertificateException e) {
+ // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
+ // throw new EProfileException(e.toString());
}
}
public PKCS10 parsePKCS10(Locale locale, String certreq)
- throws EProfileException {
+ throws EProfileException {
/* cert request must not be null */
if (certreq == null) {
CMS.debug("EnrollProfile:parsePKCS10() certreq null");
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
}
CMS.debug("Start parsePKCS10(): " + certreq);
@@ -988,17 +987,20 @@ public abstract class EnrollProfile extends BasicProfile
try {
cm = CryptoManager.getInstance();
- sigver = CMS.getConfigStore().getBoolean("ca.requestVerify.enabled", true);
+ sigver = CMS.getConfigStore().getBoolean(
+ "ca.requestVerify.enabled", true);
if (sigver) {
CMS.debug("EnrollProfile: parsePKCS10: signature verification enabled");
- String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
+ String tokenName = CMS.getConfigStore().getString(
+ "ca.requestVerify.token", "internal");
savedToken = cm.getThreadToken();
CryptoToken signToken = null;
if (tokenName.equals("internal")) {
CMS.debug("EnrollProfile: parsePKCS10: use internal token");
signToken = cm.getInternalCryptoToken();
} else {
- CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName);
+ CMS.debug("EnrollProfile: parsePKCS10: tokenName="
+ + tokenName);
signToken = cm.getTokenByName(tokenName);
}
CMS.debug("EnrollProfile: parsePKCS10 setting thread token");
@@ -1010,8 +1012,8 @@ public abstract class EnrollProfile extends BasicProfile
}
} catch (Exception e) {
CMS.debug("EnrollProfile: parsePKCS10 " + e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
} finally {
if (sigver) {
CMS.debug("EnrollProfile: parsePKCS10 restoring thread token");
@@ -1022,8 +1024,8 @@ public abstract class EnrollProfile extends BasicProfile
return pkcs10;
}
- public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req)
- throws EProfileException {
+ public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info,
+ IRequest req) throws EProfileException {
X509Key key = pkcs10.getSubjectPublicKeyInfo();
try {
@@ -1035,36 +1037,41 @@ public abstract class EnrollProfile extends BasicProfile
req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
new CertificateSubjectName(pkcs10.getSubjectName()));
try {
- String subjectCN = pkcs10.getSubjectName().getCommonName();
- if (subjectCN == null) subjectCN = "";
- req.setExtData(REQUEST_SUBJECT_NAME+".cn", subjectCN);
+ String subjectCN = pkcs10.getSubjectName().getCommonName();
+ if (subjectCN == null)
+ subjectCN = "";
+ req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
} catch (Exception ee) {
- req.setExtData(REQUEST_SUBJECT_NAME+".cn", "");
+ req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
}
try {
String subjectUID = pkcs10.getSubjectName().getUserID();
- if (subjectUID == null) subjectUID = "";
- req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID);
+ if (subjectUID == null)
+ subjectUID = "";
+ req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
} catch (Exception ee) {
- req.setExtData(REQUEST_SUBJECT_NAME+".uid", "");
+ req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
}
info.set(X509CertInfo.KEY, certKey);
PKCS10Attributes p10Attrs = pkcs10.getAttributes();
if (p10Attrs != null) {
- PKCS10Attribute p10Attr = (PKCS10Attribute)
- (p10Attrs.getAttribute(CertificateExtensions.NAME));
- if (p10Attr != null && p10Attr.getAttributeId().equals(
- PKCS9Attribute.EXTENSION_REQUEST_OID)) { CMS.debug("Found PKCS10 extension");
- Extensions exts0 = (Extensions)
- (p10Attr.getAttributeValue());
+ PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs
+ .getAttribute(CertificateExtensions.NAME));
+ if (p10Attr != null
+ && p10Attr.getAttributeId().equals(
+ PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+ CMS.debug("Found PKCS10 extension");
+ Extensions exts0 = (Extensions) (p10Attr
+ .getAttributeValue());
DerOutputStream extOut = new DerOutputStream();
exts0.encode(extOut);
byte[] extB = extOut.toByteArray();
DerInputStream extIn = new DerInputStream(extB);
- CertificateExtensions exts = new CertificateExtensions(extIn);
+ CertificateExtensions exts = new CertificateExtensions(
+ extIn);
if (exts != null) {
CMS.debug("Set extensions " + exts);
// info.set(X509CertInfo.EXTENSIONS, exts);
@@ -1072,75 +1079,73 @@ public abstract class EnrollProfile extends BasicProfile
}
} else {
CMS.debug("PKCS10 extension Not Found");
- }
- }
+ }
+ }
CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName());
} catch (IOException e) {
CMS.debug("EnrollProfile: fillPKCS10 " + e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
} catch (CertificateException e) {
CMS.debug("EnrollProfile: fillPKCS10 " + e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
}
}
+ // for netkey
+ public void fillNSNKEY(Locale locale, String sn, String skey,
+ X509CertInfo info, IRequest req) throws EProfileException {
- // for netkey
- public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req)
- throws EProfileException {
+ try {
+ // cfu - is the algorithm going to be replaced by the policy?
+ X509Key key = new X509Key();
+ key.decode(CMS.AtoB(skey));
+
+ info.set(X509CertInfo.KEY, new CertificateX509Key(key));
+ // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
+ // new CertificateSubjectName(new
+ // X500Name("CN="+sn)));
+ req.setExtData("screenname", sn);
+ // keeping "aoluid" to be backward compatible
+ req.setExtData("aoluid", sn);
+ req.setExtData("uid", sn);
+ CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn);
- try {
- //cfu - is the algorithm going to be replaced by the policy?
- X509Key key = new X509Key();
- key.decode(CMS.AtoB(skey));
-
- info.set(X509CertInfo.KEY, new CertificateX509Key(key));
- // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
- // new CertificateSubjectName(new
- // X500Name("CN="+sn)));
- req.setExtData("screenname", sn);
- // keeping "aoluid" to be backward compatible
- req.setExtData("aoluid", sn);
- req.setExtData("uid", sn);
- CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn);
-
- } catch (Exception e) {
- CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
- }
+ } catch (Exception e) {
+ CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString());
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
}
+ }
- // for house key
- public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req)
- throws EProfileException {
+ // for house key
+ public void fillNSHKEY(Locale locale, String tcuid, String skey,
+ X509CertInfo info, IRequest req) throws EProfileException {
- try {
- //cfu - is the algorithm going to be replaced by the policy?
- X509Key key = new X509Key();
- key.decode(CMS.AtoB(skey));
-
- info.set(X509CertInfo.KEY, new CertificateX509Key(key));
- // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
- // new CertificateSubjectName(new
- // X500Name("CN="+sn)));
- req.setExtData("tokencuid", tcuid);
-
- CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid);
-
- } catch (Exception e) {
- CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
- }
- }
+ try {
+ // cfu - is the algorithm going to be replaced by the policy?
+ X509Key key = new X509Key();
+ key.decode(CMS.AtoB(skey));
+
+ info.set(X509CertInfo.KEY, new CertificateX509Key(key));
+ // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
+ // new CertificateSubjectName(new
+ // X500Name("CN="+sn)));
+ req.setExtData("tokencuid", tcuid);
+ CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid);
+
+ } catch (Exception e) {
+ CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString());
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
+ }
+ }
public DerInputStream parseKeyGen(Locale locale, String certreq)
- throws EProfileException {
+ throws EProfileException {
byte data[] = CMS.AtoB(certreq);
DerInputStream derIn = new DerInputStream(data);
@@ -1148,9 +1153,8 @@ public abstract class EnrollProfile extends BasicProfile
return derIn;
}
- public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req
- )
- throws EProfileException {
+ public void fillKeyGen(Locale locale, DerInputStream derIn,
+ X509CertInfo info, IRequest req) throws EProfileException {
try {
/* get SPKAC Algorithm & Signature */
@@ -1180,12 +1184,12 @@ public abstract class EnrollProfile extends BasicProfile
info.set(X509CertInfo.KEY, certKey);
} catch (IOException e) {
CMS.debug("EnrollProfile: fillKeyGen " + e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
} catch (CertificateException e) {
CMS.debug("EnrollProfile: fillKeyGen " + e.toString());
- throw new EProfileException(
- CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_INVALID_REQUEST"));
}
}
@@ -1220,8 +1224,8 @@ public abstract class EnrollProfile extends BasicProfile
public Locale getLocale(IRequest request) {
Locale locale = null;
- String language = request.getExtDataInString(
- EnrollProfile.REQUEST_LOCALE);
+ String language = request
+ .getExtDataInString(EnrollProfile.REQUEST_LOCALE);
if (language != null) {
locale = new Locale(language);
}
@@ -1231,37 +1235,36 @@ public abstract class EnrollProfile extends BasicProfile
/**
* Populate input
* <P>
- *
+ *
* (either all "agent" profile cert requests NOT made through a connector,
- * or all "EE" profile cert requests NOT made through a connector)
+ * or all "EE" profile cert requests NOT made through a connector)
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a
* profile cert request is made (before approval process)
* </ul>
+ *
* @param ctx profile context
* @param request the certificate request
* @exception EProfileException an error related to this profile has
- * occurred
+ * occurred
*/
public void populateInput(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
super.populateInput(ctx, request);
}
- public void populate(IRequest request)
- throws EProfileException {
+ public void populate(IRequest request) throws EProfileException {
super.populate(request);
}
/**
- * Passes the request to the set of constraint policies
- * that validate the request against the profile.
+ * Passes the request to the set of constraint policies that validate the
+ * request against the profile.
*/
- public void validate(IRequest request)
- throws ERejectException {
+ public void validate(IRequest request) throws ERejectException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(request);
@@ -1273,28 +1276,25 @@ public abstract class EnrollProfile extends BasicProfile
X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
try {
- CertificateSubjectName sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ CertificateSubjectName sn = (CertificateSubjectName) info
+ .get(X509CertInfo.SUBJECT);
// if the cert subject name is NOT MISSING, retrieve the
// actual "auditCertificateSubjectName" and "normalize" it
if (sn != null) {
subject = sn.toString();
if (subject != null) {
- // NOTE: This is ok even if the cert subject name
- // is "" (empty)!
+ // NOTE: This is ok even if the cert subject name
+ // is "" (empty)!
auditCertificateSubjectName = subject.trim();
}
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditProfileID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID,
+ ILogger.SUCCESS, auditRequesterID, auditProfileID,
+ auditCertificateSubjectName);
audit(auditMessage);
} catch (CertificateException e) {
@@ -1302,12 +1302,9 @@ public abstract class EnrollProfile extends BasicProfile
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditProfileID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID,
+ ILogger.FAILURE, auditRequesterID, auditProfileID,
+ auditCertificateSubjectName);
audit(auditMessage);
} catch (IOException e) {
@@ -1315,12 +1312,9 @@ public abstract class EnrollProfile extends BasicProfile
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditProfileID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST, auditSubjectID,
+ ILogger.FAILURE, auditRequesterID, auditProfileID,
+ auditCertificateSubjectName);
audit(auditMessage);
}
@@ -1337,8 +1331,8 @@ public abstract class EnrollProfile extends BasicProfile
if (key == null) {
Locale locale = getLocale(request);
- throw new ERejectException(CMS.getUserMessage(
- locale, "CMS_PROFILE_EMPTY_KEY"));
+ throw new ERejectException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_EMPTY_KEY"));
}
try {
@@ -1350,12 +1344,11 @@ public abstract class EnrollProfile extends BasicProfile
/**
* Signed Audit Log Requester ID
- *
- * This method is inherited by all extended "EnrollProfile"s,
- * and is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is inherited by all extended "EnrollProfile"s, and is called
+ * to obtain the "RequesterID" for a signed audit log message.
* <P>
- *
+ *
* @param request the actual request
* @return id string containing the signed audit log message RequesterID
*/
@@ -1381,12 +1374,11 @@ public abstract class EnrollProfile extends BasicProfile
/**
* Signed Audit Log Profile ID
- *
- * This method is inherited by all extended "EnrollProfile"s,
- * and is called to obtain the "ProfileID" for
- * a signed audit log message.
+ *
+ * This method is inherited by all extended "EnrollProfile"s, and is called
+ * to obtain the "ProfileID" for a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message ProfileID
*/
protected String auditProfileID() {
@@ -1407,7 +1399,7 @@ public abstract class EnrollProfile extends BasicProfile
}
public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
- throws EProfileException {
+ throws EProfileException {
CMS.debug("EnrollProfile ::in verifyPOP");
String auditMessage = null;
@@ -1426,37 +1418,35 @@ public abstract class EnrollProfile extends BasicProfile
try {
CryptoManager cm = CryptoManager.getInstance();
CryptoToken verifyToken = null;
- String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
+ String tokenName = CMS.getConfigStore().getString(
+ "ca.requestVerify.token", "internal");
if (tokenName.equals("internal")) {
CMS.debug("POP verification using internal token");
certReqMsg.verify();
} else {
- CMS.debug("POP verification using token:"+ tokenName);
+ CMS.debug("POP verification using token:" + tokenName);
verifyToken = cm.getTokenByName(tokenName);
certReqMsg.verify(verifyToken);
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.SUCCESS );
- audit( auditMessage );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID,
+ ILogger.SUCCESS);
+ audit(auditMessage);
} catch (Exception e) {
- CMS.debug("Failed POP verify! "+e.toString());
+ CMS.debug("Failed POP verify! " + e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_POP_VERIFICATION_ERROR"));
+ "CMS_POP_VERIFICATION_ERROR"));
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
index 199aa794..972412f7 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
@@ -17,17 +17,15 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import com.netscape.certsrv.profile.IProfileContext;
-
/**
- * This class implements an enrollment profile context
- * that carries information for request creation.
- *
+ * This class implements an enrollment profile context that carries information
+ * for request creation.
+ *
* @version $Revision$, $Date$
*/
-public class EnrollProfileContext extends ProfileContext
- implements IProfileContext {
+public class EnrollProfileContext extends ProfileContext implements
+ IProfileContext {
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
index 147d9c82..7a275b1e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
@@ -17,15 +17,13 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import java.util.Hashtable;
import com.netscape.certsrv.profile.IProfileContext;
-
/**
* This class implements the profile context.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileContext implements IProfileContext {
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
index a0f0ed25..a7895746 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
@@ -17,17 +17,14 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import com.netscape.certsrv.profile.IPolicyConstraint;
import com.netscape.certsrv.profile.IPolicyDefault;
import com.netscape.certsrv.profile.IProfilePolicy;
-
/**
- * This class implements a profile policy that
- * contains a default policy and a constraint
- * policy.
- *
+ * This class implements a profile policy that contains a default policy and a
+ * constraint policy.
+ *
* @version $Revision$, $Date$
*/
public class ProfilePolicy implements IProfilePolicy {
@@ -35,7 +32,8 @@ public class ProfilePolicy implements IProfilePolicy {
private IPolicyDefault mDefault = null;
private IPolicyConstraint mConstraint = null;
- public ProfilePolicy(String id, IPolicyDefault def, IPolicyConstraint constraint) {
+ public ProfilePolicy(String id, IPolicyDefault def,
+ IPolicyConstraint constraint) {
mId = id;
mDefault = def;
mConstraint = constraint;
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
index f82e7313..b00ac56b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import java.util.Enumeration;
import netscape.security.x509.X500Name;
@@ -35,11 +34,9 @@ import com.netscape.certsrv.request.IRequestListener;
import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.certsrv.request.RequestStatus;
-
/**
- * This class implements a Registration Manager
- * enrollment profile.
- *
+ * This class implements a Registration Manager enrollment profile.
+ *
* @version $Revision$, $Date$
*/
public class RAEnrollProfile extends EnrollProfile {
@@ -49,8 +46,7 @@ public class RAEnrollProfile extends EnrollProfile {
}
public IAuthority getAuthority() {
- IAuthority authority = (IAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IAuthority authority = (IAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
if (authority == null)
return null;
@@ -58,31 +54,27 @@ public class RAEnrollProfile extends EnrollProfile {
}
public X500Name getIssuerName() {
- IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
X500Name issuerName = ra.getX500Name();
return issuerName;
}
- public void execute(IRequest request)
- throws EProfileException {
-
+ public void execute(IRequest request) throws EProfileException {
if (!isEnable()) {
CMS.debug("CAEnrollProfile: Profile Not Enabled");
throw new EProfileException("Profile Not Enabled");
}
- IRegistrationAuthority ra =
- (IRegistrationAuthority) getAuthority();
+ IRegistrationAuthority ra = (IRegistrationAuthority) getAuthority();
IRAService raService = (IRAService) ra.getRAService();
if (raService == null) {
throw new EProfileException("No RA Service");
}
-
IRequestQueue queue = ra.getRequestQueue();
// send request to CA
@@ -94,15 +86,16 @@ public class RAEnrollProfile extends EnrollProfile {
} else {
caConnector.send(request);
// check response
- if (!request.isSuccess()) {
+ if (!request.isSuccess()) {
CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING");
request.setRequestStatus(RequestStatus.SVC_PENDING);
try {
- queue.updateRequest(request);
+ queue.updateRequest(request);
} catch (EBaseException e) {
- CMS.debug("RAEnrollProfile: Update request " + e.toString());
+ CMS.debug("RAEnrollProfile: Update request "
+ + e.toString());
}
throw new ERejectException(
request.getError(getLocale(request)));
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
index 4a18ff14..7d650864 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.common.NameValuePairs;
@@ -28,91 +27,86 @@ import com.netscape.certsrv.profile.IProfileInput;
import com.netscape.certsrv.profile.IProfileOutput;
import com.netscape.certsrv.profile.IProfilePolicy;
-
/**
- * This class implements a Certificate Manager enrollment
- * profile for Server Certificates.
- *
+ * This class implements a Certificate Manager enrollment profile for Server
+ * Certificates.
+ *
* @version $Revision$, $Date$
*/
-public class ServerCertCAEnrollProfile extends CAEnrollProfile
- implements IProfileEx {
+public class ServerCertCAEnrollProfile extends CAEnrollProfile implements
+ IProfileEx {
/**
- * Called after initialization. It populates default
- * policies, inputs, and outputs.
+ * Called after initialization. It populates default policies, inputs, and
+ * outputs.
*/
- public void populate() throws EBaseException
- {
+ public void populate() throws EBaseException {
// create inputs
NameValuePairs inputParams1 = new NameValuePairs();
- IProfileInput input1 =
- createProfileInput("i1", "certReqInputImpl", inputParams1);
+ IProfileInput input1 = createProfileInput("i1", "certReqInputImpl",
+ inputParams1);
NameValuePairs inputParams2 = new NameValuePairs();
- IProfileInput input2 =
- createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
+ IProfileInput input2 = createProfileInput("i2",
+ "submitterInfoInputImpl", inputParams2);
// create outputs
NameValuePairs outputParams1 = new NameValuePairs();
- IProfileOutput output1 =
- createProfileOutput("o1", "certOutputImpl", outputParams1);
+ IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl",
+ outputParams1);
- IProfilePolicy policy1 =
- createProfilePolicy("set1", "p1",
- "userSubjectNameDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy1 = createProfilePolicy("set1", "p1",
+ "userSubjectNameDefaultImpl", "noConstraintImpl");
IPolicyDefault def1 = policy1.getDefault();
IConfigStore defConfig1 = def1.getConfigStore();
IPolicyConstraint con1 = policy1.getConstraint();
IConfigStore conConfig1 = con1.getConfigStore();
- IProfilePolicy policy2 =
- createProfilePolicy("set1", "p2",
- "validityDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy2 = createProfilePolicy("set1", "p2",
+ "validityDefaultImpl", "noConstraintImpl");
IPolicyDefault def2 = policy2.getDefault();
IConfigStore defConfig2 = def2.getConfigStore();
- defConfig2.putString("params.range","180");
- defConfig2.putString("params.startTime","0");
+ defConfig2.putString("params.range", "180");
+ defConfig2.putString("params.startTime", "0");
IPolicyConstraint con2 = policy2.getConstraint();
IConfigStore conConfig2 = con2.getConfigStore();
- IProfilePolicy policy3 =
- createProfilePolicy("set1", "p3",
- "userKeyDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy3 = createProfilePolicy("set1", "p3",
+ "userKeyDefaultImpl", "noConstraintImpl");
IPolicyDefault def3 = policy3.getDefault();
IConfigStore defConfig3 = def3.getConfigStore();
- defConfig3.putString("params.keyType","RSA");
- defConfig3.putString("params.keyMinLength","512");
- defConfig3.putString("params.keyMaxLength","4096");
+ defConfig3.putString("params.keyType", "RSA");
+ defConfig3.putString("params.keyMinLength", "512");
+ defConfig3.putString("params.keyMaxLength", "4096");
IPolicyConstraint con3 = policy3.getConstraint();
IConfigStore conConfig3 = con3.getConfigStore();
- IProfilePolicy policy4 =
- createProfilePolicy("set1", "p4",
- "signingAlgDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy4 = createProfilePolicy("set1", "p4",
+ "signingAlgDefaultImpl", "noConstraintImpl");
IPolicyDefault def4 = policy4.getDefault();
IConfigStore defConfig4 = def4.getConfigStore();
- defConfig4.putString("params.signingAlg","-");
- defConfig4.putString("params.signingAlgsAllowed",
- "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
+ defConfig4.putString("params.signingAlg", "-");
+ defConfig4
+ .putString(
+ "params.signingAlgsAllowed",
+ "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
IPolicyConstraint con4 = policy4.getConstraint();
IConfigStore conConfig4 = con4.getConfigStore();
- IProfilePolicy policy5 =
- createProfilePolicy("set1", "p5",
- "keyUsageExtDefaultImpl", "noConstraintImpl");
- IPolicyDefault def5 = policy5.getDefault();
- IConfigStore defConfig5 = def5.getConfigStore();
- defConfig5.putString("params.keyUsageCritical","true");
- defConfig5.putString("params.keyUsageCrlSign","false");
- defConfig5.putString("params.keyUsageDataEncipherment","true");
- defConfig5.putString("params.keyUsageDecipherOnly","false");
- defConfig5.putString("params.keyUsageDigitalSignature","true");
- defConfig5.putString("params.keyUsageEncipherOnly","false");
- defConfig5.putString("params.keyUsageKeyAgreement","false");
- defConfig5.putString("params.keyUsageKeyCertSign","false");
- defConfig5.putString("params.keyUsageKeyEncipherment","true");
- defConfig5.putString("params.keyUsageNonRepudiation","true");
- IPolicyConstraint con5 = policy5.getConstraint();
+ IProfilePolicy policy5 = createProfilePolicy("set1", "p5",
+ "keyUsageExtDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def5 = policy5.getDefault();
+ IConfigStore defConfig5 = def5.getConfigStore();
+ defConfig5.putString("params.keyUsageCritical", "true");
+ defConfig5.putString("params.keyUsageCrlSign", "false");
+ defConfig5.putString("params.keyUsageDataEncipherment", "true");
+ defConfig5.putString("params.keyUsageDecipherOnly", "false");
+ defConfig5.putString("params.keyUsageDigitalSignature", "true");
+ defConfig5.putString("params.keyUsageEncipherOnly", "false");
+ defConfig5.putString("params.keyUsageKeyAgreement", "false");
+ defConfig5.putString("params.keyUsageKeyCertSign", "false");
+ defConfig5.putString("params.keyUsageKeyEncipherment", "true");
+ defConfig5.putString("params.keyUsageNonRepudiation", "true");
+ IPolicyConstraint con5 = policy5.getConstraint();
IConfigStore conConfig5 = con5.getConfigStore();
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
index 7d4254bf..833f0f10 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.common;
-
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.common.NameValuePairs;
@@ -28,94 +27,89 @@ import com.netscape.certsrv.profile.IProfileInput;
import com.netscape.certsrv.profile.IProfileOutput;
import com.netscape.certsrv.profile.IProfilePolicy;
-
/**
- * This class implements a Certificate Manager enrollment
- * profile for User Certificates.
- *
+ * This class implements a Certificate Manager enrollment profile for User
+ * Certificates.
+ *
* @version $Revision$, $Date$
*/
-public class UserCertCAEnrollProfile extends CAEnrollProfile
- implements IProfileEx {
+public class UserCertCAEnrollProfile extends CAEnrollProfile implements
+ IProfileEx {
/**
- * Called after initialization. It populates default
- * policies, inputs, and outputs.
+ * Called after initialization. It populates default policies, inputs, and
+ * outputs.
*/
- public void populate() throws EBaseException
- {
+ public void populate() throws EBaseException {
// create inputs
NameValuePairs inputParams1 = new NameValuePairs();
- IProfileInput input1 =
- createProfileInput("i1", "keyGenInputImpl", inputParams1);
+ IProfileInput input1 = createProfileInput("i1", "keyGenInputImpl",
+ inputParams1);
NameValuePairs inputParams2 = new NameValuePairs();
- IProfileInput input2 =
- createProfileInput("i2", "subjectNameInputImpl", inputParams2);
+ IProfileInput input2 = createProfileInput("i2", "subjectNameInputImpl",
+ inputParams2);
NameValuePairs inputParams3 = new NameValuePairs();
- IProfileInput input3 =
- createProfileInput("i3", "submitterInfoInputImpl", inputParams2);
+ IProfileInput input3 = createProfileInput("i3",
+ "submitterInfoInputImpl", inputParams2);
// create outputs
NameValuePairs outputParams1 = new NameValuePairs();
- IProfileOutput output1 =
- createProfileOutput("o1", "certOutputImpl", outputParams1);
+ IProfileOutput output1 = createProfileOutput("o1", "certOutputImpl",
+ outputParams1);
// create policies
- IProfilePolicy policy1 =
- createProfilePolicy("set1", "p1",
- "userSubjectNameDefaultImpl", "noConstraintImpl");
- IPolicyDefault def1 = policy1.getDefault();
- IConfigStore defConfig1 = def1.getConfigStore();
- IPolicyConstraint con1 = policy1.getConstraint();
+ IProfilePolicy policy1 = createProfilePolicy("set1", "p1",
+ "userSubjectNameDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def1 = policy1.getDefault();
+ IConfigStore defConfig1 = def1.getConfigStore();
+ IPolicyConstraint con1 = policy1.getConstraint();
IConfigStore conConfig1 = con1.getConfigStore();
- IProfilePolicy policy2 =
- createProfilePolicy("set1", "p2",
- "validityDefaultImpl", "noConstraintImpl");
- IPolicyDefault def2 = policy2.getDefault();
- IConfigStore defConfig2 = def2.getConfigStore();
- defConfig2.putString("params.range","180");
- defConfig2.putString("params.startTime","0");
- IPolicyConstraint con2 = policy2.getConstraint();
+ IProfilePolicy policy2 = createProfilePolicy("set1", "p2",
+ "validityDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def2 = policy2.getDefault();
+ IConfigStore defConfig2 = def2.getConfigStore();
+ defConfig2.putString("params.range", "180");
+ defConfig2.putString("params.startTime", "0");
+ IPolicyConstraint con2 = policy2.getConstraint();
IConfigStore conConfig2 = con2.getConfigStore();
- IProfilePolicy policy3 =
- createProfilePolicy("set1", "p3",
- "userKeyDefaultImpl", "noConstraintImpl");
- IPolicyDefault def3 = policy3.getDefault();
- IConfigStore defConfig3 = def3.getConfigStore();
- defConfig3.putString("params.keyType","RSA");
- defConfig3.putString("params.keyMinLength","512");
- defConfig3.putString("params.keyMaxLength","4096");
- IPolicyConstraint con3 = policy3.getConstraint();
+ IProfilePolicy policy3 = createProfilePolicy("set1", "p3",
+ "userKeyDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def3 = policy3.getDefault();
+ IConfigStore defConfig3 = def3.getConfigStore();
+ defConfig3.putString("params.keyType", "RSA");
+ defConfig3.putString("params.keyMinLength", "512");
+ defConfig3.putString("params.keyMaxLength", "4096");
+ IPolicyConstraint con3 = policy3.getConstraint();
IConfigStore conConfig3 = con3.getConfigStore();
- IProfilePolicy policy4 =
- createProfilePolicy("set1", "p4",
- "signingAlgDefaultImpl", "noConstraintImpl");
- IPolicyDefault def4 = policy4.getDefault();
- IConfigStore defConfig4 = def4.getConfigStore();
- defConfig4.putString("params.signingAlg","-");
- defConfig4.putString("params.signingAlgsAllowed",
- "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
- IPolicyConstraint con4 = policy4.getConstraint();
+ IProfilePolicy policy4 = createProfilePolicy("set1", "p4",
+ "signingAlgDefaultImpl", "noConstraintImpl");
+ IPolicyDefault def4 = policy4.getDefault();
+ IConfigStore defConfig4 = def4.getConfigStore();
+ defConfig4.putString("params.signingAlg", "-");
+ defConfig4
+ .putString(
+ "params.signingAlgsAllowed",
+ "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
+ IPolicyConstraint con4 = policy4.getConstraint();
IConfigStore conConfig4 = con4.getConfigStore();
- IProfilePolicy policy5 =
- createProfilePolicy("set1", "p5",
- "keyUsageExtDefaultImpl", "noConstraintImpl");
+ IProfilePolicy policy5 = createProfilePolicy("set1", "p5",
+ "keyUsageExtDefaultImpl", "noConstraintImpl");
IPolicyDefault def5 = policy5.getDefault();
IConfigStore defConfig5 = def5.getConfigStore();
- defConfig5.putString("params.keyUsageCritical","true");
- defConfig5.putString("params.keyUsageCrlSign","false");
- defConfig5.putString("params.keyUsageDataEncipherment","false");
- defConfig5.putString("params.keyUsageDecipherOnly","false");
- defConfig5.putString("params.keyUsageDigitalSignature","true");
- defConfig5.putString("params.keyUsageEncipherOnly","false");
- defConfig5.putString("params.keyUsageKeyAgreement","false");
- defConfig5.putString("params.keyUsageKeyCertSign","false");
- defConfig5.putString("params.keyUsageKeyEncipherment","true");
- defConfig5.putString("params.keyUsageNonRepudiation","true");
+ defConfig5.putString("params.keyUsageCritical", "true");
+ defConfig5.putString("params.keyUsageCrlSign", "false");
+ defConfig5.putString("params.keyUsageDataEncipherment", "false");
+ defConfig5.putString("params.keyUsageDecipherOnly", "false");
+ defConfig5.putString("params.keyUsageDigitalSignature", "true");
+ defConfig5.putString("params.keyUsageEncipherOnly", "false");
+ defConfig5.putString("params.keyUsageKeyAgreement", "false");
+ defConfig5.putString("params.keyUsageKeyCertSign", "false");
+ defConfig5.putString("params.keyUsageKeyEncipherment", "true");
+ defConfig5.putString("params.keyUsageNonRepudiation", "true");
IPolicyConstraint con5 = policy5.getConstraint();
IConfigStore conConfig5 = con5.getConfigStore();
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
index 4e4c2f60..8c9fd70d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.io.IOException;
import java.util.Locale;
@@ -40,24 +39,18 @@ import com.netscape.cms.profile.def.BasicConstraintsExtDefault;
import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserExtensionDefault;
-
/**
- * This class implements the basic constraints extension constraint.
- * It checks if the basic constraint in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the basic constraints extension constraint. It checks
+ * if the basic constraint in the certificate template satisfies the criteria.
+ *
* @version $Revision$, $Date$
*/
public class BasicConstraintsExtConstraint extends EnrollConstraint {
- public static final String CONFIG_CRITICAL =
- "basicConstraintsCritical";
- public static final String CONFIG_IS_CA =
- "basicConstraintsIsCA";
- public static final String CONFIG_MIN_PATH_LEN =
- "basicConstraintsMinPathLen";
- public static final String CONFIG_MAX_PATH_LEN =
- "basicConstraintsMaxPathLen";
+ public static final String CONFIG_CRITICAL = "basicConstraintsCritical";
+ public static final String CONFIG_IS_CA = "basicConstraintsIsCA";
+ public static final String CONFIG_MIN_PATH_LEN = "basicConstraintsMinPathLen";
+ public static final String CONFIG_MAX_PATH_LEN = "basicConstraintsMaxPathLen";
public BasicConstraintsExtConstraint() {
super();
@@ -71,50 +64,42 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
* Initializes this constraint plugin.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_CRITICAL)) {
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_IS_CA)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
} else if (name.equals(CONFIG_MIN_PATH_LEN)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "-1",
+ return new Descriptor(IDescriptor.INTEGER, null, "-1",
CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN"));
} else if (name.equals(CONFIG_MAX_PATH_LEN)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "100",
+ return new Descriptor(IDescriptor.INTEGER, null, "100",
CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN"));
}
return null;
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
+ throws ERejectException {
CertificateExtensions exts = null;
try {
- BasicConstraintsExtension ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(),
- info);
+ BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
if (ext == null) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_EXTENSION_NOT_FOUND",
- PKIXExtensions.BasicConstraints_Id.toString()));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_EXTENSION_NOT_FOUND",
+ PKIXExtensions.BasicConstraints_Id.toString()));
}
// check criticality
@@ -124,67 +109,66 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
boolean critical = getBoolean(value);
if (critical != ext.isCritical()) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
}
- }
+ }
value = getConfig(CONFIG_IS_CA);
if (!isOptional(value)) {
boolean isCA = getBoolean(value);
- Boolean extIsCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
+ Boolean extIsCA = (Boolean) ext
+ .get(BasicConstraintsExtension.IS_CA);
if (isCA != extIsCA.booleanValue()) {
throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA"));
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA"));
}
- }
+ }
value = getConfig(CONFIG_MIN_PATH_LEN);
if (!isOptional(value)) {
int pathLen = getInt(value);
- Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN);
+ Integer extPathLen = (Integer) ext
+ .get(BasicConstraintsExtension.PATH_LEN);
if (pathLen > extPathLen.intValue()) {
- CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen);
+ CMS.debug("BasicCOnstraintsExtConstraint: pathLen="
+ + pathLen + " > extPathLen=" + extPathLen);
throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH"));
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH"));
}
}
value = getConfig(CONFIG_MAX_PATH_LEN);
if (!isOptional(value)) {
int pathLen = getInt(value);
- Integer extPathLen = (Integer) ext.get(BasicConstraintsExtension.PATH_LEN);
+ Integer extPathLen = (Integer) ext
+ .get(BasicConstraintsExtension.PATH_LEN);
if (pathLen < extPathLen.intValue()) {
- CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen);
+ CMS.debug("BasicCOnstraintsExtConstraint: pathLen="
+ + pathLen + " < extPathLen=" + extPathLen);
throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH"));
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH"));
}
}
} catch (IOException e) {
CMS.debug("BasicConstraintsExt: validate " + e.toString());
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_EXTENSION_NOT_FOUND",
- PKIXExtensions.BasicConstraints_Id.toString()));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_EXTENSION_NOT_FOUND",
+ PKIXExtensions.BasicConstraints_Id.toString()));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_IS_CA),
- getConfig(CONFIG_MIN_PATH_LEN),
- getConfig(CONFIG_MAX_PATH_LEN)
- };
-
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT",
- params);
+ String params[] = { getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_IS_CA), getConfig(CONFIG_MIN_PATH_LEN),
+ getConfig(CONFIG_MAX_PATH_LEN) };
+
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", params);
}
public boolean isApplicable(IPolicyDefault def) {
@@ -197,19 +181,17 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
return false;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
-
+ public void setConfig(String name, String value) throws EPropertyException {
if (mConfig.getSubStore("params") == null) {
CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null");
//
} else {
- CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value);
+ CMS.debug("BasicConstraintsExt: setConfig name " + name + " value "
+ + value);
- if(name.equals(CONFIG_MAX_PATH_LEN))
- {
+ if (name.equals(CONFIG_MAX_PATH_LEN)) {
String minPathLen = getConfig(CONFIG_MIN_PATH_LEN);
@@ -217,13 +199,12 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
int maxLen = getInt(value);
- if(minLen >= maxLen) {
+ if (minLen >= maxLen) {
CMS.debug("BasicConstraintExt: minPathLen >= maxPathLen!");
throw new EPropertyException("bad value");
}
-
}
mConfig.getSubStore("params").putString(name, value);
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
index 9759af73..8b2eab44 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
@@ -17,16 +17,13 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import netscape.security.x509.X509CertImpl;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.ca.ICertificateAuthority;
-
/**
- * This class represents an abstract class for CA enrollment
- * constraint.
+ * This class represents an abstract class for CA enrollment constraint.
*/
public abstract class CAEnrollConstraint extends EnrollConstraint {
@@ -41,8 +38,8 @@ public abstract class CAEnrollConstraint extends EnrollConstraint {
* Retrieves the CA certificate.
*/
public X509CertImpl getCACert() {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
X509CertImpl caCert = ca.getCACert();
return caCert;
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
index 4d89e739..17c6c34f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.io.IOException;
import java.util.Date;
import java.util.Locale;
@@ -38,12 +37,10 @@ import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserValidityDefault;
import com.netscape.cms.profile.def.ValidityDefault;
-
/**
- * This class implements the validity constraint.
- * It checks if the validity in the certificate
- * template is within the CA's validity.
- *
+ * This class implements the validity constraint. It checks if the validity in
+ * the certificate template is within the CA's validity.
+ *
* @version $Revision$, $Date$
*/
public class CAValidityConstraint extends CAEnrollConstraint {
@@ -56,7 +53,7 @@ public class CAValidityConstraint extends CAEnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
X509CertImpl caCert = getCACert();
@@ -65,19 +62,18 @@ public class CAValidityConstraint extends CAEnrollConstraint {
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
+ throws ERejectException {
CMS.debug("CAValidityConstraint: validate start");
CertificateValidity v = null;
try {
v = (CertificateValidity) info.get(X509CertInfo.VALIDITY);
} catch (Exception e) {
- throw new ERejectException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_VALIDITY_NOT_FOUND"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_VALIDITY_NOT_FOUND"));
}
Date notBefore = null;
@@ -85,8 +81,8 @@ public class CAValidityConstraint extends CAEnrollConstraint {
notBefore = (Date) v.get(CertificateValidity.NOT_BEFORE);
} catch (IOException e) {
CMS.debug("CAValidity: not before " + e.toString());
- throw new ERejectException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_INVALID_NOT_BEFORE"));
}
Date notAfter = null;
@@ -94,37 +90,33 @@ public class CAValidityConstraint extends CAEnrollConstraint {
notAfter = (Date) v.get(CertificateValidity.NOT_AFTER);
} catch (IOException e) {
CMS.debug("CAValidity: not after " + e.toString());
- throw new ERejectException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_INVALID_NOT_AFTER"));
}
if (mDefNotBefore != null) {
- CMS.debug("ValidtyConstraint: notBefore=" + notBefore +
- " defNotBefore=" + mDefNotBefore);
+ CMS.debug("ValidtyConstraint: notBefore=" + notBefore
+ + " defNotBefore=" + mDefNotBefore);
if (notBefore.before(mDefNotBefore)) {
throw new ERejectException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE"));
+ getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE"));
}
}
- CMS.debug("ValidtyConstraint: notAfter=" + notAfter +
- " defNotAfter=" + mDefNotAfter);
+ CMS.debug("ValidtyConstraint: notAfter=" + notAfter + " defNotAfter="
+ + mDefNotAfter);
if (notAfter.after(mDefNotAfter)) {
- throw new ERejectException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_INVALID_NOT_AFTER"));
}
CMS.debug("CAValidtyConstraint: validate end");
}
public String getText(Locale locale) {
- String params[] = {
- mDefNotBefore.toString(),
- mDefNotAfter.toString()
- };
-
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT",
- params);
+ String params[] = { mDefNotBefore.toString(), mDefNotAfter.toString() };
+
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", params);
}
public boolean isApplicable(IPolicyDefault def) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
index 0723a72c..a4d1e4d9 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
@@ -39,10 +38,9 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
* This class implements the generic enrollment constraint.
- *
+ *
* @version $Revision$, $Date$
*/
public abstract class EnrollConstraint implements IPolicyConstraint {
@@ -72,16 +70,15 @@ public abstract class EnrollConstraint implements IPolicyConstraint {
public Locale getLocale(IRequest request) {
Locale locale = null;
- String language = request.getExtDataInString(
- EnrollProfile.REQUEST_LOCALE);
+ String language = request
+ .getExtDataInString(EnrollProfile.REQUEST_LOCALE);
if (language != null) {
locale = new Locale(language);
}
return locale;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (mConfig.getSubStore("params") == null) {
//
} else {
@@ -105,46 +102,42 @@ public abstract class EnrollConstraint implements IPolicyConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
mConfig = config;
}
public IConfigStore getConfigStore() {
return mConfig;
- }
+ }
/**
- * Validates the request. The request is not modified
- * during the validation.
- *
+ * Validates the request. The request is not modified during the validation.
+ *
* @param request enrollment request
* @param info certificate template
- * @exception ERejectException request is rejected due
- * to violation of constraint
+ * @exception ERejectException request is rejected due to violation of
+ * constraint
*/
public abstract void validate(IRequest request, X509CertInfo info)
- throws ERejectException;
+ throws ERejectException;
/**
- * Validates the request. The request is not modified
- * during the validation.
- *
- * The current implementation of this method calls
- * into the subclass's validate(request, info)
- * method for validation checking.
- *
+ * Validates the request. The request is not modified during the validation.
+ *
+ * The current implementation of this method calls into the subclass's
+ * validate(request, info) method for validation checking.
+ *
* @param request request
- * @exception ERejectException request is rejected due
- * to violation of constraint
+ * @exception ERejectException request is rejected due to violation of
+ * constraint
*/
- public void validate(IRequest request)
- throws ERejectException {
+ public void validate(IRequest request) throws ERejectException {
String name = getClass().getName();
name = name.substring(name.lastIndexOf('.') + 1);
CMS.debug(name + ": validate start");
- X509CertInfo info =
- request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ X509CertInfo info = request
+ .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
validate(request, info);
@@ -168,8 +161,7 @@ public abstract class EnrollConstraint implements IPolicyConstraint {
CertificateExtensions exts = null;
try {
- exts = (CertificateExtensions)
- info.get(X509CertInfo.EXTENSIONS);
+ exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
} catch (Exception e) {
CMS.debug("EnrollConstraint: getExtension " + e.toString());
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
index 539f4890..88cfb542 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -40,19 +39,17 @@ import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault;
import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserExtensionDefault;
-
/**
- * This class implements the extended key usage extension constraint.
- * It checks if the extended key usage extension in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the extended key usage extension constraint. It checks
+ * if the extended key usage extension in the certificate template satisfies the
+ * criteria.
+ *
* @version $Revision$, $Date$
*/
public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
public static final String CONFIG_CRITICAL = "exKeyUsageCritical";
- public static final String CONFIG_OIDS =
- "exKeyUsageOIDs";
+ public static final String CONFIG_OIDS = "exKeyUsageOIDs";
public ExtendedKeyUsageExtConstraint() {
super();
@@ -61,38 +58,33 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_CRITICAL)) {
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_OIDS)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_OIDS"));
- }
+ }
return null;
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
- ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension)
- getExtension(ExtendedKeyUsageExtension.OID, info);
+ throws ERejectException {
+ ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) getExtension(
+ ExtendedKeyUsageExtension.OID, info);
if (ext == null) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_EXTENSION_NOT_FOUND",
- ExtendedKeyUsageExtension.OID));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_EXTENSION_NOT_FOUND",
+ ExtendedKeyUsageExtension.OID));
}
// check criticality
@@ -102,12 +94,10 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
boolean critical = getBoolean(value);
if (critical != ext.isCritical()) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
}
- }
+ }
// Build local cache of configured OIDs
Vector mCache = new Vector();
@@ -122,28 +112,22 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
// check OIDs
Enumeration e = ext.getOIDs();
- while (e.hasMoreElements()) {
+ while (e.hasMoreElements()) {
ObjectIdentifier oid = (ObjectIdentifier) e.nextElement();
if (!mCache.contains(oid.toString())) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_OID_NOT_MATCHED",
- oid.toString()));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_OID_NOT_MATCHED",
+ oid.toString()));
}
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_OIDS)
- };
-
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT",
- params);
+ String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OIDS) };
+
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", params);
}
public boolean isApplicable(IPolicyDefault def) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
index cda51a07..5680648c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Locale;
import netscape.security.x509.Extension;
@@ -37,12 +36,10 @@ import com.netscape.cms.profile.def.EnrollExtDefault;
import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserExtensionDefault;
-
/**
- * This class implements the general extension constraint.
- * It checks if the extension in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the general extension constraint. It checks if the
+ * extension in the certificate template satisfies the criteria.
+ *
* @version $Revision$, $Date$
*/
public class ExtensionConstraint extends EnrollConstraint {
@@ -57,83 +54,71 @@ public class ExtensionConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (mConfig.getSubStore("params") == null) {
CMS.debug("ExtensionConstraint: mConfig.getSubStore is null");
} else {
- CMS.debug("ExtensionConstraint: setConfig name=" + name +
- " value=" + value);
-
- if(name.equals(CONFIG_OID))
- {
- try {
- CMS.checkOID("", value);
- } catch (Exception e) {
- throw new EPropertyException(
- CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value));
- }
+ CMS.debug("ExtensionConstraint: setConfig name=" + name + " value="
+ + value);
+
+ if (name.equals(CONFIG_OID)) {
+ try {
+ CMS.checkOID("", value);
+ } catch (Exception e) {
+ throw new EPropertyException(CMS.getUserMessage(
+ "CMS_PROFILE_PROPERTY_ERROR", value));
+ }
}
mConfig.getSubStore("params").putString(name, value);
}
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_OID)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_OID"));
}
return null;
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
+ throws ERejectException {
- Extension ext = getExtension(getConfig(CONFIG_OID), info);
+ Extension ext = getExtension(getConfig(CONFIG_OID), info);
if (ext == null) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_EXTENSION_NOT_FOUND",
- getConfig(CONFIG_OID)));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_EXTENSION_NOT_FOUND", getConfig(CONFIG_OID)));
}
- // check criticality
+ // check criticality
String value = getConfig(CONFIG_CRITICAL);
if (!isOptional(value)) {
boolean critical = getBoolean(value);
- if (critical != ext.isCritical()) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+ if (critical != ext.isCritical()) {
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
}
- }
+ }
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_OID)
- };
+ String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OID) };
- return CMS.getUserMessage(locale,
+ return CMS.getUserMessage(locale,
"CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params);
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
index 56ec0adf..1952ba16 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.math.BigInteger;
import java.security.interfaces.DSAParams;
import java.util.HashMap;
@@ -44,11 +43,9 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserKeyDefault;
-
/**
- * This constraint is to check the key type and
- * key length.
- *
+ * This constraint is to check the key type and key length.
+ *
* @version $Revision$, $Date$
*/
@SuppressWarnings("serial")
@@ -57,72 +54,306 @@ public class KeyConstraint extends EnrollConstraint {
public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA)
public static final String CONFIG_KEY_PARAMETERS = "keyParameters";
- private static final String[] ecCurves = {"nistp256","nistp384","nistp521","sect163k1","nistk163","sect163r1","sect163r2",
- "nistb163","sect193r1","sect193r2","sect233k1","nistk233","sect233r1","nistb233","sect239k1","sect283k1","nistk283",
- "sect283r1","nistb283","sect409k1","nistk409","sect409r1","nistb409","sect571k1","nistk571","sect571r1","nistb571",
- "secp160k1","secp160r1","secp160r2","secp192k1","secp192r1","nistp192","secp224k1","secp224r1","nistp224","secp256k1",
- "secp256r1","secp384r1","secp521r1","prime192v1","prime192v2","prime192v3","prime239v1","prime239v2","prime239v3","c2pnb163v1",
- "c2pnb163v2","c2pnb163v3","c2pnb176v1","c2tnb191v1","c2tnb191v2","c2tnb191v3","c2pnb208w1","c2tnb239v1","c2tnb239v2","c2tnb239v3",
- "c2pnb272w1","c2pnb304w1","c2tnb359w1","c2pnb368w1","c2tnb431r1","secp112r1","secp112r2","secp128r1","secp128r2","sect113r1","sect113r2",
- "sect131r1","sect131r2"
- };
-
- private final static HashMap<String,Vector> ecOIDs = new HashMap<String,Vector>();
- static
- {
- ecOIDs.put( "1.2.840.10045.3.1.7", new Vector() {{add("nistp256");add("secp256r1");}});
- ecOIDs.put( "1.3.132.0.34", new Vector() {{add("nistp384");add("secp384r1");}});
- ecOIDs.put( "1.3.132.0.35", new Vector() {{add("nistp521");add("secp521r1");}});
- ecOIDs.put( "1.3.132.0.1", new Vector() {{add("sect163k1");add("nistk163");}});
- ecOIDs.put( "1.3.132.0.2", new Vector() {{add("sect163r1");}});
- ecOIDs.put( "1.3.132.0.15", new Vector() {{add("sect163r2");add("nistb163");}});
- ecOIDs.put( "1.3.132.0.24", new Vector() {{add("sect193r1");}});
- ecOIDs.put( "1.3.132.0.25", new Vector() {{add("sect193r2");}});
- ecOIDs.put( "1.3.132.0.26", new Vector() {{add("sect233k1");add("nistk233");}});
- ecOIDs.put( "1.3.132.0.27", new Vector() {{add("sect233r1");add("nistb233");}});
- ecOIDs.put( "1.3.132.0.3", new Vector() {{add("sect239k1");}});
- ecOIDs.put( "1.3.132.0.16", new Vector() {{add("sect283k1");add("nistk283");}});
- ecOIDs.put( "1.3.132.0.17", new Vector() {{add("sect283r1");add("nistb283");}});
- ecOIDs.put( "1.3.132.0.36", new Vector() {{add("sect409k1");add("nistk409");}});
- ecOIDs.put( "1.3.132.0.37", new Vector() {{add("sect409r1");add("nistb409");}});
- ecOIDs.put( "1.3.132.0.38", new Vector() {{add("sect571k1"); add("nistk571");}});
- ecOIDs.put( "1.3.132.0.39", new Vector() {{add("sect571r1");add("nistb571");}});
- ecOIDs.put( "1.3.132.0.9", new Vector() {{add("secp160k1");}});
- ecOIDs.put( "1.3.132.0.8", new Vector() {{add("secp160r1");}});
- ecOIDs.put( "1.3.132.0.30", new Vector() {{add("secp160r2");}});
- ecOIDs.put( "1.3.132.0.31", new Vector() {{add("secp192k1");}});
- ecOIDs.put( "1.2.840.10045.3.1.1", new Vector() {{add("secp192r1");add("nistp192");add("prime192v1");}});
- ecOIDs.put( "1.3.132.0.32", new Vector() {{add("secp224k1");}});
- ecOIDs.put( "1.3.132.0.33", new Vector() {{add("secp224r1");add("nistp224");}});
- ecOIDs.put( "1.3.132.0.10", new Vector() {{add("secp256k1");}});
- ecOIDs.put( "1.2.840.10045.3.1.2",new Vector() {{add("prime192v2");}});
- ecOIDs.put( "1.2.840.10045.3.1.3",new Vector() {{add("prime192v3");}});
- ecOIDs.put( "1.2.840.10045.3.1.4",new Vector() {{add("prime239v1");}});
- ecOIDs.put( "1.2.840.10045.3.1.5",new Vector() {{add("prime239v2");}});
- ecOIDs.put( "1.2.840.10045.3.1.6",new Vector() {{add("prime239v3");}});
- ecOIDs.put( "1.2.840.10045.3.0.1", new Vector() {{add("c2pnb163v1");}});
- ecOIDs.put( "1.2.840.10045.3.0.2", new Vector() {{add("c2pnb163v2");}});
- ecOIDs.put( "1.2.840.10045.3.0.3", new Vector() {{add("c2pnb163v3");}});
- ecOIDs.put( "1.2.840.10045.3.0.4", new Vector() {{add("c2pnb176v1");}});
- ecOIDs.put( "1.2.840.10045.3.0.5", new Vector() {{add("c2tnb191v1");}});
- ecOIDs.put( "1.2.840.10045.3.0.6", new Vector() {{add("c2tnb191v2");}});
- ecOIDs.put( "1.2.840.10045.3.0.7", new Vector() {{add("c2tnb191v3");}});
- ecOIDs.put( "1.2.840.10045.3.0.10", new Vector() {{add("c2pnb208w1");}});
- ecOIDs.put( "1.2.840.10045.3.0.11", new Vector() {{add("c2tnb239v1");}});
- ecOIDs.put( "1.2.840.10045.3.0.12", new Vector() {{add("c2tnb239v2");}});
- ecOIDs.put( "1.2.840.10045.3.0.13", new Vector() {{add("c2tnb239v3");}});
- ecOIDs.put( "1.2.840.10045.3.0.16", new Vector() {{add("c2pnb272w1");}});
- ecOIDs.put( "1.2.840.10045.3.0.17", new Vector() {{add("c2pnb304w1");}});
- ecOIDs.put( "1.2.840.10045.3.0.19", new Vector() {{add("c2pnb368w1");}});
- ecOIDs.put( "1.2.840.10045.3.0.20", new Vector() {{add("c2tnb431r1");}});
- ecOIDs.put( "1.3.132.0.6", new Vector() {{add("secp112r1");}});
- ecOIDs.put( "1.3.132.0.7", new Vector() {{add("secp112r2");}});
- ecOIDs.put( "1.3.132.0.28", new Vector() {{add("secp128r1");}});
- ecOIDs.put( "1.3.132.0.29", new Vector() {{add("secp128r2");}});
- ecOIDs.put( "1.3.132.0.4", new Vector() {{add("sect113r1");}});
- ecOIDs.put( "1.3.132.0.5", new Vector() {{add("sect113r2");}});
- ecOIDs.put( "1.3.132.0.22", new Vector() {{add("sect131r1");}});
- ecOIDs.put( "1.3.132.0.23", new Vector() {{add("sect131r2");}});
+ private static final String[] ecCurves = { "nistp256", "nistp384",
+ "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2",
+ "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233",
+ "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283",
+ "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1",
+ "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571",
+ "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1",
+ "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1",
+ "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2",
+ "prime192v3", "prime239v1", "prime239v2", "prime239v3",
+ "c2pnb163v1", "c2pnb163v2", "c2pnb163v3", "c2pnb176v1",
+ "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1",
+ "c2tnb239v1", "c2tnb239v2", "c2tnb239v3", "c2pnb272w1",
+ "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1",
+ "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1",
+ "sect113r2", "sect131r1", "sect131r2" };
+
+ private final static HashMap<String, Vector> ecOIDs = new HashMap<String, Vector>();
+ static {
+ ecOIDs.put("1.2.840.10045.3.1.7", new Vector() {
+ {
+ add("nistp256");
+ add("secp256r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.34", new Vector() {
+ {
+ add("nistp384");
+ add("secp384r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.35", new Vector() {
+ {
+ add("nistp521");
+ add("secp521r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.1", new Vector() {
+ {
+ add("sect163k1");
+ add("nistk163");
+ }
+ });
+ ecOIDs.put("1.3.132.0.2", new Vector() {
+ {
+ add("sect163r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.15", new Vector() {
+ {
+ add("sect163r2");
+ add("nistb163");
+ }
+ });
+ ecOIDs.put("1.3.132.0.24", new Vector() {
+ {
+ add("sect193r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.25", new Vector() {
+ {
+ add("sect193r2");
+ }
+ });
+ ecOIDs.put("1.3.132.0.26", new Vector() {
+ {
+ add("sect233k1");
+ add("nistk233");
+ }
+ });
+ ecOIDs.put("1.3.132.0.27", new Vector() {
+ {
+ add("sect233r1");
+ add("nistb233");
+ }
+ });
+ ecOIDs.put("1.3.132.0.3", new Vector() {
+ {
+ add("sect239k1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.16", new Vector() {
+ {
+ add("sect283k1");
+ add("nistk283");
+ }
+ });
+ ecOIDs.put("1.3.132.0.17", new Vector() {
+ {
+ add("sect283r1");
+ add("nistb283");
+ }
+ });
+ ecOIDs.put("1.3.132.0.36", new Vector() {
+ {
+ add("sect409k1");
+ add("nistk409");
+ }
+ });
+ ecOIDs.put("1.3.132.0.37", new Vector() {
+ {
+ add("sect409r1");
+ add("nistb409");
+ }
+ });
+ ecOIDs.put("1.3.132.0.38", new Vector() {
+ {
+ add("sect571k1");
+ add("nistk571");
+ }
+ });
+ ecOIDs.put("1.3.132.0.39", new Vector() {
+ {
+ add("sect571r1");
+ add("nistb571");
+ }
+ });
+ ecOIDs.put("1.3.132.0.9", new Vector() {
+ {
+ add("secp160k1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.8", new Vector() {
+ {
+ add("secp160r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.30", new Vector() {
+ {
+ add("secp160r2");
+ }
+ });
+ ecOIDs.put("1.3.132.0.31", new Vector() {
+ {
+ add("secp192k1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.1.1", new Vector() {
+ {
+ add("secp192r1");
+ add("nistp192");
+ add("prime192v1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.32", new Vector() {
+ {
+ add("secp224k1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.33", new Vector() {
+ {
+ add("secp224r1");
+ add("nistp224");
+ }
+ });
+ ecOIDs.put("1.3.132.0.10", new Vector() {
+ {
+ add("secp256k1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.1.2", new Vector() {
+ {
+ add("prime192v2");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.1.3", new Vector() {
+ {
+ add("prime192v3");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.1.4", new Vector() {
+ {
+ add("prime239v1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.1.5", new Vector() {
+ {
+ add("prime239v2");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.1.6", new Vector() {
+ {
+ add("prime239v3");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.1", new Vector() {
+ {
+ add("c2pnb163v1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.2", new Vector() {
+ {
+ add("c2pnb163v2");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.3", new Vector() {
+ {
+ add("c2pnb163v3");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.4", new Vector() {
+ {
+ add("c2pnb176v1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.5", new Vector() {
+ {
+ add("c2tnb191v1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.6", new Vector() {
+ {
+ add("c2tnb191v2");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.7", new Vector() {
+ {
+ add("c2tnb191v3");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.10", new Vector() {
+ {
+ add("c2pnb208w1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.11", new Vector() {
+ {
+ add("c2tnb239v1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.12", new Vector() {
+ {
+ add("c2tnb239v2");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.13", new Vector() {
+ {
+ add("c2tnb239v3");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.16", new Vector() {
+ {
+ add("c2pnb272w1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.17", new Vector() {
+ {
+ add("c2pnb304w1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.19", new Vector() {
+ {
+ add("c2pnb368w1");
+ }
+ });
+ ecOIDs.put("1.2.840.10045.3.0.20", new Vector() {
+ {
+ add("c2tnb431r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.6", new Vector() {
+ {
+ add("secp112r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.7", new Vector() {
+ {
+ add("secp112r2");
+ }
+ });
+ ecOIDs.put("1.3.132.0.28", new Vector() {
+ {
+ add("secp128r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.29", new Vector() {
+ {
+ add("secp128r2");
+ }
+ });
+ ecOIDs.put("1.3.132.0.4", new Vector() {
+ {
+ add("sect113r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.5", new Vector() {
+ {
+ add("sect113r2");
+ }
+ });
+ ecOIDs.put("1.3.132.0.22", new Vector() {
+ {
+ add("sect131r1");
+ }
+ });
+ ecOIDs.put("1.3.132.0.23", new Vector() {
+ {
+ add("sect131r2");
+ }
+ });
}
private static String[] cfgECCurves = null;
@@ -136,7 +367,7 @@ public class KeyConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
String ecNames = "";
@@ -148,32 +379,30 @@ public class KeyConstraint extends EnrollConstraint {
CMS.debug("KeyConstraint.init ecNames: " + ecNames);
if (ecNames != null && ecNames.length() != 0) {
cfgECCurves = ecNames.split(",");
- }
+ }
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_KEY_TYPE)) {
- return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC",
- "RSA",
+ return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC", "RSA",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE"));
- } else if (name.equals(CONFIG_KEY_PARAMETERS)) {
- return new Descriptor(IDescriptor.STRING,null,"",
- CMS.getUserMessage(locale,"CMS_PROFILE_KEY_PARAMETERS"));
+ } else if (name.equals(CONFIG_KEY_PARAMETERS)) {
+ return new Descriptor(IDescriptor.STRING, null, "",
+ CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS"));
}
return null;
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
+ throws ERejectException {
try {
- CertificateX509Key infokey = (CertificateX509Key)
- info.get(X509CertInfo.KEY);
- X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
+ CertificateX509Key infokey = (CertificateX509Key) info
+ .get(X509CertInfo.KEY);
+ X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
String alg = key.getAlgorithmId().getName().toUpperCase();
String value = getConfig(CONFIG_KEY_TYPE);
@@ -181,29 +410,25 @@ public class KeyConstraint extends EnrollConstraint {
if (!isOptional(value)) {
if (!alg.equals(value)) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_KEY_TYPE_NOT_MATCHED",
- value));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", value));
}
}
int keySize = 0;
String ecCurve = "";
- if (alg.equals("RSA")) {
+ if (alg.equals("RSA")) {
keySize = getRSAKeyLen(key);
- } else if (alg.equals("DSA")) {
+ } else if (alg.equals("DSA")) {
keySize = getDSAKeyLen(key);
- } else if (alg.equals("EC")) {
- //EC key case.
+ } else if (alg.equals("EC")) {
+ // EC key case.
} else {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_INVALID_KEY_TYPE",
- alg));
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_INVALID_KEY_TYPE", alg));
}
value = getConfig(CONFIG_KEY_PARAMETERS);
@@ -212,28 +437,26 @@ public class KeyConstraint extends EnrollConstraint {
if (alg.equals("EC")) {
if (!alg.equals(keyType) && !isOptional(keyType)) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
- value));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", value));
}
AlgorithmId algid = key.getAlgorithmId();
CMS.debug("algId: " + algid);
- //Get raw string representation of alg parameters, will give
- //us the curve OID.
+ // Get raw string representation of alg parameters, will give
+ // us the curve OID.
- String params = null;
+ String params = null;
if (algid != null) {
params = algid.getParametersString();
}
if (params.startsWith("OID.")) {
params = params.substring(4);
- }
+ }
CMS.debug("EC key OID: " + params);
Vector vect = ecOIDs.get(params);
@@ -244,10 +467,12 @@ public class KeyConstraint extends EnrollConstraint {
CMS.debug("vect: " + vect.toString());
if (!isOptional(keyType)) {
- //Check the curve parameters only if explicit ECC or not optional
- for (int i = 0 ; i < keyParams.length ; i ++) {
- String ecParam = keyParams[i];
- CMS.debug("keyParams[i]: " + i + " param: " + ecParam);
+ // Check the curve parameters only if explicit ECC or
+ // not optional
+ for (int i = 0; i < keyParams.length; i++) {
+ String ecParam = keyParams[i];
+ CMS.debug("keyParams[i]: " + i + " param: "
+ + ecParam);
if (vect.contains(ecParam)) {
curveFound = true;
CMS.debug("KeyConstraint.validate: EC key constrainst passed.");
@@ -260,21 +485,17 @@ public class KeyConstraint extends EnrollConstraint {
}
if (!curveFound) {
- CMS.debug("KeyConstraint.validate: EC key constrainst failed.");
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
- value));
+ CMS.debug("KeyConstraint.validate: EC key constrainst failed.");
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", value));
}
- } else {
- if ( !arrayContainsString(keyParams,Integer.toString(keySize))) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
- value));
+ } else {
+ if (!arrayContainsString(keyParams, Integer.toString(keySize))) {
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED", value));
}
CMS.debug("KeyConstraint.validate: RSA key contraints passed.");
}
@@ -283,8 +504,8 @@ public class KeyConstraint extends EnrollConstraint {
throw (ERejectException) e;
}
CMS.debug("KeyConstraint: " + e.toString());
- throw new ERejectException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_KEY_NOT_FOUND"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_KEY_NOT_FOUND"));
}
}
@@ -292,8 +513,7 @@ public class KeyConstraint extends EnrollConstraint {
X509Key newkey = null;
try {
- newkey = new X509Key(AlgorithmId.get("RSA"),
- key.getKey());
+ newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey());
} catch (Exception e) {
CMS.debug("KeyConstraint: getRSAKey Len " + e.toString());
return -1;
@@ -315,13 +535,11 @@ public class KeyConstraint extends EnrollConstraint {
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_KEY_TYPE),
- getConfig(CONFIG_KEY_PARAMETERS)
- };
+ String params[] = { getConfig(CONFIG_KEY_TYPE),
+ getConfig(CONFIG_KEY_PARAMETERS) };
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params);
+ return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_KEY_TEXT",
+ params);
}
public boolean isApplicable(IPolicyDefault def) {
@@ -332,28 +550,27 @@ public class KeyConstraint extends EnrollConstraint {
return false;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value);
- //establish keyType, we don't know which order these params will arrive
+ // establish keyType, we don't know which order these params will arrive
if (name.equals(CONFIG_KEY_TYPE)) {
keyType = value;
- if(keyParams.equals(""))
- return;
+ if (keyParams.equals(""))
+ return;
}
-
- //establish keyParams
+
+ // establish keyParams
if (name.equals(CONFIG_KEY_PARAMETERS)) {
CMS.debug("establish keyParams: " + value);
keyParams = value;
- if(keyType.equals(""))
+ if (keyType.equals(""))
return;
}
- // All the params we need for validation have been collected,
+ // All the params we need for validation have been collected,
// we don't know which order they will show up
- if (keyType.length() > 0 && keyParams.length() > 0) {
+ if (keyType.length() > 0 && keyParams.length() > 0) {
String[] params = keyParams.split(",");
boolean isECCurve = false;
int keySize = 0;
@@ -361,48 +578,50 @@ public class KeyConstraint extends EnrollConstraint {
for (int i = 0; i < params.length; i++) {
if (keyType.equals("EC")) {
if (cfgECCurves == null) {
- //Use the static array as a backup if the config values are not present.
- isECCurve = arrayContainsString(ecCurves,params[i]);
+ // Use the static array as a backup if the config values
+ // are not present.
+ isECCurve = arrayContainsString(ecCurves, params[i]);
} else {
- isECCurve = arrayContainsString(cfgECCurves,params[i]);
+ isECCurve = arrayContainsString(cfgECCurves, params[i]);
}
- if (isECCurve == false) { //Not a valid EC curve throw exception.
+ if (isECCurve == false) { // Not a valid EC curve throw
+ // exception.
keyType = "";
keyParams = "";
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", name));
+ "CMS_INVALID_PROPERTY", name));
}
- } else {
+ } else {
try {
keySize = Integer.parseInt(params[i]);
} catch (Exception e) {
keySize = 0;
}
- if (keySize <= 0) {
+ if (keySize <= 0) {
keyType = "";
keyParams = "";
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", name));
+ "CMS_INVALID_PROPERTY", name));
}
}
}
- }
- //Actually set the configuration in the profile
- super.setConfig(CONFIG_KEY_TYPE, keyType);
- super.setConfig(CONFIG_KEY_PARAMETERS, keyParams);
+ }
+ // Actually set the configuration in the profile
+ super.setConfig(CONFIG_KEY_TYPE, keyType);
+ super.setConfig(CONFIG_KEY_PARAMETERS, keyParams);
- //Reset the vars for next round.
- keyType = "";
- keyParams = "";
+ // Reset the vars for next round.
+ keyType = "";
+ keyParams = "";
}
private boolean arrayContainsString(String[] array, String value) {
if (array == null || value == null) {
- return false;
- }
+ return false;
+ }
- for (int i = 0 ; i < array.length; i++) {
+ for (int i = 0; i < array.length; i++) {
if (array[i].equals(value)) {
return true;
}
@@ -411,4 +630,3 @@ public class KeyConstraint extends EnrollConstraint {
return false;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
index 4a483b43..41622281 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Locale;
import netscape.security.x509.KeyUsageExtension;
@@ -37,25 +36,19 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault;
import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserExtensionDefault;
-
/**
- * This class implements the key usage extension constraint.
- * It checks if the key usage constraint in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the key usage extension constraint. It checks if the
+ * key usage constraint in the certificate template satisfies the criteria.
+ *
* @version $Revision$, $Date$
*/
public class KeyUsageExtConstraint extends EnrollConstraint {
public static final String CONFIG_CRITICAL = "keyUsageCritical";
- public static final String CONFIG_DIGITAL_SIGNATURE =
- "keyUsageDigitalSignature";
- public static final String CONFIG_NON_REPUDIATION =
- "keyUsageNonRepudiation";
- public static final String CONFIG_KEY_ENCIPHERMENT =
- "keyUsageKeyEncipherment";
- public static final String CONFIG_DATA_ENCIPHERMENT =
- "keyUsageDataEncipherment";
+ public static final String CONFIG_DIGITAL_SIGNATURE = "keyUsageDigitalSignature";
+ public static final String CONFIG_NON_REPUDIATION = "keyUsageNonRepudiation";
+ public static final String CONFIG_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment";
+ public static final String CONFIG_DATA_ENCIPHERMENT = "keyUsageDataEncipherment";
public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
@@ -77,51 +70,41 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
} else if (name.equals(CONFIG_NON_REPUDIATION)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
} else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT"));
} else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT"));
} else if (name.equals(CONFIG_KEY_AGREEMENT)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT"));
} else if (name.equals(CONFIG_KEY_CERTSIGN)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN"));
} else if (name.equals(CONFIG_CRL_SIGN)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN"));
} else if (name.equals(CONFIG_ENCIPHER_ONLY)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY"));
} else if (name.equals(CONFIG_DECIPHER_ONLY)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY"));
}
return null;
@@ -134,20 +117,17 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
- KeyUsageExtension ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ throws ERejectException {
+ KeyUsageExtension ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_EXTENSION_NOT_FOUND",
- PKIXExtensions.KeyUsage_Id.toString()));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_EXTENSION_NOT_FOUND",
+ PKIXExtensions.KeyUsage_Id.toString()));
}
boolean[] bits = ext.getBits();
@@ -156,10 +136,9 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
if (!isOptional(value)) {
boolean critical = getBoolean(value);
- if (critical != ext.isCritical()) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+ if (critical != ext.isCritical()) {
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
}
}
value = getConfig(CONFIG_DIGITAL_SIGNATURE);
@@ -167,117 +146,105 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 0)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_NON_REPUDIATION);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 1)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_KEY_ENCIPHERMENT);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 2)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_DATA_ENCIPHERMENT);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 3)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_KEY_AGREEMENT);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 4)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_KEY_CERTSIGN);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 5)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_CRL_SIGN);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 6)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
+ value));
+ }
}
value = getConfig(CONFIG_ENCIPHER_ONLY);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 7)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED", value));
+ }
}
value = getConfig(CONFIG_DECIPHER_ONLY);
if (!isOptional(value)) {
boolean bit = getBoolean(value);
if (bit != isSet(bits, 8)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED",
- value));
- }
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED", value));
+ }
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
+ String params[] = { getConfig(CONFIG_CRITICAL),
getConfig(CONFIG_DIGITAL_SIGNATURE),
getConfig(CONFIG_NON_REPUDIATION),
getConfig(CONFIG_KEY_ENCIPHERMENT),
getConfig(CONFIG_DATA_ENCIPHERMENT),
getConfig(CONFIG_KEY_AGREEMENT),
- getConfig(CONFIG_KEY_CERTSIGN),
- getConfig(CONFIG_CRL_SIGN),
+ getConfig(CONFIG_KEY_CERTSIGN), getConfig(CONFIG_CRL_SIGN),
getConfig(CONFIG_ENCIPHER_ONLY),
- getConfig(CONFIG_DECIPHER_ONLY)
- };
+ getConfig(CONFIG_DECIPHER_ONLY) };
- return CMS.getUserMessage(locale,
+ return CMS.getUserMessage(locale,
"CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params);
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
index fe20b766..bd288547 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Locale;
import netscape.security.extensions.NSCertTypeExtension;
@@ -36,12 +35,11 @@ import com.netscape.cms.profile.def.NSCertTypeExtDefault;
import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserExtensionDefault;
-
/**
- * This class implements the Netscape certificate type extension constraint.
- * It checks if the Netscape certificate type extension in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the Netscape certificate type extension constraint. It
+ * checks if the Netscape certificate type extension in the certificate template
+ * satisfies the criteria.
+ *
* @version $Revision$, $Date$
*/
public class NSCertTypeExtConstraint extends EnrollConstraint {
@@ -68,63 +66,51 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_SSL_CLIENT)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT"));
} else if (name.equals(CONFIG_SSL_SERVER)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER"));
} else if (name.equals(CONFIG_EMAIL)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL"));
} else if (name.equals(CONFIG_OBJECT_SIGNING)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING"));
} else if (name.equals(CONFIG_SSL_CA)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA"));
} else if (name.equals(CONFIG_EMAIL_CA)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA"));
} else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) {
- return new Descriptor(IDescriptor.CHOICE, "true,false,-",
- "-",
- CMS.getUserMessage(locale,
- "CMS_PROFILE_OBJECT_SIGNING_CA"));
+ return new Descriptor(IDescriptor.CHOICE, "true,false,-", "-",
+ CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA"));
}
return null;
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
- NSCertTypeExtension ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ throws ERejectException {
+ NSCertTypeExtension ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
if (ext == null) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_EXTENSION_NOT_FOUND",
- NSCertTypeExtension.CertType_Id.toString()));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_EXTENSION_NOT_FOUND",
+ NSCertTypeExtension.CertType_Id.toString()));
}
String value = getConfig(CONFIG_CRITICAL);
@@ -132,10 +118,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
if (!isOptional(value)) {
boolean critical = getBoolean(value);
- if (critical != ext.isCritical()) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+ if (critical != ext.isCritical()) {
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
}
}
value = getConfig(CONFIG_SSL_CLIENT);
@@ -143,10 +128,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != ext.isSet(0)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED",
- value));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED", value));
}
}
value = getConfig(CONFIG_SSL_SERVER);
@@ -154,10 +138,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != ext.isSet(1)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SSL_SERVER_NOT_MATCHED",
- value));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_SSL_SERVER_NOT_MATCHED", value));
}
}
value = getConfig(CONFIG_EMAIL);
@@ -165,10 +148,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != ext.isSet(2)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_EMAIL_NOT_MATCHED",
- value));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_EMAIL_NOT_MATCHED",
+ value));
}
}
value = getConfig(CONFIG_OBJECT_SIGNING);
@@ -176,10 +158,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != ext.isSet(3)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED",
- value));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED", value));
}
}
value = getConfig(CONFIG_SSL_CA);
@@ -187,10 +168,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != ext.isSet(4)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SSL_CA_NOT_MATCHED",
- value));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_SSL_CA_NOT_MATCHED",
+ value));
}
}
value = getConfig(CONFIG_EMAIL_CA);
@@ -198,10 +178,9 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != ext.isSet(5)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_EMAIL_CA_NOT_MATCHED",
- value));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_EMAIL_CA_NOT_MATCHED",
+ value));
}
}
value = getConfig(CONFIG_OBJECT_SIGNING_CA);
@@ -209,27 +188,21 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
boolean bit = getBoolean(value);
if (bit != ext.isSet(6)) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED",
- value));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED", value));
}
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_SSL_CLIENT),
- getConfig(CONFIG_SSL_SERVER),
- getConfig(CONFIG_EMAIL),
- getConfig(CONFIG_OBJECT_SIGNING),
- getConfig(CONFIG_SSL_CA),
- getConfig(CONFIG_EMAIL_CA),
- getConfig(CONFIG_OBJECT_SIGNING_CA)
- };
-
- return CMS.getUserMessage(locale,
+ String params[] = { getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_SSL_CLIENT), getConfig(CONFIG_SSL_SERVER),
+ getConfig(CONFIG_EMAIL), getConfig(CONFIG_OBJECT_SIGNING),
+ getConfig(CONFIG_SSL_CA), getConfig(CONFIG_EMAIL_CA),
+ getConfig(CONFIG_OBJECT_SIGNING_CA) };
+
+ return CMS.getUserMessage(locale,
"CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params);
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
index 108c32b1..47de8e3f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
@@ -34,17 +33,16 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
* This class implements no constraint.
- *
+ *
* @version $Revision$, $Date$
*/
public class NoConstraint implements IPolicyConstraint {
public static final String CONFIG_NAME = "name";
- private IConfigStore mConfig = null;
+ private IConfigStore mConfig = null;
private Vector mNames = new Vector();
public Enumeration getConfigNames() {
@@ -55,8 +53,7 @@ public class NoConstraint implements IPolicyConstraint {
return null;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
}
public String getConfig(String name) {
@@ -68,7 +65,7 @@ public class NoConstraint implements IPolicyConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
mConfig = config;
}
@@ -77,15 +74,13 @@ public class NoConstraint implements IPolicyConstraint {
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
- public void validate(IRequest request)
- throws ERejectException {
+ public void validate(IRequest request) throws ERejectException {
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale,
+ return CMS.getUserMessage(locale,
"CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT");
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
index 91d5a46a..d09fd779 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.math.BigInteger;
import java.util.Date;
import java.util.Locale;
@@ -36,17 +35,16 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.def.NoDefault;
-
/**
- * This class supports renewal grace period, which has two
- * parameters: graceBefore and graceAfter
- *
+ * This class supports renewal grace period, which has two parameters:
+ * graceBefore and graceAfter
+ *
* @author Christina Fu
* @version $Revision$, $Date$
*/
public class RenewGracePeriodConstraint extends EnrollConstraint {
- // for renewal: # of days before the orig cert expiration date
+ // for renewal: # of days before the orig cert expiration date
public static final String CONFIG_RENEW_GRACE_BEFORE = "renewal.graceBefore";
// for renewal: # of days after the orig cert expiration date
public static final String CONFIG_RENEW_GRACE_AFTER = "renewal.graceAfter";
@@ -58,27 +56,30 @@ public class RenewGracePeriodConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public void setConfig(String name, String value)
- throws EPropertyException {
- if ( name.equals(CONFIG_RENEW_GRACE_BEFORE) ||
- name.equals(CONFIG_RENEW_GRACE_AFTER)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ public void setConfig(String name, String value) throws EPropertyException {
+ if (name.equals(CONFIG_RENEW_GRACE_BEFORE)
+ || name.equals(CONFIG_RENEW_GRACE_AFTER)) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE +" or "+ CONFIG_RENEW_GRACE_AFTER));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE
+ + " or " + CONFIG_RENEW_GRACE_AFTER));
+ }
}
super.setConfig(name, value);
}
public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_RENEW_GRACE_BEFORE)) {
- return new Descriptor(IDescriptor.INTEGER, null, "30",
+ return new Descriptor(
+ IDescriptor.INTEGER,
+ null,
+ "30",
CMS.getUserMessage(locale, "CMS_PROFILE_RENEW_GRACE_BEFORE"));
} else if (name.equals(CONFIG_RENEW_GRACE_AFTER)) {
return new Descriptor(IDescriptor.INTEGER, null, "30",
@@ -88,75 +89,82 @@ public class RenewGracePeriodConstraint extends EnrollConstraint {
}
public void validate(IRequest req, X509CertInfo info)
- throws ERejectException {
- String origExpDate_s = req.getExtDataInString("origNotAfter");
- // probably not for renewal
- if (origExpDate_s == null) {
- return;
- } else {
- CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing");
- }
- CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins");
- BigInteger origExpDate_BI = new BigInteger(origExpDate_s);
- Date origExpDate = new Date(origExpDate_BI.longValue());
- String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
- String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
- int renew_grace_before = 0;
- int renew_grace_after = 0;
- BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s);
- BigInteger renew_grace_after_BI= new BigInteger(renew_grace_after_s);
-
- // -1 means no limit
- if (renew_grace_before_s == "")
- renew_grace_before = -1;
- else
- renew_grace_before = Integer.parseInt(renew_grace_before_s);
-
- if (renew_grace_after_s == "")
- renew_grace_after = -1;
- else
- renew_grace_after = Integer.parseInt(renew_grace_after_s);
-
- if (renew_grace_before > 0)
- renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400));
- if (renew_grace_after > 0)
- renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400));
-
- Date current = CMS.getCurrentDate();
- long millisDiff = origExpDate.getTime() - current.getTime();
- CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime());
-
- /*
- * "days", if positive, has to be less than renew_grace_before
- * "days", if negative, means already past expiration date,
- * (abs value) has to be less than renew_grace_after
- * if renew_grace_before or renew_grace_after are negative
- * the one with negative value is ignored
- */
- if (millisDiff >= 0) {
- if ((renew_grace_before>0) && (millisDiff > renew_grace_before_BI.longValue())) {
- throw new ERejectException(CMS.getUserMessage(getLocale(req),
- "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
- renew_grace_before+" days before and "+
- renew_grace_after+" days after original cert expiration date"));
- }
- } else {
- if ((renew_grace_after > 0) && ((0-millisDiff) > renew_grace_after_BI.longValue())) {
- throw new ERejectException(CMS.getUserMessage(getLocale(req),
- "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
- renew_grace_before+" days before and "+
- renew_grace_after+" days after original cert expiration date"));
- }
- }
+ throws ERejectException {
+ String origExpDate_s = req.getExtDataInString("origNotAfter");
+ // probably not for renewal
+ if (origExpDate_s == null) {
+ return;
+ } else {
+ CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing");
+ }
+ CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins");
+ BigInteger origExpDate_BI = new BigInteger(origExpDate_s);
+ Date origExpDate = new Date(origExpDate_BI.longValue());
+ String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
+ String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
+ int renew_grace_before = 0;
+ int renew_grace_after = 0;
+ BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s);
+ BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s);
+
+ // -1 means no limit
+ if (renew_grace_before_s == "")
+ renew_grace_before = -1;
+ else
+ renew_grace_before = Integer.parseInt(renew_grace_before_s);
+
+ if (renew_grace_after_s == "")
+ renew_grace_after = -1;
+ else
+ renew_grace_after = Integer.parseInt(renew_grace_after_s);
+
+ if (renew_grace_before > 0)
+ renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger
+ .valueOf(1000 * 86400));
+ if (renew_grace_after > 0)
+ renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger
+ .valueOf(1000 * 86400));
+
+ Date current = CMS.getCurrentDate();
+ long millisDiff = origExpDate.getTime() - current.getTime();
+ CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff
+ + " origExpDate=" + origExpDate.getTime() + " current="
+ + current.getTime());
+
+ /*
+ * "days", if positive, has to be less than renew_grace_before "days",
+ * if negative, means already past expiration date, (abs value) has to
+ * be less than renew_grace_after if renew_grace_before or
+ * renew_grace_after are negative the one with negative value is ignored
+ */
+ if (millisDiff >= 0) {
+ if ((renew_grace_before > 0)
+ && (millisDiff > renew_grace_before_BI.longValue())) {
+ throw new ERejectException(CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
+ renew_grace_before + " days before and "
+ + renew_grace_after
+ + " days after original cert expiration date"));
+ }
+ } else {
+ if ((renew_grace_after > 0)
+ && ((0 - millisDiff) > renew_grace_after_BI.longValue())) {
+ throw new ERejectException(CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
+ renew_grace_before + " days before and "
+ + renew_grace_after
+ + " days after original cert expiration date"));
+ }
+ }
}
-
public String getText(Locale locale) {
String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
- String renew_grace_after_s= getConfig(CONFIG_RENEW_GRACE_AFTER);
- return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT",
- renew_grace_before_s+" days before and "+
- renew_grace_after_s+" days after original cert expiration date");
+ String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", renew_grace_before_s
+ + " days before and " + renew_grace_after_s
+ + " days after original cert expiration date");
}
public boolean isApplicable(IPolicyDefault def) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
index f570c26e..40a34c0b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Locale;
import java.util.StringTokenizer;
import java.util.Vector;
@@ -40,12 +39,10 @@ import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.SigningAlgDefault;
import com.netscape.cms.profile.def.UserSigningAlgDefault;
-
/**
- * This class implements the signing algorithm constraint.
- * It checks if the signing algorithm in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the signing algorithm constraint. It checks if the
+ * signing algorithm in the certificate template satisfies the criteria.
+ *
* @version $Revision$, $Date$
*/
public class SigningAlgConstraint extends EnrollConstraint {
@@ -69,29 +66,27 @@ public class SigningAlgConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (mConfig.getSubStore("params") == null) {
CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null");
} else {
- CMS.debug("SigningAlgConstraint: setConfig name=" + name +
- " value=" + value);
-
- if(name.equals(CONFIG_ALGORITHMS_ALLOWED))
- {
- StringTokenizer st = new StringTokenizer(value, ",");
- while (st.hasMoreTokens()) {
- String v = st.nextToken();
- if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) {
- throw new EPropertyException(
- CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v));
- }
- }
+ CMS.debug("SigningAlgConstraint: setConfig name=" + name
+ + " value=" + value);
+
+ if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) {
+ StringTokenizer st = new StringTokenizer(value, ",");
+ while (st.hasMoreTokens()) {
+ String v = st.nextToken();
+ if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) {
+ throw new EPropertyException(CMS.getUserMessage(
+ "CMS_PROFILE_PROPERTY_ERROR", v));
+ }
+ }
}
mConfig.getSubStore("params").putString(name, value);
}
@@ -100,25 +95,24 @@ public class SigningAlgConstraint extends EnrollConstraint {
public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) {
return new Descriptor(IDescriptor.STRING, null,
- DEF_CONFIG_ALGORITHMS,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED"));
+ DEF_CONFIG_ALGORITHMS, CMS.getUserMessage(locale,
+ "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED"));
}
return null;
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
+ throws ERejectException {
CertificateAlgorithmId algId = null;
try {
- algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID);
- AlgorithmId id = (AlgorithmId)
- algId.get(CertificateAlgorithmId.ALGORITHM);
+ algId = (CertificateAlgorithmId) info
+ .get(X509CertInfo.ALGORITHM_ID);
+ AlgorithmId id = (AlgorithmId) algId
+ .get(CertificateAlgorithmId.ALGORITHM);
Vector mCache = new Vector();
StringTokenizer st = new StringTokenizer(
@@ -132,22 +126,25 @@ public class SigningAlgConstraint extends EnrollConstraint {
if (!mCache.contains(id.toString())) {
throw new ERejectException(CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString()));
+ getLocale(request),
+ "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED",
+ id.toString()));
}
} catch (Exception e) {
if (e instanceof ERejectException) {
throw (ERejectException) e;
}
CMS.debug("SigningAlgConstraint: " + e.toString());
- throw new ERejectException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_SIGNING_ALGORITHM_NOT_FOUND"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_SIGNING_ALGORITHM_NOT_FOUND"));
}
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT", getConfig(CONFIG_ALGORITHMS_ALLOWED));
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONSTRAINT_SIGNING_ALG_TEXT",
+ getConfig(CONFIG_ALGORITHMS_ALLOWED));
}
public boolean isApplicable(IPolicyDefault def) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
index 7ce32f00..547ce433 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.io.IOException;
import java.util.Locale;
@@ -38,12 +37,10 @@ import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.SubjectNameDefault;
import com.netscape.cms.profile.def.UserSubjectNameDefault;
-
/**
- * This class implements the subject name constraint.
- * It checks if the subject name in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the subject name constraint. It checks if the subject
+ * name in the certificate template satisfies the criteria.
+ *
* @version $Revision$, $Date$
*/
public class SubjectNameConstraint extends EnrollConstraint {
@@ -56,15 +53,15 @@ public class SubjectNameConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_PATTERN)) {
- return new Descriptor(IDescriptor.STRING,
- null, null,
- CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN"));
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_PATTERN)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_SUBJECT_NAME_PATTERN"));
} else {
return null;
}
@@ -75,54 +72,48 @@ public class SubjectNameConstraint extends EnrollConstraint {
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
+ throws ERejectException {
CMS.debug("SubjectNameConstraint: validate start");
CertificateSubjectName sn = null;
try {
sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
- CMS.debug("SubjectNameConstraint: validate cert subject ="+
- sn.toString());
+ CMS.debug("SubjectNameConstraint: validate cert subject ="
+ + sn.toString());
} catch (Exception e) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
}
X500Name sn500 = null;
try {
sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME);
} catch (IOException e) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
}
if (sn500 == null) {
CMS.debug("SubjectNameConstraint: validate() - sn500 is null");
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
} else {
- CMS.debug("SubjectNameConstraint: validate() - sn500 "+
- CertificateSubjectName.DN_NAME + " = "+
- sn500.toString());
+ CMS.debug("SubjectNameConstraint: validate() - sn500 "
+ + CertificateSubjectName.DN_NAME + " = " + sn500.toString());
}
if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) {
- CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern "+ getConfig(CONFIG_PATTERN));
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED",
- sn500.toString()));
+ CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern "
+ + getConfig(CONFIG_PATTERN));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", sn500.toString()));
}
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT",
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT",
getConfig(CONFIG_PATTERN));
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
index b47e2230..f02a5c7c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -43,57 +42,52 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.def.NoDefault;
/**
- * This constraint is to check for publickey uniqueness.
- * The config param "allowSameKeyRenewal" enables the
- * situation where if the publickey is not unique, and if
- * the subject DN is the same, that is a "renewal".
- *
- * Another "feature" that is quoted out of this code is the
- * "revokeDupKeyCert" option, which enables the revocation
- * of certs that bear the same publickey as the enrolling
- * request. Since this can potentially be abused, it is taken
- * out and preserved in comments to allow future refinement.
- *
+ * This constraint is to check for publickey uniqueness. The config param
+ * "allowSameKeyRenewal" enables the situation where if the publickey is not
+ * unique, and if the subject DN is the same, that is a "renewal".
+ *
+ * Another "feature" that is quoted out of this code is the "revokeDupKeyCert"
+ * option, which enables the revocation of certs that bear the same publickey as
+ * the enrolling request. Since this can potentially be abused, it is taken out
+ * and preserved in comments to allow future refinement.
+ *
* @version $Revision$, $Date$
*/
public class UniqueKeyConstraint extends EnrollConstraint {
- /*
- public static final String CONFIG_REVOKE_DUPKEY_CERT =
- "revokeDupKeyCert";
- boolean mRevokeDupKeyCert = false;
- */
- public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL =
- "allowSameKeyRenewal";
- boolean mAllowSameKeyRenewal = false;
+ /*
+ * public static final String CONFIG_REVOKE_DUPKEY_CERT =
+ * "revokeDupKeyCert"; boolean mRevokeDupKeyCert = false;
+ */
+ public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL = "allowSameKeyRenewal";
+ boolean mAllowSameKeyRenewal = false;
public ICertificateAuthority mCA = null;
- public UniqueKeyConstraint() {
- super();
- /*
- addConfigName(CONFIG_REVOKE_DUPKEY_CERT);
- */
- addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL);
- }
+ public UniqueKeyConstraint() {
+ super();
+ /*
+ * addConfigName(CONFIG_REVOKE_DUPKEY_CERT);
+ */
+ addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL);
+ }
- public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ public void init(IProfile profile, IConfigStore config)
+ throws EProfileException {
super.init(profile, config);
- mCA = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name)
- {
- /*
- if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) {
- return new Descriptor(IDescriptor.BOOLEAN, null, "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT"));
- }
- */
- if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null, "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL"));
- }
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ /*
+ * if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { return new
+ * Descriptor(IDescriptor.BOOLEAN, null, "false",
+ * CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT"));
+ * }
+ */
+ if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL"));
+ }
return null;
}
@@ -102,173 +96,156 @@ public class UniqueKeyConstraint extends EnrollConstraint {
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
- boolean rejected = false;
- int size = 0;
- ICertRecordList list;
+ throws ERejectException {
+ boolean rejected = false;
+ int size = 0;
+ ICertRecordList list;
- /*
- mRevokeDupKeyCert =
- getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT);
- */
- mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL);
+ /*
+ * mRevokeDupKeyCert = getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT);
+ */
+ mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL);
try {
- CertificateX509Key infokey = (CertificateX509Key)
- info.get(X509CertInfo.KEY);
- X509Key key = (X509Key)
- infokey.get(CertificateX509Key.KEY);
-
- // check for key uniqueness
- byte pub[] = key.getEncoded();
- String pub_s = escapeBinaryData(pub);
- String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA +"=" + pub_s + ")";
- list =
- (ICertRecordList)
- mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10);
- size = list.getSize();
+ CertificateX509Key infokey = (CertificateX509Key) info
+ .get(X509CertInfo.KEY);
+ X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
+
+ // check for key uniqueness
+ byte pub[] = key.getEncoded();
+ String pub_s = escapeBinaryData(pub);
+ String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA
+ + "=" + pub_s + ")";
+ list = (ICertRecordList) mCA.getCertificateRepository()
+ .findCertRecordsInList(filter, null, 10);
+ size = list.getSize();
} catch (Exception e) {
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_INTERNAL_ERROR",e.toString()));
- }
-
- /*
- * It does not matter if the corresponding cert's status
- * is valid or not, we don't want a key that was once
- * generated before
- */
- if (size > 0) {
- CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key.");
-
- /*
- The following code revokes the existing certs that have
- the same public key as the one submitted for enrollment
- request. However, it is not a good idea due to possible
- abuse. It is therefore commented out. It is still
- however still maintained for possible utilization at later
- time
-
- // if configured to revoke duplicated key
- // revoke cert
- if (mRevokeDupKeyCert) {
- try {
- Enumeration e = list.getCertRecords(0, size-1);
- while (e != null && e.hasMoreElements()) {
- ICertRecord rec = (ICertRecord) e.nextElement();
- X509CertImpl cert = rec.getCertificate();
-
- // revoke the cert
- BigInteger serialNum = cert.getSerialNumber();
- ICAService service = (ICAService) mCA.getCAService();
-
- RevokedCertImpl crlEntry =
- formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE);
- service.revokeCert(crlEntry);
- CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully");
- }
- } catch (Exception ex) {
- CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert");
- }
- } // revoke dupkey cert turned on
- */
-
- if (mAllowSameKeyRenewal == true) {
- X500Name sjname_in_db = null;
- X500Name sjname_in_req = null;
-
- try {
- // get subject of request
- CertificateSubjectName subName =
- (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
-
- if (subName != null) {
-
- sjname_in_req =
- (X500Name) subName.get(CertificateSubjectName.DN_NAME);
- CMS.debug("UniqueKeyConstraint: cert request subject DN ="+ sjname_in_req.toString());
- Enumeration e = list.getCertRecords(0, size-1);
- while (e != null && e.hasMoreElements()) {
- ICertRecord rec = (ICertRecord) e.nextElement();
- X509CertImpl cert = rec.getCertificate();
- String certDN =
- cert.getSubjectDN().toString();
- CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="+ certDN);
-
- sjname_in_db = new X500Name(certDN);
-
- if (sjname_in_db.equals(sjname_in_req) == false) {
- rejected = true;
- break;
- } else {
- rejected = false;
- }
- } // while
- } else { //subName is null
- rejected = true;
- }
- } catch (Exception ex1) {
- CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "+ex1.toString());
- rejected = true;
- } // try
-
- } else {
- rejected = true;
- }// allowSameKeyRenewal
- } // (size > 0)
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_INTERNAL_ERROR", e.toString()));
+ }
- if (rejected == true) {
- CMS.debug("UniqueKeyConstraint: rejected");
- throw new ERejectException(
- CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_DUPLICATE_KEY"));
- } else {
- CMS.debug("UniqueKeyConstraint: approved");
- }
+ /*
+ * It does not matter if the corresponding cert's status is valid or
+ * not, we don't want a key that was once generated before
+ */
+ if (size > 0) {
+ CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key.");
+
+ /*
+ * The following code revokes the existing certs that have the same
+ * public key as the one submitted for enrollment request. However,
+ * it is not a good idea due to possible abuse. It is therefore
+ * commented out. It is still however still maintained for possible
+ * utilization at later time
+ *
+ * // if configured to revoke duplicated key // revoke cert if
+ * (mRevokeDupKeyCert) { try { Enumeration e =
+ * list.getCertRecords(0, size-1); while (e != null &&
+ * e.hasMoreElements()) { ICertRecord rec = (ICertRecord)
+ * e.nextElement(); X509CertImpl cert = rec.getCertificate();
+ *
+ * // revoke the cert BigInteger serialNum = cert.getSerialNumber();
+ * ICAService service = (ICAService) mCA.getCAService();
+ *
+ * RevokedCertImpl crlEntry = formCRLEntry(serialNum,
+ * RevocationReason.KEY_COMPROMISE); service.revokeCert(crlEntry);
+ * CMS.debug(
+ * "UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"
+ * ); } } catch (Exception ex) {
+ * CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); }
+ * } // revoke dupkey cert turned on
+ */
+
+ if (mAllowSameKeyRenewal == true) {
+ X500Name sjname_in_db = null;
+ X500Name sjname_in_req = null;
+
+ try {
+ // get subject of request
+ CertificateSubjectName subName = (CertificateSubjectName) info
+ .get(X509CertInfo.SUBJECT);
+
+ if (subName != null) {
+
+ sjname_in_req = (X500Name) subName
+ .get(CertificateSubjectName.DN_NAME);
+ CMS.debug("UniqueKeyConstraint: cert request subject DN ="
+ + sjname_in_req.toString());
+ Enumeration e = list.getCertRecords(0, size - 1);
+ while (e != null && e.hasMoreElements()) {
+ ICertRecord rec = (ICertRecord) e.nextElement();
+ X509CertImpl cert = rec.getCertificate();
+ String certDN = cert.getSubjectDN().toString();
+ CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="
+ + certDN);
+
+ sjname_in_db = new X500Name(certDN);
+
+ if (sjname_in_db.equals(sjname_in_req) == false) {
+ rejected = true;
+ break;
+ } else {
+ rejected = false;
+ }
+ } // while
+ } else { // subName is null
+ rejected = true;
+ }
+ } catch (Exception ex1) {
+ CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "
+ + ex1.toString());
+ rejected = true;
+ } // try
+
+ } else {
+ rejected = true;
+ }// allowSameKeyRenewal
+ } // (size > 0)
+
+ if (rejected == true) {
+ CMS.debug("UniqueKeyConstraint: rejected");
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_DUPLICATE_KEY"));
+ } else {
+ CMS.debug("UniqueKeyConstraint: approved");
+ }
}
- /**
+ /**
* make a CRL entry from a serial number and revocation reason.
+ *
* @return a RevokedCertImpl that can be entered in a CRL.
-
- protected RevokedCertImpl formCRLEntry(
- BigInteger serialNo, RevocationReason reason)
- throws EBaseException {
- CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
- CRLExtensions crlentryexts = new CRLExtensions();
-
- try {
- crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
- } catch (IOException e) {
- CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString());
-
- // throw new ECMSGWException(
- // CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
-
- }
- RevokedCertImpl crlentry =
- new RevokedCertImpl(serialNo, CMS.getCurrentDate(),
- crlentryexts);
-
- return crlentry;
- }
- */
+ *
+ * protected RevokedCertImpl formCRLEntry( BigInteger serialNo,
+ * RevocationReason reason) throws EBaseException {
+ * CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
+ * CRLExtensions crlentryexts = new CRLExtensions();
+ *
+ * try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); }
+ * catch (IOException e) {
+ * CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString());
+ *
+ * // throw new ECMSGWException( //
+ * CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
+ *
+ * } RevokedCertImpl crlentry = new RevokedCertImpl(serialNo,
+ * CMS.getCurrentDate(), crlentryexts);
+ *
+ * return crlentry; }
+ */
public String getText(Locale locale) {
String params[] = {
-/*
- getConfig(CONFIG_REVOKE_DUPKEY_CERT),
-*/
- };
+ /*
+ * getConfig(CONFIG_REVOKE_DUPKEY_CERT),
+ */
+ };
- return CMS.getUserMessage(locale,
+ return CMS.getUserMessage(locale,
"CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params);
}
@@ -285,12 +262,12 @@ public class UniqueKeyConstraint extends EnrollConstraint {
}
public boolean isApplicable(IPolicyDefault def) {
- if (def instanceof NoDefault)
- return true;
+ if (def instanceof NoDefault)
+ return true;
if (def instanceof UniqueKeyConstraint)
return true;
- return false;
+ return false;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
index 89b8d460..2d5db341 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
@@ -51,17 +51,15 @@ import com.netscape.cms.profile.def.SubjectNameDefault;
import com.netscape.cms.profile.def.UserSubjectNameDefault;
/**
- * This class implements the unique subject name constraint.
- * It checks if the subject name in the certificate is
- * unique in the internal database, ie, no two certificates
- * have the same subject name.
- *
+ * This class implements the unique subject name constraint. It checks if the
+ * subject name in the certificate is unique in the internal database, ie, no
+ * two certificates have the same subject name.
+ *
* @version $Revision$, $Date$
*/
public class UniqueSubjectNameConstraint extends EnrollConstraint {
- public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING =
- "enableKeyUsageExtensionChecking";
+ public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = "enableKeyUsageExtensionChecking";
private boolean mKeyUsageExtensionChecking = true;
public UniqueSubjectNameConstraint() {
@@ -69,14 +67,15 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) {
return new Descriptor(IDescriptor.BOOLEAN, null, "true",
- CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING"));
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING"));
}
return null;
}
@@ -85,20 +84,19 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
return null;
}
- /**
- * Checks if the key extension in the issued certificate
- * is the same as the one in the certificate template.
- */
- private boolean sameKeyUsageExtension(ICertRecord rec,
- X509CertInfo certInfo) {
+ /**
+ * Checks if the key extension in the issued certificate is the same as the
+ * one in the certificate template.
+ */
+ private boolean sameKeyUsageExtension(ICertRecord rec, X509CertInfo certInfo) {
X509CertImpl impl = rec.getCertificate();
boolean bits[] = impl.getKeyUsage();
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (IOException e) {
} catch (java.security.cert.CertificateException e) {
}
@@ -109,10 +107,10 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
return false;
} else {
try {
- ext = (KeyUsageExtension) extensions.get(
- KeyUsageExtension.NAME);
+ ext = (KeyUsageExtension) extensions
+ .get(KeyUsageExtension.NAME);
} catch (IOException e) {
- // extension isn't there.
+ // extension isn't there.
}
if (ext == null) {
@@ -135,48 +133,44 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
return false;
}
}
- }
+ }
}
- return true;
+ return true;
}
-
/**
- * Validates the request. The request is not modified
- * during the validation.
- *
- * Rules are as follows:
- * If the subject name is not unique, then the request will be rejected unless:
- * 1. the certificate is expired or expired_revoked
+ * Validates the request. The request is not modified during the validation.
+ *
+ * Rules are as follows: If the subject name is not unique, then the request
+ * will be rejected unless: 1. the certificate is expired or expired_revoked
* 2. the certificate is revoked and the revocation reason is not "on hold"
- * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default)
+ * 3. the keyUsageExtension bits are different and
+ * enableKeyUsageExtensionChecking=true (default)
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
+ throws ERejectException {
CMS.debug("UniqueSubjectNameConstraint: validate start");
CertificateSubjectName sn = null;
- IAuthority authority = (IAuthority)CMS.getSubsystem("ca");
-
+ IAuthority authority = (IAuthority) CMS.getSubsystem("ca");
+
mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING);
ICertificateRepository certdb = null;
if (authority != null && authority instanceof ICertificateAuthority) {
- ICertificateAuthority ca = (ICertificateAuthority)authority;
+ ICertificateAuthority ca = (ICertificateAuthority) authority;
certdb = ca.getCertificateRepository();
}
-
+
try {
sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
} catch (Exception e) {
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
}
String certsubjectname = null;
if (sn == null)
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+ throw new ERejectException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
else {
certsubjectname = sn.toString();
String filter = "x509Cert.subject=" + certsubjectname;
@@ -184,7 +178,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
try {
sameSubjRecords = certdb.findCertRecords(filter);
} catch (EBaseException e) {
- CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString());
+ CMS.debug("UniqueSubjectNameConstraint exception: "
+ + e.toString());
}
while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) {
ICertRecord rec = (ICertRecord) sameSubjRecords.nextElement();
@@ -194,7 +189,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
RevocationReason reason = null;
if (revocationInfo != null) {
- CRLExtensions crlExts = revocationInfo.getCRLEntryExtensions();
+ CRLExtensions crlExts = revocationInfo
+ .getCRLEntryExtensions();
if (crlExts != null) {
Enumeration enumx = crlExts.getElements();
@@ -209,35 +205,33 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
}
}
- if (status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
+ if (status.equals(ICertRecord.STATUS_EXPIRED)
+ || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
continue;
}
- if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null &&
- (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) {
+ if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null
+ && (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) {
continue;
}
- if (mKeyUsageExtensionChecking && !sameKeyUsageExtension(rec, info)) {
+ if (mKeyUsageExtensionChecking
+ && !sameKeyUsageExtension(rec, info)) {
continue;
}
- throw new ERejectException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE",
- certsubjectname));
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", certsubjectname));
}
}
- CMS.debug("UniqueSubjectNameConstraint: validate end");
+ CMS.debug("UniqueSubjectNameConstraint: validate end");
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING)
- };
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT",
- params);
+ String params[] = { getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) };
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", params);
}
public boolean isApplicable(IPolicyDefault def) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
index 95c32221..33b1cb0d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.constraint;
-
import java.io.IOException;
import java.util.Date;
import java.util.Locale;
@@ -40,12 +39,10 @@ import com.netscape.cms.profile.def.NoDefault;
import com.netscape.cms.profile.def.UserValidityDefault;
import com.netscape.cms.profile.def.ValidityDefault;
-
/**
- * This class implements the validity constraint.
- * It checks if the validity in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the validity constraint. It checks if the validity in
+ * the certificate template satisfies the criteria.
+ *
* @version $Revision$, $Date$
*/
public class ValidityConstraint extends EnrollConstraint {
@@ -68,20 +65,19 @@ public class ValidityConstraint extends EnrollConstraint {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public void setConfig(String name, String value)
- throws EPropertyException {
- if (name.equals(CONFIG_RANGE) ||
- name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ public void setConfig(String name, String value) throws EPropertyException {
+ if (name.equals(CONFIG_RANGE)
+ || name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", name));
- }
+ "CMS_INVALID_PROPERTY", name));
+ }
}
super.setConfig(name, value);
}
@@ -92,30 +88,32 @@ public class ValidityConstraint extends EnrollConstraint {
CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE"));
} else if (name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
return new Descriptor(IDescriptor.INTEGER, null, "0",
- CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD"));
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_VALIDITY_NOT_BEFORE_GRACE_PERIOD"));
} else if (name.equals(CONFIG_CHECK_NOT_BEFORE)) {
return new Descriptor(IDescriptor.BOOLEAN, null, "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_BEFORE"));
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_VALIDITY_CHECK_NOT_BEFORE"));
} else if (name.equals(CONFIG_CHECK_NOT_AFTER)) {
return new Descriptor(IDescriptor.BOOLEAN, null, "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_CHECK_NOT_AFTER"));
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_VALIDITY_CHECK_NOT_AFTER"));
}
return null;
}
/**
- * Validates the request. The request is not modified
- * during the validation.
+ * Validates the request. The request is not modified during the validation.
*/
public void validate(IRequest request, X509CertInfo info)
- throws ERejectException {
+ throws ERejectException {
CertificateValidity v = null;
try {
v = (CertificateValidity) info.get(X509CertInfo.VALIDITY);
} catch (Exception e) {
throw new ERejectException(CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_VALIDITY_NOT_FOUND"));
+ "CMS_PROFILE_VALIDITY_NOT_FOUND"));
}
Date notBefore = null;
@@ -124,7 +122,7 @@ public class ValidityConstraint extends EnrollConstraint {
} catch (IOException e) {
CMS.debug("ValidityConstraint: not before not found");
throw new ERejectException(CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_VALIDITY_NOT_FOUND"));
+ "CMS_PROFILE_VALIDITY_NOT_FOUND"));
}
Date notAfter = null;
@@ -133,33 +131,36 @@ public class ValidityConstraint extends EnrollConstraint {
} catch (IOException e) {
CMS.debug("ValidityConstraint: not after not found");
throw new ERejectException(CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_VALIDITY_NOT_FOUND"));
+ "CMS_PROFILE_VALIDITY_NOT_FOUND"));
}
if (notAfter.getTime() < notBefore.getTime()) {
- CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") < notBefore (" + notBefore + ")");
+ CMS.debug("ValidityConstraint: notAfter (" + notAfter
+ + ") < notBefore (" + notBefore + ")");
throw new ERejectException(CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_NOT_AFTER_BEFORE_NOT_BEFORE"));
+ "CMS_PROFILE_NOT_AFTER_BEFORE_NOT_BEFORE"));
}
long millisDiff = notAfter.getTime() - notBefore.getTime();
- CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime());
- long long_days = (millisDiff / 1000 ) / 86400;
- CMS.debug("ValidityConstraint: long_days: "+long_days);
- int days = (int)long_days;
- CMS.debug("ValidityConstraint: days: "+days);
+ CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter="
+ + notAfter.getTime() + " notBefore=" + notBefore.getTime());
+ long long_days = (millisDiff / 1000) / 86400;
+ CMS.debug("ValidityConstraint: long_days: " + long_days);
+ int days = (int) long_days;
+ CMS.debug("ValidityConstraint: days: " + days);
if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) {
- throw new ERejectException(CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_VALIDITY_OUT_OF_RANGE",
- Integer.toString(days)));
+ throw new ERejectException(
+ CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_VALIDITY_OUT_OF_RANGE",
+ Integer.toString(days)));
}
- // 613828
- // The validity field shall specify a notBefore value
- // that does not precede the current time and a notAfter
- // value that does not precede the value specified in
- // notBefore (test can be automated; try entering violating
+ // 613828
+ // The validity field shall specify a notBefore value
+ // that does not precede the current time and a notAfter
+ // value that does not precede the value specified in
+ // notBefore (test can be automated; try entering violating
// time values and check result).
String notBeforeCheckStr = getConfig(CONFIG_CHECK_NOT_BEFORE);
boolean notBeforeCheck;
@@ -167,7 +168,7 @@ public class ValidityConstraint extends EnrollConstraint {
if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) {
notBeforeCheckStr = "false";
}
- notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue();
+ notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue();
String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER);
boolean notAfterCheck;
@@ -175,34 +176,43 @@ public class ValidityConstraint extends EnrollConstraint {
if (notAfterCheckStr == null || notAfterCheckStr.equals("")) {
notAfterCheckStr = "false";
}
- notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue();
+ notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue();
String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD);
- if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) {
+ if (notBeforeGracePeriodStr == null
+ || notBeforeGracePeriodStr.equals("")) {
notBeforeGracePeriodStr = "0";
}
- long notBeforeGracePeriod = Long.parseLong(notBeforeGracePeriodStr) * SECS_IN_MS;
+ long notBeforeGracePeriod = Long.parseLong(notBeforeGracePeriodStr)
+ * SECS_IN_MS;
Date current = CMS.getCurrentDate();
if (notBeforeCheck) {
if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) {
- CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + "+
- "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")");
- throw new ERejectException(CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT"));
+ CMS.debug("ValidityConstraint: notBefore (" + notBefore
+ + ") > current + " + "gracePeriod ("
+ + new Date(current.getTime() + notBeforeGracePeriod)
+ + ")");
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT"));
}
}
if (notAfterCheck) {
if (notAfter.getTime() < current.getTime()) {
- CMS.debug("ValidityConstraint: notAfter (" + notAfter + ") < current + (" + current + ")");
- throw new ERejectException(CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_NOT_AFTER_BEFORE_CURRENT"));
+ CMS.debug("ValidityConstraint: notAfter (" + notAfter
+ + ") < current + (" + current + ")");
+ throw new ERejectException(CMS.getUserMessage(
+ getLocale(request),
+ "CMS_PROFILE_NOT_AFTER_BEFORE_CURRENT"));
}
}
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", getConfig(CONFIG_RANGE));
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT",
+ getConfig(CONFIG_RANGE));
}
public boolean isApplicable(IPolicyDefault def) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
index 6f73cd52..5f248197 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates Authuority Info Access extension.
- *
+ * This class implements an enrollment default policy that populates Authuority
+ * Info Access extension.
+ *
* @version $Revision$, $Date$
*/
public class AuthInfoAccessExtDefault extends EnrollExtDefault {
@@ -89,30 +87,29 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
return num;
}
-
+
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
refreshConfigAndValueNames();
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
int num = 0;
if (name.equals(CONFIG_NUM_ADS)) {
- try {
- num = Integer.parseInt(value);
+ try {
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_AD || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
+ if (num >= MAX_NUM_AD || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
"CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
- }
-
- } catch (Exception e) {
+ }
+
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
- }
- }
+ "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
+ }
+ }
super.setConfig(name, value);
}
@@ -122,7 +119,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
}
protected void refreshConfigAndValueNames() {
- //refesh our config name list
+ // refesh our config name list
super.refreshConfigAndValueNames();
mConfigNames.removeAllElements();
@@ -142,89 +139,79 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
}
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.startsWith(CONFIG_AD_METHOD)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD"));
} else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) {
- return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
- "URIName",
- CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE"));
+ return new Descriptor(
+ IDescriptor.CHOICE,
+ "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
+ "URIName", CMS.getUserMessage(locale,
+ "CMS_PROFILE_AD_LOCATIONTYPE"));
} else if (name.startsWith(CONFIG_AD_LOCATION)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION"));
} else if (name.startsWith(CONFIG_AD_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE"));
} else if (name.startsWith(CONFIG_NUM_ADS)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS"));
- }
+ }
return null;
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_GENERAL_NAMES)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
AuthInfoAccessExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
-
AuthInfoAccessExtension a = new AuthInfoAccessExtension(false);
ObjectIdentifier oid = a.getExtensionId();
- ext = (AuthInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info);
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
-
+
if (name.equals(VAL_CRITICAL)) {
- ext = (AuthInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (AuthInfoAccessExtension) getExtension(oid.toString(),
+ info);
boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null)
- {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_GENERAL_NAMES)) {
+ ext.setCritical(val);
+ } else if (name.equals(VAL_GENERAL_NAMES)) {
- ext = (AuthInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (AuthInfoAccessExtension) getExtension(oid.toString(),
+ info);
- if(ext == null)
- {
+ if (ext == null) {
return;
}
boolean critical = ext.isCritical();
@@ -260,73 +247,76 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
GeneralName gn = null;
if (locationType != null || location != null) {
- GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location);
+ GeneralNameInterface interface1 = parseGeneralName(locationType
+ + ":" + location);
if (interface1 == null)
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", locationType));
+ throw new EPropertyException(
+ CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY",
+ locationType));
gn = new GeneralName(interface1);
}
-
+
if (method != null) {
try {
- ext.addAccessDescription(new ObjectIdentifier(method), gn);
+ ext.addAccessDescription(new ObjectIdentifier(
+ method), gn);
} catch (NumberFormatException ee) {
- CMS.debug("AuthInfoAccessExtDefault: "+ee.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_PROFILE_DEF_AIA_OID", method));
+ CMS.debug("AuthInfoAccessExtDefault: "
+ + ee.toString());
+ throw new EPropertyException(
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_AIA_OID",
+ method));
}
}
}
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(ext.getExtensionId().toString(), ext, info);
} catch (IOException e) {
CMS.debug("AuthInfoAccessExtDefault: " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (EProfileException e) {
CMS.debug("AuthInfoAccessExtDefault: " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
AuthInfoAccessExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
AuthInfoAccessExtension a = new AuthInfoAccessExtension(false);
- ObjectIdentifier oid = a.getExtensionId();
+ ObjectIdentifier oid = a.getExtensionId();
- ext = (AuthInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (AuthInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info);
if (ext == null) {
return null;
@@ -336,20 +326,19 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_GENERAL_NAMES)) {
+ } else if (name.equals(VAL_GENERAL_NAMES)) {
- ext = (AuthInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (AuthInfoAccessExtension) getExtension(oid.toString(), info);
if (ext == null)
return "";
int num = getNumAds();
-
+
CMS.debug("AuthInfoAccess num=" + num);
Vector recs = new Vector();
- for (int i = 0; i < num; i++) {
+ for (int i = 0; i < num; i++) {
NameValuePairs np = new NameValuePairs();
AccessDescription des = null;
@@ -363,7 +352,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
np.add(AD_ENABLE, "false");
} else {
ObjectIdentifier methodOid = des.getMethod();
- GeneralName gn = des.getLocation();
+ GeneralName gn = des.getLocation();
np.add(AD_METHOD, methodOid.toString());
np.add(AD_LOCATION_TYPE, getGeneralNameType(gn));
@@ -375,8 +364,8 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
return buildRecords(recs);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -402,7 +391,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
ads.append(getConfig(CONFIG_AD_ENABLE + i));
ads.append("}");
}
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT",
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT",
getConfig(CONFIG_CRITICAL), ads.toString());
}
@@ -410,14 +399,14 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
AuthInfoAccessExtension ext = createExtension();
addExtension(ext.getExtensionId().toString(), ext, info);
}
public AuthInfoAccessExtension createExtension() {
- AuthInfoAccessExtension ext = null;
+ AuthInfoAccessExtension ext = null;
int num = getNumAds();
try {
@@ -439,22 +428,24 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
String hostname = CMS.getEENonSSLHost();
String port = CMS.getEENonSSLPort();
if (hostname != null && port != null)
- // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp";
- location = "http://"+hostname+":"+port+"/ca/ocsp";
+ // location =
+ // "http://"+hostname+":"+port+"/ocsp/ee/ocsp";
+ location = "http://" + hostname + ":" + port
+ + "/ca/ocsp";
}
}
String s = locationType + ":" + location;
GeneralNameInterface gn = parseGeneralName(s);
if (gn != null) {
- ext.addAccessDescription(new ObjectIdentifier(method),
- new GeneralName(gn));
+ ext.addAccessDescription(new ObjectIdentifier(method),
+ new GeneralName(gn));
}
}
}
} catch (Exception e) {
- CMS.debug("AuthInfoAccessExtDefault: createExtension " +
- e.toString());
+ CMS.debug("AuthInfoAccessExtDefault: createExtension "
+ + e.toString());
}
return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
index a308e2eb..f95b9d23 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Locale;
@@ -35,11 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy that
- * populates subject name based on the attribute values
- * in the authentication token (AuthToken) object.
+ * This class implements an enrollment default policy that populates subject
+ * name based on the attribute values in the authentication token (AuthToken)
+ * object.
*
* @version $Revision$, $Date$
*/
@@ -53,7 +51,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -66,67 +64,66 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
CMS.debug("AuthTokenSubjectNameDefault: begins");
if (name == null) {
throw new EPropertyException(CMS.getUserMessage(locale,
- "CMS_INVALID_PROPERTY", name));
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
X500Name x500name = null;
try {
x500name = new X500Name(value);
- CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString());
+ CMS.debug("AuthTokenSubjectNameDefault: setValue x500name="
+ + x500name.toString());
} catch (IOException e) {
- CMS.debug("AuthTokenSubjectNameDefault: setValue " +
- e.toString());
+ CMS.debug("AuthTokenSubjectNameDefault: setValue "
+ + e.toString());
// failed to build x500 name
}
- CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString());
+ CMS.debug("AuthTokenSubjectNameDefault: setValue name="
+ + x500name.toString());
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(x500name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ x500name));
} catch (Exception e) {
// failed to insert subject name
- CMS.debug("AuthTokenSubjectNameDefault: setValue " +
- e.toString());
+ CMS.debug("AuthTokenSubjectNameDefault: setValue "
+ + e.toString());
}
} else {
throw new EPropertyException(CMS.getUserMessage(locale,
- "CMS_INVALID_PROPERTY", name));
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null)
throw new EPropertyException("Invalid name " + name);
if (name.equals(VAL_NAME)) {
CertificateSubjectName sn = null;
try {
- sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
return sn.toString();
} catch (Exception e) {
// nothing
- CMS.debug("AuthTokenSubjectNameDefault: getValue " +
- e.toString());
+ CMS.debug("AuthTokenSubjectNameDefault: getValue "
+ + e.toString());
}
throw new EPropertyException(CMS.getUserMessage(locale,
- "CMS_INVALID_PROPERTY", name));
+ "CMS_INVALID_PROPERTY", name));
} else {
throw new EPropertyException(CMS.getUserMessage(locale,
- "CMS_INVALID_PROPERTY", name));
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale,
+ return CMS.getUserMessage(locale,
"CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME");
}
@@ -134,7 +131,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
// authenticate the subject name and populate it
// to the certinfo
@@ -142,13 +139,14 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
X500Name name = new X500Name(
request.getExtDataInString(IProfileAuthenticator.AUTHENTICATED_NAME));
- CMS.debug("AuthTokenSubjectNameDefault: X500Name=" + name.toString());
+ CMS.debug("AuthTokenSubjectNameDefault: X500Name="
+ + name.toString());
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("AuthTokenSubjectNameDefault: " + e.toString());
throw new EProfileException(CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+ "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
index 869deed2..3115ba19 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Locale;
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates Authority Key Identifier extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates Authority
+ * Key Identifier extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
@@ -56,69 +53,62 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY, null, CMS.getUserMessage(locale,
- "CMS_PROFILE_CRITICAL"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_KEY_ID)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY, null, CMS.getUserMessage(locale,
- "CMS_PROFILE_KEY_ID"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_CRITICAL)) {
// do nothing for read only value
} else if (name.equals(VAL_KEY_ID)) {
// do nothing for read only value
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
+ AuthorityKeyIdentifierExtension ext = (AuthorityKeyIdentifierExtension) getExtension(
+ PKIXExtensions.AuthorityKey_Id.toString(), info);
- AuthorityKeyIdentifierExtension ext =
- (AuthorityKeyIdentifierExtension) getExtension(
- PKIXExtensions.AuthorityKey_Id.toString(), info);
-
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ CMS.debug("BasicConstraintsExtDefault: getValue "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext =
- (AuthorityKeyIdentifierExtension) getExtension(
+ ext = (AuthorityKeyIdentifierExtension) getExtension(
PKIXExtensions.AuthorityKey_Id.toString(), info);
if (ext == null) {
@@ -130,8 +120,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
return "false";
}
} else if (name.equals(VAL_KEY_ID)) {
- ext =
- (AuthorityKeyIdentifierExtension) getExtension(
+ ext = (AuthorityKeyIdentifierExtension) getExtension(
PKIXExtensions.AuthorityKey_Id.toString(), info);
if (ext == null) {
@@ -141,18 +130,18 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
KeyIdentifier kid = null;
try {
- kid = (KeyIdentifier)
- ext.get(AuthorityKeyIdentifierExtension.KEY_ID);
+ kid = (KeyIdentifier) ext
+ .get(AuthorityKeyIdentifierExtension.KEY_ID);
} catch (IOException e) {
//
CMS.debug(e.toString());
}
- if (kid == null)
+ if (kid == null)
return "";
return toHexString(kid.getIdentifier());
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -164,7 +153,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
AuthorityKeyIdentifierExtension ext = createExtension(info);
addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info);
@@ -174,9 +163,9 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
KeyIdentifier kid = null;
String localKey = getConfig("localKey");
if (localKey != null && localKey.equals("true")) {
- kid = getKeyIdentifier(info);
+ kid = getKeyIdentifier(info);
} else {
- kid = getCAKeyIdentifier();
+ kid = getCAKeyIdentifier();
}
if (kid == null)
@@ -186,8 +175,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
try {
ext = new AuthorityKeyIdentifierExtension(false, kid, null, null);
} catch (IOException e) {
- CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " +
- e.toString());
+ CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension "
+ + e.toString());
}
return ext;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
index 7ab05d75..d6867225 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.util.Locale;
import netscape.security.x509.X509CertInfo;
@@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that automatically assign request to agent.
- *
+ * This class implements an enrollment default policy that automatically assign
+ * request to agent.
+ *
* @version $Revision$, $Date$
*/
public class AutoAssignDefault extends EnrollDefault {
@@ -48,15 +46,14 @@ public class AutoAssignDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_ASSIGN_TO)) {
- return new Descriptor(IDescriptor.STRING,
- null, "admin", CMS.getUserMessage(locale,
- "CMS_PROFILE_AUTO_ASSIGN"));
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_ASSIGN_TO)) {
+ return new Descriptor(IDescriptor.STRING, null, "admin",
+ CMS.getUserMessage(locale, "CMS_PROFILE_AUTO_ASSIGN"));
} else {
return null;
}
@@ -66,30 +63,28 @@ public class AutoAssignDefault extends EnrollDefault {
return null;
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
return null;
}
public String getText(Locale locale) {
return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN",
- getConfig(CONFIG_ASSIGN_TO));
+ getConfig(CONFIG_ASSIGN_TO));
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
try {
- request.setRequestOwner(
- mapPattern(request, getConfig(CONFIG_ASSIGN_TO)));
+ request.setRequestOwner(mapPattern(request,
+ getConfig(CONFIG_ASSIGN_TO)));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("AutoAssignDefault: populate " + e.toString());
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
index 8c5d8094..bde77c7b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Locale;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates Basic Constraint extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates Basic
+ * Constraint extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class BasicConstraintsExtDefault extends EnrollExtDefault {
@@ -64,22 +61,19 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_IS_CA)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
} else if (name.equals(CONFIG_PATH_LEN)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "-1",
+ return new Descriptor(IDescriptor.INTEGER, null, "-1",
CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN"));
}
return null;
@@ -87,66 +81,60 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_IS_CA)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
} else if (name.equals(VAL_PATH_LEN)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "-1",
+ return new Descriptor(IDescriptor.INTEGER, null, "-1",
CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
BasicConstraintsExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+ ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
- if(ext == null)
- {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
if (name.equals(VAL_CRITICAL)) {
- ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
- boolean val = Boolean.valueOf(value).booleanValue();
+ ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
+ boolean val = Boolean.valueOf(value).booleanValue();
-
- if(ext == null) {
+ if (ext == null) {
return;
}
ext.setCritical(val);
} else if (name.equals(VAL_IS_CA)) {
- ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
- if(ext == null) {
+ ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
+ if (ext == null) {
return;
}
Boolean isCA = Boolean.valueOf(value);
ext.set(BasicConstraintsExtension.IS_CA, isCA);
} else if (name.equals(VAL_PATH_LEN)) {
- ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+ ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
- if(ext == null) {
+ if (ext == null) {
return;
}
Integer pathLen = Integer.valueOf(value);
@@ -156,48 +144,47 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
throw new EPropertyException("Invalid name " + name);
}
replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(),
- ext, info);
- } catch (IOException e) {
+ ext, info);
+ } catch (IOException e) {
CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (EProfileException e) {
CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
try {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- BasicConstraintsExtension ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+ BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one ");
-
- try {
- populate(null,info);
+
+ try {
+ populate(null, info);
} catch (EProfileException e) {
- CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ CMS.debug("BasicConstraintsExtDefault: getValue "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+ ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
if (ext == null) {
return null;
@@ -208,87 +195,85 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
return "false";
}
} else if (name.equals(VAL_IS_CA)) {
- ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+ ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
+ Boolean isCA = (Boolean) ext
+ .get(BasicConstraintsExtension.IS_CA);
return isCA.toString();
} else if (name.equals(VAL_PATH_LEN)) {
- ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+ ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
if (ext == null) {
return null;
}
- Integer pathLen = (Integer)
- ext.get(BasicConstraintsExtension.PATH_LEN);
-
+ Integer pathLen = (Integer) ext
+ .get(BasicConstraintsExtension.PATH_LEN);
String pLen = null;
pLen = pathLen.toString();
- if(pLen.equals("-2"))
- {
- //This is done for bug 621700. Profile constraints actually checks for -1
- //The low level security class for some reason sets this to -2
- //This will allow the request to be approved successfuly by the agent.
+ if (pLen.equals("-2")) {
+ // This is done for bug 621700. Profile constraints actually
+ // checks for -1
+ // The low level security class for some reason sets this to
+ // -2
+ // This will allow the request to be approved successfuly by
+ // the agent.
- pLen = "-1";
+ pLen = "-1";
}
-
+
CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen);
-
+
return pLen;
-
- } else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ } else {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} catch (IOException e) {
CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_IS_CA),
- getConfig(CONFIG_PATH_LEN)
- };
+ String params[] = { getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_IS_CA), getConfig(CONFIG_PATH_LEN) };
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_BASIC_CONSTRAINTS_EXT", params);
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_BASIC_CONSTRAINTS_EXT", params);
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
BasicConstraintsExtension ext = createExtension();
- addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext,
- info);
+ addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext, info);
}
public BasicConstraintsExtension createExtension() {
BasicConstraintsExtension ext = null;
- boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue();
+ boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL))
+ .booleanValue();
boolean isCA = Boolean.valueOf(getConfig(CONFIG_IS_CA)).booleanValue();
String pathLenStr = getConfig(CONFIG_PATH_LEN);
int pathLen = -2;
-
- if(!pathLenStr.equals("") ) {
+ if (!pathLenStr.equals("")) {
pathLen = Integer.valueOf(pathLenStr).intValue();
}
@@ -296,8 +281,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
try {
ext = new BasicConstraintsExtension(isCA, critical, pathLen);
} catch (Exception e) {
- CMS.debug("BasicConstraintsExtDefault: createExtension " +
- e.toString());
+ CMS.debug("BasicConstraintsExtDefault: createExtension "
+ + e.toString());
return null;
}
ext.setCritical(critical);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
index 4b883f7f..b9376c82 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -34,12 +33,10 @@ import netscape.security.x509.X509Key;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.ca.ICertificateAuthority;
-
/**
- * This class implements an abstract CA specific
- * Enrollment default. This policy can only be
- * used with CA subsystem.
- *
+ * This class implements an abstract CA specific Enrollment default. This policy
+ * can only be used with CA subsystem.
+ *
* @version $Revision$, $Date$
*/
public abstract class CAEnrollDefault extends EnrollDefault {
@@ -48,8 +45,8 @@ public abstract class CAEnrollDefault extends EnrollDefault {
public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
try {
- CertificateX509Key ckey = (CertificateX509Key)
- info.get(X509CertInfo.KEY);
+ CertificateX509Key ckey = (CertificateX509Key) info
+ .get(X509CertInfo.KEY);
X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY);
MessageDigest md = MessageDigest.getInstance("SHA-1");
@@ -58,36 +55,35 @@ public abstract class CAEnrollDefault extends EnrollDefault {
return new KeyIdentifier(hash);
} catch (IOException e) {
- CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
- e.toString());
+ CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId "
+ + e.toString());
} catch (CertificateException e) {
- CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
- e.toString());
+ CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId "
+ + e.toString());
} catch (NoSuchAlgorithmException e) {
- CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
- e.toString());
+ CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId "
+ + e.toString());
}
return null;
}
public KeyIdentifier getCAKeyIdentifier() {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
X509CertImpl caCert = ca.getCACert();
if (caCert == null) {
- // during configuration, we dont have the CA certificate
- return null;
+ // during configuration, we dont have the CA certificate
+ return null;
}
X509Key key = (X509Key) caCert.getPublicKey();
- SubjectKeyIdentifierExtension subjKeyIdExt =
- (SubjectKeyIdentifierExtension)
- caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString());
+ SubjectKeyIdentifierExtension subjKeyIdExt = (SubjectKeyIdentifierExtension) caCert
+ .getExtension(PKIXExtensions.SubjectKey_Id.toString());
if (subjKeyIdExt != null) {
try {
- KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get(
- SubjectKeyIdentifierExtension.KEY_ID);
- return keyId;
+ KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt
+ .get(SubjectKeyIdentifierExtension.KEY_ID);
+ return keyId;
} catch (IOException e) {
}
}
@@ -100,8 +96,8 @@ public abstract class CAEnrollDefault extends EnrollDefault {
return new KeyIdentifier(hash);
} catch (NoSuchAlgorithmException e) {
- CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
- e.toString());
+ CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId "
+ + e.toString());
}
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
index 8bf4c75f..94bc7ca9 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.text.ParsePosition;
import java.text.SimpleDateFormat;
@@ -39,21 +38,19 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements a CA signing cert enrollment default policy
- * that populates a server-side configurable validity
- * into the certificate template.
+ * This class implements a CA signing cert enrollment default policy that
+ * populates a server-side configurable validity into the certificate template.
* It allows an agent to bypass the CA's signing cert's expiration constraint
*/
public class CAValidityDefault extends EnrollDefault {
public static final String CONFIG_RANGE = "range";
public static final String CONFIG_START_TIME = "startTime";
- public static final String CONFIG_BYPASS_CA_NOTAFTER= "bypassCAnotafter";
+ public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
public static final String VAL_NOT_BEFORE = "notBefore";
public static final String VAL_NOT_AFTER = "notAfter";
- public static final String VAL_BYPASS_CA_NOTAFTER= "bypassCAnotafter";
+ public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
@@ -72,47 +69,41 @@ public class CAValidityDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
- mCA = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ mCA = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (name.equals(CONFIG_RANGE)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_RANGE));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_RANGE));
+ }
} else if (name.equals(CONFIG_START_TIME)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
+ }
}
super.setConfig(name, value);
}
public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_RANGE)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- "2922", /* 8 years */
- CMS.getUserMessage(locale,
- "CMS_PROFILE_VALIDITY_RANGE"));
+ return new Descriptor(IDescriptor.STRING, null, "2922", /* 8 years */
+ CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE"));
} else if (name.equals(CONFIG_START_TIME)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- "60", /* 1 minute */
- CMS.getUserMessage(locale,
- "CMS_PROFILE_VALIDITY_START_TIME"));
+ return new Descriptor(IDescriptor.STRING, null, "60", /* 1 minute */
+ CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME"));
} else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
+ return new Descriptor(
+ IDescriptor.BOOLEAN,
+ null,
"false",
CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER"));
@@ -129,7 +120,9 @@ public class CAValidityDefault extends EnrollDefault {
return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
} else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
+ return new Descriptor(
+ IDescriptor.BOOLEAN,
+ null,
"false",
CMS.getUserMessage(locale, "CMS_PROFILE_BYPASS_CA_NOTAFTER"));
} else {
@@ -137,90 +130,87 @@ public class CAValidityDefault extends EnrollDefault {
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- if (value == null || value.equals("")) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (value == null || value.equals("")) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- CMS.debug("CAValidityDefault: setValue name= "+ name);
+ CMS.debug("CAValidityDefault: setValue name= " + name);
if (name.equals(VAL_NOT_BEFORE)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
ParsePosition pos = new ParsePosition(0);
Date date = formatter.parse(value, pos);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- validity.set(CertificateValidity.NOT_BEFORE,
- date);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ validity.set(CertificateValidity.NOT_BEFORE, date);
} catch (Exception e) {
CMS.debug("CAValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_NOT_AFTER)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
ParsePosition pos = new ParsePosition(0);
Date date = formatter.parse(value, pos);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- validity.set(CertificateValidity.NOT_AFTER,
- date);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ validity.set(CertificateValidity.NOT_AFTER, date);
} catch (Exception e) {
CMS.debug("CAValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue();
- CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="+ bypassCAvalidity);
+ CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="
+ + bypassCAvalidity);
- BasicConstraintsExtension ext = (BasicConstraintsExtension)
- getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+ BasicConstraintsExtension ext = (BasicConstraintsExtension) getExtension(
+ PKIXExtensions.BasicConstraints_Id.toString(), info);
- if(ext == null) {
+ if (ext == null) {
CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert.");
return;
}
try {
- Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
- if(isCA.booleanValue() != true) {
+ Boolean isCA = (Boolean) ext
+ .get(BasicConstraintsExtension.IS_CA);
+ if (isCA.booleanValue() != true) {
CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert.");
return;
}
} catch (Exception e) {
- CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."+ e.toString());
+ CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."
+ + e.toString());
return;
}
CertificateValidity validity = null;
Date notAfter = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER);
} catch (Exception e) {
CMS.debug("CAValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
// not to exceed CA's expiration
- Date caNotAfter =
- mCA.getSigningUnit().getCertImpl().getNotAfter();
+ Date caNotAfter = mCA.getSigningUnit().getCertImpl().getNotAfter();
if (notAfter.after(caNotAfter)) {
if (bypassCAvalidity == false) {
@@ -231,86 +221,80 @@ public class CAValidityDefault extends EnrollDefault {
}
}
try {
- validity.set(CertificateValidity.NOT_AFTER,
- notAfter);
+ validity.set(CertificateValidity.NOT_AFTER, notAfter);
} catch (Exception e) {
CMS.debug("CAValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
-
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null)
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
- CMS.debug("CAValidityDefault: getValue: name= "+ name);
+ CMS.debug("CAValidityDefault: getValue: name= " + name);
if (name.equals(VAL_NOT_BEFORE)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- return formatter.format((Date)
- validity.get(CertificateValidity.NOT_BEFORE));
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ return formatter.format((Date) validity
+ .get(CertificateValidity.NOT_BEFORE));
} catch (Exception e) {
CMS.debug("CAValidityDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_NOT_AFTER)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- return formatter.format((Date)
- validity.get(CertificateValidity.NOT_AFTER));
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ return formatter.format((Date) validity
+ .get(CertificateValidity.NOT_AFTER));
} catch (Exception e) {
CMS.debug("CAValidityDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
return "false";
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_RANGE),
- getConfig(CONFIG_BYPASS_CA_NOTAFTER)
- };
+ String params[] = { getConfig(CONFIG_RANGE),
+ getConfig(CONFIG_BYPASS_CA_NOTAFTER) };
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params);
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params);
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
// always + 60 seconds
String startTimeStr = getConfig(CONFIG_START_TIME);
try {
- startTimeStr = mapPattern(request, startTimeStr);
+ startTimeStr = mapPattern(request, startTimeStr);
} catch (IOException e) {
CMS.debug("CAValidityDefault: populate " + e.toString());
}
@@ -319,32 +303,33 @@ public class CAValidityDefault extends EnrollDefault {
startTimeStr = "60";
}
int startTime = Integer.parseInt(startTimeStr);
- Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime));
+ Date notBefore = new Date(CMS.getCurrentDate().getTime()
+ + (1000 * startTime));
long notAfterVal = 0;
try {
String rangeStr = getConfig(CONFIG_RANGE);
rangeStr = mapPattern(request, rangeStr);
- notAfterVal = notBefore.getTime() +
- (mDefault * Integer.parseInt(rangeStr));
+ notAfterVal = notBefore.getTime()
+ + (mDefault * Integer.parseInt(rangeStr));
} catch (Exception e) {
// configured value is not correct
CMS.debug("CAValidityDefault: populate " + e.toString());
- throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_INVALID_PROPERTY", CONFIG_RANGE));
}
Date notAfter = new Date(notAfterVal);
- CertificateValidity validity =
- new CertificateValidity(notBefore, notAfter);
+ CertificateValidity validity = new CertificateValidity(notBefore,
+ notAfter);
try {
info.set(X509CertInfo.VALIDITY, validity);
} catch (Exception e) {
// failed to insert subject name
CMS.debug("CAValidityDefault: populate " + e.toString());
- throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
index 6dfb24c1..796c9760 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -45,12 +44,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a CRL Distribution points extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a CRL
+ * Distribution points extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
@@ -84,32 +81,30 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
refreshConfigAndValueNames();
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
int num = 0;
if (name.equals(CONFIG_NUM_POINTS)) {
- try {
- num = Integer.parseInt(value);
+ try {
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_POINTS || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
+ if (num >= MAX_NUM_POINTS || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
"CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
- }
+ }
- } catch (Exception e) {
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
+ }
}
super.setConfig(name, value);
}
-
public Enumeration getConfigNames() {
refreshConfigAndValueNames();
return super.getConfigNames();
@@ -147,44 +142,36 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
}
}
- if (num >= MAX_NUM_POINTS)
+ if (num >= MAX_NUM_POINTS)
num = DEF_NUM_POINTS;
return num;
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_CRITICAL)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.startsWith(CONFIG_POINT_TYPE)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE"));
} else if (name.startsWith(CONFIG_POINT_NAME)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME"));
} else if (name.startsWith(CONFIG_REASONS)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_REASONS"));
} else if (name.startsWith(CONFIG_ISSUER_TYPE)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE"));
} else if (name.startsWith(CONFIG_ISSUER_NAME)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME"));
} else if (name.startsWith(CONFIG_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- null,
+ return new Descriptor(IDescriptor.BOOLEAN, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
} else if (name.startsWith(CONFIG_NUM_POINTS)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS"));
} else {
@@ -193,61 +180,56 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
- if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ if (name.equals(VAL_CRITICAL)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
CRLDistributionPointsExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (CRLDistributionPointsExtension)
- getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
- info);
+ ext = (CRLDistributionPointsExtension) getExtension(
+ PKIXExtensions.CRLDistributionPoints_Id.toString(), info);
- if(ext == null) {
- populate(locale,info);
+ if (ext == null) {
+ populate(locale, info);
}
if (name.equals(VAL_CRITICAL)) {
- ext = (CRLDistributionPointsExtension)
- getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
- info);
+ ext = (CRLDistributionPointsExtension) getExtension(
+ PKIXExtensions.CRLDistributionPoints_Id.toString(),
+ info);
boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null)
- {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
- ext = (CRLDistributionPointsExtension)
- getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
- info);
-
- if(ext == null)
- {
+ ext.setCritical(val);
+ } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
+ ext = (CRLDistributionPointsExtension) getExtension(
+ PKIXExtensions.CRLDistributionPoints_Id.toString(),
+ info);
+
+ if (ext == null) {
return;
}
Vector v = parseRecords(value);
int size = v.size();
-
+
boolean critical = ext.isCritical();
int i = 0;
@@ -265,7 +247,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
String name1 = (String) names.nextElement();
if (name1.equals(REASONS)) {
- addReasons(locale, cdp, REASONS, nvps.getValue(name1));
+ addReasons(locale, cdp, REASONS,
+ nvps.getValue(name1));
} else if (name1.equals(POINT_TYPE)) {
pointType = nvps.getValue(name1);
} else if (name1.equals(POINT_NAME)) {
@@ -285,7 +268,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
if (issuerType != null)
addIssuer(locale, cdp, issuerType, issuerValue);
- // this is the first distribution point
+ // this is the first distribution point
if (i == 0) {
ext = new CRLDistributionPointsExtension(cdp);
ext.setCritical(critical);
@@ -295,51 +278,52 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
}
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
- ext, info);
+ replaceExtension(
+ PKIXExtensions.CRLDistributionPoints_Id.toString(), ext,
+ info);
} catch (EProfileException e) {
- CMS.debug("CRLDistributionPointsExtDefault: setValue " +
- e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ CMS.debug("CRLDistributionPointsExtDefault: setValue "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type,
- String value) throws EPropertyException {
+ private void addCRLPoint(Locale locale, CRLDistributionPoint cdp,
+ String type, String value) throws EPropertyException {
try {
if (value == null || value.length() == 0)
return;
-
+
if (type.equals(RELATIVETOISSUER)) {
cdp.setRelativeName(new RDN(value));
} else if (isGeneralNameType(type)) {
GeneralNames gen = new GeneralNames();
- gen.addElement(parseGeneralName(type,value));
+ gen.addElement(parseGeneralName(type, value));
cdp.setFullName(gen);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", type));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", type));
}
} catch (IOException e) {
- CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " +
- e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", type));
+ CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", type));
} catch (GeneralNamesException e) {
- CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " +
- e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", type));
+ CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", type));
}
}
- private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type,
- String value) throws EPropertyException {
+ private void addIssuer(Locale locale, CRLDistributionPoint cdp,
+ String type, String value) throws EPropertyException {
if (value == null || value.length() == 0)
return;
try {
@@ -349,20 +333,20 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
gen.addElement(parseGeneralName(type, value));
cdp.setCRLIssuer(gen);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", type));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", type));
}
} catch (IOException e) {
- CMS.debug("CRLDistributionPointsExtDefault: addIssuer " +
- e.toString());
+ CMS.debug("CRLDistributionPointsExtDefault: addIssuer "
+ + e.toString());
} catch (GeneralNamesException e) {
- CMS.debug("CRLDistributionPointsExtDefault: addIssuer " +
- e.toString());
+ CMS.debug("CRLDistributionPointsExtDefault: addIssuer "
+ + e.toString());
}
}
- private void addReasons(Locale locale, CRLDistributionPoint cdp, String type,
- String value) throws EPropertyException {
+ private void addReasons(Locale locale, CRLDistributionPoint cdp,
+ String type, String value) throws EPropertyException {
if (value == null || value.length() == 0)
return;
if (type.equals(REASONS)) {
@@ -375,56 +359,52 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
Reason r = Reason.fromString(s);
if (r == null) {
- CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s);
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", s));
+ CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: "
+ + s);
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", s));
} else {
reasonBits |= r.getBitMask();
}
}
if (reasonBits != 0) {
- BitArray ba = new BitArray(8, new byte[] {reasonBits}
- );
+ BitArray ba = new BitArray(8, new byte[] { reasonBits });
cdp.setReasons(ba);
}
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", type));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", type));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
CRLDistributionPointsExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (CRLDistributionPointsExtension)
- getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
- info);
+ ext = (CRLDistributionPointsExtension) getExtension(
+ PKIXExtensions.CRLDistributionPoints_Id.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(locale,info);
+ populate(locale, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (CRLDistributionPointsExtension)
- getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
- info);
+ ext = (CRLDistributionPointsExtension) getExtension(
+ PKIXExtensions.CRLDistributionPoints_Id.toString(), info);
if (ext == null) {
return null;
@@ -434,10 +414,9 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
- ext = (CRLDistributionPointsExtension)
- getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
- info);
+ } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
+ ext = (CRLDistributionPointsExtension) getExtension(
+ PKIXExtensions.CRLDistributionPoints_Id.toString(), info);
if (ext == null)
return "";
@@ -451,7 +430,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
NameValuePairs pairs = null;
if (i < ext.getNumPoints()) {
- CRLDistributionPoint p = ext.getPointAt(i);
+ CRLDistributionPoint p = ext.getPointAt(i);
GeneralNames gns = p.getFullName();
pairs = buildGeneralNames(gns, p);
@@ -461,11 +440,11 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
recs.addElement(pairs);
}
}
-
+
return buildRecords(recs);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -481,8 +460,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
return pairs;
}
- protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p)
- throws EPropertyException {
+ protected NameValuePairs buildGeneralNames(GeneralNames gns,
+ CRLDistributionPoint p) throws EPropertyException {
NameValuePairs pairs = new NameValuePairs();
@@ -551,14 +530,14 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
if (reasons != null) {
byte[] b = reasons.toByteArray();
Reason[] reasonArray = Reason.bitArrayToReasonArray(b);
-
+
for (int i = 0; i < reasonArray.length; i++) {
if (sb.length() > 0)
sb.append(",");
sb.append(reasonArray[i].getName());
}
}
-
+
return sb.toString();
}
@@ -589,39 +568,39 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
sb.append(getConfig(CONFIG_ENABLE + i));
sb.append("}");
}
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT",
- getConfig(CONFIG_CRITICAL),
- sb.toString());
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT",
+ getConfig(CONFIG_CRITICAL), sb.toString());
}
/**
* Populates the request with this policy default.
*/
private void populate(Locale locale, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
CRLDistributionPointsExtension ext = createExtension(locale);
if (ext == null)
return;
- addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
- ext, info);
+ addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), ext,
+ info);
}
+
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
CRLDistributionPointsExtension ext = createExtension(request);
if (ext == null)
return;
- addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
- ext, info);
+ addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), ext,
+ info);
}
public CRLDistributionPointsExtension createExtension(IRequest request) {
- CRLDistributionPointsExtension ext = null;
+ CRLDistributionPointsExtension ext = null;
int num = 0;
try {
@@ -631,8 +610,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
for (int i = 0; i < num; i++) {
CRLDistributionPoint cdp = new CRLDistributionPoint();
- String enable = getConfig(CONFIG_ENABLE + i);
- String pointType = getConfig(CONFIG_POINT_TYPE + i);
+ String enable = getConfig(CONFIG_ENABLE + i);
+ String pointType = getConfig(CONFIG_POINT_TYPE + i);
String pointName = getConfig(CONFIG_POINT_NAME + i);
String reasons = getConfig(CONFIG_REASONS + i);
String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
@@ -640,11 +619,13 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
if (enable != null && enable.equals("true")) {
if (pointType != null)
- addCRLPoint(getLocale(request), cdp, pointType, pointName);
+ addCRLPoint(getLocale(request), cdp, pointType,
+ pointName);
if (issuerType != null)
- addIssuer(getLocale(request), cdp, issuerType, issuerName);
+ addIssuer(getLocale(request), cdp, issuerType,
+ issuerName);
if (reasons != null)
- addReasons(getLocale(request), cdp, REASONS, reasons);
+ addReasons(getLocale(request), cdp, REASONS, reasons);
if (i == 0) {
ext = new CRLDistributionPointsExtension(cdp);
@@ -655,8 +636,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
}
}
} catch (Exception e) {
- CMS.debug("CRLDistribtionPointsExtDefault: createExtension " +
- e.toString());
+ CMS.debug("CRLDistribtionPointsExtDefault: createExtension "
+ + e.toString());
CMS.debug(e);
}
@@ -697,8 +678,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
}
}
} catch (Exception e) {
- CMS.debug("CRLDistribtionPointsExtDefault: createExtension " +
- e.toString());
+ CMS.debug("CRLDistribtionPointsExtDefault: createExtension "
+ + e.toString());
CMS.debug(e);
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
index 14eec785..f707c152 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
@@ -1,4 +1,3 @@
-
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
@@ -18,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -49,10 +47,9 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
/**
- * This class implements an enrollment default policy
- * that populates a policy mappings extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a policy
+ * mappings extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class CertificatePoliciesExtDefault extends EnrollExtDefault {
@@ -122,33 +119,31 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
refreshConfigAndValueNames();
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
int num = 0;
if (name.equals(CONFIG_POLICY_NUM)) {
- try {
- num = Integer.parseInt(value);
+ try {
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_POLICIES || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
+ if (num >= MAX_NUM_POLICIES || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
"CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM));
- }
+ }
- } catch (Exception e) {
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM));
+ }
}
super.setConfig(name, value);
}
-
public Enumeration getConfigNames() {
refreshConfigAndValueNames();
return super.getConfigNames();
@@ -166,67 +161,69 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
int numQualifiers = getNumQualifiers();
addConfigName(CONFIG_POLICY_NUM);
-
+
for (int i = 0; i < num; i++) {
- addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID);
- addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE);
- for (int j=0; j<numQualifiers; j++) {
- addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE);
- addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
- addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE);
- addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG);
- addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
- addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+ addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
+ addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
+ for (int j = 0; j < numQualifiers; j++) {
+ addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
+ addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
+ addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_CPSURI_VALUE);
+ addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
+ addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
+ addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
}
}
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.indexOf(CONFIG_POLICY_ID) >= 0) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID"));
} else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE"));
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE"));
} else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE"));
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE"));
} else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_CERTIFICATE_POLICY_ENABLE"));
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_CERTIFICATE_POLICY_ENABLE"));
} else if (name.indexOf(CONFIG_POLICY_QUALIFIERS_NUM) >= 0) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
- CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_NUM"));
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_POLICY_QUALIFIER_NUM"));
} else if (name.indexOf(CONFIG_USERNOTICE_ORG) >= 0) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_ORG"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_POLICY_USERNOTICE_REF_ORG"));
} else if (name.indexOf(CONFIG_USERNOTICE_NUMBERS) >= 0) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_REF_NUMBERS"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_POLICY_USERNOTICE_REF_NUMBERS"));
} else if (name.indexOf(CONFIG_USERNOTICE_TEXT) >= 0) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_USERNOTICE_EXPLICIT_TEXT"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_POLICY_USERNOTICE_EXPLICIT_TEXT"));
} else if (name.indexOf(CONFIG_CPSURI_VALUE) >= 0) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI"));
} else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "5",
- CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES"));
+ return new Descriptor(IDescriptor.INTEGER, null, "5",
+ CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES"));
}
return null;
}
@@ -234,12 +231,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_POLICY_QUALIFIERS)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIERS"));
}
return null;
@@ -253,126 +248,143 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
int index = token.indexOf(":");
if (index <= 0)
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", token));
+ "CMS_INVALID_PROPERTY", token));
String name = token.substring(0, index);
String val = "";
- if ((token.length()-1) > index) {
- val = token.substring(index+1);
+ if ((token.length() - 1) > index) {
+ val = token.substring(index + 1);
}
table.put(name, val);
- }
-
+ }
+
return table;
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
CertificatePoliciesExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_CRITICAL)) {
- ext = (CertificatePoliciesExtension)
- getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
- info);
+ ext = (CertificatePoliciesExtension) getExtension(
+ PKIXExtensions.CertificatePolicies_Id.toString(), info);
boolean val = Boolean.valueOf(value).booleanValue();
- ext.setCritical(val);
- } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
- ext = (CertificatePoliciesExtension)
- getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
- info);
-
+ ext.setCritical(val);
+ } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
+ ext = (CertificatePoliciesExtension) getExtension(
+ PKIXExtensions.CertificatePolicies_Id.toString(), info);
+
Hashtable h = buildRecords(value);
- String numStr = (String)h.get(CONFIG_POLICY_NUM);
+ String numStr = (String) h.get(CONFIG_POLICY_NUM);
int size = Integer.parseInt(numStr);
Vector certificatePolicies = new Vector();
for (int i = 0; i < size; i++) {
- String enable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE);
+ String enable = (String) h.get(CONFIG_PREFIX + i
+ + SEPARATOR + CONFIG_POLICY_ENABLE);
CertificatePolicyInfo cinfo = null;
if (enable != null && enable.equals("true")) {
- String policyId = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID);
+ String policyId = (String) h.get(CONFIG_PREFIX + i
+ + SEPARATOR + CONFIG_POLICY_ID);
- if (policyId == null || policyId.length() == 0)
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
+ if (policyId == null || policyId.length() == 0)
+ throw new EPropertyException(
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
CertificatePolicyId cpolicyId = getPolicyId(policyId);
- String qualifersNum = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM);
+ String qualifersNum = (String) h.get(CONFIG_PREFIX + i
+ + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
PolicyQualifiers policyQualifiers = new PolicyQualifiers();
int num = 0;
if (qualifersNum != null && qualifersNum.length() > 0)
num = Integer.parseInt(qualifersNum);
- for (int j=0; j<num; j++) {
- String cpsuriEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE);
- String usernoticeEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
- if (cpsuriEnable != null && cpsuriEnable.equals("true")) {
- String cpsuri = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE);
+ for (int j = 0; j < num; j++) {
+ String cpsuriEnable = (String) h.get(CONFIG_PREFIX
+ + i + SEPARATOR + CONFIG_PREFIX1 + j
+ + SEPARATOR + CONFIG_CPSURI_ENABLE);
+ String usernoticeEnable = (String) h
+ .get(CONFIG_PREFIX + i + SEPARATOR
+ + CONFIG_PREFIX1 + j + SEPARATOR
+ + CONFIG_USERNOTICE_ENABLE);
+ if (cpsuriEnable != null
+ && cpsuriEnable.equals("true")) {
+ String cpsuri = (String) h.get(CONFIG_PREFIX
+ + i + SEPARATOR + CONFIG_PREFIX1 + j
+ + SEPARATOR + CONFIG_CPSURI_VALUE);
netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri);
if (qualifierInfo != null)
- policyQualifiers.add(qualifierInfo);
- } else if (usernoticeEnable != null && enable.equals("true")) {
- String org = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG);
- String noticenumbers = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
- String explicitText = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT);
- netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org,
- noticenumbers, explicitText);
+ policyQualifiers.add(qualifierInfo);
+ } else if (usernoticeEnable != null
+ && enable.equals("true")) {
+ String org = (String) h.get(CONFIG_PREFIX + i
+ + SEPARATOR + CONFIG_PREFIX1 + j
+ + SEPARATOR + CONFIG_USERNOTICE_ORG);
+ String noticenumbers = (String) h
+ .get(CONFIG_PREFIX + i + SEPARATOR
+ + CONFIG_PREFIX1 + j
+ + SEPARATOR
+ + CONFIG_USERNOTICE_NUMBERS);
+ String explicitText = (String) h
+ .get(CONFIG_PREFIX + i + SEPARATOR
+ + CONFIG_PREFIX1 + j
+ + SEPARATOR
+ + CONFIG_USERNOTICE_TEXT);
+ netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(
+ org, noticenumbers, explicitText);
if (qualifierInfo != null)
- policyQualifiers.add(qualifierInfo);
+ policyQualifiers.add(qualifierInfo);
}
}
if (policyQualifiers.size() <= 0) {
- cinfo =
- new CertificatePolicyInfo(cpolicyId);
+ cinfo = new CertificatePolicyInfo(cpolicyId);
} else {
- cinfo =
- new CertificatePolicyInfo(cpolicyId, policyQualifiers);
+ cinfo = new CertificatePolicyInfo(cpolicyId,
+ policyQualifiers);
}
if (cinfo != null)
- certificatePolicies.addElement(cinfo);
+ certificatePolicies.addElement(cinfo);
}
}
ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
- ext, info);
+ ext, info);
} catch (EProfileException e) {
CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (IOException e) {
CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
CertificatePoliciesExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_CRITICAL)) {
- ext = (CertificatePoliciesExtension)
- getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
- info);
+ ext = (CertificatePoliciesExtension) getExtension(
+ PKIXExtensions.CertificatePolicies_Id.toString(), info);
if (ext == null) {
return null;
@@ -382,10 +394,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
- ext = (CertificatePoliciesExtension)
- getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
- info);
+ } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
+ ext = (CertificatePoliciesExtension) getExtension(
+ PKIXExtensions.CertificatePolicies_Id.toString(), info);
if (ext == null)
return "";
@@ -399,7 +410,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
sb.append("\n");
Vector infos = null;
try {
- infos = (Vector)(ext.get(CertificatePoliciesExtension.INFOS));
+ infos = (Vector) (ext.get(CertificatePoliciesExtension.INFOS));
} catch (IOException ee) {
}
Enumeration policies = ext.getElements();
@@ -409,70 +420,79 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
String policyId = "";
String policyEnable = "false";
PolicyQualifiers qualifiers = null;
- if (infos.size() > 0) {
- CertificatePolicyInfo cinfo =
- (CertificatePolicyInfo) infos.elementAt(0);
-
- CertificatePolicyId id1 = cinfo.getPolicyIdentifier();
+ if (infos.size() > 0) {
+ CertificatePolicyInfo cinfo = (CertificatePolicyInfo) infos
+ .elementAt(0);
+
+ CertificatePolicyId id1 = cinfo.getPolicyIdentifier();
policyId = id1.getIdentifier().toString();
policyEnable = "true";
qualifiers = cinfo.getPolicyQualifiers();
if (qualifiers != null)
- qSize = qualifiers.size();
+ qSize = qualifiers.size();
infos.removeElementAt(0);
}
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
sb.append(":");
sb.append(policyEnable);
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
sb.append(":");
sb.append(policyId);
sb.append("\n");
-
+
if (qSize == 0) {
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR
+ + CONFIG_POLICY_QUALIFIERS_NUM);
sb.append(":");
sb.append(DEF_NUM_QUALIFIERS);
sb.append("\n");
} else {
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR
+ + CONFIG_POLICY_QUALIFIERS_NUM);
sb.append(":");
sb.append(qSize);
sb.append("\n");
}
if (qSize == 0) {
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_ENABLE);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE);
sb.append(":");
sb.append("false");
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_VALUE);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + "0" + SEPARATOR + CONFIG_CPSURI_VALUE);
sb.append(":");
sb.append("");
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
sb.append(":");
sb.append("false");
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ORG);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG);
sb.append(":");
sb.append("");
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
sb.append(":");
sb.append("");
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT);
sb.append(":");
sb.append("");
sb.append("\n");
}
- for (int j=0; j<qSize; j++) {
- netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j);
+ for (int j = 0; j < qSize; j++) {
+ netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers
+ .getInfoAt(j);
ObjectIdentifier oid = qinfo.getId();
Qualifier qualifier = qinfo.getQualifier();
-
+
String cpsuriEnable = "false";
String usernoticeEnable = "false";
String cpsuri = "";
@@ -480,18 +500,23 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
StringBuffer noticeNum = new StringBuffer();
String explicitText = "";
- if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) {
+ if (oid.toString().equals(
+ netscape.security.x509.PolicyQualifierInfo.QT_CPS
+ .toString())) {
cpsuriEnable = "true";
- CPSuri content = (CPSuri)qualifier;
- cpsuri = content.getURI();
- } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) {
+ CPSuri content = (CPSuri) qualifier;
+ cpsuri = content.getURI();
+ } else if (oid
+ .toString()
+ .equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE
+ .toString())) {
usernoticeEnable = "true";
- UserNotice content = (UserNotice)qualifier;
+ UserNotice content = (UserNotice) qualifier;
NoticeReference ref = content.getNoticeReference();
if (ref != null) {
org = ref.getOrganization().getText();
int[] nums = ref.getNumbers();
- for (int k=0; k<nums.length; k++) {
+ for (int k = 0; k < nums.length; k++) {
if (k != 0) {
noticeNum.append(",");
noticeNum.append(nums[k]);
@@ -504,27 +529,33 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
explicitText = displayText.getText();
}
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
sb.append(":");
sb.append(cpsuriEnable);
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_CPSURI_VALUE);
sb.append(":");
sb.append(cpsuri);
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
sb.append(":");
sb.append(usernoticeEnable);
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
sb.append(":");
sb.append(org);
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
sb.append(":");
sb.append(noticeNum.toString());
sb.append("\n");
- sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+ sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1
+ + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
sb.append(":");
sb.append(explicitText);
sb.append("\n");
@@ -532,8 +563,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
} // end of for loop
return sb.toString();
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -551,7 +582,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
sb.append(",");
for (int i = 0; i < num; i++) {
sb.append("{");
- IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i);
+ IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX
+ + i);
String enable = substore.getString(CONFIG_POLICY_ENABLE, "");
sb.append(POLICY_ID_ENABLE + ":");
sb.append(enable);
@@ -560,34 +592,41 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
sb.append(POLICY_ID + ":");
sb.append(policyId);
sb.append(",");
- String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, "");
- sb.append(CONFIG_POLICY_QUALIFIERS_NUM+":");
+ String qualifiersNum = substore.getString(
+ CONFIG_POLICY_QUALIFIERS_NUM, "");
+ sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":");
sb.append(qualifiersNum);
sb.append(",");
- for (int j=0; j<num1; j++) {
- IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j);
+ for (int j = 0; j < num1; j++) {
+ IConfigStore substore1 = substore
+ .getSubStore(CONFIG_PREFIX1 + j);
sb.append("{");
- String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, "");
+ String cpsuriEnable = substore1.getString(
+ CONFIG_CPSURI_ENABLE, "");
sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":");
sb.append(cpsuriEnable);
sb.append(",");
- String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, "");
- sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE+ ":");
+ String usernoticeEnable = substore1.getString(
+ CONFIG_USERNOTICE_ENABLE, "");
+ sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":");
sb.append(usernoticeEnable);
sb.append(",");
String org = substore1.getString(CONFIG_USERNOTICE_ORG, "");
sb.append(USERNOTICE_REF_ORG + ":");
sb.append(org);
sb.append(",");
- String refNums = substore1.getString(CONFIG_USERNOTICE_NUMBERS, "");
+ String refNums = substore1.getString(
+ CONFIG_USERNOTICE_NUMBERS, "");
sb.append(USERNOTICE_REF_NUMBERS + ":");
sb.append(refNums);
sb.append(",");
- String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT, "");
+ String explicitText = substore1.getString(
+ CONFIG_USERNOTICE_TEXT, "");
sb.append(USERNOTICE_EXPLICIT_TEXT + ":");
sb.append(explicitText);
sb.append(",");
- String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, "");
+ String cpsuri = substore1
+ .getString(CONFIG_CPSURI_VALUE, "");
sb.append(CPSURI + ":");
sb.append(cpsuri);
sb.append("}");
@@ -595,9 +634,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
sb.append("}");
}
sb.append("}");
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT",
- getConfig(CONFIG_CRITICAL), sb.toString());
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT",
+ getConfig(CONFIG_CRITICAL), sb.toString());
} catch (Exception e) {
return "";
}
@@ -607,127 +646,144 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
CertificatePoliciesExtension ext = createExtension();
if (ext == null)
return;
- addExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
- ext, info);
+ addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), ext,
+ info);
}
- public CertificatePoliciesExtension createExtension()
- throws EProfileException {
- CertificatePoliciesExtension ext = null;
+ public CertificatePoliciesExtension createExtension()
+ throws EProfileException {
+ CertificatePoliciesExtension ext = null;
try {
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
Vector certificatePolicies = new Vector();
int num = getNumPolicies();
- CMS.debug("CertificatePoliciesExtension: createExtension: number of policies="+num);
+ CMS.debug("CertificatePoliciesExtension: createExtension: number of policies="
+ + num);
IConfigStore config = getConfigStore();
- for (int i = 0; i < num; i++) {
+ for (int i = 0; i < num; i++) {
IConfigStore basesubstore = config.getSubStore("params");
- IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i);
+ IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX
+ + i);
String enable = substore.getString(CONFIG_POLICY_ENABLE);
- CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" enable="+enable);
+ CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "
+ + i + " enable=" + enable);
if (enable != null && enable.equals("true")) {
String policyId = substore.getString(CONFIG_POLICY_ID);
CertificatePolicyId cpolicyId = getPolicyId(policyId);
- CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" policyId="+policyId);
+ CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "
+ + i + " policyId=" + policyId);
int qualifierNum = getNumQualifiers();
PolicyQualifiers policyQualifiers = new PolicyQualifiers();
- for (int j=0; j<qualifierNum; j++) {
- IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j);
- String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE);
- String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE);
+ for (int j = 0; j < qualifierNum; j++) {
+ IConfigStore substore1 = substore
+ .getSubStore(CONFIG_PREFIX1 + j);
+ String cpsuriEnable = substore1
+ .getString(CONFIG_CPSURI_ENABLE);
+ String usernoticeEnable = substore1
+ .getString(CONFIG_USERNOTICE_ENABLE);
if (cpsuriEnable != null && cpsuriEnable.equals("true")) {
- String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, "");
- netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri);
+ String cpsuri = substore1.getString(
+ CONFIG_CPSURI_VALUE, "");
+ netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri);
if (qualifierInfo != null)
- policyQualifiers.add(qualifierInfo);
- } else if (usernoticeEnable != null &&
- usernoticeEnable.equals("true")) {
-
- String org = substore1.getString(CONFIG_USERNOTICE_ORG);
- String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS);
- String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT);
- netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org,
- noticenumbers, explicitText);
+ policyQualifiers.add(qualifierInfo);
+ } else if (usernoticeEnable != null
+ && usernoticeEnable.equals("true")) {
+
+ String org = substore1
+ .getString(CONFIG_USERNOTICE_ORG);
+ String noticenumbers = substore1
+ .getString(CONFIG_USERNOTICE_NUMBERS);
+ String explicitText = substore1
+ .getString(CONFIG_USERNOTICE_TEXT);
+ netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(
+ org, noticenumbers, explicitText);
if (qualifierInfo != null)
policyQualifiers.add(qualifierInfo);
}
}
-
+
CertificatePolicyInfo info = null;
if (policyQualifiers.size() <= 0) {
- info =
- new CertificatePolicyInfo(cpolicyId);
+ info = new CertificatePolicyInfo(cpolicyId);
} else {
- info =
- new CertificatePolicyInfo(cpolicyId, policyQualifiers);
+ info = new CertificatePolicyInfo(cpolicyId,
+ policyQualifiers);
}
-
+
if (info != null)
- certificatePolicies.addElement(info);
+ certificatePolicies.addElement(info);
}
}
- ext = new CertificatePoliciesExtension(critical, certificatePolicies);
+ ext = new CertificatePoliciesExtension(critical,
+ certificatePolicies);
} catch (EPropertyException e) {
throw new EProfileException(e.toString());
} catch (EProfileException e) {
throw e;
} catch (Exception e) {
- CMS.debug("CertificatePoliciesExtDefault: createExtension " +
- e.toString());
+ CMS.debug("CertificatePoliciesExtDefault: createExtension "
+ + e.toString());
}
return ext;
}
- private CertificatePolicyId getPolicyId (String policyId) throws EPropertyException {
+ private CertificatePolicyId getPolicyId(String policyId)
+ throws EPropertyException {
if (policyId == null || policyId.length() == 0)
- throw new EPropertyException(CMS.getUserMessage(
- "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
+ throw new EPropertyException(
+ CMS.getUserMessage("CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
CertificatePolicyId cpolicyId = null;
try {
cpolicyId = new CertificatePolicyId(
- ObjectIdentifier.getObjectIdentifier(policyId));
+ ObjectIdentifier.getObjectIdentifier(policyId));
return cpolicyId;
} catch (Exception e) {
- throw new EPropertyException(CMS.getUserMessage(
- "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId));
+ throw new EPropertyException(
+ CMS.getUserMessage(
+ "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR",
+ policyId));
}
}
- private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException {
- if (uri == null || uri.length() == 0)
- throw new EPropertyException(CMS.getUserMessage(
- "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI"));
+ private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri)
+ throws EPropertyException {
+ if (uri == null || uri.length() == 0)
+ throw new EPropertyException(
+ CMS.getUserMessage("CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI"));
+
+ CPSuri cpsURI = new CPSuri(uri);
+ netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 = new netscape.security.x509.PolicyQualifierInfo(
+ netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI);
- CPSuri cpsURI = new CPSuri(uri);
- netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 =
- new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI);
-
return policyQualifierInfo2;
}
- private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization,
- String noticeText, String noticeNums) throws EPropertyException {
-
- if ((organization == null || organization.length() == 0) &&
- (noticeNums == null || noticeNums.length() == 0) &&
- (noticeText == null || noticeText.length() == 0))
+ private netscape.security.x509.PolicyQualifierInfo createUserNotice(
+ String organization, String noticeText, String noticeNums)
+ throws EPropertyException {
+
+ if ((organization == null || organization.length() == 0)
+ && (noticeNums == null || noticeNums.length() == 0)
+ && (noticeText == null || noticeText.length() == 0))
return null;
DisplayText explicitText = null;
- if (noticeText != null && noticeText.length() > 0)
- explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText);
+ if (noticeText != null && noticeText.length() > 0)
+ explicitText = new DisplayText(DisplayText.tag_VisibleString,
+ noticeText);
int nums[] = null;
if (noticeNums != null && noticeNums.length() > 0) {
@@ -751,8 +807,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
DisplayText orgName = null;
if (organization != null && organization.length() > 0) {
- orgName =
- new DisplayText(DisplayText.tag_VisibleString, organization);
+ orgName = new DisplayText(DisplayText.tag_VisibleString,
+ organization);
}
NoticeReference noticeReference = null;
@@ -762,10 +818,11 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
UserNotice userNotice = null;
if (explicitText != null || noticeReference != null) {
- userNotice = new UserNotice (noticeReference, explicitText);
+ userNotice = new UserNotice(noticeReference, explicitText);
- netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 =
- new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice);
+ netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 = new netscape.security.x509.PolicyQualifierInfo(
+ netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE,
+ userNotice);
return policyQualifierInfo1;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
index f3b68594..bd3e3f2e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
@@ -34,10 +34,9 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
/**
- * This class implements an enrollment default policy
- * that populates a Netscape comment extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Netscape
+ * comment extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class CertificateVersionDefault extends EnrollExtDefault {
@@ -54,71 +53,67 @@ public class CertificateVersionDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_VERSION)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "3",
+ return new Descriptor(IDescriptor.INTEGER, null, "3",
CMS.getUserMessage(locale, "CMS_PROFILE_VERSION"));
} else {
return null;
}
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (name.equals(CONFIG_VERSION)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_VERSION));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_VERSION));
+ }
}
super.setConfig(name, value);
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_VERSION)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "3",
+ return new Descriptor(IDescriptor.INTEGER, null, "3",
CMS.getUserMessage(locale, "CMS_PROFILE_VERSION"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- if (name.equals(VAL_VERSION)) {
+ if (name.equals(VAL_VERSION)) {
if (value == null || value.equals(""))
- throw new EPropertyException(name+" cannot be empty");
+ throw new EPropertyException(name + " cannot be empty");
else {
- int version = Integer.valueOf(value).intValue()-1;
-
+ int version = Integer.valueOf(value).intValue() - 1;
+
if (version == CertificateVersion.V1)
- info.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V1));
+ info.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V1));
else if (version == CertificateVersion.V2)
- info.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V2));
+ info.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V2));
else if (version == CertificateVersion.V3)
- info.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ info.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} catch (IOException e) {
CMS.debug("CertificateVersionDefault: setValue " + e.toString());
@@ -127,67 +122,65 @@ public class CertificateVersionDefault extends EnrollExtDefault {
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- if (name.equals(VAL_VERSION)) {
+ if (name.equals(VAL_VERSION)) {
CertificateVersion v = null;
- try {
- v = (CertificateVersion)info.get(
- X509CertInfo.VERSION);
+ try {
+ v = (CertificateVersion) info.get(X509CertInfo.VERSION);
} catch (Exception e) {
}
if (v == null)
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
int version = v.compare(0);
-
- return ""+(version+1);
+
+ return "" + (version + 1);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_VERSION)
- };
+ String params[] = { getConfig(CONFIG_VERSION) };
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_CERT_VERSION", params);
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_CERT_VERSION",
+ params);
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
String v = getConfig(CONFIG_VERSION);
- int version = Integer.valueOf(v).intValue()-1;
-
+ int version = Integer.valueOf(v).intValue() - 1;
+
try {
if (version == CertificateVersion.V1)
- info.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V1));
+ info.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V1));
else if (version == CertificateVersion.V2)
- info.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V2));
+ info.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V2));
else if (version == CertificateVersion.V3)
- info.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ info.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
else {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION));
+ getLocale(request), "CMS_INVALID_PROPERTY",
+ CONFIG_VERSION));
}
} catch (IOException e) {
} catch (CertificateException e) {
- }
+ }
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
index b5afc1c7..8538266b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
@@ -60,13 +60,13 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
* This class implements an enrollment default policy.
- *
+ *
* @version $Revision$, $Date$
*/
-public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault {
+public abstract class EnrollDefault implements IPolicyDefault,
+ ICertInfoPolicyDefault {
public static final String PROP_NAME = "name";
@@ -98,8 +98,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
mConfigNames.addElement(name);
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (mConfig.getSubStore("params") == null) {
//
} else {
@@ -120,19 +119,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
mConfig = config;
}
/**
* Retrieves the localizable description of this policy.
- *
+ *
* @param locale locale of the end user
* @return localized description of this default policy
*/
public abstract String getText(Locale locale);
-
public IConfigStore getConfigStore() {
return mConfig;
}
@@ -147,60 +145,54 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
/**
* Populates attributes into the certificate template.
- *
+ *
* @param request enrollment request
* @param info certificate template
- * @exception EProfileException failed to populate attributes
- * into request
+ * @exception EProfileException failed to populate attributes into request
*/
public abstract void populate(IRequest request, X509CertInfo info)
- throws EProfileException;
+ throws EProfileException;
/**
* Sets values from the approval page into certificate template.
- *
+ *
* @param name name of the attribute
* @param locale user locale
* @param info certificate template
* @param value attribute value
- * @exception EProfileException failed to set attributes
- * into request
+ * @exception EProfileException failed to set attributes into request
*/
- public abstract void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException;
+ public abstract void setValue(String name, Locale locale,
+ X509CertInfo info, String value) throws EPropertyException;
/**
- * Retrieves certificate template values and returns them to
- * the approval page.
- *
+ * Retrieves certificate template values and returns them to the approval
+ * page.
+ *
* @param name name of the attribute
* @param locale user locale
* @param info certificate template
- * @exception EProfileException failed to get attributes
- * from request
+ * @exception EProfileException failed to get attributes from request
*/
- public abstract String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException;
+ public abstract String getValue(String name, Locale locale,
+ X509CertInfo info) throws EPropertyException;
/**
* Populates the request with this policy default.
- *
- * The current implementation extracts enrollment specific attributes
- * and calls the populate() method of the subclass.
- *
+ *
+ * The current implementation extracts enrollment specific attributes and
+ * calls the populate() method of the subclass.
+ *
* @param request request to be populated
* @exception EProfileException failed to populate
*/
- public void populate(IRequest request)
- throws EProfileException {
+ public void populate(IRequest request) throws EProfileException {
String name = getClass().getName();
name = name.substring(name.lastIndexOf('.') + 1);
CMS.debug(name + ": populate start");
- X509CertInfo info =
- request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+ X509CertInfo info = request
+ .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
populate(request, info);
@@ -222,21 +214,20 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
/**
* Sets the value of the given value property by name.
- *
- * The current implementation extracts enrollment specific attributes
- * and calls the setValue() method of the subclass.
- *
+ *
+ * The current implementation extracts enrollment specific attributes and
+ * calls the setValue() method of the subclass.
+ *
* @param name name of property
* @param locale locale of the end user
* @param request request
* @param value value to be set in the given request
* @exception EPropertyException failed to set property
*/
- public void setValue(String name, Locale locale, IRequest request,
- String value)
- throws EPropertyException {
- X509CertInfo info =
- request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+ public void setValue(String name, Locale locale, IRequest request,
+ String value) throws EPropertyException {
+ X509CertInfo info = request
+ .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
setValue(name, locale, info, value);
@@ -244,21 +235,20 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
}
/**
- * Retrieves the value of the given value
- * property by name.
- *
- * The current implementation extracts enrollment specific attributes
- * and calls the getValue() method of the subclass.
- *
+ * Retrieves the value of the given value property by name.
+ *
+ * The current implementation extracts enrollment specific attributes and
+ * calls the getValue() method of the subclass.
+ *
* @param name name of property
* @param locale locale of the end user
* @param request request
* @exception EPropertyException failed to get property
*/
public String getValue(String name, Locale locale, IRequest request)
- throws EPropertyException {
- X509CertInfo info =
- request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+ throws EPropertyException {
+ X509CertInfo info = request
+ .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
String value = getValue(name, locale, info);
request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info);
@@ -279,16 +269,15 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
}
protected void refreshConfigAndValueNames() {
- mConfigNames.removeAllElements();
- mValueNames.removeAllElements();
+ mConfigNames.removeAllElements();
+ mValueNames.removeAllElements();
}
protected void deleteExtension(String name, X509CertInfo info) {
CertificateExtensions exts = null;
try {
- exts = (CertificateExtensions)
- info.get(X509CertInfo.EXTENSIONS);
+ exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
if (exts == null)
return;
Enumeration e = exts.getNames();
@@ -310,8 +299,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
CertificateExtensions exts = null;
try {
- exts = (CertificateExtensions)
- info.get(X509CertInfo.EXTENSIONS);
+ exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
} catch (Exception e) {
CMS.debug("EnrollDefault: getExtension " + e.toString());
}
@@ -336,23 +324,24 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
}
protected void addExtension(String name, Extension ext, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
if (ext == null) {
throw new EProfileException("extension not found");
}
CertificateExtensions exts = null;
- Extension alreadyPresentExtension = getExtension(name,info);
+ Extension alreadyPresentExtension = getExtension(name, info);
if (alreadyPresentExtension != null) {
String eName = ext.toString();
- CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: " + eName);
- throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION",eName));
+ CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name: "
+ + eName);
+ throw new EProfileException(CMS.getUserMessage(
+ "CMS_PROFILE_DUPLICATE_EXTENSION", eName));
}
try {
- exts = (CertificateExtensions)
- info.get(X509CertInfo.EXTENSIONS);
+ exts = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
} catch (Exception e) {
CMS.debug("EnrollDefault: " + e.toString());
}
@@ -366,8 +355,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
}
}
- protected void replaceExtension(String name, Extension ext, X509CertInfo info)
- throws EProfileException {
+ protected void replaceExtension(String name, Extension ext,
+ X509CertInfo info) throws EProfileException {
deleteExtension(name, info);
addExtension(name, ext, info);
}
@@ -392,65 +381,62 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
return getInt(getConfig(value));
}
- protected boolean isGeneralNameValid(String name)
- {
+ protected boolean isGeneralNameValid(String name) {
if (name == null)
- return false;
+ return false;
int pos = name.indexOf(':');
if (pos == -1)
- return false;
+ return false;
String nameType = name.substring(0, pos).trim();
String nameValue = name.substring(pos + 1).trim();
if (nameValue.equals(""))
- return false;
+ return false;
return true;
}
protected GeneralNameInterface parseGeneralName(String name)
- throws IOException {
+ throws IOException {
int pos = name.indexOf(':');
if (pos == -1)
- return null;
+ return null;
String nameType = name.substring(0, pos).trim();
String nameValue = name.substring(pos + 1).trim();
return parseGeneralName(nameType, nameValue);
}
- protected boolean isGeneralNameType(String nameType)
- {
+ protected boolean isGeneralNameType(String nameType) {
if (nameType.equalsIgnoreCase("RFC822Name")) {
- return true;
+ return true;
}
if (nameType.equalsIgnoreCase("DNSName")) {
- return true;
+ return true;
}
if (nameType.equalsIgnoreCase("x400")) {
- return true;
+ return true;
}
if (nameType.equalsIgnoreCase("DirectoryName")) {
- return true;
+ return true;
}
if (nameType.equalsIgnoreCase("EDIPartyName")) {
- return true;
+ return true;
}
if (nameType.equalsIgnoreCase("URIName")) {
- return true;
+ return true;
}
if (nameType.equalsIgnoreCase("IPAddress")) {
- return true;
+ return true;
}
if (nameType.equalsIgnoreCase("OIDName")) {
- return true;
+ return true;
}
if (nameType.equalsIgnoreCase("OtherName")) {
- return true;
+ return true;
}
return false;
}
- protected GeneralNameInterface parseGeneralName(String nameType, String nameValue)
- throws IOException
- {
+ protected GeneralNameInterface parseGeneralName(String nameType,
+ String nameValue) throws IOException {
if (nameType.equalsIgnoreCase("RFC822Name")) {
return new RFC822Name(nameValue);
}
@@ -458,7 +444,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
return new DNSName(nameValue);
}
if (nameType.equalsIgnoreCase("x400")) {
- // XXX
+ // XXX
}
if (nameType.equalsIgnoreCase("DirectoryName")) {
return new X500Name(nameValue);
@@ -476,153 +462,158 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
StringTokenizer st = new StringTokenizer(nameValue, "/");
String addr = st.nextToken();
String netmask = st.nextToken();
- CMS.debug("addr:" + addr +" netmask: "+netmask);
+ CMS.debug("addr:" + addr + " netmask: " + netmask);
return new IPAddressName(addr, netmask);
- } else {
+ } else {
return new IPAddressName(nameValue);
- }
+ }
}
if (nameType.equalsIgnoreCase("OIDName")) {
try {
- // check if OID
- ObjectIdentifier oid = new ObjectIdentifier(nameValue);
+ // check if OID
+ ObjectIdentifier oid = new ObjectIdentifier(nameValue);
} catch (Exception e) {
- return null;
+ return null;
}
return new OIDName(nameValue);
- }
+ }
if (nameType.equals("OtherName")) {
if (nameValue == null || nameValue.length() == 0)
nameValue = " ";
if (nameValue.startsWith("(PrintableString)")) {
- // format: OtherName: (PrintableString)oid,value
- int pos0 = nameValue.indexOf(')');
- int pos1 = nameValue.indexOf(',');
- if (pos1 == -1)
- return null;
- String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
- String on_value = nameValue.substring(pos1 + 1).trim();
- if (isValidOID(on_oid)) {
- return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value);
- } else {
- return null;
- }
+ // format: OtherName: (PrintableString)oid,value
+ int pos0 = nameValue.indexOf(')');
+ int pos1 = nameValue.indexOf(',');
+ if (pos1 == -1)
+ return null;
+ String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+ String on_value = nameValue.substring(pos1 + 1).trim();
+ if (isValidOID(on_oid)) {
+ return new OtherName(new ObjectIdentifier(on_oid),
+ DerValue.tag_PrintableString, on_value);
+ } else {
+ return null;
+ }
} else if (nameValue.startsWith("(KerberosName)")) {
// Syntax: (KerberosName)Realm|NameType|NameString(s)
- int pos0 = nameValue.indexOf(')');
- int pos1 = nameValue.indexOf('|');
- int pos2 = nameValue.lastIndexOf('|');
- String realm = nameValue.substring(pos0 + 1, pos1).trim();
- String name_type = nameValue.substring(pos1 + 1, pos2).trim();
- String name_strings = nameValue.substring(pos2 + 1).trim();
- Vector strings = new Vector();
- StringTokenizer st = new StringTokenizer(name_strings, ",");
- while (st.hasMoreTokens()) {
- strings.addElement(st.nextToken());
- }
- KerberosName name = new KerberosName(realm,
- Integer.parseInt(name_type), strings);
- // krb5 OBJECT IDENTIFIER ::= { iso (1)
- // org (3)
- // dod (6)
- // internet (1)
- // security (5)
- // kerberosv5 (2) }
- // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
- return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME,
- name.toByteArray());
+ int pos0 = nameValue.indexOf(')');
+ int pos1 = nameValue.indexOf('|');
+ int pos2 = nameValue.lastIndexOf('|');
+ String realm = nameValue.substring(pos0 + 1, pos1).trim();
+ String name_type = nameValue.substring(pos1 + 1, pos2).trim();
+ String name_strings = nameValue.substring(pos2 + 1).trim();
+ Vector strings = new Vector();
+ StringTokenizer st = new StringTokenizer(name_strings, ",");
+ while (st.hasMoreTokens()) {
+ strings.addElement(st.nextToken());
+ }
+ KerberosName name = new KerberosName(realm,
+ Integer.parseInt(name_type), strings);
+ // krb5 OBJECT IDENTIFIER ::= { iso (1)
+ // org (3)
+ // dod (6)
+ // internet (1)
+ // security (5)
+ // kerberosv5 (2) }
+ // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
+ return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME,
+ name.toByteArray());
} else if (nameValue.startsWith("(IA5String)")) {
- int pos0 = nameValue.indexOf(')');
- int pos1 = nameValue.indexOf(',');
- if (pos1 == -1)
- return null;
- String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
- String on_value = nameValue.substring(pos1 + 1).trim();
- if (isValidOID(on_oid)) {
- return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value);
- } else {
- return null;
- }
+ int pos0 = nameValue.indexOf(')');
+ int pos1 = nameValue.indexOf(',');
+ if (pos1 == -1)
+ return null;
+ String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+ String on_value = nameValue.substring(pos1 + 1).trim();
+ if (isValidOID(on_oid)) {
+ return new OtherName(new ObjectIdentifier(on_oid),
+ DerValue.tag_IA5String, on_value);
+ } else {
+ return null;
+ }
} else if (nameValue.startsWith("(UTF8String)")) {
- int pos0 = nameValue.indexOf(')');
- int pos1 = nameValue.indexOf(',');
- if (pos1 == -1)
- return null;
- String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
- String on_value = nameValue.substring(pos1 + 1).trim();
- if (isValidOID(on_oid)) {
- return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value);
- } else {
- return null;
- }
+ int pos0 = nameValue.indexOf(')');
+ int pos1 = nameValue.indexOf(',');
+ if (pos1 == -1)
+ return null;
+ String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+ String on_value = nameValue.substring(pos1 + 1).trim();
+ if (isValidOID(on_oid)) {
+ return new OtherName(new ObjectIdentifier(on_oid),
+ DerValue.tag_UTF8String, on_value);
+ } else {
+ return null;
+ }
} else if (nameValue.startsWith("(BMPString)")) {
- int pos0 = nameValue.indexOf(')');
- int pos1 = nameValue.indexOf(',');
- if (pos1 == -1)
- return null;
- String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
- String on_value = nameValue.substring(pos1 + 1).trim();
- if (isValidOID(on_oid)) {
- return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value);
- } else {
- return null;
- }
+ int pos0 = nameValue.indexOf(')');
+ int pos1 = nameValue.indexOf(',');
+ if (pos1 == -1)
+ return null;
+ String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+ String on_value = nameValue.substring(pos1 + 1).trim();
+ if (isValidOID(on_oid)) {
+ return new OtherName(new ObjectIdentifier(on_oid),
+ DerValue.tag_BMPString, on_value);
+ } else {
+ return null;
+ }
} else if (nameValue.startsWith("(Any)")) {
- int pos0 = nameValue.indexOf(')');
- int pos1 = nameValue.indexOf(',');
- if (pos1 == -1)
- return null;
- String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
- String on_value = nameValue.substring(pos1 + 1).trim();
- if (isValidOID(on_oid)) {
- CMS.debug("OID: " + on_oid + " Value:" + on_value);
- return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value));
- } else {
- CMS.debug("Invalid OID " + on_oid);
- return null;
- }
+ int pos0 = nameValue.indexOf(')');
+ int pos1 = nameValue.indexOf(',');
+ if (pos1 == -1)
+ return null;
+ String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+ String on_value = nameValue.substring(pos1 + 1).trim();
+ if (isValidOID(on_oid)) {
+ CMS.debug("OID: " + on_oid + " Value:" + on_value);
+ return new OtherName(new ObjectIdentifier(on_oid),
+ getBytes(on_value));
+ } else {
+ CMS.debug("Invalid OID " + on_oid);
+ return null;
+ }
} else {
- return null;
+ return null;
}
}
return null;
}
-/**
- * Converts string containing pairs of characters in the range of '0'
- * to '9', 'a' to 'f' to an array of bytes such that each pair of
- * characters in the string represents an individual byte
- */
+ /**
+ * Converts string containing pairs of characters in the range of '0' to
+ * '9', 'a' to 'f' to an array of bytes such that each pair of characters in
+ * the string represents an individual byte
+ */
public byte[] getBytes(String string) {
- if (string == null)
- return null;
- int stringLength = string.length();
- if ((stringLength == 0) || ((stringLength % 2) != 0))
- return null;
- byte[] bytes = new byte[ (stringLength / 2) ];
- for (int i = 0, b = 0; i < stringLength; i += 2, ++b) {
- String nextByte = string.substring(i, (i + 2));
- bytes[b] = (byte)Integer.parseInt(nextByte, 0x10);
- }
- return bytes;
+ if (string == null)
+ return null;
+ int stringLength = string.length();
+ if ((stringLength == 0) || ((stringLength % 2) != 0))
+ return null;
+ byte[] bytes = new byte[(stringLength / 2)];
+ for (int i = 0, b = 0; i < stringLength; i += 2, ++b) {
+ String nextByte = string.substring(i, (i + 2));
+ bytes[b] = (byte) Integer.parseInt(nextByte, 0x10);
+ }
+ return bytes;
}
/**
- * Check if a object identifier in string form is valid,
- * that is a string in the form n.n.n.n and der encode and decode-able.
+ * Check if a object identifier in string form is valid, that is a string in
+ * the form n.n.n.n and der encode and decode-able.
+ *
* @param oid object identifier string.
* @return true if the oid is valid
*/
- public boolean isValidOID(String oid)
- {
- ObjectIdentifier v = null;
+ public boolean isValidOID(String oid) {
+ ObjectIdentifier v = null;
try {
v = ObjectIdentifier.getObjectIdentifier(oid);
} catch (Exception e) {
- return false;
+ return false;
}
if (v == null)
- return false;
+ return false;
// if the OID isn't valid (ex. n.n) the error isn't caught til
// encoding time leaving a bad request in the request queue.
@@ -632,7 +623,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
derOut.putOID(v);
new ObjectIdentifier(new DerInputStream(derOut.toByteArray()));
} catch (Exception e) {
- return false;
+ return false;
}
return true;
}
@@ -658,7 +649,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
sb.append("\r\n");
}
sb.append("\r\n");
-
+
}
return sb.toString();
}
@@ -678,7 +669,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
v.addElement(nvps);
try {
token = (String) st.nextToken();
- } catch (NoSuchElementException e) {
+ } catch (NoSuchElementException e) {
v.removeElementAt(num);
CMS.debug(e.toString());
return v;
@@ -688,7 +679,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
if (nvps == null)
throw new EPropertyException("Bad Input Format");
-
+
int pos = token.indexOf(":");
if (pos <= 0) {
@@ -706,8 +697,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
return v;
}
- protected String getGeneralNameType(GeneralName gn)
- throws EPropertyException {
+ protected String getGeneralNameType(GeneralName gn)
+ throws EPropertyException {
int type = gn.getType();
if (type == GeneralNameInterface.NAME_RFC822)
@@ -730,7 +721,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
throw new EPropertyException("Unsupported type: " + type);
}
- protected String getGeneralNameValue(GeneralName gn) throws EPropertyException {
+ protected String getGeneralNameValue(GeneralName gn)
+ throws EPropertyException {
String s = gn.toString();
int type = gn.getType();
@@ -740,7 +732,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
int pos = s.indexOf(":");
if (pos <= 0)
- throw new EPropertyException("Badly formatted general name: " + s);
+ throw new EPropertyException("Badly formatted general name: "
+ + s);
else {
return s.substring(pos + 1).trim();
}
@@ -753,8 +746,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
if (request == null)
return null;
- String language = request.getExtDataInString(
- EnrollProfile.REQUEST_LOCALE);
+ String language = request
+ .getExtDataInString(EnrollProfile.REQUEST_LOCALE);
if (language != null) {
locale = new Locale(language);
}
@@ -762,17 +755,17 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
}
public String toGeneralNameString(GeneralName gn) {
- int type = gn.getType();
+ int type = gn.getType();
// Sun's General Name is not consistent, so we need
// to do a special case for directory string
if (type == GeneralNameInterface.NAME_DIRECTORY) {
- return "DirectoryName: " + gn.toString();
+ return "DirectoryName: " + gn.toString();
}
return gn.toString();
}
protected String mapPattern(IRequest request, String pattern)
- throws IOException {
+ throws IOException {
Pattern p = new Pattern(pattern);
IAttrSet attrSet = null;
if (request != null) {
@@ -781,30 +774,34 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
return p.substitute2("request", attrSet);
}
- protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape)
- {
+ protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
StringBuffer result = new StringBuffer();
// Do we need to escape any characters
for (int i = 0; i < v.length(); i++) {
int c = v.charAt(i);
- if (c == ',' || c == '=' || c == '+' || c == '<' ||
- c == '>' || c == '#' || c == ';' || c == '\r' ||
- c == '\n' || c == '\\' || c == '"') {
- if ((c == 0x5c) && ((i+1) < v.length())) {
- int nextC = v.charAt(i+1);
- if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
- nextC == '<' || nextC == '>' || nextC == '#' ||
- nextC == ';' || nextC == '\r' || nextC == '\n' ||
- nextC == '\\' || nextC == '"')) {
- if (doubleEscape) result.append('\\');
+ if (c == ',' || c == '=' || c == '+' || c == '<' || c == '>'
+ || c == '#' || c == ';' || c == '\r' || c == '\n'
+ || c == '\\' || c == '"') {
+ if ((c == 0x5c) && ((i + 1) < v.length())) {
+ int nextC = v.charAt(i + 1);
+ if ((c == 0x5c)
+ && (nextC == ',' || nextC == '=' || nextC == '+'
+ || nextC == '<' || nextC == '>'
+ || nextC == '#' || nextC == ';'
+ || nextC == '\r' || nextC == '\n'
+ || nextC == '\\' || nextC == '"')) {
+ if (doubleEscape)
+ result.append('\\');
} else {
result.append('\\');
- if (doubleEscape) result.append('\\');
+ if (doubleEscape)
+ result.append('\\');
}
} else {
result.append('\\');
- if (doubleEscape) result.append('\\');
+ if (doubleEscape)
+ result.append('\\');
}
}
if (c == '\r') {
@@ -812,10 +809,10 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
} else if (c == '\n') {
result.append("0A");
} else {
- result.append((char)c);
+ result.append((char) c);
}
}
return result;
}
-
+
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
index 7cf2a359..acdf98b4 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
@@ -17,14 +17,10 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
-
-
/**
- * This class implements an enrollment extension
- * default policy that extension into the certificate
- * template.
- *
+ * This class implements an enrollment extension default policy that extension
+ * into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public abstract class EnrollExtDefault extends EnrollDefault {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
index 62d21cc8..141718cd 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates Extended Key Usage extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates Extended
+ * Key Usage extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
@@ -60,18 +57,16 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_OIDS)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_OIDS"));
}
return null;
@@ -79,8 +74,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_OIDS)) {
return new Descriptor(IDescriptor.STRING_LIST, null, null,
@@ -90,93 +84,87 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
ExtendedKeyUsageExtension ext = null;
+ ext = (ExtendedKeyUsageExtension) getExtension(
+ ExtendedKeyUsageExtension.OID, info);
- ext = (ExtendedKeyUsageExtension)
- getExtension(ExtendedKeyUsageExtension.OID, info);
-
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- }
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ }
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_CRITICAL)) {
- ext = (ExtendedKeyUsageExtension)
- getExtension(ExtendedKeyUsageExtension.OID, info);
- boolean val = Boolean.valueOf(value).booleanValue();
+ ext = (ExtendedKeyUsageExtension) getExtension(
+ ExtendedKeyUsageExtension.OID, info);
+ boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null) {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
+ ext.setCritical(val);
} else if (name.equals(VAL_OIDS)) {
- ext = (ExtendedKeyUsageExtension)
- getExtension(ExtendedKeyUsageExtension.OID, info);
- // ext.deleteAllOIDs();
+ ext = (ExtendedKeyUsageExtension) getExtension(
+ ExtendedKeyUsageExtension.OID, info);
+ // ext.deleteAllOIDs();
StringTokenizer st = new StringTokenizer(value, ",");
- if(ext == null) {
+ if (ext == null) {
return;
}
while (st.hasMoreTokens()) {
String oid = st.nextToken();
- ext.addOID(new ObjectIdentifier(oid));
+ ext.addOID(new ObjectIdentifier(oid));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
try {
replaceExtension(ExtendedKeyUsageExtension.OID, ext, info);
} catch (EProfileException e) {
CMS.debug("ExtendedKeyUsageExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension)
- getExtension(ExtendedKeyUsageExtension.OID, info);
-
+ ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) getExtension(
+ ExtendedKeyUsageExtension.OID, info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (ExtendedKeyUsageExtension)
- getExtension(ExtendedKeyUsageExtension.OID, info);
+ ext = (ExtendedKeyUsageExtension) getExtension(
+ ExtendedKeyUsageExtension.OID, info);
if (ext == null) {
return null;
@@ -187,58 +175,54 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
return "false";
}
} else if (name.equals(VAL_OIDS)) {
- ext = (ExtendedKeyUsageExtension)
- getExtension(ExtendedKeyUsageExtension.OID, info);
+ ext = (ExtendedKeyUsageExtension) getExtension(
+ ExtendedKeyUsageExtension.OID, info);
StringBuffer sb = new StringBuffer();
- if(ext == null) {
+ if (ext == null) {
return "";
}
Enumeration e = ext.getOIDs();
while (e.hasMoreElements()) {
- ObjectIdentifier oid = (ObjectIdentifier)
- e.nextElement();
+ ObjectIdentifier oid = (ObjectIdentifier) e.nextElement();
if (!sb.toString().equals("")) {
sb.append(",");
- }
+ }
sb.append(oid.toString());
}
return sb.toString();
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_OIDS)
- };
+ String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OIDS) };
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params);
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_EXTENDED_KEY_EXT",
+ params);
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
ExtendedKeyUsageExtension ext = createExtension();
addExtension(ExtendedKeyUsageExtension.OID, ext, info);
}
public ExtendedKeyUsageExtension createExtension() {
- ExtendedKeyUsageExtension ext = null;
+ ExtendedKeyUsageExtension ext = null;
try {
ext = new ExtendedKeyUsageExtension();
} catch (Exception e) {
- CMS.debug("ExtendedKeyUsageExtDefault: createExtension " +
- e.toString());
+ CMS.debug("ExtendedKeyUsageExtDefault: createExtension "
+ + e.toString());
}
if (ext == null)
return null;
@@ -250,7 +234,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
while (st.hasMoreTokens()) {
String oid = st.nextToken();
- ext.addOID(new ObjectIdentifier(oid));
+ ext.addOID(new ObjectIdentifier(oid));
}
return ext;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
index 7b9bcd52..a2de8447 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -42,12 +41,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates Freshest CRL extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates Freshest
+ * CRL extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class FreshestCRLExtDefault extends EnrollExtDefault {
@@ -61,8 +58,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
public static final String CONFIG_ENABLE = "freshestCRLPointEnable_";
public static final String VAL_CRITICAL = "freshestCRLCritical";
- public static final String VAL_CRL_DISTRIBUTION_POINTS =
- "freshestCRLPointsValue";
+ public static final String VAL_CRL_DISTRIBUTION_POINTS = "freshestCRLPointsValue";
private static final String POINT_TYPE = "Point Type";
private static final String POINT_NAME = "Point Name";
@@ -78,12 +74,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
refreshConfigAndValueNames();
}
-
protected int getNumPoints() {
int num = DEF_NUM_POINTS;
String val = getConfig(CONFIG_NUM_POINTS);
@@ -102,34 +97,32 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
return num;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
int num = 0;
if (name.equals(CONFIG_NUM_POINTS)) {
- try {
- num = Integer.parseInt(value);
+ try {
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_POINTS || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
+ if (num >= MAX_NUM_POINTS || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
"CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
- }
+ }
- } catch (Exception e) {
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
+ }
}
super.setConfig(name, value);
}
-
public Enumeration getConfigNames() {
refreshConfigAndValueNames();
return super.getConfigNames();
}
protected void refreshConfigAndValueNames() {
- //refesh our config name list
+ // refesh our config name list
super.refreshConfigAndValueNames();
addValueName(VAL_CRITICAL);
@@ -149,88 +142,76 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_CRITICAL)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.startsWith(CONFIG_POINT_TYPE)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE"));
} else if (name.startsWith(CONFIG_POINT_NAME)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME"));
} else if (name.startsWith(CONFIG_ISSUER_TYPE)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE"));
} else if (name.startsWith(CONFIG_ISSUER_NAME)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME"));
} else if (name.startsWith(CONFIG_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- null,
+ return new Descriptor(IDescriptor.BOOLEAN, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
} else if (name.startsWith(CONFIG_NUM_POINTS)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
- CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS"));
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
+ CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS"));
} else {
return null;
}
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
- if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ if (name.equals(VAL_CRITICAL)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
FreshestCRLExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (FreshestCRLExtension)
- getExtension(FreshestCRLExtension.OID,
- info);
+ ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID,
+ info);
- if(ext == null) {
- populate(locale,info);
+ if (ext == null) {
+ populate(locale, info);
}
-
+
if (name.equals(VAL_CRITICAL)) {
- ext = (FreshestCRLExtension)
- getExtension(FreshestCRLExtension.OID,
- info);
+ ext = (FreshestCRLExtension) getExtension(
+ FreshestCRLExtension.OID, info);
boolean val = Boolean.valueOf(value).booleanValue();
- ext.setCritical(val);
- } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
- ext = (FreshestCRLExtension)
- getExtension(FreshestCRLExtension.OID,
- info);
+ ext.setCritical(val);
+ } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
+ ext = (FreshestCRLExtension) getExtension(
+ FreshestCRLExtension.OID, info);
Vector v = parseRecords(value);
int size = v.size();
-
+
boolean critical = ext.isCritical();
int i = 0;
@@ -266,7 +247,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
if (issuerType != null)
addIssuer(locale, cdp, issuerType, issuerValue);
- // this is the first distribution point
+ // this is the first distribution point
if (i == 0) {
ext = new FreshestCRLExtension(cdp);
ext.setCritical(critical);
@@ -276,100 +257,91 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
}
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(),
- ext, info);
+ replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(), ext,
+ info);
} catch (EProfileException e) {
- CMS.debug("FreshestCRLExtDefault: setValue " +
- e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ CMS.debug("FreshestCRLExtDefault: setValue " + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type,
- String value) throws EPropertyException {
+ private void addCRLPoint(Locale locale, CRLDistributionPoint cdp,
+ String type, String value) throws EPropertyException {
try {
if (value == null || value.length() == 0)
return;
-
+
if (isGeneralNameType(type)) {
GeneralNames gen = new GeneralNames();
- gen.addElement(parseGeneralName(type,value));
+ gen.addElement(parseGeneralName(type, value));
cdp.setFullName(gen);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", type));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", type));
}
} catch (IOException e) {
- CMS.debug("FreshestCRLExtDefault: addCRLPoint " +
- e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", type));
+ CMS.debug("FreshestCRLExtDefault: addCRLPoint " + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", type));
} catch (GeneralNamesException e) {
- CMS.debug("FreshestCRLExtDefault: addCRLPoint " +
- e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", type));
+ CMS.debug("FreshestCRLExtDefault: addCRLPoint " + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", type));
}
}
- private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type,
- String value) throws EPropertyException {
+ private void addIssuer(Locale locale, CRLDistributionPoint cdp,
+ String type, String value) throws EPropertyException {
if (value == null || value.length() == 0)
return;
try {
if (isGeneralNameType(type)) {
GeneralNames gen = new GeneralNames();
- gen.addElement(parseGeneralName(type,value));
+ gen.addElement(parseGeneralName(type, value));
cdp.setCRLIssuer(gen);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", type));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", type));
}
} catch (IOException e) {
- CMS.debug("FreshestCRLExtDefault: addIssuer " +
- e.toString());
+ CMS.debug("FreshestCRLExtDefault: addIssuer " + e.toString());
} catch (GeneralNamesException e) {
- CMS.debug("FreshestCRLExtDefault: addIssuer " +
- e.toString());
+ CMS.debug("FreshestCRLExtDefault: addIssuer " + e.toString());
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
FreshestCRLExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (FreshestCRLExtension)
- getExtension(FreshestCRLExtension.OID,
- info);
- if(ext == null)
- {
+ ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID,
+ info);
+ if (ext == null) {
try {
- populate(locale,info);
+ populate(locale, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (FreshestCRLExtension)
- getExtension(FreshestCRLExtension.OID,
- info);
+ ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID,
+ info);
if (ext == null) {
return null;
@@ -379,10 +351,9 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
- ext = (FreshestCRLExtension)
- getExtension(FreshestCRLExtension.OID,
- info);
+ } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
+ ext = (FreshestCRLExtension) getExtension(FreshestCRLExtension.OID,
+ info);
if (ext == null)
return "";
@@ -395,7 +366,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
NameValuePairs pairs = null;
if (i < ext.getNumPoints()) {
- CRLDistributionPoint p = ext.getPointAt(i);
+ CRLDistributionPoint p = ext.getPointAt(i);
GeneralNames gns = p.getFullName();
pairs = buildGeneralNames(gns, p);
@@ -404,11 +375,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
}
recs.addElement(pairs);
}
-
+
return buildRecords(recs);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -423,8 +394,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
return pairs;
}
- protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p)
- throws EPropertyException {
+ protected NameValuePairs buildGeneralNames(GeneralNames gns,
+ CRLDistributionPoint p) throws EPropertyException {
NameValuePairs pairs = new NameValuePairs();
@@ -495,17 +466,15 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
sb.append(getConfig(CONFIG_ENABLE + i));
sb.append("}");
}
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_DEF_FRESHEST_CRL_EXT",
- getConfig(CONFIG_CRITICAL),
- sb.toString());
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_FRESHEST_CRL_EXT",
+ getConfig(CONFIG_CRITICAL), sb.toString());
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
FreshestCRLExtension ext = createExtension(request);
if (ext == null)
@@ -519,30 +488,31 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
try {
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
- ext.setCritical(critical);
+ ext.setCritical(critical);
num = getNumPoints();
for (int i = 0; i < num; i++) {
CRLDistributionPoint cdp = new CRLDistributionPoint();
- String enable = getConfig(CONFIG_ENABLE + i);
- String pointType = getConfig(CONFIG_POINT_TYPE + i);
+ String enable = getConfig(CONFIG_ENABLE + i);
+ String pointType = getConfig(CONFIG_POINT_TYPE + i);
String pointName = getConfig(CONFIG_POINT_NAME + i);
String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
String issuerName = getConfig(CONFIG_ISSUER_NAME + i);
if (enable != null && enable.equals("true")) {
if (pointType != null)
- addCRLPoint(getLocale(request), cdp, pointType, pointName);
+ addCRLPoint(getLocale(request), cdp, pointType,
+ pointName);
if (issuerType != null)
- addIssuer(getLocale(request), cdp, issuerType, issuerName);
+ addIssuer(getLocale(request), cdp, issuerType,
+ issuerName);
- ext.addPoint(cdp);
+ ext.addPoint(cdp);
}
}
} catch (Exception e) {
- CMS.debug("FreshestCRLExtDefault: createExtension " +
- e.toString());
+ CMS.debug("FreshestCRLExtDefault: createExtension " + e.toString());
}
return ext;
@@ -552,7 +522,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
private void populate(Locale locale, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
FreshestCRLExtension ext = createExtension(locale);
if (ext == null)
@@ -588,8 +558,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
}
}
} catch (Exception e) {
- CMS.debug("FreshestCRLExtDefault: createExtension " +
- e.toString());
+ CMS.debug("FreshestCRLExtDefault: createExtension " + e.toString());
}
return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
index 4051f31a..eb18d5ea 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.util.Locale;
import netscape.security.util.DerOutputStream;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a Netscape comment extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Netscape
+ * comment extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class GenericExtDefault extends EnrollExtDefault {
@@ -62,22 +59,19 @@ public class GenericExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_OID)) {
- return new Descriptor(IDescriptor.STRING, null,
- "Comment Here...",
+ return new Descriptor(IDescriptor.STRING, null, "Comment Here...",
CMS.getUserMessage(locale, "CMS_PROFILE_OID"));
} else if (name.equals(CONFIG_DATA)) {
- return new Descriptor(IDescriptor.STRING, null,
- "Comment Here...",
+ return new Descriptor(IDescriptor.STRING, null, "Comment Here...",
CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE"));
} else {
return null;
@@ -86,57 +80,51 @@ public class GenericExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_DATA)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_EXT_VALUE"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
Extension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID));
- ext = (Extension)
- getExtension(oid.toString(), info);
+ ext = (Extension) getExtension(oid.toString(), info);
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
if (name.equals(VAL_CRITICAL)) {
- ext = (Extension)
- getExtension(oid.toString(), info);
- if (ext == null) {
+ ext = (Extension) getExtension(oid.toString(), info);
+ if (ext == null) {
return;
}
boolean val = Boolean.valueOf(value).booleanValue();
- ext.setCritical(val);
- } else if (name.equals(VAL_DATA)) {
- ext = (Extension)
- getExtension(oid.toString(), info);
- if (ext == null) {
+ ext.setCritical(val);
+ } else if (name.equals(VAL_DATA)) {
+ ext = (Extension) getExtension(oid.toString(), info);
+ if (ext == null) {
return;
}
byte data[] = getBytes(value);
- ext.setExtensionValue(data);
+ ext.setExtensionValue(data);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(ext.getExtensionId().toString(), ext, info);
@@ -145,37 +133,33 @@ public class GenericExtDefault extends EnrollExtDefault {
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
Extension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
ObjectIdentifier oid = new ObjectIdentifier(getConfig(CONFIG_OID));
- ext = (Extension)
- getExtension(oid.toString(), info);
+ ext = (Extension) getExtension(oid.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (Extension)
- getExtension(oid.toString(), info);
+ ext = (Extension) getExtension(oid.toString(), info);
if (ext == null) {
return null;
@@ -185,10 +169,9 @@ public class GenericExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_DATA)) {
+ } else if (name.equals(VAL_DATA)) {
- ext = (Extension)
- getExtension(oid.toString(), info);
+ ext = (Extension) getExtension(oid.toString(), info);
if (ext == null)
return "";
@@ -197,31 +180,29 @@ public class GenericExtDefault extends EnrollExtDefault {
if (data == null)
return "";
-
+
return toStr(data);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_OID),
- getConfig(CONFIG_DATA)
- };
+ String params[] = { getConfig(CONFIG_CRITICAL), getConfig(CONFIG_OID),
+ getConfig(CONFIG_DATA) };
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_GENERIC_EXT", params);
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_DEF_GENERIC_EXT", params);
}
public String toStr(byte data[]) {
StringBuffer b = new StringBuffer();
for (int i = 0; i < data.length; i++) {
- if ((data[i] & 0xff) < 16) {
- b.append("0");
- }
- b.append(Integer.toString((int)(data[i] & 0xff), 0x10));
+ if ((data[i] & 0xff) < 16) {
+ b.append("0");
+ }
+ b.append(Integer.toString((int) (data[i] & 0xff), 0x10));
}
return b.toString();
}
@@ -230,14 +211,14 @@ public class GenericExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
Extension ext = createExtension(request);
addExtension(ext.getExtensionId().toString(), ext, info);
}
public Extension createExtension(IRequest request) {
- Extension ext = null;
+ Extension ext = null;
try {
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -250,13 +231,12 @@ public class GenericExtDefault extends EnrollExtDefault {
data = getBytes(mapPattern(request, getConfig(CONFIG_DATA)));
}
- DerOutputStream out = new DerOutputStream();
+ DerOutputStream out = new DerOutputStream();
out.putOctetString(data);
ext = new Extension(oid, critical, out.toByteArray());
} catch (Exception e) {
- CMS.debug("GenericExtDefault: createExtension " +
- e.toString());
+ CMS.debug("GenericExtDefault: createExtension " + e.toString());
}
return ext;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
index 5bb8abd4..f2863b4d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.util.Locale;
import netscape.security.x509.X509CertInfo;
@@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that shows an image in the approval page.
- *
+ * This class implements an enrollment default policy that shows an image in the
+ * approval page.
+ *
* @version $Revision$, $Date$
*/
public class ImageDefault extends EnrollDefault {
@@ -50,7 +48,7 @@ public class ImageDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -67,41 +65,39 @@ public class ImageDefault extends EnrollDefault {
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
}
public String getValue(String name, Locale locale, IRequest request)
- throws EPropertyException {
+ throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_IMAGE_URL)) {
return request.getExtDataInString(INPUT_IMAGE_URL);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
return null;
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE" );
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE");
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
index c6bbc7f7..4aee226c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.math.BigInteger;
import java.util.Locale;
@@ -34,10 +33,9 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
* This class implements an inhibit Any-Policy extension
- *
+ *
* @version $Revision$, $Date$
*/
public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
@@ -61,31 +59,30 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
return new Descriptor(IDescriptor.BOOLEAN, null, "true",
- CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
+ CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.startsWith(CONFIG_SKIP_CERTS)) {
return new Descriptor(IDescriptor.INTEGER, null, "0",
- CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
+ CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
} else {
return null;
}
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (name.equals(CONFIG_SKIP_CERTS)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS));
+ }
}
super.setConfig(name, value);
}
@@ -93,36 +90,35 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
return new Descriptor(IDescriptor.BOOLEAN, null, "true",
- CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
+ CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_SKIP_CERTS)) {
return new Descriptor(IDescriptor.INTEGER, null, "0",
- CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
+ CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
InhibitAnyPolicyExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (InhibitAnyPolicyExtension)
- getExtension(InhibitAnyPolicyExtension.OID, info);
+ ext = (InhibitAnyPolicyExtension) getExtension(
+ InhibitAnyPolicyExtension.OID, info);
- if(ext == null) {
- populate(null,info);
- }
+ if (ext == null) {
+ populate(null, info);
+ }
if (name.equals(VAL_CRITICAL)) {
- ext = (InhibitAnyPolicyExtension)
- getExtension(InhibitAnyPolicyExtension.OID, info);
+ ext = (InhibitAnyPolicyExtension) getExtension(
+ InhibitAnyPolicyExtension.OID, info);
if (ext == null) {
// it is ok, the extension is never populated or delted
@@ -132,8 +128,8 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
ext.setCritical(critical);
} else if (name.equals(VAL_SKIP_CERTS)) {
- ext = (InhibitAnyPolicyExtension)
- getExtension(InhibitAnyPolicyExtension.OID, info);
+ ext = (InhibitAnyPolicyExtension) getExtension(
+ InhibitAnyPolicyExtension.OID, info);
if (ext == null) {
// it is ok, the extension is never populated or delted
@@ -150,48 +146,44 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
BigInteger l = new BigInteger(value);
num = new BigInt(l);
} catch (Exception e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = new InhibitAnyPolicyExtension(critical,
- num);
+ ext = new InhibitAnyPolicyExtension(critical, num);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(InhibitAnyPolicyExtension.OID, ext, info);
} catch (EProfileException e) {
CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- InhibitAnyPolicyExtension ext =
- (InhibitAnyPolicyExtension)
- getExtension(InhibitAnyPolicyExtension.OID, info);
+ InhibitAnyPolicyExtension ext = (InhibitAnyPolicyExtension) getExtension(
+ InhibitAnyPolicyExtension.OID, info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (InhibitAnyPolicyExtension)
- getExtension(InhibitAnyPolicyExtension.OID, info);
+ ext = (InhibitAnyPolicyExtension) getExtension(
+ InhibitAnyPolicyExtension.OID, info);
if (ext == null) {
return null;
@@ -202,39 +194,38 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
return "false";
}
} else if (name.equals(VAL_SKIP_CERTS)) {
- ext = (InhibitAnyPolicyExtension)
- getExtension(InhibitAnyPolicyExtension.OID, info);
+ ext = (InhibitAnyPolicyExtension) getExtension(
+ InhibitAnyPolicyExtension.OID, info);
if (ext == null) {
return null;
}
BigInt n = ext.getSkipCerts();
- return ""+n.toInt();
+ return "" + n.toInt();
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
- }
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
+ }
}
/*
- * returns text that goes into description for this extension on
- * a profile
+ * returns text that goes into description for this extension on a profile
*/
public String getText(Locale locale) {
- StringBuffer sb = new StringBuffer();
+ StringBuffer sb = new StringBuffer();
sb.append(SKIP_CERTS + ":");
sb.append(getConfig(CONFIG_SKIP_CERTS));
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT",
- getConfig(CONFIG_CRITICAL), sb.toString());
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT",
+ getConfig(CONFIG_CRITICAL), sb.toString());
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
InhibitAnyPolicyExtension ext = null;
ext = createExtension(request);
@@ -242,11 +233,11 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
}
public InhibitAnyPolicyExtension createExtension(IRequest request)
- throws EProfileException {
+ throws EProfileException {
InhibitAnyPolicyExtension ext = null;
- boolean critical = Boolean.valueOf(
- getConfig(CONFIG_CRITICAL)).booleanValue();
+ boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL))
+ .booleanValue();
String str = getConfig(CONFIG_SKIP_CERTS);
if (str == null || str.equals("")) {
@@ -259,7 +250,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
val = new BigInt(b);
} catch (NumberFormatException e) {
throw new EProfileException(
- CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS"));
+ CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS"));
}
try {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
index 8f8837eb..ae3f382b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -39,12 +38,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a issuer alternative name extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a issuer
+ * alternative name extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class IssuerAltNameExtDefault extends EnrollExtDefault {
@@ -67,25 +64,24 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_TYPE)) {
- return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
- "RFC822Name",
- CMS.getUserMessage(locale,
- "CMS_PROFILE_ISSUER_ALT_NAME_TYPE"));
+ return new Descriptor(
+ IDescriptor.CHOICE,
+ "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
+ "RFC822Name", CMS.getUserMessage(locale,
+ "CMS_PROFILE_ISSUER_ALT_NAME_TYPE"));
} else if (name.equals(CONFIG_PATTERN)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN"));
} else {
return null;
}
@@ -93,49 +89,44 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_GENERAL_NAMES)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
IssuerAlternativeNameExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext =
- (IssuerAlternativeNameExtension)
- getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+ ext = (IssuerAlternativeNameExtension) getExtension(
+ PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
-
+
if (name.equals(VAL_CRITICAL)) {
- ext =
- (IssuerAlternativeNameExtension)
- getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+ ext = (IssuerAlternativeNameExtension) getExtension(
+ PKIXExtensions.IssuerAlternativeName_Id.toString(),
+ info);
if (ext == null) {
// it is ok, the extension is never populated or delted
@@ -145,9 +136,9 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
ext.setCritical(critical);
} else if (name.equals(VAL_GENERAL_NAMES)) {
- ext =
- (IssuerAlternativeNameExtension)
- getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+ ext = (IssuerAlternativeNameExtension) getExtension(
+ PKIXExtensions.IssuerAlternativeName_Id.toString(),
+ info);
if (ext == null) {
// it is ok, the extension is never populated or delted
@@ -155,7 +146,9 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
}
if (value.equals("")) {
// if value is empty, do not add this extension
- deleteExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+ deleteExtension(
+ PKIXExtensions.IssuerAlternativeName_Id.toString(),
+ info);
return;
}
GeneralNames gn = new GeneralNames();
@@ -166,58 +159,55 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
GeneralNameInterface n = parseGeneralName(gname);
if (n != null) {
- gn.addElement(n);
+ gn.addElement(n);
}
}
ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(
- PKIXExtensions.IssuerAlternativeName_Id.toString(),
- ext, info);
+ PKIXExtensions.IssuerAlternativeName_Id.toString(), ext,
+ info);
} catch (IOException e) {
CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (EProfileException e) {
CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
try {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- IssuerAlternativeNameExtension ext =
- (IssuerAlternativeNameExtension)
- getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+ IssuerAlternativeNameExtension ext = (IssuerAlternativeNameExtension) getExtension(
+ PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext =
- (IssuerAlternativeNameExtension)
- getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+ ext = (IssuerAlternativeNameExtension) getExtension(
+ PKIXExtensions.IssuerAlternativeName_Id.toString(),
+ info);
if (ext == null) {
return null;
@@ -228,16 +218,15 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
return "false";
}
} else if (name.equals(VAL_GENERAL_NAMES)) {
- ext =
- (IssuerAlternativeNameExtension)
- getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
- if(ext == null)
- {
+ ext = (IssuerAlternativeNameExtension) getExtension(
+ PKIXExtensions.IssuerAlternativeName_Id.toString(),
+ info);
+ if (ext == null) {
return "";
}
- GeneralNames names = (GeneralNames)
- ext.get(IssuerAlternativeNameExtension.ISSUER_NAME);
+ GeneralNames names = (GeneralNames) ext
+ .get(IssuerAlternativeNameExtension.ISSUER_NAME);
StringBuffer sb = new StringBuffer();
Enumeration e = names.elements();
@@ -246,36 +235,33 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
if (!sb.toString().equals("")) {
sb.append("\r\n");
- }
+ }
sb.append(toGeneralNameString(gn));
}
return sb.toString();
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} catch (IOException e) {
- CMS.debug("IssuerAltNameExtDefault: getValue " +
- e.toString());
+ CMS.debug("IssuerAltNameExtDefault: getValue " + e.toString());
}
return null;
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_PATTERN),
- getConfig(CONFIG_TYPE)
- };
+ String params[] = { getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_PATTERN), getConfig(CONFIG_TYPE) };
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_ISSUER_ALT_NAME_EXT", params);
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_ISSUER_ALT_NAME_EXT", params);
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
IssuerAlternativeNameExtension ext = null;
try {
@@ -284,35 +270,34 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
} catch (IOException e) {
CMS.debug("IssuerAltNameExtDefault: populate " + e.toString());
}
- addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(),
- ext, info);
+ addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), ext,
+ info);
}
- public IssuerAlternativeNameExtension createExtension(IRequest request)
- throws IOException {
- IssuerAlternativeNameExtension ext = null;
+ public IssuerAlternativeNameExtension createExtension(IRequest request)
+ throws IOException {
+ IssuerAlternativeNameExtension ext = null;
try {
ext = new IssuerAlternativeNameExtension();
} catch (Exception e) {
CMS.debug(e.toString());
- throw new IOException( e.toString() );
+ throw new IOException(e.toString());
}
- boolean critical = Boolean.valueOf(
- getConfig(CONFIG_CRITICAL)).booleanValue();
+ boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL))
+ .booleanValue();
String pattern = getConfig(CONFIG_PATTERN);
if (!pattern.equals("")) {
- GeneralNames gn = new GeneralNames();
+ GeneralNames gn = new GeneralNames();
String gname = "";
- if(request != null) {
+ if (request != null) {
gname = mapPattern(request, pattern);
}
- gn.addElement(parseGeneralName(
- getConfig(CONFIG_TYPE) + ":" + gname));
+ gn.addElement(parseGeneralName(getConfig(CONFIG_TYPE) + ":" + gname));
ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn);
}
ext.setCritical(critical);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
index c8ed9281..f3c0fc24 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Locale;
@@ -34,25 +33,19 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a Key Usage extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Key Usage
+ * extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class KeyUsageExtDefault extends EnrollExtDefault {
public static final String CONFIG_CRITICAL = "keyUsageCritical";
- public static final String CONFIG_DIGITAL_SIGNATURE =
- "keyUsageDigitalSignature";
- public static final String CONFIG_NON_REPUDIATION =
- "keyUsageNonRepudiation";
- public static final String CONFIG_KEY_ENCIPHERMENT =
- "keyUsageKeyEncipherment";
- public static final String CONFIG_DATA_ENCIPHERMENT =
- "keyUsageDataEncipherment";
+ public static final String CONFIG_DIGITAL_SIGNATURE = "keyUsageDigitalSignature";
+ public static final String CONFIG_NON_REPUDIATION = "keyUsageNonRepudiation";
+ public static final String CONFIG_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment";
+ public static final String CONFIG_DATA_ENCIPHERMENT = "keyUsageDataEncipherment";
public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
@@ -60,14 +53,10 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly";
public static final String VAL_CRITICAL = "keyUsageCritical";
- public static final String VAL_DIGITAL_SIGNATURE =
- "keyUsageDigitalSignature";
- public static final String VAL_NON_REPUDIATION =
- "keyUsageNonRepudiation";
- public static final String VAL_KEY_ENCIPHERMENT =
- "keyUsageKeyEncipherment";
- public static final String VAL_DATA_ENCIPHERMENT =
- "keyUsageDataEncipherment";
+ public static final String VAL_DIGITAL_SIGNATURE = "keyUsageDigitalSignature";
+ public static final String VAL_NON_REPUDIATION = "keyUsageNonRepudiation";
+ public static final String VAL_KEY_ENCIPHERMENT = "keyUsageKeyEncipherment";
+ public static final String VAL_DATA_ENCIPHERMENT = "keyUsageDataEncipherment";
public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement";
public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign";
public static final String VAL_CRL_SIGN = "keyUsageCrlSign";
@@ -100,50 +89,40 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
} else if (name.equals(CONFIG_NON_REPUDIATION)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
} else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT"));
} else if (name.equals(CONFIG_DATA_ENCIPHERMENT)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT"));
} else if (name.equals(CONFIG_KEY_AGREEMENT)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT"));
} else if (name.equals(CONFIG_KEY_CERTSIGN)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN"));
} else if (name.equals(CONFIG_CRL_SIGN)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN"));
} else if (name.equals(CONFIG_ENCIPHER_ONLY)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY"));
} else if (name.equals(CONFIG_DECIPHER_ONLY)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY"));
} else {
return null;
@@ -152,203 +131,190 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
} else if (name.equals(VAL_NON_REPUDIATION)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
} else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ENCIPHERMENT"));
} else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_DATA_ENCIPHERMENT"));
} else if (name.equals(VAL_KEY_AGREEMENT)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_AGREEMENT"));
} else if (name.equals(VAL_KEY_CERTSIGN)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_KEY_CERTSIGN"));
} else if (name.equals(VAL_CRL_SIGN)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRL_SIGN"));
} else if (name.equals(VAL_ENCIPHER_ONLY)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_ENCIPHER_ONLY"));
} else if (name.equals(VAL_DECIPHER_ONLY)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_DECIPHER_ONLY"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
KeyUsageExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
-
+
if (name.equals(VAL_CRITICAL)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- boolean val = Boolean.valueOf(value).booleanValue();
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null) {
+ if (ext == null) {
return;
}
ext.setCritical(val);
- } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
+ } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
return;
}
- Boolean val = Boolean.valueOf(value);
+ Boolean val = Boolean.valueOf(value);
ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val);
} else if (name.equals(VAL_NON_REPUDIATION)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
return;
}
- Boolean val = Boolean.valueOf(value);
+ Boolean val = Boolean.valueOf(value);
ext.set(KeyUsageExtension.NON_REPUDIATION, val);
} else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
return;
}
- Boolean val = Boolean.valueOf(value);
+ Boolean val = Boolean.valueOf(value);
ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val);
} else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
return;
}
- Boolean val = Boolean.valueOf(value);
+ Boolean val = Boolean.valueOf(value);
ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val);
} else if (name.equals(VAL_KEY_AGREEMENT)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
return;
}
- Boolean val = Boolean.valueOf(value);
+ Boolean val = Boolean.valueOf(value);
ext.set(KeyUsageExtension.KEY_AGREEMENT, val);
} else if (name.equals(VAL_KEY_CERTSIGN)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
return;
}
- Boolean val = Boolean.valueOf(value);
+ Boolean val = Boolean.valueOf(value);
ext.set(KeyUsageExtension.KEY_CERTSIGN, val);
} else if (name.equals(VAL_CRL_SIGN)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
return;
}
- Boolean val = Boolean.valueOf(value);
+ Boolean val = Boolean.valueOf(value);
ext.set(KeyUsageExtension.CRL_SIGN, val);
} else if (name.equals(VAL_ENCIPHER_ONLY)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
return;
}
- Boolean val = Boolean.valueOf(value);
+ Boolean val = Boolean.valueOf(value);
ext.set(KeyUsageExtension.ENCIPHER_ONLY, val);
} else if (name.equals(VAL_DECIPHER_ONLY)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null) {
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
+ if (ext == null) {
return;
}
- Boolean val = Boolean.valueOf(value);
+ Boolean val = Boolean.valueOf(value);
ext.set(KeyUsageExtension.DECIPHER_ONLY, val);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
} catch (IOException e) {
CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (EProfileException e) {
CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
try {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- KeyUsageExtension ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ KeyUsageExtension ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
@@ -359,122 +325,118 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
return "false";
}
} else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean)
- ext.get(KeyUsageExtension.DIGITAL_SIGNATURE);
+ Boolean val = (Boolean) ext
+ .get(KeyUsageExtension.DIGITAL_SIGNATURE);
return val.toString();
} else if (name.equals(VAL_NON_REPUDIATION)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean)
- ext.get(KeyUsageExtension.NON_REPUDIATION);
+ Boolean val = (Boolean) ext
+ .get(KeyUsageExtension.NON_REPUDIATION);
return val.toString();
} else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean)
- ext.get(KeyUsageExtension.KEY_ENCIPHERMENT);
+ Boolean val = (Boolean) ext
+ .get(KeyUsageExtension.KEY_ENCIPHERMENT);
return val.toString();
} else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean)
- ext.get(KeyUsageExtension.DATA_ENCIPHERMENT);
+ Boolean val = (Boolean) ext
+ .get(KeyUsageExtension.DATA_ENCIPHERMENT);
return val.toString();
} else if (name.equals(VAL_KEY_AGREEMENT)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean)
- ext.get(KeyUsageExtension.KEY_AGREEMENT);
+ Boolean val = (Boolean) ext
+ .get(KeyUsageExtension.KEY_AGREEMENT);
return val.toString();
} else if (name.equals(VAL_KEY_CERTSIGN)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean)
- ext.get(KeyUsageExtension.KEY_CERTSIGN);
+ Boolean val = (Boolean) ext.get(KeyUsageExtension.KEY_CERTSIGN);
return val.toString();
} else if (name.equals(VAL_CRL_SIGN)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean)
- ext.get(KeyUsageExtension.CRL_SIGN);
+ Boolean val = (Boolean) ext.get(KeyUsageExtension.CRL_SIGN);
return val.toString();
} else if (name.equals(VAL_ENCIPHER_ONLY)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean)
- ext.get(KeyUsageExtension.ENCIPHER_ONLY);
+ Boolean val = (Boolean) ext
+ .get(KeyUsageExtension.ENCIPHER_ONLY);
return val.toString();
} else if (name.equals(VAL_DECIPHER_ONLY)) {
- ext = (KeyUsageExtension)
- getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+ ext = (KeyUsageExtension) getExtension(
+ PKIXExtensions.KeyUsage_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean)
- ext.get(KeyUsageExtension.DECIPHER_ONLY);
+ Boolean val = (Boolean) ext
+ .get(KeyUsageExtension.DECIPHER_ONLY);
return val.toString();
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} catch (IOException e) {
CMS.debug("KeyUsageExtDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_DIGITAL_SIGNATURE),
- getConfig(CONFIG_NON_REPUDIATION),
- getConfig(CONFIG_KEY_ENCIPHERMENT),
- getConfig(CONFIG_DATA_ENCIPHERMENT),
- getConfig(CONFIG_KEY_AGREEMENT),
- getConfig(CONFIG_KEY_CERTSIGN),
- getConfig(CONFIG_CRL_SIGN),
- getConfig(CONFIG_ENCIPHER_ONLY),
- getConfig(CONFIG_DECIPHER_ONLY)
- };
-
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT", params);
+ String params[] = { getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_DIGITAL_SIGNATURE),
+ getConfig(CONFIG_NON_REPUDIATION),
+ getConfig(CONFIG_KEY_ENCIPHERMENT),
+ getConfig(CONFIG_DATA_ENCIPHERMENT),
+ getConfig(CONFIG_KEY_AGREEMENT),
+ getConfig(CONFIG_KEY_CERTSIGN), getConfig(CONFIG_CRL_SIGN),
+ getConfig(CONFIG_ENCIPHER_ONLY),
+ getConfig(CONFIG_DECIPHER_ONLY) };
+
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_KEY_USAGE_EXT",
+ params);
}
@@ -482,14 +444,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
KeyUsageExtension ext = createKeyUsageExtension();
addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
}
public KeyUsageExtension createKeyUsageExtension() {
- KeyUsageExtension ext = null;
+ KeyUsageExtension ext = null;
boolean[] bits = new boolean[KeyUsageExtension.NBITS];
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -506,8 +468,8 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
try {
ext = new KeyUsageExtension(critical, bits);
} catch (Exception e) {
- CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " +
- e.toString());
+ CMS.debug("KeyUsageExtDefault: createKeyUsageExtension "
+ + e.toString());
}
return ext;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
index 01e92d6a..39f8e8c4 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Locale;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a Netscape comment extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Netscape
+ * comment extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class NSCCommentExtDefault extends EnrollExtDefault {
@@ -60,18 +57,16 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_COMMENT)) {
- return new Descriptor(IDescriptor.STRING, null,
- "Comment Here...",
+ return new Descriptor(IDescriptor.STRING, null, "Comment Here...",
CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT"));
} else {
return null;
@@ -80,66 +75,60 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_COMMENT)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_COMMENT"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
NSCCommentExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
ObjectIdentifier oid = NSCCommentExtension.OID;
- ext = (NSCCommentExtension)
- getExtension(oid.toString(), info);
+ ext = (NSCCommentExtension) getExtension(oid.toString(), info);
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
if (name.equals(VAL_CRITICAL)) {
- ext = (NSCCommentExtension)
- getExtension(oid.toString(), info);
+ ext = (NSCCommentExtension) getExtension(oid.toString(), info);
boolean val = Boolean.valueOf(value).booleanValue();
- if (ext == null) {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_COMMENT)) {
+ ext.setCritical(val);
+ } else if (name.equals(VAL_COMMENT)) {
- ext = (NSCCommentExtension)
- getExtension(oid.toString(), info);
+ ext = (NSCCommentExtension) getExtension(oid.toString(), info);
- if (ext == null) {
+ if (ext == null) {
return;
}
boolean critical = ext.isCritical();
if (value == null || value.equals(""))
ext = new NSCCommentExtension(critical, "");
- // throw new EPropertyException(name+" cannot be empty");
+ // throw new EPropertyException(name+" cannot be empty");
else
ext = new NSCCommentExtension(critical, value);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(ext.getExtensionId().toString(), ext, info);
@@ -150,37 +139,33 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
NSCCommentExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
ObjectIdentifier oid = NSCCommentExtension.OID;
- ext = (NSCCommentExtension)
- getExtension(oid.toString(), info);
+ ext = (NSCCommentExtension) getExtension(oid.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (NSCCommentExtension)
- getExtension(oid.toString(), info);
+ ext = (NSCCommentExtension) getExtension(oid.toString(), info);
if (ext == null) {
return null;
@@ -190,10 +175,9 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_COMMENT)) {
+ } else if (name.equals(VAL_COMMENT)) {
- ext = (NSCCommentExtension)
- getExtension(oid.toString(), info);
+ ext = (NSCCommentExtension) getExtension(oid.toString(), info);
if (ext == null)
return "";
@@ -202,35 +186,34 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
if (comment == null)
comment = "";
-
+
return comment;
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_COMMENT)
- };
+ String params[] = { getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_COMMENT) };
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_COMMENT_EXT", params);
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_COMMENT_EXT",
+ params);
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
NSCCommentExtension ext = createExtension();
addExtension(ext.getExtensionId().toString(), ext, info);
}
public NSCCommentExtension createExtension() {
- NSCCommentExtension ext = null;
+ NSCCommentExtension ext = null;
try {
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -241,8 +224,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
else
ext = new NSCCommentExtension(critical, comment);
} catch (Exception e) {
- CMS.debug("NSCCommentExtension: createExtension " +
- e.toString());
+ CMS.debug("NSCCommentExtension: createExtension " + e.toString());
}
return ext;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
index e3438ccf..960fa0eb 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.security.cert.CertificateException;
import java.util.Locale;
@@ -33,12 +32,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a Netscape Certificate Type extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Netscape
+ * Certificate Type extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class NSCertTypeExtDefault extends EnrollExtDefault {
@@ -83,42 +80,34 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_SSL_CLIENT)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT"));
} else if (name.equals(CONFIG_SSL_SERVER)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER"));
} else if (name.equals(CONFIG_EMAIL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL"));
} else if (name.equals(CONFIG_OBJECT_SIGNING)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING"));
} else if (name.equals(CONFIG_SSL_CA)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA"));
} else if (name.equals(CONFIG_EMAIL_CA)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA"));
} else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA"));
} else {
return null;
@@ -127,129 +116,119 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_SSL_CLIENT)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT"));
} else if (name.equals(VAL_SSL_SERVER)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER"));
} else if (name.equals(VAL_EMAIL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL"));
} else if (name.equals(VAL_OBJECT_SIGNING)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING"));
} else if (name.equals(VAL_SSL_CA)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CA"));
} else if (name.equals(VAL_EMAIL_CA)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA"));
} else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
NSCertTypeExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
if (name.equals(VAL_CRITICAL)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null) {
- return ;
+ if (ext == null) {
+ return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_SSL_CLIENT)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
- if(ext == null) {
- return ;
+ ext.setCritical(val);
+ } else if (name.equals(VAL_SSL_CLIENT)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
+ if (ext == null) {
+ return;
}
Boolean val = Boolean.valueOf(value);
ext.set(NSCertTypeExtension.SSL_CLIENT, val);
- } else if (name.equals(VAL_SSL_SERVER)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
- if(ext == null) {
- return ;
+ } else if (name.equals(VAL_SSL_SERVER)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
+ if (ext == null) {
+ return;
}
Boolean val = Boolean.valueOf(value);
ext.set(NSCertTypeExtension.SSL_SERVER, val);
- } else if (name.equals(VAL_EMAIL)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
- if(ext == null) {
- return ;
+ } else if (name.equals(VAL_EMAIL)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
+ if (ext == null) {
+ return;
}
Boolean val = Boolean.valueOf(value);
ext.set(NSCertTypeExtension.EMAIL, val);
- } else if (name.equals(VAL_OBJECT_SIGNING)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
- if(ext == null) {
- return ;
+ } else if (name.equals(VAL_OBJECT_SIGNING)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
+ if (ext == null) {
+ return;
}
Boolean val = Boolean.valueOf(value);
ext.set(NSCertTypeExtension.OBJECT_SIGNING, val);
- } else if (name.equals(VAL_SSL_CA)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
- if(ext == null) {
- return ;
+ } else if (name.equals(VAL_SSL_CA)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
+ if (ext == null) {
+ return;
}
Boolean val = Boolean.valueOf(value);
ext.set(NSCertTypeExtension.SSL_CA, val);
- } else if (name.equals(VAL_EMAIL_CA)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
- if(ext == null) {
- return ;
+ } else if (name.equals(VAL_EMAIL_CA)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
+ if (ext == null) {
+ return;
}
Boolean val = Boolean.valueOf(value);
ext.set(NSCertTypeExtension.EMAIL_CA, val);
- } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
- if(ext == null) {
- return ;
+ } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
+ if (ext == null) {
+ return;
}
Boolean val = Boolean.valueOf(value);
@@ -257,7 +236,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
} else {
throw new EPropertyException("Invalid name " + name);
}
- replaceExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info);
+ replaceExtension(NSCertTypeExtension.CertType_Id.toString(), ext,
+ info);
} catch (CertificateException e) {
CMS.debug("NSCertTypeExtDefault: setValue " + e.toString());
} catch (EProfileException e) {
@@ -265,32 +245,30 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
try {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- NSCertTypeExtension ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ NSCertTypeExtension ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
if (ext == null) {
return null;
@@ -300,72 +278,74 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_SSL_CLIENT)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ } else if (name.equals(VAL_SSL_CLIENT)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
if (ext == null) {
return null;
}
Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT);
return val.toString();
- } else if (name.equals(VAL_SSL_SERVER)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ } else if (name.equals(VAL_SSL_SERVER)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
if (ext == null) {
return null;
}
Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER);
return val.toString();
- } else if (name.equals(VAL_EMAIL)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ } else if (name.equals(VAL_EMAIL)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
if (ext == null) {
return null;
}
Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL);
return val.toString();
- } else if (name.equals(VAL_OBJECT_SIGNING)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ } else if (name.equals(VAL_OBJECT_SIGNING)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING);
+ Boolean val = (Boolean) ext
+ .get(NSCertTypeExtension.OBJECT_SIGNING);
return val.toString();
- } else if (name.equals(VAL_SSL_CA)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ } else if (name.equals(VAL_SSL_CA)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
if (ext == null) {
return null;
}
Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA);
return val.toString();
- } else if (name.equals(VAL_EMAIL_CA)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ } else if (name.equals(VAL_EMAIL_CA)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
if (ext == null) {
return null;
}
Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA);
return val.toString();
- } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
- ext = (NSCertTypeExtension)
- getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+ } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
+ ext = (NSCertTypeExtension) getExtension(
+ NSCertTypeExtension.CertType_Id.toString(), info);
if (ext == null) {
return null;
}
- Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING_CA);
+ Boolean val = (Boolean) ext
+ .get(NSCertTypeExtension.OBJECT_SIGNING_CA);
return val.toString();
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} catch (CertificateException e) {
CMS.debug("NSCertTypeExtDefault: setValue " + e.toString());
@@ -374,18 +354,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_SSL_CLIENT),
- getConfig(CONFIG_SSL_SERVER),
- getConfig(CONFIG_EMAIL),
- getConfig(CONFIG_OBJECT_SIGNING),
- getConfig(CONFIG_SSL_CA),
- getConfig(CONFIG_EMAIL_CA),
- getConfig(CONFIG_OBJECT_SIGNING_CA)
- };
-
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_CERT_TYPE_EXT", params);
+ String params[] = { getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_SSL_CLIENT), getConfig(CONFIG_SSL_SERVER),
+ getConfig(CONFIG_EMAIL), getConfig(CONFIG_OBJECT_SIGNING),
+ getConfig(CONFIG_SSL_CA), getConfig(CONFIG_EMAIL_CA),
+ getConfig(CONFIG_OBJECT_SIGNING_CA) };
+
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_NS_CERT_TYPE_EXT",
+ params);
}
@@ -393,14 +369,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
NSCertTypeExtension ext = createExtension();
addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info);
}
public NSCertTypeExtension createExtension() {
- NSCertTypeExtension ext = null;
+ NSCertTypeExtension ext = null;
boolean[] bits = new boolean[NSCertTypeExtension.NBITS];
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -415,8 +391,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
try {
ext = new NSCertTypeExtension(critical, bits);
} catch (Exception e) {
- CMS.debug("NSCertTypeExtDefault: createExtension " +
- e.toString());
+ CMS.debug("NSCertTypeExtDefault: createExtension " + e.toString());
}
return ext;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
index f6ddd915..367e83c2 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -41,25 +40,22 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a name constraint extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a name
+ * constraint extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class NameConstraintsExtDefault extends EnrollExtDefault {
public static final String CONFIG_CRITICAL = "nameConstraintsCritical";
- public static final String CONFIG_NUM_PERMITTED_SUBTREES =
- "nameConstraintsNumPermittedSubtrees";
+ public static final String CONFIG_NUM_PERMITTED_SUBTREES = "nameConstraintsNumPermittedSubtrees";
public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_";
public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_";
public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_";
public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_";
public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_";
-
+
public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees";
public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_";
public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_";
@@ -87,7 +83,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
refreshConfigAndValueNames();
@@ -128,48 +124,48 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
return num;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
int num = 0;
if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) {
- try {
- num = Integer.parseInt(value);
+ try {
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES));
- }
+ if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
+ "CMS_INVALID_PROPERTY",
+ CONFIG_NUM_PERMITTED_SUBTREES));
+ }
- } catch (Exception e) {
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES));
- }
- } else if(name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) {
+ "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES));
+ }
+ } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) {
try {
- num = Integer.parseInt(value);
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES));
- }
+ if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
+ "CMS_INVALID_PROPERTY",
+ CONFIG_NUM_EXCLUDED_SUBTREES));
+ }
- } catch (Exception e) {
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES));
+ }
}
super.setConfig(name, value);
}
-
public Enumeration getConfigNames() {
refreshConfigAndValueNames();
return super.getConfigNames();
}
protected void refreshConfigAndValueNames() {
- //refesh our config name list
+ // refesh our config name list
super.refreshConfigAndValueNames();
@@ -203,119 +199,112 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
}
-
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL"));
} else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL"));
} else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_PERMITTED_NAME_CHOICE"));
} else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) {
- return new Descriptor(IDescriptor.STRING, null,
+ return new Descriptor(
+ IDescriptor.STRING,
+ null,
null,
CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL"));
} else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
} else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL"));
} else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL"));
} else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_EXCLUDED_NAME_CHOICE"));
} else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL"));
} else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
} else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
- CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES"));
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_NUM_EXCLUDED_SUBTREES"));
} else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
- CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES"));
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_NUM_PERMITTED_SUBTREES"));
}
return null;
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_PERMITTED_SUBTREES)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
+ return new Descriptor(
+ IDescriptor.STRING_LIST,
+ null,
null,
CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES"));
} else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
NameConstraintsExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (NameConstraintsExtension)
- getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
+ ext = (NameConstraintsExtension) getExtension(
+ PKIXExtensions.NameConstraints_Id.toString(), info);
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
if (name.equals(VAL_CRITICAL)) {
- ext = (NameConstraintsExtension)
- getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
+ ext = (NameConstraintsExtension) getExtension(
+ PKIXExtensions.NameConstraints_Id.toString(), info);
boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null) {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
- ext = (NameConstraintsExtension)
- getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
+ ext.setCritical(val);
+ } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
+ ext = (NameConstraintsExtension) getExtension(
+ PKIXExtensions.NameConstraints_Id.toString(), info);
- if(ext == null) {
+ if (ext == null) {
return;
}
- if ((value == null) || (value.equals("null")) || (value.equals(""))) {
- CMS.debug("NameConstraintsExtDefault:setValue : " +
- "blank value for permitted subtrees ... returning");
+ if ((value == null) || (value.equals("null"))
+ || (value.equals(""))) {
+ CMS.debug("NameConstraintsExtDefault:setValue : "
+ + "blank value for permitted subtrees ... returning");
return;
}
@@ -323,44 +312,47 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
Vector permittedSubtrees = createSubtrees(locale, v);
- ext.set(NameConstraintsExtension.PERMITTED_SUBTREES,
- new GeneralSubtrees(permittedSubtrees));
+ ext.set(NameConstraintsExtension.PERMITTED_SUBTREES,
+ new GeneralSubtrees(permittedSubtrees));
} else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
- ext = (NameConstraintsExtension)
- getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
+ ext = (NameConstraintsExtension) getExtension(
+ PKIXExtensions.NameConstraints_Id.toString(), info);
- if(ext == null) {
+ if (ext == null) {
return;
}
- if ((value == null) || (value.equals("null")) || (value.equals(""))) {
- CMS.debug("NameConstraintsExtDefault:setValue : " +
- "blank value for excluded subtrees ... returning");
+ if ((value == null) || (value.equals("null"))
+ || (value.equals(""))) {
+ CMS.debug("NameConstraintsExtDefault:setValue : "
+ + "blank value for excluded subtrees ... returning");
return;
}
Vector v = parseRecords(value);
Vector excludedSubtrees = createSubtrees(locale, v);
- ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES,
- new GeneralSubtrees(excludedSubtrees));
+ ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES,
+ new GeneralSubtrees(excludedSubtrees));
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info);
+ replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext,
+ info);
} catch (IOException e) {
CMS.debug("NameConstraintsExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (EProfileException e) {
CMS.debug("NameConstraintsExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- private Vector createSubtrees(Locale locale, Vector v) throws EPropertyException {
+ private Vector createSubtrees(Locale locale, Vector v)
+ throws EPropertyException {
int size = v.size();
String choice = null;
String val = "";
@@ -385,16 +377,16 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
} else if (name1.equals(MAX_VALUE)) {
maxS = nvps.getValue(name1);
}
- }
+ }
if (choice == null || choice.length() == 0) {
throw new EPropertyException(CMS.getUserMessage(locale,
- "CMS_PROFILE_GENERAL_NAME_NOT_FOUND"));
+ "CMS_PROFILE_GENERAL_NAME_NOT_FOUND"));
}
-
+
if (val == null)
val = "";
-
+
int min = 0;
int max = -1;
@@ -409,53 +401,50 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
try {
gnI = parseGeneralName(choice + ":" + val);
} catch (IOException e) {
- CMS.debug("NameConstraintsExtDefault: createSubtress " +
- e.toString());
+ CMS.debug("NameConstraintsExtDefault: createSubtress "
+ + e.toString());
}
if (gnI != null) {
gn = new GeneralName(gnI);
} else {
throw new EPropertyException(CMS.getUserMessage(locale,
- "CMS_PROFILE_GENERAL_NAME_NOT_FOUND"));
+ "CMS_PROFILE_GENERAL_NAME_NOT_FOUND"));
}
- GeneralSubtree subtree = new GeneralSubtree(
- gn, min, max);
+ GeneralSubtree subtree = new GeneralSubtree(gn, min, max);
subtrees.addElement(subtree);
- }
+ }
return subtrees;
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
NameConstraintsExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (NameConstraintsExtension)
- getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
+ ext = (NameConstraintsExtension) getExtension(
+ PKIXExtensions.NameConstraints_Id.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (NameConstraintsExtension)
- getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
+ ext = (NameConstraintsExtension) getExtension(
+ PKIXExtensions.NameConstraints_Id.toString(), info);
if (ext == null) {
return null;
@@ -465,9 +454,9 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
- ext = (NameConstraintsExtension)
- getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
+ } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
+ ext = (NameConstraintsExtension) getExtension(
+ PKIXExtensions.NameConstraints_Id.toString(), info);
if (ext == null)
return "";
@@ -475,21 +464,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
GeneralSubtrees subtrees = null;
try {
- subtrees = (GeneralSubtrees)
- ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
+ subtrees = (GeneralSubtrees) ext
+ .get(NameConstraintsExtension.PERMITTED_SUBTREES);
} catch (IOException e) {
CMS.debug("NameConstraintExtDefault: getValue " + e.toString());
}
- if( subtrees == null ) {
- CMS.debug( "NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!" );
- throw new EPropertyException( "subtrees is null" );
+ if (subtrees == null) {
+ CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!");
+ throw new EPropertyException("subtrees is null");
}
return getSubtreesInfo(ext, subtrees);
- } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
- ext = (NameConstraintsExtension)
- getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
+ } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
+ ext = (NameConstraintsExtension) getExtension(
+ PKIXExtensions.NameConstraints_Id.toString(), info);
if (ext == null)
return "";
@@ -497,26 +486,26 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
GeneralSubtrees subtrees = null;
try {
- subtrees = (GeneralSubtrees)
- ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
+ subtrees = (GeneralSubtrees) ext
+ .get(NameConstraintsExtension.EXCLUDED_SUBTREES);
} catch (IOException e) {
CMS.debug("NameConstraintExtDefault: getValue " + e.toString());
}
- if( subtrees == null ) {
- CMS.debug( "NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!" );
- throw new EPropertyException( "subtrees is null" );
+ if (subtrees == null) {
+ CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!");
+ throw new EPropertyException("subtrees is null");
}
return getSubtreesInfo(ext, subtrees);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- private String getSubtreesInfo(NameConstraintsExtension ext,
- GeneralSubtrees subtrees) throws EPropertyException {
+ private String getSubtreesInfo(NameConstraintsExtension ext,
+ GeneralSubtrees subtrees) throws EPropertyException {
Vector trees = subtrees.getSubtrees();
int size = trees.size();
@@ -526,8 +515,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i);
GeneralName gn = tree.getGeneralName();
- String type = getGeneralNameType(gn);
- int max = tree.getMaxValue();
+ String type = getGeneralNameType(gn);
+ int max = tree.getMaxValue();
int min = tree.getMinValue();
NameValuePairs pairs = new NameValuePairs();
@@ -540,7 +529,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
recs.addElement(pairs);
}
-
+
return buildRecords(recs);
}
@@ -583,8 +572,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i));
sb.append("}");
}
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT",
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT",
getConfig(CONFIG_CRITICAL), sb.toString());
}
@@ -592,14 +581,14 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
NameConstraintsExtension ext = createExtension();
addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info);
}
public NameConstraintsExtension createExtension() {
- NameConstraintsExtension ext = null;
+ NameConstraintsExtension ext = null;
try {
int num = getNumPermitted();
@@ -637,18 +626,18 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
}
}
- ext = new NameConstraintsExtension(critical,
- new GeneralSubtrees(v), new GeneralSubtrees(v1));
+ ext = new NameConstraintsExtension(critical,
+ new GeneralSubtrees(v), new GeneralSubtrees(v1));
} catch (Exception e) {
- CMS.debug("NameConstraintsExtDefault: createExtension " +
- e.toString());
+ CMS.debug("NameConstraintsExtDefault: createExtension "
+ + e.toString());
}
return ext;
}
- private GeneralSubtree createSubtree(String choice, String value,
- String minS, String maxS) {
+ private GeneralSubtree createSubtree(String choice, String value,
+ String minS, String maxS) {
GeneralName gn = null;
GeneralNameInterface gnI = null;
@@ -660,7 +649,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
if (gnI != null)
gn = new GeneralName(gnI);
else
- //throw new EPropertyException("GeneralName must not be null");
+ // throw new EPropertyException("GeneralName must not be null");
return null;
int min = 0;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java
index 283f5083..030c8a34 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
@@ -32,13 +31,12 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
* This class implements no default policy.
- *
+ *
* @version $Revision$, $Date$
*/
-public class NoDefault implements IPolicyDefault {
+public class NoDefault implements IPolicyDefault {
public static final String PROP_NAME = "name";
@@ -54,8 +52,7 @@ public class NoDefault implements IPolicyDefault {
return null;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
}
public String getDefaultConfig(String name) {
@@ -67,7 +64,7 @@ public class NoDefault implements IPolicyDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
mConfig = config;
}
@@ -78,8 +75,7 @@ public class NoDefault implements IPolicyDefault {
/**
* Populates the request with this policy default.
*/
- public void populate(IRequest request)
- throws EProfileException {
+ public void populate(IRequest request) throws EProfileException {
}
public Enumeration getValueNames() {
@@ -90,9 +86,8 @@ public class NoDefault implements IPolicyDefault {
return null;
}
- public void setValue(String name, Locale locale, IRequest request,
- String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, IRequest request,
+ String value) throws EPropertyException {
}
public String getValue(String name, Locale locale, IRequest request) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
index 28a25a6e..1fefefa6 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.util.Locale;
import netscape.security.extensions.OCSPNoCheckExtension;
@@ -32,12 +31,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates an OCSP No Check extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates an OCSP No
+ * Check extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class OCSPNoCheckExtDefault extends EnrollExtDefault {
@@ -53,14 +50,13 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else {
return null;
@@ -69,79 +65,73 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- OCSPNoCheckExtension ext = (OCSPNoCheckExtension)
- getExtension(OCSPNoCheckExtension.OID, info);
+ OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension(
+ OCSPNoCheckExtension.OID, info);
-
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (OCSPNoCheckExtension)
- getExtension(OCSPNoCheckExtension.OID, info);
+ ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID,
+ info);
boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null) {
- return;
+ if (ext == null) {
+ return;
}
ext.setCritical(val);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- OCSPNoCheckExtension ext = (OCSPNoCheckExtension)
- getExtension(OCSPNoCheckExtension.OID, info);
+ OCSPNoCheckExtension ext = (OCSPNoCheckExtension) getExtension(
+ OCSPNoCheckExtension.OID, info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (OCSPNoCheckExtension)
- getExtension(OCSPNoCheckExtension.OID, info);
+ ext = (OCSPNoCheckExtension) getExtension(OCSPNoCheckExtension.OID,
+ info);
if (ext == null) {
return null;
@@ -152,8 +142,8 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
return "false";
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -166,20 +156,19 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
OCSPNoCheckExtension ext = createExtension();
addExtension(OCSPNoCheckExtension.OID, ext, info);
}
public OCSPNoCheckExtension createExtension() {
- OCSPNoCheckExtension ext = null;
+ OCSPNoCheckExtension ext = null;
try {
ext = new OCSPNoCheckExtension();
} catch (Exception e) {
- CMS.debug("OCSPNoCheckExtDefault: createExtension " +
- e.toString());
+ CMS.debug("OCSPNoCheckExtDefault: createExtension " + e.toString());
return null;
}
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
index 9a36f0cd..9a60063b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Locale;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a policy constraints extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a policy
+ * constraints extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class PolicyConstraintsExtDefault extends EnrollExtDefault {
@@ -64,143 +61,132 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
+ return new Descriptor(IDescriptor.INTEGER, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
} else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING"));
+ return new Descriptor(IDescriptor.INTEGER, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_INHIBIT_POLICY_MAPPING"));
}
return null;
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
+ return new Descriptor(IDescriptor.INTEGER, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
} else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_INHIBIT_POLICY_MAPPING"));
+ return new Descriptor(IDescriptor.INTEGER, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_INHIBIT_POLICY_MAPPING"));
}
return null;
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
PolicyConstraintsExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (PolicyConstraintsExtension)
- getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- info);
+ ext = (PolicyConstraintsExtension) getExtension(
+ PKIXExtensions.PolicyConstraints_Id.toString(), info);
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
if (name.equals(VAL_CRITICAL)) {
- ext = (PolicyConstraintsExtension)
- getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- info);
+ ext = (PolicyConstraintsExtension) getExtension(
+ PKIXExtensions.PolicyConstraints_Id.toString(), info);
boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null) {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
- ext = (PolicyConstraintsExtension)
- getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- info);
-
- if(ext == null) {
+ ext.setCritical(val);
+ } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
+ ext = (PolicyConstraintsExtension) getExtension(
+ PKIXExtensions.PolicyConstraints_Id.toString(), info);
+
+ if (ext == null) {
return;
- }
+ }
Integer num = new Integer(value);
ext.set(PolicyConstraintsExtension.REQUIRE, num);
- } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
- ext = (PolicyConstraintsExtension)
- getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- info);
+ } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
+ ext = (PolicyConstraintsExtension) getExtension(
+ PKIXExtensions.PolicyConstraints_Id.toString(), info);
- if(ext == null) {
+ if (ext == null) {
return;
}
Integer num = new Integer(value);
ext.set(PolicyConstraintsExtension.INHIBIT, num);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- ext, info);
+ ext, info);
} catch (EProfileException e) {
CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (IOException e) {
CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
PolicyConstraintsExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (PolicyConstraintsExtension)
- getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- info);
- if(ext == null)
- {
+ ext = (PolicyConstraintsExtension) getExtension(
+ PKIXExtensions.PolicyConstraints_Id.toString(), info);
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (PolicyConstraintsExtension)
- getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- info);
+ ext = (PolicyConstraintsExtension) getExtension(
+ PKIXExtensions.PolicyConstraints_Id.toString(), info);
if (ext == null) {
return null;
@@ -210,10 +196,9 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
- ext = (PolicyConstraintsExtension)
- getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- info);
+ } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
+ ext = (PolicyConstraintsExtension) getExtension(
+ PKIXExtensions.PolicyConstraints_Id.toString(), info);
if (ext == null)
return "";
@@ -222,9 +207,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
return "" + num;
} else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
- ext = (PolicyConstraintsExtension)
- getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- info);
+ ext = (PolicyConstraintsExtension) getExtension(
+ PKIXExtensions.PolicyConstraints_Id.toString(), info);
if (ext == null)
return "";
@@ -233,36 +217,34 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
return "" + num;
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_REQ_EXPLICIT_POLICY),
- getConfig(CONFIG_INHIBIT_POLICY_MAPPING)
- };
+ String params[] = { getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_REQ_EXPLICIT_POLICY),
+ getConfig(CONFIG_INHIBIT_POLICY_MAPPING) };
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_POLICY_CONSTRAINTS_EXT", params);
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_POLICY_CONSTRAINTS_EXT", params);
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
PolicyConstraintsExtension ext = createExtension();
if (ext == null)
return;
- addExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
- ext, info);
+ addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), ext, info);
}
public PolicyConstraintsExtension createExtension() {
- PolicyConstraintsExtension ext = null;
+ PolicyConstraintsExtension ext = null;
try {
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -281,8 +263,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
}
ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum);
} catch (Exception e) {
- CMS.debug("PolicyConstraintsExtDefault: createExtension " +
- e.toString());
+ CMS.debug("PolicyConstraintsExtDefault: createExtension "
+ + e.toString());
}
return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
index 19bfb361..533fb4a4 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -40,12 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a policy mappings extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a policy
+ * mappings extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class PolicyMappingsExtDefault extends EnrollExtDefault {
@@ -85,27 +82,26 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
refreshConfigAndValueNames();
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
int num = 0;
if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) {
- try {
- num = Integer.parseInt(value);
+ try {
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_MAPPINGS || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
+ if (num >= MAX_NUM_MAPPINGS || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
"CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS));
- }
+ }
- } catch (Exception e) {
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS));
+ }
}
super.setConfig(name, value);
}
@@ -132,27 +128,25 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
}
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.startsWith(CONFIG_ISSUER_DOMAIN_POLICY)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_DOMAIN_POLICY"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_ISSUER_DOMAIN_POLICY"));
} else if (name.startsWith(CONFIG_SUBJECT_DOMAIN_POLICY)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_DOMAIN_POLICY"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_SUBJECT_DOMAIN_POLICY"));
} else if (name.startsWith(CONFIG_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
} else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
- CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS"));
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_NUM_POLICY_MAPPINGS"));
}
return null;
@@ -160,55 +154,49 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_DOMAINS)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_DOMAINS"));
}
return null;
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
PolicyMappingsExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (PolicyMappingsExtension)
- getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
- info);
+ ext = (PolicyMappingsExtension) getExtension(
+ PKIXExtensions.PolicyMappings_Id.toString(), info);
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
if (name.equals(VAL_CRITICAL)) {
- ext = (PolicyMappingsExtension)
- getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
- info);
+ ext = (PolicyMappingsExtension) getExtension(
+ PKIXExtensions.PolicyMappings_Id.toString(), info);
boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null) {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_DOMAINS)) {
- ext = (PolicyMappingsExtension)
- getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
- info);
-
- if(ext == null) {
+ ext.setCritical(val);
+ } else if (name.equals(VAL_DOMAINS)) {
+ ext = (PolicyMappingsExtension) getExtension(
+ PKIXExtensions.PolicyMappings_Id.toString(), info);
+
+ if (ext == null) {
return;
- }
+ }
Vector v = parseRecords(value);
int size = v.size();
@@ -232,68 +220,67 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
enable = nvps.getValue(name1);
}
}
-
+
if (enable != null && enable.equals("true")) {
- if (issuerPolicyId == null ||
- issuerPolicyId.length() == 0 || subjectPolicyId == null ||
- subjectPolicyId.length() == 0)
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND"));
+ if (issuerPolicyId == null
+ || issuerPolicyId.length() == 0
+ || subjectPolicyId == null
+ || subjectPolicyId.length() == 0)
+ throw new EPropertyException(CMS.getUserMessage(
+ locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND"));
CertificatePolicyMap map = new CertificatePolicyMap(
- new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)),
- new CertificatePolicyId(new ObjectIdentifier(subjectPolicyId)));
+ new CertificatePolicyId(new ObjectIdentifier(
+ issuerPolicyId)),
+ new CertificatePolicyId(new ObjectIdentifier(
+ subjectPolicyId)));
policyMaps.addElement(map);
}
}
ext.set(PolicyMappingsExtension.MAP, policyMaps);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(),
- ext, info);
+ replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(), ext,
+ info);
} catch (EProfileException e) {
CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (IOException e) {
CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
PolicyMappingsExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (PolicyMappingsExtension)
- getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
- info);
- if(ext == null)
- {
+ ext = (PolicyMappingsExtension) getExtension(
+ PKIXExtensions.PolicyMappings_Id.toString(), info);
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (PolicyMappingsExtension)
- getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
- info);
+ ext = (PolicyMappingsExtension) getExtension(
+ PKIXExtensions.PolicyMappings_Id.toString(), info);
if (ext == null) {
return null;
@@ -303,10 +290,9 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_DOMAINS)) {
- ext = (PolicyMappingsExtension)
- getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
- info);
+ } else if (name.equals(VAL_DOMAINS)) {
+ ext = (PolicyMappingsExtension) getExtension(
+ PKIXExtensions.PolicyMappings_Id.toString(), info);
if (ext == null)
return "";
@@ -314,7 +300,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
int num_mappings = getNumMappings();
Enumeration maps = ext.getMappings();
-
+
int num = 0;
StringBuffer sb = new StringBuffer();
@@ -323,12 +309,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
for (int i = 0; i < num_mappings; i++) {
NameValuePairs pairs = new NameValuePairs();
- if (maps.hasMoreElements()) {
- CertificatePolicyMap map =
- (CertificatePolicyMap) maps.nextElement();
-
+ if (maps.hasMoreElements()) {
+ CertificatePolicyMap map = (CertificatePolicyMap) maps
+ .nextElement();
+
CertificatePolicyId i1 = map.getIssuerIdentifier();
- CertificatePolicyId s1 = map.getSubjectIdentifier();
+ CertificatePolicyId s1 = map.getSubjectIdentifier();
pairs.add(ISSUER_POLICY_ID, i1.getIdentifier().toString());
pairs.add(SUBJECT_POLICY_ID, s1.getIdentifier().toString());
@@ -337,15 +323,15 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
pairs.add(ISSUER_POLICY_ID, "");
pairs.add(SUBJECT_POLICY_ID, "");
pairs.add(POLICY_ID_ENABLE, "false");
-
+
}
recs.addElement(pairs);
- }
-
+ }
+
return buildRecords(recs);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -368,8 +354,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
sb.append(getConfig(CONFIG_ENABLE + i));
sb.append("}");
}
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT",
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT",
getConfig(CONFIG_CRITICAL), sb.toString());
}
@@ -377,24 +363,23 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
PolicyMappingsExtension ext = createExtension();
if (ext == null)
return;
- addExtension(PKIXExtensions.PolicyMappings_Id.toString(),
- ext, info);
+ addExtension(PKIXExtensions.PolicyMappings_Id.toString(), ext, info);
}
public PolicyMappingsExtension createExtension() {
- PolicyMappingsExtension ext = null;
+ PolicyMappingsExtension ext = null;
try {
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
Vector policyMaps = new Vector();
int num = getNumMappings();
- for (int i = 0; i < num; i++) {
+ for (int i = 0; i < num; i++) {
String enable = getConfig(CONFIG_ENABLE + i);
if (enable != null && enable.equals("true")) {
@@ -404,15 +389,17 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
return null;
}
- String subjectID = getConfig(CONFIG_SUBJECT_DOMAIN_POLICY + i);
+ String subjectID = getConfig(CONFIG_SUBJECT_DOMAIN_POLICY
+ + i);
if (subjectID == null || subjectID.length() == 0) {
return null;
}
CertificatePolicyMap map = new CertificatePolicyMap(
- new CertificatePolicyId(new ObjectIdentifier(issuerID)),
- new CertificatePolicyId(new ObjectIdentifier(subjectID)));
+ new CertificatePolicyId(new ObjectIdentifier(
+ issuerID)), new CertificatePolicyId(
+ new ObjectIdentifier(subjectID)));
policyMaps.addElement(map);
}
@@ -420,8 +407,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
ext = new PolicyMappingsExtension(critical, policyMaps);
} catch (Exception e) {
- CMS.debug("PolicyMappingsExtDefault: createExtension " +
- e.toString());
+ CMS.debug("PolicyMappingsExtDefault: createExtension "
+ + e.toString());
}
return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
index f1a71ff9..dd522f30 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.text.ParsePosition;
import java.text.SimpleDateFormat;
import java.util.Date;
@@ -37,12 +36,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a Private Key Usage Period extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Private
+ * Key Usage Period extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
@@ -70,125 +67,115 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(CONFIG_START_TIME)) {
- return new Descriptor(IDescriptor.STRING, null,
- "0",
- CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME"));
+ return new Descriptor(IDescriptor.STRING, null, "0",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_VALIDITY_START_TIME"));
} else if (name.equals(CONFIG_DURATION)) {
- return new Descriptor(IDescriptor.STRING, null,
- "365",
+ return new Descriptor(IDescriptor.STRING, null, "365",
CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE"));
} else {
return null;
}
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (name.equals(CONFIG_START_TIME)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
- throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
- }
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
+ throw new EPropertyException(CMS.getUserMessage(
+ "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
+ }
} else if (name.equals(CONFIG_DURATION)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
- throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_DURATION));
- }
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
+ throw new EPropertyException(CMS.getUserMessage(
+ "CMS_INVALID_PROPERTY", CONFIG_DURATION));
+ }
}
super.setConfig(name, value);
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_NOT_BEFORE)) {
- return new Descriptor(IDescriptor.STRING, null,
- "0",
+ return new Descriptor(IDescriptor.STRING, null, "0",
CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
} else if (name.equals(VAL_NOT_AFTER)) {
- return new Descriptor(IDescriptor.STRING, null,
- "30",
+ return new Descriptor(IDescriptor.STRING, null, "30",
CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
PrivateKeyUsageExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id;
- ext = (PrivateKeyUsageExtension)
- getExtension(oid.toString(), info);
+ ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info);
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
if (name.equals(VAL_CRITICAL)) {
- ext = (PrivateKeyUsageExtension)
- getExtension(oid.toString(), info);
+ ext = (PrivateKeyUsageExtension) getExtension(oid.toString(),
+ info);
boolean val = Boolean.valueOf(value).booleanValue();
- if (ext == null) {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_NOT_BEFORE)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
- ParsePosition pos = new ParsePosition(0);
+ ext.setCritical(val);
+ } else if (name.equals(VAL_NOT_BEFORE)) {
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
+ ParsePosition pos = new ParsePosition(0);
Date date = formatter.parse(value, pos);
- ext = (PrivateKeyUsageExtension)
- getExtension(oid.toString(), info);
+ ext = (PrivateKeyUsageExtension) getExtension(oid.toString(),
+ info);
- if (ext == null) {
+ if (ext == null) {
return;
}
ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date);
- } else if (name.equals(VAL_NOT_AFTER)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
- ParsePosition pos = new ParsePosition(0);
+ } else if (name.equals(VAL_NOT_AFTER)) {
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
+ ParsePosition pos = new ParsePosition(0);
Date date = formatter.parse(value, pos);
- ext = (PrivateKeyUsageExtension)
- getExtension(oid.toString(), info);
+ ext = (PrivateKeyUsageExtension) getExtension(oid.toString(),
+ info);
- if (ext == null) {
+ if (ext == null) {
return;
}
ext.set(PrivateKeyUsageExtension.NOT_AFTER, date);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(ext.getExtensionId().toString(), ext, info);
@@ -199,37 +186,33 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
PrivateKeyUsageExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
ObjectIdentifier oid = PKIXExtensions.PrivateKeyUsage_Id;
- ext = (PrivateKeyUsageExtension)
- getExtension(oid.toString(), info);
+ ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (PrivateKeyUsageExtension)
- getExtension(oid.toString(), info);
+ ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info);
if (ext == null) {
return null;
@@ -239,80 +222,74 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_NOT_BEFORE)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ } else if (name.equals(VAL_NOT_BEFORE)) {
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
- ext = (PrivateKeyUsageExtension)
- getExtension(oid.toString(), info);
+ ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info);
if (ext == null)
return "";
return formatter.format(ext.getNotBefore());
- } else if (name.equals(VAL_NOT_AFTER)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ } else if (name.equals(VAL_NOT_AFTER)) {
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
- ext = (PrivateKeyUsageExtension)
- getExtension(oid.toString(), info);
+ ext = (PrivateKeyUsageExtension) getExtension(oid.toString(), info);
if (ext == null)
return "";
return formatter.format(ext.getNotAfter());
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- String params[] = {
- getConfig(CONFIG_CRITICAL),
- getConfig(CONFIG_START_TIME),
- getConfig(CONFIG_DURATION)
- };
+ String params[] = { getConfig(CONFIG_CRITICAL),
+ getConfig(CONFIG_START_TIME), getConfig(CONFIG_DURATION) };
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_PRIVATE_KEY_EXT", params);
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_PRIVATE_KEY_EXT",
+ params);
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
PrivateKeyUsageExtension ext = createExtension();
addExtension(ext.getExtensionId().toString(), ext, info);
}
public PrivateKeyUsageExtension createExtension() {
- PrivateKeyUsageExtension ext = null;
+ PrivateKeyUsageExtension ext = null;
try {
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
- // always + 60 seconds
+ // always + 60 seconds
String startTimeStr = getConfig(CONFIG_START_TIME);
- if (startTimeStr == null || startTimeStr.equals("")) {
- startTimeStr = "60";
- }
- int startTime = Integer.parseInt(startTimeStr);
- Date notBefore = new Date(CMS.getCurrentDate().getTime() +
- (1000 * startTime));
+ if (startTimeStr == null || startTimeStr.equals("")) {
+ startTimeStr = "60";
+ }
+ int startTime = Integer.parseInt(startTimeStr);
+ Date notBefore = new Date(CMS.getCurrentDate().getTime()
+ + (1000 * startTime));
long notAfterVal = 0;
- notAfterVal = notBefore.getTime() +
- (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION)));
+ notAfterVal = notBefore.getTime()
+ + (mDefault * Integer.parseInt(getConfig(CONFIG_DURATION)));
Date notAfter = new Date(notAfterVal);
ext = new PrivateKeyUsageExtension(notBefore, notAfter);
- ext.setCritical(critical);
+ ext.setCritical(critical);
} catch (Exception e) {
- CMS.debug("PrivateKeyUsagePeriodExt: createExtension " +
- e.toString());
+ CMS.debug("PrivateKeyUsagePeriodExt: createExtension "
+ + e.toString());
}
return ext;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
index 4bca9350..0be29373 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.util.Locale;
import netscape.security.x509.AlgorithmId;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a signing algorithm
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a signing
+ * algorithm into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class SigningAlgDefault extends EnrollDefault {
@@ -47,8 +44,7 @@ public class SigningAlgDefault extends EnrollDefault {
public static final String CONFIG_ALGORITHM = "signingAlg";
public static final String VAL_ALGORITHM = "signingAlg";
- public static final String DEF_CONFIG_ALGORITHMS =
- "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA";
+ public static final String DEF_CONFIG_ALGORITHMS = "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA";
public SigningAlgDefault() {
super();
@@ -57,89 +53,83 @@ public class SigningAlgDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_ALGORITHM)) {
return new Descriptor(IDescriptor.CHOICE, DEF_CONFIG_ALGORITHMS,
- "SHA256withRSA",
- CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM"));
+ "SHA256withRSA", CMS.getUserMessage(locale,
+ "CMS_PROFILE_SIGNING_ALGORITHM"));
} else {
return null;
- }
+ }
}
- public String getSigningAlg()
- {
- String signingAlg = getConfig(CONFIG_ALGORITHM);
- // if specified, use the specified one. Otherwise, pick
- // the best selection for the user
- if (signingAlg == null || signingAlg.equals("") ||
- signingAlg.equals("-")) {
- // best pick for the user
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
- return ca.getDefaultAlgorithm();
- } else {
- return signingAlg;
- }
+ public String getSigningAlg() {
+ String signingAlg = getConfig(CONFIG_ALGORITHM);
+ // if specified, use the specified one. Otherwise, pick
+ // the best selection for the user
+ if (signingAlg == null || signingAlg.equals("")
+ || signingAlg.equals("-")) {
+ // best pick for the user
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
+ return ca.getDefaultAlgorithm();
+ } else {
+ return signingAlg;
+ }
}
- public String getDefSigningAlgorithms()
- {
- StringBuffer allowed = new StringBuffer();
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
- String algos[] = ca.getCASigningAlgorithms();
- for (int i = 0; i < algos.length; i++) {
- if (allowed.length()== 0) {
- allowed.append(algos[i]);
- } else {
- allowed.append(",");
- allowed.append(algos[i]);
+ public String getDefSigningAlgorithms() {
+ StringBuffer allowed = new StringBuffer();
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
+ String algos[] = ca.getCASigningAlgorithms();
+ for (int i = 0; i < algos.length; i++) {
+ if (allowed.length() == 0) {
+ allowed.append(algos[i]);
+ } else {
+ allowed.append(",");
+ allowed.append(algos[i]);
+ }
}
- }
- return allowed.toString();
- }
+ return allowed.toString();
+ }
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_ALGORITHM)) {
String allowed = getDefSigningAlgorithms();
- return new Descriptor(IDescriptor.CHOICE,
- allowed, null,
+ return new Descriptor(IDescriptor.CHOICE, allowed, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM"));
}
return null;
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_ALGORITHM)) {
try {
- info.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(
+ info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(
AlgorithmId.getAlgorithmId(value)));
} catch (Exception e) {
CMS.debug("SigningAlgDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null)
throw new EPropertyException("Invalid name " + name);
@@ -148,26 +138,26 @@ public class SigningAlgDefault extends EnrollDefault {
CertificateAlgorithmId algId = null;
try {
- algId = (CertificateAlgorithmId)
- info.get(X509CertInfo.ALGORITHM_ID);
- AlgorithmId id = (AlgorithmId)
- algId.get(CertificateAlgorithmId.ALGORITHM);
+ algId = (CertificateAlgorithmId) info
+ .get(X509CertInfo.ALGORITHM_ID);
+ AlgorithmId id = (AlgorithmId) algId
+ .get(CertificateAlgorithmId.ALGORITHM);
return id.toString();
} catch (Exception e) {
CMS.debug("SigningAlgDefault: getValue " + e.toString());
}
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM",
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM",
getSigningAlg());
}
@@ -175,10 +165,9 @@ public class SigningAlgDefault extends EnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
try {
- info.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(
+ info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(
AlgorithmId.getAlgorithmId(getSigningAlg())));
} catch (Exception e) {
CMS.debug("SigningAlgDefault: populate " + e.toString());
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
index 64d822e8..e652f033 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -43,12 +42,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a subject alternative name extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a subject
+ * alternative name extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class SubjectAltNameExtDefault extends EnrollExtDefault {
@@ -91,70 +88,67 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
}
if (num >= MAX_NUM_GN)
- num = DEF_NUM_GN;
+ num = DEF_NUM_GN;
return num;
}
-
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
- super.init(profile,config);
- refreshConfigAndValueNames();
+ super.init(profile, config);
+ refreshConfigAndValueNames();
// migrate old parameters to new parameters
String old_type = null;
String old_pattern = null;
IConfigStore paramConfig = config.getSubStore("params");
try {
- if (paramConfig != null) {
- old_type = paramConfig.getString(CONFIG_OLD_TYPE);
- }
+ if (paramConfig != null) {
+ old_type = paramConfig.getString(CONFIG_OLD_TYPE);
+ }
} catch (EBaseException e) {
- // nothing to do here
+ // nothing to do here
}
- CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" +
- old_type);
+ CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" + old_type);
try {
- if (paramConfig != null) {
- old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN);
- }
+ if (paramConfig != null) {
+ old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN);
+ }
} catch (EBaseException e) {
- // nothing to do here
+ // nothing to do here
}
- CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" +
- old_pattern);
- if (old_type != null && old_pattern != null) {
- CMS.debug("SubjectAltNameExtDefault: Upgrading");
- try {
- paramConfig.putString(CONFIG_NUM_GNS, "1");
- paramConfig.putString(CONFIG_GN_ENABLE + "0", "true");
- paramConfig.putString(CONFIG_TYPE + "0", old_type);
- paramConfig.putString(CONFIG_PATTERN + "0", old_pattern);
- paramConfig.remove(CONFIG_OLD_TYPE);
- paramConfig.remove(CONFIG_OLD_PATTERN);
- profile.getConfigStore().commit(true);
- } catch (Exception e) {
- CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e);
- }
+ CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern="
+ + old_pattern);
+ if (old_type != null && old_pattern != null) {
+ CMS.debug("SubjectAltNameExtDefault: Upgrading");
+ try {
+ paramConfig.putString(CONFIG_NUM_GNS, "1");
+ paramConfig.putString(CONFIG_GN_ENABLE + "0", "true");
+ paramConfig.putString(CONFIG_TYPE + "0", old_type);
+ paramConfig.putString(CONFIG_PATTERN + "0", old_pattern);
+ paramConfig.remove(CONFIG_OLD_TYPE);
+ paramConfig.remove(CONFIG_OLD_PATTERN);
+ profile.getConfigStore().commit(true);
+ } catch (Exception e) {
+ CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e);
+ }
}
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
int num = 0;
if (name.equals(CONFIG_NUM_GNS)) {
- try {
- num = Integer.parseInt(value);
+ try {
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_GN || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
+ if (num >= MAX_NUM_GN || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
"CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
- }
+ }
- } catch (Exception e) {
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
+ }
}
super.setConfig(name, value);
}
@@ -174,34 +168,31 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
int num = getNumGNs();
addConfigName(CONFIG_NUM_GNS);
for (int i = 0; i < num; i++) {
- addConfigName(CONFIG_TYPE + i);
- addConfigName(CONFIG_PATTERN + i);
- addConfigName(CONFIG_GN_ENABLE + i);
+ addConfigName(CONFIG_TYPE + i);
+ addConfigName(CONFIG_PATTERN + i);
+ addConfigName(CONFIG_GN_ENABLE + i);
}
}
-
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.startsWith(CONFIG_TYPE)) {
- return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName",
- "RFC822Name",
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE"));
+ return new Descriptor(
+ IDescriptor.CHOICE,
+ "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName",
+ "RFC822Name", CMS.getUserMessage(locale,
+ "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE"));
} else if (name.startsWith(CONFIG_PATTERN)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN"));
} else if (name.startsWith(CONFIG_GN_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE"));
} else if (name.startsWith(CONFIG_NUM_GNS)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
CMS.getUserMessage(locale, "CMS_PROFILE_NUM_GNS"));
}
@@ -210,41 +201,37 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_GENERAL_NAMES)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
SubjectAlternativeNameExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+ ext = (SubjectAlternativeNameExtension) getExtension(
+ PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
- if(ext == null) {
- populate(null,info);
- }
+ if (ext == null) {
+ populate(null, info);
+ }
if (name.equals(VAL_CRITICAL)) {
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+ ext = (SubjectAlternativeNameExtension) getExtension(
+ PKIXExtensions.SubjectAlternativeName_Id.toString(),
+ info);
if (ext == null) {
// it is ok, the extension is never populated or delted
@@ -254,9 +241,9 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
ext.setCritical(critical);
} else if (name.equals(VAL_GENERAL_NAMES)) {
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+ ext = (SubjectAlternativeNameExtension) getExtension(
+ PKIXExtensions.SubjectAlternativeName_Id.toString(),
+ info);
if (ext == null) {
// it is ok, the extension is never populated or delted
@@ -264,7 +251,9 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
}
if (value.equals("")) {
// if value is empty, do not add this extension
- deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+ deleteExtension(
+ PKIXExtensions.SubjectAlternativeName_Id.toString(),
+ info);
return;
}
GeneralNames gn = new GeneralNames();
@@ -279,64 +268,63 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
}
GeneralNameInterface n = parseGeneralName(gname);
if (n != null) {
- gn.addElement(n);
+ gn.addElement(n);
}
}
if (gn.size() == 0) {
- CMS.debug("GN size is zero");
- deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+ CMS.debug("GN size is zero");
+ deleteExtension(
+ PKIXExtensions.SubjectAlternativeName_Id.toString(),
+ info);
return;
} else {
- CMS.debug("GN size is non zero (" + gn.size() + ")");
- ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
+ CMS.debug("GN size is non zero (" + gn.size() + ")");
+ ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(
- PKIXExtensions.SubjectAlternativeName_Id.toString(),
- ext, info);
+ PKIXExtensions.SubjectAlternativeName_Id.toString(), ext,
+ info);
} catch (IOException e) {
CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (EProfileException e) {
CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
try {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- SubjectAlternativeNameExtension ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+ SubjectAlternativeNameExtension ext = (SubjectAlternativeNameExtension) getExtension(
+ PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+ ext = (SubjectAlternativeNameExtension) getExtension(
+ PKIXExtensions.SubjectAlternativeName_Id.toString(),
+ info);
if (ext == null) {
return null;
@@ -347,106 +335,108 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
return "false";
}
} else if (name.equals(VAL_GENERAL_NAMES)) {
- ext =
- (SubjectAlternativeNameExtension)
- getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+ ext = (SubjectAlternativeNameExtension) getExtension(
+ PKIXExtensions.SubjectAlternativeName_Id.toString(),
+ info);
if (ext == null) {
return null;
}
- GeneralNames names = (GeneralNames)
- ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+ GeneralNames names = (GeneralNames) ext
+ .get(SubjectAlternativeNameExtension.SUBJECT_NAME);
StringBuffer sb = new StringBuffer();
Enumeration e = names.elements();
while (e.hasMoreElements()) {
Object o = (Object) e.nextElement();
if (!(o instanceof GeneralName))
- continue;
+ continue;
GeneralName gn = (GeneralName) o;
if (!sb.toString().equals("")) {
sb.append("\r\n");
}
sb.append(toGeneralNameString(gn));
- CMS.debug("SubjectAltNameExtDefault: getValue append GN:" + toGeneralNameString(gn));
+ CMS.debug("SubjectAltNameExtDefault: getValue append GN:"
+ + toGeneralNameString(gn));
}
return sb.toString();
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} catch (IOException e) {
- CMS.debug("SubjectAltNameExtDefault: getValue " +
- e.toString());
+ CMS.debug("SubjectAltNameExtDefault: getValue " + e.toString());
}
return null;
}
/*
- * returns text that goes into description for this extension on
- * a profile
+ * returns text that goes into description for this extension on a profile
*/
public String getText(Locale locale) {
StringBuffer sb = new StringBuffer();
String numGNs = getConfig(CONFIG_NUM_GNS);
int num = getNumGNs();
- for (int i= 0; i< num; i++) {
+ for (int i = 0; i < num; i++) {
sb.append("Record #");
sb.append(i);
sb.append("{");
sb.append(GN_PATTERN + ":");
sb.append(getConfig(CONFIG_PATTERN + i));
sb.append(",");
- sb.append(GN_TYPE +":");
- sb.append(getConfig(CONFIG_TYPE +i));
+ sb.append(GN_TYPE + ":");
+ sb.append(getConfig(CONFIG_TYPE + i));
sb.append(",");
sb.append(GN_ENABLE + ":");
sb.append(getConfig(CONFIG_GN_ENABLE + i));
sb.append("}");
- };
+ }
+ ;
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString());
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT",
+ getConfig(CONFIG_CRITICAL), sb.toString());
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
SubjectAlternativeNameExtension ext = null;
try {
- /* read from config file*/
+ /* read from config file */
ext = createExtension(request);
} catch (IOException e) {
CMS.debug("SubjectAltNameExtDefault: populate " + e.toString());
}
if (ext != null) {
- addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(),
- ext, info);
+ addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(),
+ ext, info);
} else {
CMS.debug("SubjectAltNameExtDefault: populate sees no extension. get out");
}
}
public SubjectAlternativeNameExtension createExtension(IRequest request)
- throws IOException {
+ throws IOException {
SubjectAlternativeNameExtension ext = null;
int num = getNumGNs();
- boolean critical = Boolean.valueOf(
- getConfig(CONFIG_CRITICAL)).booleanValue();
+ boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL))
+ .booleanValue();
GeneralNames gn = new GeneralNames();
int count = 0; // # of actual gnames
- for (int i=0; i< num; i++) {
- String enable = getConfig(CONFIG_GN_ENABLE +i);
+ for (int i = 0; i < num; i++) {
+ String enable = getConfig(CONFIG_GN_ENABLE + i);
if (enable != null && enable.equals("true")) {
- CMS.debug("SubjectAltNameExtDefault: createExtension i=" +i);
-
+ CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i);
+
String pattern = getConfig(CONFIG_PATTERN + i);
if (pattern == null || pattern.equals("")) {
pattern = " ";
@@ -457,28 +447,31 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
// cfu - see if this is server-generated (e.g. UUID4)
// to use this feature, use $server.source$ in pattern
- String source = getConfig(CONFIG_SOURCE +i);
+ String source = getConfig(CONFIG_SOURCE + i);
String type = getConfig(CONFIG_TYPE + i);
if ((source != null) && (!source.equals(""))) {
if (type.equalsIgnoreCase("OtherName")) {
- CMS.debug("SubjectAlternativeNameExtension: using "+
- source+ " as gn");
+ CMS.debug("SubjectAlternativeNameExtension: using "
+ + source + " as gn");
if (source.equals(CONFIG_SOURCE_UUID4)) {
- UUID randUUID = UUID.randomUUID();
- // call the mapPattern that does server-side gen
- // request is not used, but needed for the substitute
- // function
- gname = mapPattern(randUUID.toString(), request, pattern);
- } else { //expand more server-gen types here
- CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "+source+". Supported: UUID4");
- continue;
+ UUID randUUID = UUID.randomUUID();
+ // call the mapPattern that does server-side gen
+ // request is not used, but needed for the
+ // substitute
+ // function
+ gname = mapPattern(randUUID.toString(),
+ request, pattern);
+ } else { // expand more server-gen types here
+ CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "
+ + source + ". Supported: UUID4");
+ continue;
}
} else {
- CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName");
- continue;
+ CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName");
+ continue;
}
} else {
- if (request != null) {
+ if (request != null) {
gname = mapPattern(request, pattern);
}
}
@@ -487,11 +480,13 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
CMS.debug("gname is empty, not added");
continue;
}
- CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" +gname);
+ CMS.debug("SubjectAltNameExtDefault: createExtension got gname="
+ + gname);
- GeneralNameInterface n = parseGeneralName(type + ":" + gname);
+ GeneralNameInterface n = parseGeneralName(type + ":"
+ + gname);
- CMS.debug("adding gname: "+gname);
+ CMS.debug("adding gname: " + gname);
if (n != null) {
CMS.debug("SubjectAlternativeNameExtension: n not null");
gn.addElement(n);
@@ -500,26 +495,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
CMS.debug("SubjectAlternativeNameExtension: n null");
}
}
- }
- } //for
+ }
+ } // for
if (count != 0) {
- try {
- ext = new SubjectAlternativeNameExtension();
- } catch (Exception e) {
- CMS.debug(e.toString());
- throw new IOException( e.toString() );
- }
- ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
- ext.setCritical(critical);
+ try {
+ ext = new SubjectAlternativeNameExtension();
+ } catch (Exception e) {
+ CMS.debug(e.toString());
+ throw new IOException(e.toString());
+ }
+ ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
+ ext.setCritical(critical);
} else {
- CMS.debug("count is 0");
- }
+ CMS.debug("count is 0");
+ }
return ext;
}
- public String mapPattern(IRequest request, String pattern)
- throws IOException {
+ public String mapPattern(IRequest request, String pattern)
+ throws IOException {
Pattern p = new Pattern(pattern);
IAttrSet attrSet = null;
if (request != null) {
@@ -529,8 +524,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
}
// for server-side generated values
- public String mapPattern(String val, IRequest request, String pattern)
- throws IOException {
+ public String mapPattern(String val, IRequest request, String pattern)
+ throws IOException {
Pattern p = new Pattern(pattern);
IAttrSet attrSet = null;
if (request != null) {
@@ -539,7 +534,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
try {
attrSet.set("source", val);
} catch (Exception e) {
- CMS.debug("SubjectAlternativeNameExtension: mapPattern source "+e.toString());
+ CMS.debug("SubjectAlternativeNameExtension: mapPattern source "
+ + e.toString());
}
return p.substitute("server", attrSet);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
index 0259fb36..aecbdc8c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
@@ -43,10 +43,9 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
/**
- * This class implements an enrollment default policy
- * that populates a subject directory attributes extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a subject
+ * directory attributes extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
@@ -71,7 +70,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
refreshConfigAndValueNames();
}
@@ -94,27 +93,25 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
return num;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
int num = 0;
if (name.equals(DEF_NUM_ATTRS)) {
- try {
- num = Integer.parseInt(value);
+ try {
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_ATTRS || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
+ if (num >= MAX_NUM_ATTRS || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
"CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS));
- }
+ }
- } catch (Exception e) {
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS));
+ }
}
super.setConfig(name, value);
}
-
public Enumeration getConfigNames() {
refreshConfigAndValueNames();
return super.getConfigNames();
@@ -136,93 +133,82 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
}
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_CRITICAL)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.startsWith(CONFIG_ATTR_NAME)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS"));
} else if (name.startsWith(CONFIG_ATTR_NAME)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME"));
} else if (name.startsWith(CONFIG_PATTERN)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE"));
} else if (name.startsWith(CONFIG_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- null,
+ return new Descriptor(IDescriptor.BOOLEAN, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
} else if (name.startsWith(CONFIG_NUM_ATTRS)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
- CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS"));
- }
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
+ CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS"));
+ }
return null;
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
- if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ if (name.equals(VAL_CRITICAL)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_ATTR)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
SubjectDirAttributesExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (SubjectDirAttributesExtension)
- getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
- info);
+ ext = (SubjectDirAttributesExtension) getExtension(
+ PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+ info);
if (name.equals(VAL_CRITICAL)) {
- ext = (SubjectDirAttributesExtension)
- getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
- info);
+ ext = (SubjectDirAttributesExtension) getExtension(
+ PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+ info);
boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null)
- {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_ATTR)) {
- ext = (SubjectDirAttributesExtension)
- getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
- info);
-
- if(ext == null)
- {
+ ext.setCritical(val);
+ } else if (name.equals(VAL_ATTR)) {
+ ext = (SubjectDirAttributesExtension) getExtension(
+ PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+ info);
+
+ if (ext == null) {
return;
}
Vector v = parseRecords(value);
int size = v.size();
-
+
boolean critical = ext.isCritical();
X500NameAttrMap map = X500NameAttrMap.getDefault();
Vector attrV = new Vector();
- for (int i=0; i < size; i++) {
+ for (int i = 0; i < size; i++) {
NameValuePairs nvps = (NameValuePairs) v.elementAt(i);
Enumeration names = nvps.getNames();
String attrName = null;
@@ -241,8 +227,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
}
if (enable.equals("true")) {
- AttributeConfig attributeConfig =
- new AttributeConfig(attrName, attrValue);
+ AttributeConfig attributeConfig = new AttributeConfig(
+ attrName, attrValue);
Attribute attr = attributeConfig.mAttribute;
if (attr != null)
attrV.addElement(attr);
@@ -256,43 +242,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
} else
return;
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
- ext, info);
+ replaceExtension(
+ PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+ ext, info);
} catch (EProfileException e) {
- CMS.debug("SubjectDirAttributesExtDefault: setValue " +
- e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ CMS.debug("SubjectDirAttributesExtDefault: setValue "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (IOException e) {
- CMS.debug("SubjectDirAttributesExtDefault: setValue " +
- e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ CMS.debug("SubjectDirAttributesExtDefault: setValue "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
SubjectDirAttributesExtension ext = null;
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- ext = (SubjectDirAttributesExtension)
- getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
- info);
+ ext = (SubjectDirAttributesExtension) getExtension(
+ PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), info);
if (name.equals(VAL_CRITICAL)) {
- ext = (SubjectDirAttributesExtension)
- getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
- info);
+ ext = (SubjectDirAttributesExtension) getExtension(
+ PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+ info);
if (ext == null) {
return null;
@@ -302,10 +287,10 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_ATTR)) {
- ext = (SubjectDirAttributesExtension)
- getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
- info);
+ } else if (name.equals(VAL_ATTR)) {
+ ext = (SubjectDirAttributesExtension) getExtension(
+ PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+ info);
if (ext == null)
return "";
@@ -315,42 +300,45 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
Vector recs = new Vector();
int num = getNumAttrs();
Enumeration e = ext.getAttributesList();
- CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList="+e);
- int i=0;
+ CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList="
+ + e);
+ int i = 0;
while (e.hasMoreElements()) {
NameValuePairs pairs = new NameValuePairs();
pairs.add(ENABLE, "true");
- Attribute attr = (Attribute)(e.nextElement());
- CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute="+attr);
+ Attribute attr = (Attribute) (e.nextElement());
+ CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute="
+ + attr);
ObjectIdentifier oid = attr.getOid();
- CMS.debug("SubjectDirAttributesExtDefault: getValue: oid="+oid);
-
+ CMS.debug("SubjectDirAttributesExtDefault: getValue: oid="
+ + oid);
+
String vv = map.getName(oid);
- if (vv != null)
+ if (vv != null)
pairs.add(ATTR_NAME, vv);
else
pairs.add(ATTR_NAME, oid.toString());
Enumeration v = attr.getValues();
-
+
// just support single value for now
StringBuffer ss = new StringBuffer();
while (v.hasMoreElements()) {
if (ss.length() == 0)
- ss.append((String)(v.nextElement()));
+ ss.append((String) (v.nextElement()));
else {
ss.append(",");
- ss.append((String)(v.nextElement()));
+ ss.append((String) (v.nextElement()));
}
}
- pairs .add(ATTR_VALUE, ss.toString());
+ pairs.add(ATTR_VALUE, ss.toString());
recs.addElement(pairs);
i++;
}
-
- for (;i < num; i++) {
+
+ for (; i < num; i++) {
NameValuePairs pairs = new NameValuePairs();
pairs.add(ENABLE, "false");
pairs.add(ATTR_NAME, "GENERATIONQUALIFIER");
@@ -360,8 +348,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
return buildRecords(recs);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -383,52 +371,50 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
sb.append(getConfig(CONFIG_ENABLE + i));
sb.append("}");
}
- return CMS.getUserMessage(locale,
- "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT",
- getConfig(CONFIG_CRITICAL),
- sb.toString());
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT",
+ getConfig(CONFIG_CRITICAL), sb.toString());
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
SubjectDirAttributesExtension ext = createExtension(request);
if (ext == null)
return;
- addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
- ext, info);
+ addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+ ext, info);
}
public SubjectDirAttributesExtension createExtension(IRequest request)
- throws EProfileException {
- SubjectDirAttributesExtension ext = null;
+ throws EProfileException {
+ SubjectDirAttributesExtension ext = null;
int num = 0;
boolean critical = getConfigBoolean(CONFIG_CRITICAL);
num = getNumAttrs();
-
+
AttributeConfig attributeConfig = null;
Vector attrs = new Vector();
for (int i = 0; i < num; i++) {
- String enable = getConfig(CONFIG_ENABLE + i);
+ String enable = getConfig(CONFIG_ENABLE + i);
if (enable != null && enable.equals("true")) {
String attrName = getConfig(CONFIG_ATTR_NAME + i);
- String pattern = getConfig(CONFIG_PATTERN + i);
+ String pattern = getConfig(CONFIG_PATTERN + i);
if (pattern == null || pattern.equals(""))
pattern = " ";
- //check pattern syntax
+ // check pattern syntax
int startpos = pattern.indexOf("$");
int lastpos = pattern.lastIndexOf("$");
String attrValue = pattern;
- if (!pattern.equals("") && startpos != -1 &&
- startpos == 0 && lastpos != -1 &&
- lastpos == (pattern.length()-1)) {
+ if (!pattern.equals("") && startpos != -1 && startpos == 0
+ && lastpos != -1 && lastpos == (pattern.length() - 1)) {
if (request != null) {
try {
attrValue = mapPattern(request, pattern);
@@ -436,7 +422,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
throw new EProfileException(e.toString());
}
}
- }
+ }
try {
attributeConfig = new AttributeConfig(attrName, attrValue);
} catch (EPropertyException e) {
@@ -453,8 +439,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
Attribute[] attrList = new Attribute[attrs.size()];
attrs.copyInto(attrList);
try {
- ext =
- new SubjectDirAttributesExtension(attrList, critical);
+ ext = new SubjectDirAttributesExtension(attrList, critical);
} catch (IOException e) {
throw new EProfileException(e.toString());
}
@@ -470,51 +455,52 @@ class AttributeConfig {
protected Attribute mAttribute = null;
public AttributeConfig(String attrName, String attrValue)
- throws EPropertyException {
+ throws EPropertyException {
X500NameAttrMap map = X500NameAttrMap.getDefault();
-
+
if (attrName == null || attrName.length() == 0) {
- throw new EPropertyException(
- CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName));
+ throw new EPropertyException(CMS.getUserMessage(
+ "CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName));
}
-
+
if (attrValue == null || attrValue.length() == 0) {
- throw new EPropertyException(
- CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue));
+ throw new EPropertyException(CMS.getUserMessage(
+ "CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue));
}
try {
mAttributeOID = new ObjectIdentifier(attrName);
} catch (Exception e) {
- CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: "+ attrName);
+ CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: "
+ + attrName);
}
if (mAttributeOID == null) {
mAttributeOID = map.getOid(attrName);
if (mAttributeOID == null)
- throw new EPropertyException(
- CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName));
+ throw new EPropertyException(CMS.getUserMessage(
+ "CMS_BASE_INVALID_ATTRIBUTE", attrName));
try {
checkValue(mAttributeOID, attrValue);
} catch (IOException e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
+ "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
}
}
-
try {
- mAttribute = new Attribute(mAttributeOID,
- str2MultiValues(attrValue));
+ mAttribute = new Attribute(mAttributeOID,
+ str2MultiValues(attrValue));
} catch (IOException e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
+ "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
}
}
- private static void checkValue(ObjectIdentifier oid, String val)
- throws IOException {
- AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid);
+ private static void checkValue(ObjectIdentifier oid, String val)
+ throws IOException {
+ AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(
+ oid);
DerValue derval;
derval = c.getValue(val); // errs encountered will get thrown.
@@ -527,7 +513,7 @@ class AttributeConfig {
while (tokenizer.hasMoreTokens()) {
v.addElement(tokenizer.nextToken());
}
-
+
return v;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
index 8a3f2afc..115d3f62 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates Subject Info Access extension.
- *
+ * This class implements an enrollment default policy that populates Subject
+ * Info Access extension.
+ *
* @version $Revision$, $Date$
*/
public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
@@ -87,29 +85,28 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
return num;
}
-
+
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
refreshConfigAndValueNames();
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
int num = 0;
if (name.equals(CONFIG_NUM_ADS)) {
- try {
- num = Integer.parseInt(value);
+ try {
+ num = Integer.parseInt(value);
- if (num >= MAX_NUM_AD || num < 0) {
- throw new EPropertyException(CMS.getUserMessage(
+ if (num >= MAX_NUM_AD || num < 0) {
+ throw new EPropertyException(CMS.getUserMessage(
"CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
- }
+ }
- } catch (Exception e) {
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
+ }
}
super.setConfig(name, value);
}
@@ -137,30 +134,27 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
}
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.startsWith(CONFIG_AD_METHOD)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD"));
} else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) {
- return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
- "URIName",
- CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE"));
+ return new Descriptor(
+ IDescriptor.CHOICE,
+ "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
+ "URIName", CMS.getUserMessage(locale,
+ "CMS_PROFILE_AD_LOCATIONTYPE"));
} else if (name.startsWith(CONFIG_AD_LOCATION)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION"));
} else if (name.startsWith(CONFIG_AD_ENABLE)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE"));
- } else if (name.startsWith(CONFIG_NUM_ADS)) {
- return new Descriptor(IDescriptor.INTEGER, null,
- "1",
+ } else if (name.startsWith(CONFIG_NUM_ADS)) {
+ return new Descriptor(IDescriptor.INTEGER, null, "1",
CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS"));
}
return null;
@@ -168,58 +162,52 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_GENERAL_NAMES)) {
- return new Descriptor(IDescriptor.STRING_LIST, null,
- null,
+ return new Descriptor(IDescriptor.STRING_LIST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
try {
SubjectInfoAccessExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
-
SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false);
ObjectIdentifier oid = a.getExtensionId();
- ext = (SubjectInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (SubjectInfoAccessExtension) getExtension(oid.toString(),
+ info);
- if(ext == null) {
- populate(null,info);
+ if (ext == null) {
+ populate(null, info);
}
-
+
if (name.equals(VAL_CRITICAL)) {
- ext = (SubjectInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (SubjectInfoAccessExtension) getExtension(oid.toString(),
+ info);
boolean val = Boolean.valueOf(value).booleanValue();
- if(ext == null)
- {
+ if (ext == null) {
return;
}
- ext.setCritical(val);
- } else if (name.equals(VAL_GENERAL_NAMES)) {
+ ext.setCritical(val);
+ } else if (name.equals(VAL_GENERAL_NAMES)) {
- ext = (SubjectInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (SubjectInfoAccessExtension) getExtension(oid.toString(),
+ info);
- if(ext == null)
- {
+ if (ext == null) {
return;
}
boolean critical = ext.isCritical();
@@ -255,73 +243,78 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
GeneralName gn = null;
if (locationType != null || location != null) {
- GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location);
+ GeneralNameInterface interface1 = parseGeneralName(locationType
+ + ":" + location);
if (interface1 == null)
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", locationType));
+ throw new EPropertyException(
+ CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY",
+ locationType));
gn = new GeneralName(interface1);
}
-
+
if (method != null) {
try {
- ext.addAccessDescription(new ObjectIdentifier(method), gn);
+ ext.addAccessDescription(new ObjectIdentifier(
+ method), gn);
} catch (NumberFormatException ee) {
- CMS.debug("SubjectInfoAccessExtDefault: "+ee.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_PROFILE_DEF_SIA_OID", method));
+ CMS.debug("SubjectInfoAccessExtDefault: "
+ + ee.toString());
+ throw new EPropertyException(
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_SIA_OID",
+ method));
}
}
}
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
replaceExtension(ext.getExtensionId().toString(), ext, info);
} catch (IOException e) {
CMS.debug("SubjectInfoAccessExtDefault: " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} catch (EProfileException e) {
CMS.debug("SubjectInfoAccessExtDefault: " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
SubjectInfoAccessExtension ext = null;
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false);
- ObjectIdentifier oid = a.getExtensionId();
+ ObjectIdentifier oid = a.getExtensionId();
- ext = (SubjectInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (SubjectInfoAccessExtension) getExtension(oid.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ CMS.debug("SubjectInfoAccessExtDefault: getValue "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext = (SubjectInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (SubjectInfoAccessExtension) getExtension(oid.toString(),
+ info);
if (ext == null) {
return null;
@@ -331,20 +324,20 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
} else {
return "false";
}
- } else if (name.equals(VAL_GENERAL_NAMES)) {
+ } else if (name.equals(VAL_GENERAL_NAMES)) {
- ext = (SubjectInfoAccessExtension)
- getExtension(oid.toString(), info);
+ ext = (SubjectInfoAccessExtension) getExtension(oid.toString(),
+ info);
if (ext == null)
return "";
int num = getNumAds();
-
+
CMS.debug("SubjectInfoAccess num=" + num);
Vector recs = new Vector();
- for (int i = 0; i < num; i++) {
+ for (int i = 0; i < num; i++) {
NameValuePairs np = new NameValuePairs();
AccessDescription des = null;
@@ -358,7 +351,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
np.add(AD_ENABLE, "false");
} else {
ObjectIdentifier methodOid = des.getMethod();
- GeneralName gn = des.getLocation();
+ GeneralName gn = des.getLocation();
np.add(AD_METHOD, methodOid.toString());
np.add(AD_LOCATION_TYPE, getGeneralNameType(gn));
@@ -370,8 +363,8 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
return buildRecords(recs);
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -397,7 +390,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
ads.append(getConfig(CONFIG_AD_ENABLE + i));
ads.append("}");
}
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT",
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT",
getConfig(CONFIG_CRITICAL), ads.toString());
}
@@ -405,14 +398,14 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
SubjectInfoAccessExtension ext = createExtension();
addExtension(ext.getExtensionId().toString(), ext, info);
}
public SubjectInfoAccessExtension createExtension() {
- SubjectInfoAccessExtension ext = null;
+ SubjectInfoAccessExtension ext = null;
int num = getNumAds();
try {
@@ -434,21 +427,22 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
String hostname = CMS.getEENonSSLHost();
String port = CMS.getEENonSSLPort();
if (hostname != null && port != null)
- location = "http://"+hostname+":"+port+"/ocsp";
+ location = "http://" + hostname + ":" + port
+ + "/ocsp";
}
}
String s = locationType + ":" + location;
GeneralNameInterface gn = parseGeneralName(s);
if (gn != null) {
- ext.addAccessDescription(new ObjectIdentifier(method),
- new GeneralName(gn));
+ ext.addAccessDescription(new ObjectIdentifier(method),
+ new GeneralName(gn));
}
}
}
} catch (Exception e) {
- CMS.debug("SubjectInfoAccessExtDefault: createExtension " +
- e.toString());
+ CMS.debug("SubjectInfoAccessExtDefault: createExtension "
+ + e.toString());
}
return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
index d8b09f5d..729d279d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
@@ -39,12 +38,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a subject key identifier extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a subject
+ * key identifier extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
@@ -61,70 +58,61 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CRITICAL)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
} else if (name.equals(VAL_KEY_ID)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_CRITICAL)) {
// read-only; do nothing
} else if (name.equals(VAL_KEY_ID)) {
// read-only; do nothing
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- SubjectKeyIdentifierExtension ext =
- (SubjectKeyIdentifierExtension) getExtension(
- PKIXExtensions.SubjectKey_Id.toString(), info);
+ SubjectKeyIdentifierExtension ext = (SubjectKeyIdentifierExtension) getExtension(
+ PKIXExtensions.SubjectKey_Id.toString(), info);
- if(ext == null)
- {
+ if (ext == null) {
try {
- populate(null,info);
+ populate(null, info);
} catch (EProfileException e) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
if (name.equals(VAL_CRITICAL)) {
- ext =
- (SubjectKeyIdentifierExtension) getExtension(
+ ext = (SubjectKeyIdentifierExtension) getExtension(
PKIXExtensions.SubjectKey_Id.toString(), info);
if (ext == null) {
@@ -136,8 +124,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
return "false";
}
} else if (name.equals(VAL_KEY_ID)) {
- ext =
- (SubjectKeyIdentifierExtension) getExtension(
+ ext = (SubjectKeyIdentifierExtension) getExtension(
PKIXExtensions.SubjectKey_Id.toString(), info);
if (ext == null) {
@@ -146,19 +133,18 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
KeyIdentifier kid = null;
try {
- kid = (KeyIdentifier)
- ext.get(SubjectKeyIdentifierExtension.KEY_ID);
+ kid = (KeyIdentifier) ext
+ .get(SubjectKeyIdentifierExtension.KEY_ID);
} catch (IOException e) {
- CMS.debug( "SubjectKeyIdentifierExtDefault::getValue() - " +
- "kid is null!" );
- throw new EPropertyException( CMS.getUserMessage( locale,
- "CMS_INVALID_PROPERTY",
- name ) );
+ CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - "
+ + "kid is null!");
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
return toHexString(kid.getIdentifier());
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -170,7 +156,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
SubjectKeyIdentifierExtension ext = createExtension(info);
addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info);
@@ -184,36 +170,38 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
return null;
}
SubjectKeyIdentifierExtension ext = null;
-
- boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue();
+
+ boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL))
+ .booleanValue();
try {
- ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier());
+ ext = new SubjectKeyIdentifierExtension(critical,
+ kid.getIdentifier());
} catch (IOException e) {
- CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " +
- e.toString());
+ CMS.debug("SubjectKeyIdentifierExtDefault: createExtension "
+ + e.toString());
//
}
return ext;
}
- public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
- try {
- CertificateX509Key infokey = (CertificateX509Key)
- info.get(X509CertInfo.KEY);
+ public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
+ try {
+ CertificateX509Key infokey = (CertificateX509Key) info
+ .get(X509CertInfo.KEY);
X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
MessageDigest md = MessageDigest.getInstance("SHA-1");
- md.update(key.getKey());
+ md.update(key.getKey());
byte[] hash = md.digest();
return new KeyIdentifier(hash);
} catch (NoSuchAlgorithmException e) {
- CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " +
- e.toString());
+ CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier "
+ + e.toString());
} catch (Exception e) {
- CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " +
- e.toString());
+ CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier "
+ + e.toString());
}
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
index 9f404e89..09da34be 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Locale;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class SubjectNameDefault extends EnrollDefault {
@@ -55,15 +52,14 @@ public class SubjectNameDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- if (name.equals(CONFIG_NAME)) {
- return new Descriptor(IDescriptor.STRING,
- null, "CN=TEST", CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ if (name.equals(CONFIG_NAME)) {
+ return new Descriptor(IDescriptor.STRING, null, "CN=TEST",
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
} else {
return null;
}
@@ -72,19 +68,17 @@ public class SubjectNameDefault extends EnrollDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_NAME)) {
return new Descriptor(IDescriptor.STRING, null, null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
X500Name x500name = null;
@@ -92,59 +86,59 @@ public class SubjectNameDefault extends EnrollDefault {
try {
x500name = new X500Name(value);
if (x500name != null) {
- CMS.debug("SubjectNameDefault: setValue x500name=" + x500name.toString());
+ CMS.debug("SubjectNameDefault: setValue x500name="
+ + x500name.toString());
}
} catch (IOException e) {
CMS.debug("SubjectNameDefault: setValue " + e.toString());
// failed to build x500 name
}
- CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString());
+ CMS.debug("SubjectNameDefault: setValue name="
+ + x500name.toString());
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(x500name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ x500name));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("SubjectNameDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
CertificateSubjectName sn = null;
try {
CMS.debug("SubjectNameDefault: getValue info=" + info);
- sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
CMS.debug("SubjectNameDefault: getValue name=" + sn);
return sn.toString();
} catch (Exception e) {
// nothing
CMS.debug("SubjectNameDefault: getValue " + e.toString());
-
+
}
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME",
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME",
getConfig(CONFIG_NAME));
}
@@ -152,13 +146,13 @@ public class SubjectNameDefault extends EnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
X500Name name = null;
String subjectName = null;
try {
- subjectName = mapPattern(request, getConfig(CONFIG_NAME));
+ subjectName = mapPattern(request, getConfig(CONFIG_NAME));
} catch (IOException e) {
CMS.debug("SubjectNameDefault: mapPattern " + e.toString());
}
@@ -176,8 +170,7 @@ public class SubjectNameDefault extends EnrollDefault {
// failed to build x500 name
}
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("SubjectNameDefault: populate " + e.toString());
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
index c834eee1..01322bc2 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.util.Locale;
import netscape.security.x509.CertificateExtensions;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a user-supplied extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * user-supplied extension into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class UserExtensionDefault extends EnrollExtDefault {
@@ -57,14 +54,13 @@ public class UserExtensionDefault extends EnrollExtDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_OID)) {
- return new Descriptor(IDescriptor.STRING, null,
- "Comment Here...",
+ return new Descriptor(IDescriptor.STRING, null, "Comment Here...",
CMS.getUserMessage(locale, "CMS_PROFILE_OID"));
} else {
return null;
@@ -73,27 +69,23 @@ public class UserExtensionDefault extends EnrollExtDefault {
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_OID)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_OID"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_OID"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
// Nothing to do for read-only values
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_OID)) {
Extension ext = getExtension(getConfig(CONFIG_OID), info);
@@ -104,35 +96,37 @@ public class UserExtensionDefault extends EnrollExtDefault {
}
return ext.getExtensionId().toString();
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_EXT", getConfig(CONFIG_OID));
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_EXT",
+ getConfig(CONFIG_OID));
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
CertificateExtensions inExts = null;
String oid = getConfig(CONFIG_OID);
- inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS);
+ inExts = request
+ .getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS);
if (inExts == null)
- return;
+ return;
Extension ext = getExtension(getConfig(CONFIG_OID), inExts);
if (ext == null) {
- CMS.debug("UserExtensionDefault: no user ext supplied for "+ oid);
- return;
+ CMS.debug("UserExtensionDefault: no user ext supplied for " + oid);
+ return;
}
// user supplied the ext that's allowed, replace the def set by system
deleteExtension(oid, info);
- CMS.debug("UserExtensionDefault: using user supplied ext for "+ oid);
+ CMS.debug("UserExtensionDefault: using user supplied ext for " + oid);
addExtension(oid, ext, info);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
index 1cff57df..34009e14 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.interfaces.DSAParams;
@@ -40,12 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a user supplied key
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a user
+ * supplied key into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class UserKeyDefault extends EnrollDefault {
@@ -62,86 +59,74 @@ public class UserKeyDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_KEY)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_KEY"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY"));
} else if (name.equals(VAL_LEN)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN"));
} else if (name.equals(VAL_TYPE)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
// this default rule is readonly
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_KEY)) {
CertificateX509Key ck = null;
try {
- ck = (CertificateX509Key)
- info.get(X509CertInfo.KEY);
+ ck = (CertificateX509Key) info.get(X509CertInfo.KEY);
} catch (Exception e) {
// nothing
}
X509Key k = null;
try {
- k = (X509Key)
- ck.get(CertificateX509Key.KEY);
+ k = (X509Key) ck.get(CertificateX509Key.KEY);
} catch (Exception e) {
// nothing
- }
+ }
if (k == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_PROFILE_KEY_NOT_FOUND"));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_KEY_NOT_FOUND"));
}
return toHexString(k.getKey());
} else if (name.equals(VAL_LEN)) {
CertificateX509Key ck = null;
try {
- ck = (CertificateX509Key)
- info.get(X509CertInfo.KEY);
+ ck = (CertificateX509Key) info.get(X509CertInfo.KEY);
} catch (Exception e) {
// nothing
}
X509Key k = null;
try {
- k = (X509Key)
- ck.get(CertificateX509Key.KEY);
+ k = (X509Key) ck.get(CertificateX509Key.KEY);
} catch (Exception e) {
// nothing
}
- if (k == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_PROFILE_KEY_NOT_FOUND"));
+ if (k == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_KEY_NOT_FOUND"));
}
try {
if (k.getAlgorithm().equals("RSA")) {
@@ -151,35 +136,33 @@ public class UserKeyDefault extends EnrollDefault {
}
} catch (Exception e) {
CMS.debug("UserKeyDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_TYPE)) {
CertificateX509Key ck = null;
try {
- ck = (CertificateX509Key)
- info.get(X509CertInfo.KEY);
+ ck = (CertificateX509Key) info.get(X509CertInfo.KEY);
} catch (Exception e) {
// nothing
}
X509Key k = null;
try {
- k = (X509Key)
- ck.get(CertificateX509Key.KEY);
+ k = (X509Key) ck.get(CertificateX509Key.KEY);
} catch (Exception e) {
// nothing
}
- if (k == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_PROFILE_KEY_NOT_FOUND"));
+ if (k == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_PROFILE_KEY_NOT_FOUND"));
}
- return k.getAlgorithm() + " - " +
- k.getAlgorithmId().getOID().toString();
+ return k.getAlgorithm() + " - "
+ + k.getAlgorithmId().getOID().toString();
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -191,8 +174,7 @@ public class UserKeyDefault extends EnrollDefault {
X509Key newkey = null;
try {
- newkey = new X509Key(AlgorithmId.get("RSA"),
- key.getKey());
+ newkey = new X509Key(AlgorithmId.get("RSA"), key.getKey());
} catch (Exception e) {
CMS.debug("UserKeyDefault: getRSAKey " + e.toString());
throw e;
@@ -217,15 +199,16 @@ public class UserKeyDefault extends EnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
CertificateX509Key certKey = null;
// authenticate the certificate key, and move
// the key from request into x509 certinfo
try {
- byte[] certKeyData = request.getExtDataInByteArray(IEnrollProfile.REQUEST_KEY);
+ byte[] certKeyData = request
+ .getExtDataInByteArray(IEnrollProfile.REQUEST_KEY);
if (certKeyData != null) {
- certKey = new CertificateX509Key(
- new ByteArrayInputStream(certKeyData));
+ certKey = new CertificateX509Key(new ByteArrayInputStream(
+ certKeyData));
}
info.set(X509CertInfo.KEY, certKey);
} catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
index 07e6c77e..8db15732 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.ByteArrayInputStream;
import java.util.Locale;
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a user-supplied signing algorithm
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * user-supplied signing algorithm into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class UserSigningAlgDefault extends EnrollDefault {
@@ -53,72 +50,70 @@ public class UserSigningAlgDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_ALG_ID)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY, null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SIGNING_ALGORITHM"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale,
+ "CMS_PROFILE_SIGNING_ALGORITHM"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
// this default rule is readonly
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_ALG_ID)) {
CertificateAlgorithmId algID = null;
try {
- algID = (CertificateAlgorithmId)
- info.get(X509CertInfo.ALGORITHM_ID);
- AlgorithmId id = (AlgorithmId)
- algID.get(CertificateAlgorithmId.ALGORITHM);
+ algID = (CertificateAlgorithmId) info
+ .get(X509CertInfo.ALGORITHM_ID);
+ AlgorithmId id = (AlgorithmId) algID
+ .get(CertificateAlgorithmId.ALGORITHM);
return id.toString();
} catch (Exception e) {
CMS.debug("UserSigningAlgDefault: setValue " + e.toString());
- return ""; //XXX
+ return ""; // XXX
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM");
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM");
}
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
CertificateAlgorithmId certAlg = null;
// authenticate the certificate key, and move
// the key from request into x509 certinfo
try {
- byte[] certAlgData = request.getExtDataInByteArray(
- IEnrollProfile.REQUEST_SIGNING_ALGORITHM);
+ byte[] certAlgData = request
+ .getExtDataInByteArray(IEnrollProfile.REQUEST_SIGNING_ALGORITHM);
if (certAlgData != null) {
- certAlg = new CertificateAlgorithmId(
- new ByteArrayInputStream(certAlgData));
+ certAlg = new CertificateAlgorithmId(new ByteArrayInputStream(
+ certAlgData));
}
info.set(X509CertInfo.ALGORITHM_ID, certAlg);
} catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
index f589b654..6017213f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.util.Locale;
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a user-supplied subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * user-supplied subject name into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class UserSubjectNameDefault extends EnrollDefault {
@@ -53,7 +50,7 @@ public class UserSubjectNameDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -66,12 +63,11 @@ public class UserSubjectNameDefault extends EnrollDefault {
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
X500Name x500name = null;
@@ -84,42 +80,40 @@ public class UserSubjectNameDefault extends EnrollDefault {
}
CMS.debug("SubjectNameDefault: setValue name=" + x500name);
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(x500name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ x500name));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("UserSubjectNameDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
CertificateSubjectName sn = null;
try {
- sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
return sn.toString();
} catch (Exception e) {
// nothing
}
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -131,12 +125,13 @@ public class UserSubjectNameDefault extends EnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
// authenticate the subject name and populate it
// to the certinfo
try {
- info.set(X509CertInfo.SUBJECT, request.getExtDataInCertSubjectName(
- IEnrollProfile.REQUEST_SUBJECT_NAME));
+ info.set(
+ X509CertInfo.SUBJECT,
+ request.getExtDataInCertSubjectName(IEnrollProfile.REQUEST_SUBJECT_NAME));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("UserSubjectNameDefault: populate " + e.toString());
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
index 2d79b192..ec7cdedd 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.ByteArrayInputStream;
import java.util.Date;
import java.util.Locale;
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a user-supplied validity
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * user-supplied validity into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class UserValidityDefault extends EnrollDefault {
@@ -55,71 +52,65 @@ public class UserValidityDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_NOT_BEFORE)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
} else if (name.equals(VAL_NOT_AFTER)) {
- return new Descriptor(IDescriptor.STRING,
- IDescriptor.READONLY,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
+ return new Descriptor(IDescriptor.STRING, IDescriptor.READONLY,
+ null, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_AFTER"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
// this default rule is readonly
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NOT_BEFORE)) {
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- Date notBefore = (Date)
- validity.get(CertificateValidity.NOT_BEFORE);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ Date notBefore = (Date) validity
+ .get(CertificateValidity.NOT_BEFORE);
return notBefore.toString();
} catch (Exception e) {
CMS.debug("UserValidityDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_NOT_AFTER)) {
try {
CertificateValidity validity = null;
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- Date notAfter = (Date)
- validity.get(CertificateValidity.NOT_AFTER);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ Date notAfter = (Date) validity
+ .get(CertificateValidity.NOT_AFTER);
return notAfter.toString();
} catch (Exception e) {
CMS.debug("UserValidityDefault: getValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
@@ -131,17 +122,16 @@ public class UserValidityDefault extends EnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
CertificateValidity certValidity = null;
// authenticate the certificate key, and move
// the key from request into x509 certinfo
try {
- byte[] certValidityData = request.getExtDataInByteArray(
- IEnrollProfile.REQUEST_VALIDITY);
+ byte[] certValidityData = request
+ .getExtDataInByteArray(IEnrollProfile.REQUEST_VALIDITY);
if (certValidityData != null) {
certValidity = new CertificateValidity();
- certValidity.decode(
- new ByteArrayInputStream(certValidityData));
+ certValidity.decode(new ByteArrayInputStream(certValidityData));
}
info.set(X509CertInfo.VALIDITY, certValidity);
} catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
index 6e9b08ab..fd046e1f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.def;
-
import java.io.IOException;
import java.text.ParsePosition;
import java.text.SimpleDateFormat;
@@ -36,12 +35,10 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements an enrollment default policy
- * that populates a server-side configurable validity
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * server-side configurable validity into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class ValidityDefault extends EnrollDefault {
@@ -64,43 +61,36 @@ public class ValidityDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (name.equals(CONFIG_RANGE)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_RANGE));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_RANGE));
+ }
} else if (name.equals(CONFIG_START_TIME)) {
- try {
- Integer.parseInt(value);
- } catch (Exception e) {
+ try {
+ Integer.parseInt(value);
+ } catch (Exception e) {
throw new EPropertyException(CMS.getUserMessage(
- "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
- }
+ "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
+ }
}
super.setConfig(name, value);
}
public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_RANGE)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- "2922",
- CMS.getUserMessage(locale,
- "CMS_PROFILE_VALIDITY_RANGE"));
+ return new Descriptor(IDescriptor.STRING, null, "2922",
+ CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_RANGE"));
} else if (name.equals(CONFIG_START_TIME)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- "60", /* 1 minute */
- CMS.getUserMessage(locale,
- "CMS_PROFILE_VALIDITY_START_TIME"));
+ return new Descriptor(IDescriptor.STRING, null, "60", /* 1 minute */
+ CMS.getUserMessage(locale, "CMS_PROFILE_VALIDITY_START_TIME"));
} else {
return null;
}
@@ -118,103 +108,95 @@ public class ValidityDefault extends EnrollDefault {
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
- if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
+ if (name == null) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
- if (value == null || value.equals("")) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ if (value == null || value.equals("")) {
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NOT_BEFORE)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
ParsePosition pos = new ParsePosition(0);
Date date = formatter.parse(value, pos);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- validity.set(CertificateValidity.NOT_BEFORE,
- date);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ validity.set(CertificateValidity.NOT_BEFORE, date);
} catch (Exception e) {
CMS.debug("ValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else if (name.equals(VAL_NOT_AFTER)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
ParsePosition pos = new ParsePosition(0);
Date date = formatter.parse(value, pos);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- validity.set(CertificateValidity.NOT_AFTER,
- date);
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ validity.set(CertificateValidity.NOT_AFTER, date);
} catch (Exception e) {
CMS.debug("ValidityDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
if (name == null)
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
if (name.equals(VAL_NOT_BEFORE)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- return formatter.format((Date)
- validity.get(CertificateValidity.NOT_BEFORE));
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ return formatter.format((Date) validity
+ .get(CertificateValidity.NOT_BEFORE));
} catch (Exception e) {
CMS.debug("ValidityDefault: getValue " + e.toString());
}
throw new EPropertyException("Invalid valie");
} else if (name.equals(VAL_NOT_AFTER)) {
- SimpleDateFormat formatter =
- new SimpleDateFormat(DATE_FORMAT);
+ SimpleDateFormat formatter = new SimpleDateFormat(DATE_FORMAT);
CertificateValidity validity = null;
try {
- validity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
- return formatter.format((Date)
- validity.get(CertificateValidity.NOT_AFTER));
+ validity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
+ return formatter.format((Date) validity
+ .get(CertificateValidity.NOT_AFTER));
} catch (Exception e) {
CMS.debug("ValidityDefault: getValue " + e.toString());
}
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY",
+ return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY",
getConfig(CONFIG_RANGE));
}
@@ -222,11 +204,11 @@ public class ValidityDefault extends EnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
// always + 60 seconds
String startTimeStr = getConfig(CONFIG_START_TIME);
try {
- startTimeStr = mapPattern(request, startTimeStr);
+ startTimeStr = mapPattern(request, startTimeStr);
} catch (IOException e) {
CMS.debug("ValidityDefault: populate " + e.toString());
}
@@ -235,31 +217,32 @@ public class ValidityDefault extends EnrollDefault {
startTimeStr = "60";
}
int startTime = Integer.parseInt(startTimeStr);
- Date notBefore = new Date(CMS.getCurrentDate().getTime() + (1000 * startTime));
+ Date notBefore = new Date(CMS.getCurrentDate().getTime()
+ + (1000 * startTime));
long notAfterVal = 0;
try {
String rangeStr = getConfig(CONFIG_RANGE);
rangeStr = mapPattern(request, rangeStr);
- notAfterVal = notBefore.getTime() +
- (mDefault * Integer.parseInt(rangeStr));
+ notAfterVal = notBefore.getTime()
+ + (mDefault * Integer.parseInt(rangeStr));
} catch (Exception e) {
// configured value is not correct
CMS.debug("ValidityDefault: populate " + e.toString());
- throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_INVALID_PROPERTY", CONFIG_RANGE));
}
Date notAfter = new Date(notAfterVal);
- CertificateValidity validity =
- new CertificateValidity(notBefore, notAfter);
+ CertificateValidity validity = new CertificateValidity(notBefore,
+ notAfter);
try {
info.set(X509CertInfo.VALIDITY, validity);
} catch (Exception e) {
// failed to insert subject name
CMS.debug("ValidityDefault: populate " + e.toString());
- throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_INVALID_PROPERTY", X509CertInfo.VALIDITY));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
index c8beca2f..4bd5ce37 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
@@ -34,22 +34,20 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class nsHKeySubjectNameDefault extends EnrollDefault {
- public static final String PROP_PARAMS = "params";
+ public static final String PROP_PARAMS = "params";
public static final String CONFIG_DNPATTERN = "dnpattern";
public static final String VAL_NAME = "name";
/* default dn pattern if left blank or not set in the config */
- protected static String DEFAULT_DNPATTERN =
- "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US";
+ protected static String DEFAULT_DNPATTERN = "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US";
protected IConfigStore mParamsConfig;
@@ -61,44 +59,41 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
- if (name.equals(CONFIG_DNPATTERN)) {
- return new Descriptor(IDescriptor.STRING,
- null, null, CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name="
+ + name);
+ if (name.equals(CONFIG_DNPATTERN)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
} else {
return null;
}
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
- CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name="+name);
+ CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name="
+ + name);
if (name.equals(VAL_NAME)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
- CMS.debug("nsHKeySubjectNameDefault: in setValue, value="+value);
+ CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value);
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
X500Name x500name = null;
@@ -111,53 +106,51 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
}
CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name);
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(x500name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ x500name));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
- CMS.debug("nsHKeySubjectNameDefault: in getValue, name="+name);
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
+ CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name);
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
CertificateSubjectName sn = null;
try {
CMS.debug("nsHKeySubjectNameDefault: getValue info=" + info);
- sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
CMS.debug("nsHKeySubjectNameDefault: getValue name=" + sn);
return sn.toString();
} catch (Exception e) {
// nothing
CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString());
-
+
}
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- CMS.debug("nsHKeySubjectNameDefault: in getText");
- return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
+ CMS.debug("nsHKeySubjectNameDefault: in getText");
+ return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
getConfig(CONFIG_DNPATTERN));
}
@@ -165,15 +158,15 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
X500Name name = null;
- CMS.debug("nsHKeySubjectNameDefault: in populate");
+ CMS.debug("nsHKeySubjectNameDefault: in populate");
try {
- String subjectName = getSubjectName(request);
- CMS.debug("subjectName=" + subjectName);
- if (subjectName == null || subjectName.equals(""))
- return;
+ String subjectName = getSubjectName(request);
+ CMS.debug("subjectName=" + subjectName);
+ if (subjectName == null || subjectName.equals(""))
+ return;
name = new X500Name(subjectName);
} catch (IOException e) {
@@ -184,32 +177,31 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
// failed to build x500 name
}
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString());
}
}
- private String getSubjectName(IRequest request)
- throws EProfileException, IOException {
+ private String getSubjectName(IRequest request) throws EProfileException,
+ IOException {
- CMS.debug("nsHKeySubjectNameDefault: in getSubjectName");
+ CMS.debug("nsHKeySubjectNameDefault: in getSubjectName");
- String pattern = getConfig(CONFIG_DNPATTERN);
- if (pattern == null || pattern.equals("")) {
- pattern = " ";
- }
-
- String sbjname = "";
+ String pattern = getConfig(CONFIG_DNPATTERN);
+ if (pattern == null || pattern.equals("")) {
+ pattern = " ";
+ }
- if (request != null) {
- CMS.debug("pattern = "+pattern);
- sbjname = mapPattern(request, pattern);
- CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done");
- }
+ String sbjname = "";
- return sbjname;
- }
+ if (request != null) {
+ CMS.debug("pattern = " + pattern);
+ sbjname = mapPattern(request, pattern);
+ CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+ }
+
+ return sbjname;
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
index 3a1d1c6e..fde2e7fb 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
@@ -42,16 +42,15 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class nsNKeySubjectNameDefault extends EnrollDefault {
- public static final String PROP_LDAP = "ldap";
- public static final String PROP_PARAMS = "params";
+ public static final String PROP_LDAP = "ldap";
+ public static final String PROP_PARAMS = "params";
public static final String CONFIG_DNPATTERN = "dnpattern";
public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes";
public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host";
@@ -64,131 +63,123 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
public static final String VAL_NAME = "name";
- public static final String CONFIG_LDAP_VERS =
- "2,3";
+ public static final String CONFIG_LDAP_VERS = "2,3";
/* default dn pattern if left blank or not set in the config */
- protected static String DEFAULT_DNPATTERN =
- "CN=$request.aoluid$, E=$request.mail$";
+ protected static String DEFAULT_DNPATTERN = "CN=$request.aoluid$, E=$request.mail$";
/* ldap configuration sub-store */
- boolean mInitialized = false;
+ boolean mInitialized = false;
protected IConfigStore mInstConfig;
protected IConfigStore mLdapConfig;
protected IConfigStore mParamsConfig;
- /* ldap base dn */
+ /* ldap base dn */
protected String mBaseDN = null;
/* factory of anonymous ldap connections */
protected ILdapConnFactory mConnFactory = null;
- /* the list of LDAP attributes with string values to retrieve to
- * form the subject dn. */
+ /*
+ * the list of LDAP attributes with string values to retrieve to form the
+ * subject dn.
+ */
protected String[] mLdapStringAttrs = null;
public nsNKeySubjectNameDefault() {
super();
addConfigName(CONFIG_DNPATTERN);
- addConfigName(CONFIG_LDAP_STRING_ATTRS);
+ addConfigName(CONFIG_LDAP_STRING_ATTRS);
addConfigName(CONFIG_LDAP_HOST);
addConfigName(CONFIG_LDAP_PORT);
addConfigName(CONFIG_LDAP_SEC_CONN);
addConfigName(CONFIG_LDAP_VER);
addConfigName(CONFIG_LDAP_BASEDN);
- addConfigName(CONFIG_LDAP_MIN_CONN);
- addConfigName(CONFIG_LDAP_MAX_CONN);
+ addConfigName(CONFIG_LDAP_MIN_CONN);
+ addConfigName(CONFIG_LDAP_MAX_CONN);
addValueName(CONFIG_DNPATTERN);
- addValueName(CONFIG_LDAP_STRING_ATTRS);
+ addValueName(CONFIG_LDAP_STRING_ATTRS);
addValueName(CONFIG_LDAP_HOST);
addValueName(CONFIG_LDAP_PORT);
addValueName(CONFIG_LDAP_SEC_CONN);
addValueName(CONFIG_LDAP_VER);
addValueName(CONFIG_LDAP_BASEDN);
- addValueName(CONFIG_LDAP_MIN_CONN);
- addValueName(CONFIG_LDAP_MAX_CONN);
+ addValueName(CONFIG_LDAP_MIN_CONN);
+ addValueName(CONFIG_LDAP_MAX_CONN);
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
- mInstConfig = config;
+ throws EProfileException {
+ mInstConfig = config;
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
- if (name.equals(CONFIG_DNPATTERN)) {
- return new Descriptor(IDescriptor.STRING,
- null, null, CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
- } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS"));
- } else if (name.equals(CONFIG_LDAP_HOST)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_HOST_NAME"));
- } else if (name.equals(CONFIG_LDAP_PORT)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_PORT_NUMBER"));
- } else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
- return new Descriptor(IDescriptor.BOOLEAN,
- null,
- "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN"));
- } else if (name.equals(CONFIG_LDAP_VER)) {
- return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS,
- "3",
- CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION"));
- } else if (name.equals(CONFIG_LDAP_BASEDN)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_BASEDN"));
- } else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MIN_CONN"));
- } else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MAX_CONN"));
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name="
+ + name);
+ if (name.equals(CONFIG_DNPATTERN)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
+ } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS"));
+ } else if (name.equals(CONFIG_LDAP_HOST)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME"));
+ } else if (name.equals(CONFIG_LDAP_PORT)) {
+ return new Descriptor(
+ IDescriptor.STRING,
+ null,
+ null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER"));
+ } else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
+ return new Descriptor(
+ IDescriptor.BOOLEAN,
+ null,
+ "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN"));
+ } else if (name.equals(CONFIG_LDAP_VER)) {
+ return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_NSNKEY_LDAP_VERSION"));
+ } else if (name.equals(CONFIG_LDAP_BASEDN)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN"));
+ } else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN"));
+ } else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN"));
} else {
return null;
}
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
- CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name="+name);
+ CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name="
+ + name);
if (name.equals(VAL_NAME)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
- CMS.debug("nsNKeySubjectNameDefault: in setValue, value="+value);
+ CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value);
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
X500Name x500name = null;
@@ -201,113 +192,113 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
}
CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name);
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(x500name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ x500name));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
- CMS.debug("nsNKeySubjectNameDefault: in getValue, name="+name);
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
+ CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name);
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
CertificateSubjectName sn = null;
try {
CMS.debug("nsNKeySubjectNameDefault: getValue info=" + info);
- sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
CMS.debug("nsNKeySubjectNameDefault: getValue name=" + sn);
return sn.toString();
} catch (Exception e) {
// nothing
CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString());
-
+
}
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- CMS.debug("nsNKeySubjectNameDefault: in getText");
- return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
+ CMS.debug("nsNKeySubjectNameDefault: in getText");
+ return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
getConfig(CONFIG_DNPATTERN));
}
- public void ldapInit()
- throws EProfileException {
- if (mInitialized == true) return;
-
- CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin");
-
- try {
- // cfu - XXX do more error handling here later
- /* initialize ldap server configuration */
- mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
- mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
- mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
- mConnFactory = CMS.getLdapAnonConnFactory();
- mConnFactory.init(mLdapConfig);
-
- /* initialize dn pattern */
- String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
-
- if (pattern == null || pattern.length() == 0)
- pattern = DEFAULT_DNPATTERN;
-
- /* initialize ldap string attribute list */
- String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
-
- if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
- StringTokenizer pAttrs =
- new StringTokenizer(ldapStringAttrs, ",", false);
-
- mLdapStringAttrs = new String[pAttrs.countTokens()];
-
- for (int i = 0; i < mLdapStringAttrs.length; i++) {
- mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
- }
- }
- CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done");
- mInitialized = true;
- } catch (Exception e) {
- CMS.debug("nsNKeySubjectNameDefault: ldapInit(): "+e.toString());
- // throw EProfileException...
- throw new EProfileException("ldap init failure: "+e.toString());
- }
- }
+ public void ldapInit() throws EProfileException {
+ if (mInitialized == true)
+ return;
+
+ CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin");
+
+ try {
+ // cfu - XXX do more error handling here later
+ /* initialize ldap server configuration */
+ mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
+ mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
+ mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
+ mConnFactory = CMS.getLdapAnonConnFactory();
+ mConnFactory.init(mLdapConfig);
+
+ /* initialize dn pattern */
+ String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
+
+ if (pattern == null || pattern.length() == 0)
+ pattern = DEFAULT_DNPATTERN;
+
+ /* initialize ldap string attribute list */
+ String ldapStringAttrs = mParamsConfig.getString(
+ CONFIG_LDAP_STRING_ATTRS, null);
+
+ if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
+ StringTokenizer pAttrs = new StringTokenizer(ldapStringAttrs,
+ ",", false);
+
+ mLdapStringAttrs = new String[pAttrs.countTokens()];
+
+ for (int i = 0; i < mLdapStringAttrs.length; i++) {
+ mLdapStringAttrs[i] = ((String) pAttrs.nextElement())
+ .trim();
+ }
+ }
+ CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done");
+ mInitialized = true;
+ } catch (Exception e) {
+ CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString());
+ // throw EProfileException...
+ throw new EProfileException("ldap init failure: " + e.toString());
+ }
+ }
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
X500Name name = null;
- CMS.debug("nsNKeySubjectNameDefault: in populate");
- ldapInit();
+ CMS.debug("nsNKeySubjectNameDefault: in populate");
+ ldapInit();
try {
- // cfu - this goes to ldap
- String subjectName = getSubjectName(request);
- CMS.debug("subjectName=" + subjectName);
- if (subjectName == null || subjectName.equals(""))
- return;
+ // cfu - this goes to ldap
+ String subjectName = getSubjectName(request);
+ CMS.debug("subjectName=" + subjectName);
+ if (subjectName == null || subjectName.equals(""))
+ return;
name = new X500Name(subjectName);
} catch (IOException e) {
@@ -318,57 +309,58 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
// failed to build x500 name
}
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
} catch (Exception e) {
// failed to insert subject name
CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString());
}
}
- private String getSubjectName(IRequest request)
- throws EProfileException, IOException {
+ private String getSubjectName(IRequest request) throws EProfileException,
+ IOException {
+
+ CMS.debug("nsNKeySubjectNameDefault: in getSubjectName");
- CMS.debug("nsNKeySubjectNameDefault: in getSubjectName");
+ String pattern = getConfig(CONFIG_DNPATTERN);
+ if (pattern == null || pattern.equals("")) {
+ pattern = " ";
+ }
- String pattern = getConfig(CONFIG_DNPATTERN);
- if (pattern == null || pattern.equals("")) {
- pattern = " ";
- }
-
- LDAPConnection conn = null;
+ LDAPConnection conn = null;
String userdn = null;
- String sbjname = "";
- // get DN from ldap to fill request
- try {
- if (mConnFactory == null) {
+ String sbjname = "";
+ // get DN from ldap to fill request
+ try {
+ if (mConnFactory == null) {
conn = null;
CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection");
throw new EProfileException("no LDAP connection");
} else {
conn = mConnFactory.getConn();
- if( conn == null ) {
- CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " +
- "no LDAP connection" );
- throw new EProfileException( "no LDAP connection" );
+ if (conn == null) {
+ CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - "
+ + "no LDAP connection");
+ throw new EProfileException("no LDAP connection");
}
CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection");
}
- if (request != null) {
- CMS.debug("pattern = "+pattern);
- sbjname = mapPattern(request, pattern);
- CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done");
- } else {
- CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " +
- "request is null!" );
- throw new EProfileException( "request is null" );
- }
- // retrieve the attributes
+ if (request != null) {
+ CMS.debug("pattern = " + pattern);
+ sbjname = mapPattern(request, pattern);
+ CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+ } else {
+ CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - "
+ + "request is null!");
+ throw new EProfileException("request is null");
+ }
+ // retrieve the attributes
// get user dn.
- CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN);
- LDAPSearchResults res = conn.search(mBaseDN,
- LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false);
+ CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = "
+ + mBaseDN);
+ LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
+ "(aoluid=" + request.getExtDataInString("aoluid") + ")",
+ null, false);
if (res.hasMoreElements()) {
LDAPEntry entry = res.next();
@@ -378,42 +370,47 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist");
throw new EProfileException("screenname does not exist");
}
- CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "+request.getExtDataInString("aoluid"));;
-
- LDAPEntry entry = null;
- CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes");
- LDAPSearchResults results =
- conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
- mLdapStringAttrs, false);
-
- if (!results.hasMoreElements()) {
- CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes");
- throw new EProfileException("no ldap attributes found");
- }
- entry = results.next();
- // set attrs into request
+ CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "
+ + request.getExtDataInString("aoluid"));
+ ;
+
+ LDAPEntry entry = null;
+ CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "
+ + mLdapStringAttrs.length + " attributes");
+ LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE,
+ "objectclass=*", mLdapStringAttrs, false);
+
+ if (!results.hasMoreElements()) {
+ CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes");
+ throw new EProfileException("no ldap attributes found");
+ }
+ entry = results.next();
+ // set attrs into request
for (int i = 0; i < mLdapStringAttrs.length; i++) {
- LDAPAttribute la =
- entry.getAttribute(mLdapStringAttrs[i]);
- if (la != null) {
- String[] sla = la.getStringValueArray();
- CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: "+sla[0]);
- request.setExtData(mLdapStringAttrs[i], sla[0]);
- }
+ LDAPAttribute la = entry.getAttribute(mLdapStringAttrs[i]);
+ if (la != null) {
+ String[] sla = la.getStringValueArray();
+ CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: "
+ + sla[0]);
+ request.setExtData(mLdapStringAttrs[i], sla[0]);
+ }
}
- CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request");
- } catch (Exception e) {
- CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): "+e.toString());
- throw new EProfileException("getSubjectName() failure: "+e.toString());
- } finally {
- try {
- if (conn != null)
- mConnFactory.returnConn(conn);
- } catch (Exception e) {
- throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure");
- }
- }
- return sbjname;
-
- }
+ CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request");
+ } catch (Exception e) {
+ CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): "
+ + e.toString());
+ throw new EProfileException("getSubjectName() failure: "
+ + e.toString());
+ } finally {
+ try {
+ if (conn != null)
+ mConnFactory.returnConn(conn);
+ } catch (Exception e) {
+ throw new EProfileException(
+ "nsNKeySubjectNameDefault: getSubjectName(): connection return failure");
+ }
+ }
+ return sbjname;
+
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
index 030470b3..a367b638 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
@@ -34,10 +34,9 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
@@ -48,8 +47,7 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
public static final String VAL_NAME = "name";
/* default dn pattern if left blank or not set in the config */
- protected static String DEFAULT_DNPATTERN =
- "Token Key Device - $request.tokencuid$";
+ protected static String DEFAULT_DNPATTERN = "Token Key Device - $request.tokencuid$";
protected IConfigStore mParamsConfig;
@@ -61,44 +59,42 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
- if (name.equals(CONFIG_DNPATTERN)) {
- return new Descriptor(IDescriptor.STRING,
- null, null, CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name="
+ + name);
+ if (name.equals(CONFIG_DNPATTERN)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
} else {
return null;
}
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name="+name);
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name="
+ + name);
if (name.equals(VAL_NAME)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value="+value);
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value="
+ + value);
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
X500Name x500name = null;
@@ -106,59 +102,63 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
try {
x500name = new X500Name(value);
} catch (IOException e) {
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString());
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue "
+ + e.toString());
// failed to build x500 name
}
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name);
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name="
+ + x500name);
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(x500name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ x500name));
} catch (Exception e) {
// failed to insert subject name
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException
- {
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name="+name);
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name="
+ + name);
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
CertificateSubjectName sn = null;
try {
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue info=" + info);
- sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue name=" + sn);
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue info="
+ + info);
+ sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue name="
+ + sn);
return sn.toString();
} catch (Exception e) {
// nothing
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString());
-
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue "
+ + e.toString());
+
}
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText");
- return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText");
+ return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
getConfig(CONFIG_DNPATTERN));
}
@@ -166,51 +166,52 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
X500Name name = null;
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate");
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate");
try {
- String subjectName = getSubjectName(request);
+ String subjectName = getSubjectName(request);
CMS.debug("subjectName=" + subjectName);
if (subjectName == null || subjectName.equals(""))
- return;
+ return;
name = new X500Name(subjectName);
} catch (IOException e) {
// failed to build x500 name
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString());
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate "
+ + e.toString());
}
if (name == null) {
// failed to build x500 name
}
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
} catch (Exception e) {
// failed to insert subject name
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString());
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate "
+ + e.toString());
}
}
- private String getSubjectName(IRequest request)
- throws EProfileException, IOException {
+ private String getSubjectName(IRequest request) throws EProfileException,
+ IOException {
+
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName");
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName");
+ String pattern = getConfig(CONFIG_DNPATTERN);
+ if (pattern == null || pattern.equals("")) {
+ pattern = " ";
+ }
- String pattern = getConfig(CONFIG_DNPATTERN);
- if (pattern == null || pattern.equals("")) {
- pattern = " ";
- }
-
- String sbjname = "";
+ String sbjname = "";
- if (request != null) {
- CMS.debug("pattern = "+pattern);
- sbjname = mapPattern(request, pattern);
- CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done");
- }
+ if (request != null) {
+ CMS.debug("pattern = " + pattern);
+ sbjname = mapPattern(request, pattern);
+ CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+ }
- return sbjname;
+ return sbjname;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
index ac98a0cb..f842952f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
@@ -42,10 +42,9 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
/**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ *
* @version $Revision$, $Date$
*/
public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
@@ -66,12 +65,10 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
public static final String VAL_NAME = "name";
- public static final String CONFIG_LDAP_VERS =
- "2,3";
+ public static final String CONFIG_LDAP_VERS = "2,3";
/* default dn pattern if left blank or not set in the config */
- protected static String DEFAULT_DNPATTERN =
- "CN=$request.uid$, E=$request.mail$";
+ protected static String DEFAULT_DNPATTERN = "CN=$request.uid$, E=$request.mail$";
/* ldap configuration sub-store */
boolean mldapInitialized = false;
@@ -86,8 +83,10 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
/* factory of anonymous ldap connections */
protected ILdapConnFactory mConnFactory = null;
- /* the list of LDAP attributes with string values to retrieve to
- * form the subject dn. */
+ /*
+ * the list of LDAP attributes with string values to retrieve to form the
+ * subject dn.
+ */
protected String[] mLdapStringAttrs = null;
public nsTokenUserKeySubjectNameDefault() {
@@ -118,94 +117,83 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
}
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
mInstConfig = config;
super.init(profile, config);
}
- public IDescriptor getConfigDescriptor(Locale locale, String name) {
- CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
- if (name.equals(CONFIG_DNPATTERN)) {
- return new Descriptor(IDescriptor.STRING,
- null, null, CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
+ public IDescriptor getConfigDescriptor(Locale locale, String name) {
+ CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name="
+ + name);
+ if (name.equals(CONFIG_DNPATTERN)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
} else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS"));
} else if (name.equals(CONFIG_LDAP_ENABLE)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_ENABLE"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_ENABLE"));
} else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME"));
} else if (name.equals(CONFIG_LDAP_HOST)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME"));
} else if (name.equals(CONFIG_LDAP_PORT)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER"));
} else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
- return new Descriptor(IDescriptor.BOOLEAN,
- null,
- "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN"));
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN"));
} else if (name.equals(CONFIG_LDAP_VER)) {
- return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS,
- "3",
- CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION"));
+ return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS, "3",
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_VERSION"));
} else if (name.equals(CONFIG_LDAP_BASEDN)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_BASEDN"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_BASEDN"));
} else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN"));
} else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN"));
} else {
return null;
}
}
public IDescriptor getValueDescriptor(Locale locale, String name) {
- CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name="+name);
+ CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name="
+ + name);
if (name.equals(VAL_NAME)) {
- return new Descriptor(IDescriptor.STRING,
- null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_SUBJECT_NAME"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
} else {
return null;
}
}
- public void setValue(String name, Locale locale,
- X509CertInfo info, String value)
- throws EPropertyException {
+ public void setValue(String name, Locale locale, X509CertInfo info,
+ String value) throws EPropertyException {
- CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value="+value);
+ CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value="
+ + value);
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
X500Name x500name = null;
@@ -213,117 +201,123 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
try {
x500name = new X500Name(value);
} catch (IOException e) {
- CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString());
+ CMS.debug("nsTokenUserKeySubjectNameDefault: setValue "
+ + e.toString());
// failed to build x500 name
}
- CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name);
+ CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name="
+ + x500name);
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(x500name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ x500name));
} catch (Exception e) {
// failed to insert subject name
- CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString());
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ CMS.debug("nsTokenUserKeySubjectNameDefault: setValue "
+ + e.toString());
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
- public String getValue(String name, Locale locale,
- X509CertInfo info)
- throws EPropertyException {
- CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name="+name);
+ public String getValue(String name, Locale locale, X509CertInfo info)
+ throws EPropertyException {
+ CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name);
if (name == null) {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
if (name.equals(VAL_NAME)) {
CertificateSubjectName sn = null;
try {
- CMS.debug("nsTokenUserKeySubjectNameDefault: getValue info=" + info);
- sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
- CMS.debug("nsTokenUserKeySubjectNameDefault: getValue name=" + sn);
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getValue info="
+ + info);
+ sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getValue name="
+ + sn);
return sn.toString();
} catch (Exception e) {
// nothing
- CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString());
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getValue "
+ + e.toString());
}
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
} else {
- throw new EPropertyException(CMS.getUserMessage(
- locale, "CMS_INVALID_PROPERTY", name));
+ throw new EPropertyException(CMS.getUserMessage(locale,
+ "CMS_INVALID_PROPERTY", name));
}
}
public String getText(Locale locale) {
CMS.debug("nsTokenUserKeySubjectNameDefault: in getText");
- return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
+ return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
getConfig(CONFIG_DNPATTERN));
}
- public void ldapInit()
- throws EProfileException {
- if (mldapInitialized == true) return;
+ public void ldapInit() throws EProfileException {
+ if (mldapInitialized == true)
+ return;
CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin");
try {
- // cfu - XXX do more error handling here later
- /* initialize ldap server configuration */
- mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
- mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
- mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE,
- false);
- if (mldapEnabled == false)
- return;
+ // cfu - XXX do more error handling here later
+ /* initialize ldap server configuration */
+ mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
+ mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
+ mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE, false);
+ if (mldapEnabled == false)
+ return;
- mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
- mConnFactory = CMS.getLdapAnonConnFactory();
- mConnFactory.init(mLdapConfig);
+ mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
+ mConnFactory = CMS.getLdapAnonConnFactory();
+ mConnFactory.init(mLdapConfig);
- /* initialize dn pattern */
- String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
+ /* initialize dn pattern */
+ String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
- if (pattern == null || pattern.length() == 0)
- pattern = DEFAULT_DNPATTERN;
+ if (pattern == null || pattern.length() == 0)
+ pattern = DEFAULT_DNPATTERN;
- /* initialize ldap string attribute list */
- String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
+ /* initialize ldap string attribute list */
+ String ldapStringAttrs = mParamsConfig.getString(
+ CONFIG_LDAP_STRING_ATTRS, null);
- if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
- StringTokenizer pAttrs =
- new StringTokenizer(ldapStringAttrs, ",", false);
+ if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
+ StringTokenizer pAttrs = new StringTokenizer(ldapStringAttrs,
+ ",", false);
- mLdapStringAttrs = new String[pAttrs.countTokens()];
+ mLdapStringAttrs = new String[pAttrs.countTokens()];
- for (int i = 0; i < mLdapStringAttrs.length; i++) {
- mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
+ for (int i = 0; i < mLdapStringAttrs.length; i++) {
+ mLdapStringAttrs[i] = ((String) pAttrs.nextElement())
+ .trim();
+ }
}
- }
- CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done");
- mldapInitialized = true;
+ CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done");
+ mldapInitialized = true;
} catch (Exception e) {
- CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): "+e.toString());
- // throw EProfileException...
- throw new EProfileException("ldap init failure: "+e.toString());
+ CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): "
+ + e.toString());
+ // throw EProfileException...
+ throw new EProfileException("ldap init failure: " + e.toString());
}
- }
+ }
/**
* Populates the request with this policy default.
*/
public void populate(IRequest request, X509CertInfo info)
- throws EProfileException {
+ throws EProfileException {
X500Name name = null;
CMS.debug("nsTokenUserKeySubjectNameDefault: in populate");
-ldapInit();
+ ldapInit();
try {
// cfu - this goes to ldap
String subjectName = getSubjectName(request);
@@ -334,22 +328,23 @@ ldapInit();
name = new X500Name(subjectName);
} catch (IOException e) {
// failed to build x500 name
- CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString());
+ CMS.debug("nsTokenUserKeySubjectNameDefault: populate "
+ + e.toString());
}
if (name == null) {
// failed to build x500 name
}
try {
- info.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(name));
+ info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(name));
} catch (Exception e) {
// failed to insert subject name
- CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString());
+ CMS.debug("nsTokenUserKeySubjectNameDefault: populate "
+ + e.toString());
}
}
- private String getSubjectName(IRequest request)
- throws EProfileException, IOException {
+ private String getSubjectName(IRequest request) throws EProfileException,
+ IOException {
CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName");
@@ -360,10 +355,10 @@ ldapInit();
String sbjname = "";
if (mldapInitialized == false) {
- if (request != null) {
- CMS.debug("pattern = "+pattern);
- sbjname = mapPattern(request, pattern);
- CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+ if (request != null) {
+ CMS.debug("pattern = " + pattern);
+ sbjname = mapPattern(request, pattern);
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
}
return sbjname;
}
@@ -384,34 +379,38 @@ ldapInit();
throw new EProfileException("no LDAP connection");
} else {
conn = mConnFactory.getConn();
- if( conn == null ) {
- CMS.debug( "nsTokenUserKeySubjectNameDefault::getSubjectName() - " +
- "no LDAP connection" );
- throw new EProfileException( "no LDAP connection" );
+ if (conn == null) {
+ CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - "
+ + "no LDAP connection");
+ throw new EProfileException("no LDAP connection");
}
CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection");
}
// retrieve the attributes
// get user dn.
- CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN);
- LDAPSearchResults res = conn.search(mBaseDN,
- LDAPv2.SCOPE_SUB, "("+ searchName + "=" + request.getExtDataInString("uid") + ")", null, false);
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = "
+ + mBaseDN);
+ LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, "("
+ + searchName + "=" + request.getExtDataInString("uid")
+ + ")", null, false);
if (res.hasMoreElements()) {
LDAPEntry entry = res.next();
userdn = entry.getDN();
} else {// put into property file later - cfu
- CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+ searchName + " does not exist");
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "
+ + searchName + " does not exist");
throw new EProfileException("id does not exist");
}
- CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "+searchName + " = "+request.getExtDataInString("uid"));
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "
+ + searchName + " = " + request.getExtDataInString("uid"));
LDAPEntry entry = null;
- CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes");
- LDAPSearchResults results =
- conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
- mLdapStringAttrs, false);
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "
+ + mLdapStringAttrs.length + " attributes");
+ LDAPSearchResults results = conn.search(userdn, LDAPv2.SCOPE_BASE,
+ "objectclass=*", mLdapStringAttrs, false);
if (!results.hasMoreElements()) {
CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes");
@@ -420,29 +419,34 @@ ldapInit();
entry = results.next();
// set attrs into request
for (int i = 0; i < mLdapStringAttrs.length; i++) {
- LDAPAttribute la =
- entry.getAttribute(mLdapStringAttrs[i]);
- if (la != null) {
- String[] sla = la.getStringValueArray();
- CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "+mLdapStringAttrs[i]+
- "=" + escapeValueRfc1779(sla[0], false).toString());
- request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString());
- }
+ LDAPAttribute la = entry.getAttribute(mLdapStringAttrs[i]);
+ if (la != null) {
+ String[] sla = la.getStringValueArray();
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "
+ + mLdapStringAttrs[i]
+ + "="
+ + escapeValueRfc1779(sla[0], false).toString());
+ request.setExtData(mLdapStringAttrs[i],
+ escapeValueRfc1779(sla[0], false).toString());
+ }
}
- CMS.debug("pattern = "+pattern);
- sbjname = mapPattern(request, pattern);
- CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+ CMS.debug("pattern = " + pattern);
+ sbjname = mapPattern(request, pattern);
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request");
} catch (Exception e) {
- CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+e.toString());
- throw new EProfileException("getSubjectName() failure: "+e.toString());
+ CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "
+ + e.toString());
+ throw new EProfileException("getSubjectName() failure: "
+ + e.toString());
} finally {
try {
if (conn != null)
mConnFactory.returnConn(conn);
- } catch (Exception e) {
- throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure");
+ } catch (Exception e) {
+ throw new EProfileException(
+ "nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure");
}
}
return sbjname;
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
index d067f1e6..88255c3e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Locale;
import netscape.security.x509.X509CertInfo;
@@ -35,23 +34,19 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the certificate request input.
- * This input populates 2 main fields to the enrollment page:
- * 1/ Certificate Request Type, 2/ Certificate Request
+ * This class implements the certificate request input. This input populates 2
+ * main fields to the enrollment page: 1/ Certificate Request Type, 2/
+ * Certificate Request
* <p>
*
- * This input usually is used by an enrollment profile for
- * certificate requests.
- *
+ * This input usually is used by an enrollment profile for certificate requests.
+ *
* @version $Revision$, $Date$
*/
-public class CMCCertReqInput extends EnrollInput implements IProfileInput {
- public static final String VAL_CERT_REQUEST_TYPE =
- EnrollProfile.CTX_CERT_REQUEST_TYPE;
- public static final String VAL_CERT_REQUEST =
- EnrollProfile.CTX_CERT_REQUEST;
+public class CMCCertReqInput extends EnrollInput implements IProfileInput {
+ public static final String VAL_CERT_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE;
+ public static final String VAL_CERT_REQUEST = EnrollProfile.CTX_CERT_REQUEST;
public EnrollProfile mEnrollProfile = null;
@@ -63,7 +58,7 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
mEnrollProfile = (EnrollProfile) profile;
@@ -87,39 +82,38 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
String cert_request = ctx.get(VAL_CERT_REQUEST);
- X509CertInfo info =
- request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ X509CertInfo info = request
+ .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
- TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
+ TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request),
+ cert_request);
if (msgs == null) {
- return;
+ return;
}
// This profile only handle the first request in CRMF
- Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+ Integer seqNum = request
+ .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
if (seqNum == null) {
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
}
- mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
+ mEnrollProfile.fillTaggedRequest(getLocale(request),
+ msgs[seqNum.intValue()], info, request);
request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CERT_REQUEST)) {
- return new Descriptor(IDescriptor.CERT_REQUEST, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_INPUT_CERT_REQ"));
- }
+ return new Descriptor(IDescriptor.CERT_REQUEST, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ"));
+ }
return null;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
index 12a4f549..241d6c01 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Locale;
import netscape.security.pkcs.PKCS10;
@@ -38,23 +37,19 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the certificate request input.
- * This input populates 2 main fields to the enrollment page:
- * 1/ Certificate Request Type, 2/ Certificate Request
+ * This class implements the certificate request input. This input populates 2
+ * main fields to the enrollment page: 1/ Certificate Request Type, 2/
+ * Certificate Request
* <p>
*
- * This input usually is used by an enrollment profile for
- * certificate requests.
- *
+ * This input usually is used by an enrollment profile for certificate requests.
+ *
* @version $Revision$, $Date$
*/
-public class CertReqInput extends EnrollInput implements IProfileInput {
- public static final String VAL_CERT_REQUEST_TYPE =
- EnrollProfile.CTX_CERT_REQUEST_TYPE;
- public static final String VAL_CERT_REQUEST =
- EnrollProfile.CTX_CERT_REQUEST;
+public class CertReqInput extends EnrollInput implements IProfileInput {
+ public static final String VAL_CERT_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE;
+ public static final String VAL_CERT_REQUEST = EnrollProfile.CTX_CERT_REQUEST;
public EnrollProfile mEnrollProfile = null;
@@ -67,7 +62,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
mEnrollProfile = (EnrollProfile) profile;
@@ -91,97 +86,97 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE);
String cert_request = ctx.get(VAL_CERT_REQUEST);
- X509CertInfo info =
- request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ X509CertInfo info = request
+ .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
if (cert_request_type == null) {
- CMS.debug("CertReqInput: populate - invalid cert request type " +
- "");
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
- ""));
+ CMS.debug("CertReqInput: populate - invalid cert request type "
+ + "");
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", ""));
}
if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) {
- PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), cert_request);
+ PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request),
+ cert_request);
if (pkcs10 == null) {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
}
- mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
+ mEnrollProfile
+ .fillPKCS10(getLocale(request), pkcs10, info, request);
} else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
- DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request);
+ DerInputStream keygen = mEnrollProfile.parseKeyGen(
+ getLocale(request), cert_request);
if (keygen == null) {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
}
- mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
+ mEnrollProfile
+ .fillKeyGen(getLocale(request), keygen, info, request);
} else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
- CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), cert_request);
+ CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request),
+ cert_request);
if (msgs == null) {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
}
for (int x = 0; x < msgs.length; x++) {
verifyPOP(getLocale(request), msgs[x]);
}
// This profile only handle the first request in CRMF
- Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+ Integer seqNum = request
+ .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
- mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request
- );
+ mEnrollProfile.fillCertReqMsg(getLocale(request),
+ msgs[seqNum.intValue()], info, request);
} else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
- TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
+ TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request),
+ cert_request);
if (msgs == null) {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
}
// This profile only handle the first request in CRMF
- Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
- if (seqNum == null) {
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
+ Integer seqNum = request
+ .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+ if (seqNum == null) {
+ throw new EProfileException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
}
- mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
+ mEnrollProfile.fillTaggedRequest(getLocale(request),
+ msgs[seqNum.intValue()], info, request);
} else {
// error
- CMS.debug("CertReqInput: populate - invalid cert request type " +
- cert_request_type);
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
- cert_request_type));
+ CMS.debug("CertReqInput: populate - invalid cert request type "
+ + cert_request_type);
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", cert_request_type));
}
request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_CERT_REQUEST_TYPE)) {
- return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null,
- null,
+ return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null, null,
CMS.getUserMessage(locale,
- "CMS_PROFILE_INPUT_CERT_REQ_TYPE"));
+ "CMS_PROFILE_INPUT_CERT_REQ_TYPE"));
} else if (name.equals(VAL_CERT_REQUEST)) {
- return new Descriptor(IDescriptor.CERT_REQUEST, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_INPUT_CERT_REQ"));
+ return new Descriptor(IDescriptor.CERT_REQUEST, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_CERT_REQ"));
}
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
index b887807c..227dbc79 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Locale;
import netscape.security.pkcs.PKCS10;
@@ -37,26 +36,21 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the dual key generation input.
- * This input populates parameters to the enrollment
- * pages so that a CRMF request containing 2 certificate
- * requests will be generated.
+ * This class implements the dual key generation input. This input populates
+ * parameters to the enrollment pages so that a CRMF request containing 2
+ * certificate requests will be generated.
* <p>
- *
- * This input can only be used with Netscape 7.x or later
- * clients.
+ *
+ * This input can only be used with Netscape 7.x or later clients.
* <p>
- *
+ *
* @version $Revision$, $Date$
*/
-public class DualKeyGenInput extends EnrollInput implements IProfileInput {
+public class DualKeyGenInput extends EnrollInput implements IProfileInput {
- public static final String VAL_KEYGEN_REQUEST_TYPE =
- EnrollProfile.CTX_CERT_REQUEST_TYPE;
- public static final String VAL_KEYGEN_REQUEST =
- EnrollProfile.CTX_CERT_REQUEST;
+ public static final String VAL_KEYGEN_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE;
+ public static final String VAL_KEYGEN_REQUEST = EnrollProfile.CTX_CERT_REQUEST;
public EnrollProfile mEnrollProfile = null;
@@ -69,7 +63,7 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
mEnrollProfile = (EnrollProfile) profile;
}
@@ -92,73 +86,73 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
- X509CertInfo info =
- request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ X509CertInfo info = request
+ .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
if (keygen_request_type == null) {
- CMS.debug("DualKeyGenInput: populate - invalid cert request type " +
- "");
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
- ""));
+ CMS.debug("DualKeyGenInput: populate - invalid cert request type "
+ + "");
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", ""));
}
if (keygen_request_type.startsWith("pkcs10")) {
- PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
+ PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request),
+ keygen_request);
- mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
+ mEnrollProfile
+ .fillPKCS10(getLocale(request), pkcs10, info, request);
} else if (keygen_request_type.startsWith("keygen")) {
- DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
+ DerInputStream keygen = mEnrollProfile.parseKeyGen(
+ getLocale(request), keygen_request);
- mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
+ mEnrollProfile
+ .fillKeyGen(getLocale(request), keygen, info, request);
} else if (keygen_request_type.startsWith("crmf")) {
- CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
+ CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request),
+ keygen_request);
if (msgs == null) {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
}
for (int x = 0; x < msgs.length; x++) {
verifyPOP(getLocale(request), msgs[x]);
}
// This profile only handle the first request in CRMF
- Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+ Integer seqNum = request
+ .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
- if (seqNum == null) {
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
+ if (seqNum == null) {
+ throw new EProfileException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
}
- mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
+ mEnrollProfile.fillCertReqMsg(getLocale(request),
+ msgs[seqNum.intValue()], info, request);
} else {
// error
- CMS.debug("DualKeyGenInput: populate - " +
- "invalid cert request type " + keygen_request_type);
- throw new EProfileException(CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
- keygen_request_type));
+ CMS.debug("DualKeyGenInput: populate - "
+ + "invalid cert request type " + keygen_request_type);
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", keygen_request_type));
}
request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST_TYPE, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
+ null, CMS.getUserMessage(locale,
+ "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
} else if (name.equals(VAL_KEYGEN_REQUEST)) {
- return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST, null,
- null,
+ return new Descriptor(IDescriptor.DUAL_KEYGEN_REQUEST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ"));
}
return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
index 1eaf476b..71b7a97c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
@@ -41,16 +40,14 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
* This class implements the base enrollment input.
- *
+ *
* @version $Revision$, $Date$
*/
-public abstract class EnrollInput implements IProfileInput {
+public abstract class EnrollInput implements IProfileInput {
- private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
- "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+ private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
protected IConfigStore mConfig = null;
protected Vector mValueNames = new Vector();
@@ -58,12 +55,12 @@ public abstract class EnrollInput implements IProfileInput {
protected IProfile mProfile = null;
protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
-
+
/**
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
mConfig = config;
mProfile = profile;
}
@@ -74,17 +71,17 @@ public abstract class EnrollInput implements IProfileInput {
/**
* Populates the request with this policy default.
- *
+ *
* @param ctx profile context
* @param request request
* @exception EProfileException failed to populate
*/
public abstract void populate(IProfileContext ctx, IRequest request)
- throws EProfileException;
+ throws EProfileException;
/**
* Retrieves the localizable name of this policy.
- *
+ *
* @param locale user locale
* @return localized input name
*/
@@ -92,23 +89,21 @@ public abstract class EnrollInput implements IProfileInput {
/**
* Retrieves the localizable description of this policy.
- *
+ *
* @param locale user locale
* @return localized input description
*/
public abstract String getText(Locale locale);
/**
- * Retrieves the descriptor of the given value
- * property by name.
- *
+ * Retrieves the descriptor of the given value property by name.
+ *
* @param locale user locale
* @param name property name
* @return descriptor of the property
*/
public abstract IDescriptor getValueDescriptor(Locale locale, String name);
-
public void addValueName(String name) {
mValueNames.addElement(name);
}
@@ -128,8 +123,7 @@ public abstract class EnrollInput implements IProfileInput {
return mConfigNames.elements();
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (mConfig.getSubStore("params") == null) {
//
} else {
@@ -141,7 +135,7 @@ public abstract class EnrollInput implements IProfileInput {
try {
if (mConfig == null) {
return null;
- }
+ }
if (mConfig.getSubStore("params") != null) {
return mConfig.getSubStore("params").getString(name);
}
@@ -155,7 +149,7 @@ public abstract class EnrollInput implements IProfileInput {
}
public String getValue(String name, Locale locale, IRequest request)
- throws EProfileException {
+ throws EProfileException {
return request.getExtDataInString(name);
}
@@ -163,14 +157,14 @@ public abstract class EnrollInput implements IProfileInput {
* Sets the value of the given value parameter by name.
*/
public void setValue(String name, Locale locale, IRequest request,
- String value) throws EPropertyException {
+ String value) throws EPropertyException {
request.setExtData(name, value);
}
public Locale getLocale(IRequest request) {
Locale locale = null;
- String language = request.getExtDataInString(
- EnrollProfile.REQUEST_LOCALE);
+ String language = request
+ .getExtDataInString(EnrollProfile.REQUEST_LOCALE);
if (language != null) {
locale = new Locale(language);
}
@@ -181,16 +175,16 @@ public abstract class EnrollInput implements IProfileInput {
return null;
}
- public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
- throws EProfileException {
- CMS.debug("EnrollInput ::in verifyPOP");
+ public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
+ throws EProfileException {
+ CMS.debug("EnrollInput ::in verifyPOP");
String auditMessage = null;
String auditSubjectID = auditSubjectID();
- if (!certReqMsg.hasPop()) {
+ if (!certReqMsg.hasPop()) {
CMS.debug("CertReqMsg has not POP, return");
- return;
+ return;
}
ProofOfPossession pop = certReqMsg.getPop();
ProofOfPossession.Type popType = pop.getType();
@@ -202,54 +196,53 @@ public abstract class EnrollInput implements IProfileInput {
try {
if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) {
- CMS.debug("skipPOPVerify on, return");
- return;
+ CMS.debug("skipPOPVerify on, return");
+ return;
}
CMS.debug("POP verification begins:");
CryptoManager cm = CryptoManager.getInstance();
CryptoToken verifyToken = null;
- String tokenName = CMS.getConfigStore().getString("ca.requestVerify.token", "internal");
+ String tokenName = CMS.getConfigStore().getString(
+ "ca.requestVerify.token", "internal");
if (tokenName.equals("internal")) {
CMS.debug("POP verification using internal token");
certReqMsg.verify();
} else {
- CMS.debug("POP verification using token:"+ tokenName);
+ CMS.debug("POP verification using token:" + tokenName);
verifyToken = cm.getTokenByName(tokenName);
certReqMsg.verify(verifyToken);
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.SUCCESS );
- audit( auditMessage );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID,
+ ILogger.SUCCESS);
+ audit(auditMessage);
} catch (Exception e) {
- CMS.debug("Failed POP verify! "+e.toString());
+ CMS.debug("Failed POP verify! " + e.toString());
CMS.debug(e);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
- throw new EProfileException(CMS.getUserMessage(locale,
- "CMS_POP_VERIFICATION_ERROR"));
+ throw new EProfileException(CMS.getUserMessage(locale,
+ "CMS_POP_VERIFICATION_ERROR"));
}
}
/**
* Signed Audit Log
- *
- * This method is inherited by all extended "CMSServlet"s,
- * and is called to store messages to the signed audit log.
+ *
+ * This method is inherited by all extended "CMSServlet"s, and is called to
+ * store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -260,21 +253,17 @@ public abstract class EnrollInput implements IProfileInput {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is inherited by all extended "CMSServlet"s,
- * and is called to obtain the "SubjectID" for
- * a signed audit log message.
+ *
+ * This method is inherited by all extended "CMSServlet"s, and is called to
+ * obtain the "SubjectID" for a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -289,8 +278,7 @@ public abstract class EnrollInput implements IProfileInput {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String)
- auditContext.get(SessionContext.USER_ID);
+ subjectID = (String) auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
index 70ede1e2..fd1c56a1 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.io.BufferedInputStream;
import java.net.URL;
import java.net.URLConnection;
@@ -34,15 +33,13 @@ import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements the image
- * input that collects a picture.
+ * This class implements the image input that collects a picture.
* <p>
- *
+ *
* @version $Revision$, $Date$
*/
-public class FileSigningInput extends EnrollInput implements IProfileInput {
+public class FileSigningInput extends EnrollInput implements IProfileInput {
public static final String URL = "file_signing_url";
public static final String TEXT = "file_signing_text";
@@ -59,7 +56,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -67,23 +64,24 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
* Retrieves the localizable name of this policy.
*/
public String getName(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_NAME");
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_NAME");
}
/**
* Retrieves the localizable description of this policy.
*/
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT");
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT");
}
- public String toHexString(byte data[])
- {
+ public String toHexString(byte data[]) {
StringBuffer sb = new StringBuffer();
for (int i = 0; i < data.length; i++) {
int v = data[i] & 0xff;
if (v <= 9) {
- sb.append("0");
+ sb.append("0");
}
sb.append(Integer.toHexString(v));
}
@@ -94,52 +92,50 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
request.setExtData(TEXT, ctx.get(TEXT));
request.setExtData(URL, ctx.get(URL));
request.setExtData(DIGEST_TYPE, "SHA256");
-
+
try {
- // retrieve file and calculate the hash
- URL url = new URL(ctx.get(URL));
- URLConnection c = url.openConnection();
- c.setAllowUserInteraction(false);
- c.setDoInput(true);
- c.setDoOutput(false);
- c.setUseCaches(false);
- c.connect();
- int len = c.getContentLength();
- request.setExtData(SIZE, Integer.toString(len));
- BufferedInputStream is = new BufferedInputStream(c.getInputStream());
- byte data[] = new byte[len];
- is.read(data, 0, len);
- is.close();
+ // retrieve file and calculate the hash
+ URL url = new URL(ctx.get(URL));
+ URLConnection c = url.openConnection();
+ c.setAllowUserInteraction(false);
+ c.setDoInput(true);
+ c.setDoOutput(false);
+ c.setUseCaches(false);
+ c.connect();
+ int len = c.getContentLength();
+ request.setExtData(SIZE, Integer.toString(len));
+ BufferedInputStream is = new BufferedInputStream(c.getInputStream());
+ byte data[] = new byte[len];
+ is.read(data, 0, len);
+ is.close();
- // calculate digest
- MessageDigest digester = MessageDigest.getInstance("SHA256");
- byte digest[] = digester.digest(data);
- request.setExtData(DIGEST, toHexString(digest));
- } catch (Exception e) {
- CMS.debug("FileSigningInput populate failure " + e);
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_FILE_NOT_FOUND"));
+ // calculate digest
+ MessageDigest digester = MessageDigest.getInstance("SHA256");
+ byte digest[] = digester.digest(data);
+ request.setExtData(DIGEST, toHexString(digest));
+ } catch (Exception e) {
+ CMS.debug("FileSigningInput populate failure " + e);
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_FILE_NOT_FOUND"));
}
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(URL)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_URL"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_INPUT_FILE_SIGNING_URL"));
} else if (name.equals(TEXT)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT"));
}
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java
index 5aa85e0e..a000da17 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
@@ -32,14 +31,13 @@ import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
* This class implements a generic input.
* <p>
- *
+ *
* @version $Revision$, $Date$
*/
-public class GenericInput extends EnrollInput implements IProfileInput {
+public class GenericInput extends EnrollInput implements IProfileInput {
public static final String CONFIG_NUM = "gi_num";
public static final String CONFIG_DISPLAY_NAME = "gi_display_name";
@@ -49,12 +47,12 @@ public class GenericInput extends EnrollInput implements IProfileInput {
public static final int DEF_NUM = 5;
public GenericInput() {
- int num = getNum();
- for (int i = 0; i < num; i++) {
- addConfigName(CONFIG_PARAM_NAME + i);
- addConfigName(CONFIG_DISPLAY_NAME + i);
- addConfigName(CONFIG_ENABLE + i);
- }
+ int num = getNum();
+ for (int i = 0; i < num; i++) {
+ addConfigName(CONFIG_PARAM_NAME + i);
+ addConfigName(CONFIG_DISPLAY_NAME + i);
+ addConfigName(CONFIG_ENABLE + i);
+ }
}
protected int getNum() {
@@ -75,7 +73,7 @@ public class GenericInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -83,79 +81,78 @@ public class GenericInput extends EnrollInput implements IProfileInput {
* Retrieves the localizable name of this policy.
*/
public String getName(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_NAME");
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_NAME");
}
/**
* Retrieves the localizable description of this policy.
*/
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_TEXT");
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_INPUT_GENERIC_NAME_TEXT");
}
/**
* Returns selected value names based on the configuration.
*/
public Enumeration getValueNames() {
- Vector v = new Vector();
- int num = getNum();
- for (int i = 0; i < num; i++) {
- String enable = getConfig(CONFIG_ENABLE + i);
- if (enable != null && enable.equals("true")) {
- v.addElement(getConfig(CONFIG_PARAM_NAME + i));
- }
- }
- return v.elements();
+ Vector v = new Vector();
+ int num = getNum();
+ for (int i = 0; i < num; i++) {
+ String enable = getConfig(CONFIG_ENABLE + i);
+ if (enable != null && enable.equals("true")) {
+ v.addElement(getConfig(CONFIG_PARAM_NAME + i));
+ }
+ }
+ return v.elements();
}
/**
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
int num = getNum();
for (int i = 0; i < num; i++) {
- String enable = getConfig(CONFIG_ENABLE + i);
- if (enable != null && enable.equals("true")) {
+ String enable = getConfig(CONFIG_ENABLE + i);
+ if (enable != null && enable.equals("true")) {
String param = getConfig(CONFIG_PARAM_NAME + i);
request.setExtData(param, ctx.get(param));
- }
+ }
}
}
public IDescriptor getConfigDescriptor(Locale locale, String name) {
int num = getNum();
for (int i = 0; i < num; i++) {
- if (name.equals(CONFIG_PARAM_NAME + i)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i);
- } else if (name.equals(CONFIG_DISPLAY_NAME + i)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i);
- } else if (name.equals(CONFIG_ENABLE + i)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "false",
- CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i);
- }
+ if (name.equals(CONFIG_PARAM_NAME + i)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME")
+ + i);
+ } else if (name.equals(CONFIG_DISPLAY_NAME + i)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_GI_DISPLAY_NAME") + i);
+ } else if (name.equals(CONFIG_ENABLE + i)) {
+ return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+ CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i);
+ }
} // for
return null;
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
int num = getNum();
for (int i = 0; i < num; i++) {
- String param = getConfig(CONFIG_PARAM_NAME + i);
- if (param != null && param.equals(name)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- getConfig(CONFIG_DISPLAY_NAME + i));
- }
+ String param = getConfig(CONFIG_PARAM_NAME + i);
+ if (param != null && param.equals(name)) {
+ return new Descriptor(IDescriptor.STRING, null, null,
+ getConfig(CONFIG_DISPLAY_NAME + i));
+ }
}
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java
index 265b958d..01d60475 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Locale;
import com.netscape.certsrv.apps.CMS;
@@ -30,15 +29,13 @@ import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements the image
- * input that collects a picture.
+ * This class implements the image input that collects a picture.
* <p>
- *
+ *
* @version $Revision$, $Date$
*/
-public class ImageInput extends EnrollInput implements IProfileInput {
+public class ImageInput extends EnrollInput implements IProfileInput {
public static final String IMAGE_URL = "image_url";
@@ -50,7 +47,7 @@ public class ImageInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -72,18 +69,16 @@ public class ImageInput extends EnrollInput implements IProfileInput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL));
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(IMAGE_URL)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_IMAGE_URL"));
}
return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
index 00c0ffcf..37093008 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Locale;
import netscape.security.pkcs.PKCS10;
@@ -38,25 +37,21 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the key generation input that
- * populates parameters to the enrollment page for
- * key generation.
+ * This class implements the key generation input that populates parameters to
+ * the enrollment page for key generation.
* <p>
- *
- * This input normally is used with user-based or
- * non certificate request profile.
+ *
+ * This input normally is used with user-based or non certificate request
+ * profile.
* <p>
- *
+ *
* @version $Revision$, $Date$
*/
-public class KeyGenInput extends EnrollInput implements IProfileInput {
+public class KeyGenInput extends EnrollInput implements IProfileInput {
- public static final String VAL_KEYGEN_REQUEST_TYPE =
- EnrollProfile.CTX_CERT_REQUEST_TYPE;
- public static final String VAL_KEYGEN_REQUEST =
- EnrollProfile.CTX_CERT_REQUEST;
+ public static final String VAL_KEYGEN_REQUEST_TYPE = EnrollProfile.CTX_CERT_REQUEST_TYPE;
+ public static final String VAL_KEYGEN_REQUEST = EnrollProfile.CTX_CERT_REQUEST;
public EnrollProfile mEnrollProfile = null;
@@ -69,7 +64,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
mEnrollProfile = (EnrollProfile) profile;
}
@@ -92,94 +87,97 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
- X509CertInfo info =
- request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ X509CertInfo info = request
+ .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
if (keygen_request_type == null) {
- CMS.debug("KeyGenInput: populate - invalid cert request type " +
- "");
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
- ""));
+ CMS.debug("KeyGenInput: populate - invalid cert request type " + "");
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", ""));
}
if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
- PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
+ PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request),
+ keygen_request);
if (pkcs10 == null) {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
}
- mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
- } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
- DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
+ mEnrollProfile
+ .fillPKCS10(getLocale(request), pkcs10, info, request);
+ } else if (keygen_request_type
+ .startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
+ DerInputStream keygen = mEnrollProfile.parseKeyGen(
+ getLocale(request), keygen_request);
if (keygen == null) {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
}
- mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
+ mEnrollProfile
+ .fillKeyGen(getLocale(request), keygen, info, request);
} else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
- CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
+ CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request),
+ keygen_request);
if (msgs == null) {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
}
for (int x = 0; x < msgs.length; x++) {
verifyPOP(getLocale(request), msgs[x]);
}
// This profile only handle the first request in CRMF
- Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+ Integer seqNum = request
+ .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
- mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
+ mEnrollProfile.fillCertReqMsg(getLocale(request),
+ msgs[seqNum.intValue()], info, request);
} else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
- TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), keygen_request);
+ TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request),
+ keygen_request);
if (msgs == null) {
throw new EProfileException(CMS.getUserMessage(
- getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
+ getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
}
// This profile only handle the first request in CRMF
- Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
+ Integer seqNum = request
+ .getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
- if (seqNum == null) {
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
+ if (seqNum == null) {
+ throw new EProfileException(CMS.getUserMessage(
+ getLocale(request), "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
}
- mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
+ mEnrollProfile.fillTaggedRequest(getLocale(request),
+ msgs[seqNum.intValue()], info, request);
} else {
// error
- CMS.debug("DualKeyGenInput: populate - " +
- "invalid cert request type " + keygen_request_type);
- throw new EProfileException(CMS.getUserMessage(
- getLocale(request),
- "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
- keygen_request_type));
+ CMS.debug("DualKeyGenInput: populate - "
+ + "invalid cert request type " + keygen_request_type);
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", keygen_request_type));
}
request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
- return new Descriptor(IDescriptor.KEYGEN_REQUEST_TYPE, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
+ return new Descriptor(IDescriptor.KEYGEN_REQUEST_TYPE, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_INPUT_KEYGEN_REQ_TYPE"));
} else if (name.equals(VAL_KEYGEN_REQUEST)) {
- return new Descriptor(IDescriptor.KEYGEN_REQUEST, null,
- null,
+ return new Descriptor(IDescriptor.KEYGEN_REQUEST, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_KEYGEN_REQ"));
}
return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
index dce75c15..b464cdf8 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Locale;
import com.netscape.certsrv.apps.CMS;
@@ -30,15 +29,13 @@ import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements the serial number input
- * for renewal
+ * This class implements the serial number input for renewal
* <p>
- *
- * @author Christina Fu
+ *
+ * @author Christina Fu
*/
-public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
+public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
public static final String SERIAL_NUM = "serial_num";
@@ -50,7 +47,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -72,19 +69,18 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
//
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(SERIAL_NUM)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
- CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SERIAL_NUM_NAME"));
+ return new Descriptor(IDescriptor.STRING, null, null,
+ CMS.getUserMessage(locale,
+ "CMS_PROFILE_INPUT_SERIAL_NUM_NAME"));
}
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
index 8691b45c..d868fefd 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
@@ -37,11 +36,10 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
* This plugin accepts subject DN from end user.
*/
-public class SubjectDNInput extends EnrollInput implements IProfileInput {
+public class SubjectDNInput extends EnrollInput implements IProfileInput {
public static final String VAL_SUBJECT = "subject";
@@ -52,7 +50,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -60,58 +58,57 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
* Retrieves the localizable name of this policy.
*/
public String getName(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME");
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME");
}
/**
* Retrieves the localizable description of this policy.
*/
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
}
-
public String getConfig(String name) {
- String config = super.getConfig(name);
- if (config == null || config.equals(""))
- return "true";
- return config;
+ String config = super.getConfig(name);
+ if (config == null || config.equals(""))
+ return "true";
+ return config;
}
/**
* Returns selected value names based on the configuration.
*/
public Enumeration getValueNames() {
- Vector v = new Vector();
- v.addElement(VAL_SUBJECT);
- return v.elements();
+ Vector v = new Vector();
+ v.addElement(VAL_SUBJECT);
+ return v.elements();
}
/**
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
- X509CertInfo info =
- request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ throws EProfileException {
+ X509CertInfo info = request
+ .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
String subjectName = "";
subjectName = ctx.get(VAL_SUBJECT);
if (subjectName.equals("")) {
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
}
X500Name name = null;
try {
name = new X500Name(subjectName);
} catch (Exception e) {
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
}
- parseSubjectName(name, info, request);
+ parseSubjectName(name, info, request);
request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
}
@@ -120,26 +117,23 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_SUBJECT)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME"));
}
return null;
}
- protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req)
- throws EProfileException {
+ protected void parseSubjectName(X500Name subj, X509CertInfo info,
+ IRequest req) throws EProfileException {
try {
req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
new CertificateSubjectName(subj));
} catch (Exception e) {
- CMS.debug("SubjectNameInput: parseSubject Name " +
- e.toString());
+ CMS.debug("SubjectNameInput: parseSubject Name " + e.toString());
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
index 15f906f9..5288a9c3 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
@@ -37,20 +36,18 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the subject name input
- * that populates text fields to the enrollment
- * page so that distinguished name parameters
- * can be collected from the user.
+ * This class implements the subject name input that populates text fields to
+ * the enrollment page so that distinguished name parameters can be collected
+ * from the user.
* <p>
- * The collected parameters could be used for
- * fomulating the subject name in the certificate.
+ * The collected parameters could be used for fomulating the subject name in the
+ * certificate.
* <p>
- *
+ *
* @version $Revision$, $Date$
*/
-public class SubjectNameInput extends EnrollInput implements IProfileInput {
+public class SubjectNameInput extends EnrollInput implements IProfileInput {
public static final String CONFIG_UID = "sn_uid";
public static final String CONFIG_EMAIL = "sn_e";
@@ -88,7 +85,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -96,111 +93,112 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
* Retrieves the localizable name of this policy.
*/
public String getName(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME");
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_NAME");
}
/**
* Retrieves the localizable description of this policy.
*/
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
+ return CMS
+ .getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
}
-
public String getConfig(String name) {
- String config = super.getConfig(name);
- if (config == null || config.equals(""))
- return "true";
- return config;
+ String config = super.getConfig(name);
+ if (config == null || config.equals(""))
+ return "true";
+ return config;
}
/**
* Returns selected value names based on the configuration.
*/
public Enumeration getValueNames() {
- Vector v = new Vector();
- String c_uid = getConfig(CONFIG_UID);
- if (c_uid == null || c_uid.equals("")) {
- v.addElement(VAL_UID); // default case
- } else {
- if (c_uid.equals("true")) {
- v.addElement(VAL_UID);
- }
- }
- String c_email = getConfig(CONFIG_EMAIL);
- if (c_email == null || c_email.equals("")) {
- v.addElement(VAL_EMAIL);
- } else {
- if (c_email.equals("true")) {
- v.addElement(VAL_EMAIL);
- }
- }
- String c_cn = getConfig(CONFIG_CN);
- if (c_cn == null || c_cn.equals("")) {
- v.addElement(VAL_CN);
- } else {
- if (c_cn.equals("true")) {
- v.addElement(VAL_CN);
- }
- }
- String c_ou3 = getConfig(CONFIG_OU3);
- if (c_ou3 == null || c_ou3.equals("")) {
- v.addElement(VAL_OU3);
- } else {
- if (c_ou3.equals("true")) {
- v.addElement(VAL_OU3);
- }
- }
- String c_ou2 = getConfig(CONFIG_OU2);
- if (c_ou2 == null || c_ou2.equals("")) {
- v.addElement(VAL_OU2);
- } else {
- if (c_ou2.equals("true")) {
- v.addElement(VAL_OU2);
- }
- }
- String c_ou1 = getConfig(CONFIG_OU1);
- if (c_ou1 == null || c_ou1.equals("")) {
- v.addElement(VAL_OU1);
- } else {
- if (c_ou1.equals("true")) {
- v.addElement(VAL_OU1);
- }
- }
- String c_ou = getConfig(CONFIG_OU);
- if (c_ou == null || c_ou.equals("")) {
- v.addElement(VAL_OU);
- } else {
- if (c_ou.equals("true")) {
- v.addElement(VAL_OU);
- }
- }
- String c_o = getConfig(CONFIG_O);
- if (c_o == null || c_o.equals("")) {
- v.addElement(VAL_O);
- } else {
- if (c_o.equals("true")) {
- v.addElement(VAL_O);
- }
- }
- String c_c = getConfig(CONFIG_C);
- if (c_c == null || c_c.equals("")) {
- v.addElement(VAL_C);
- } else {
- if (c_c.equals("true")) {
- v.addElement(VAL_C);
- }
- }
- return v.elements();
+ Vector v = new Vector();
+ String c_uid = getConfig(CONFIG_UID);
+ if (c_uid == null || c_uid.equals("")) {
+ v.addElement(VAL_UID); // default case
+ } else {
+ if (c_uid.equals("true")) {
+ v.addElement(VAL_UID);
+ }
+ }
+ String c_email = getConfig(CONFIG_EMAIL);
+ if (c_email == null || c_email.equals("")) {
+ v.addElement(VAL_EMAIL);
+ } else {
+ if (c_email.equals("true")) {
+ v.addElement(VAL_EMAIL);
+ }
+ }
+ String c_cn = getConfig(CONFIG_CN);
+ if (c_cn == null || c_cn.equals("")) {
+ v.addElement(VAL_CN);
+ } else {
+ if (c_cn.equals("true")) {
+ v.addElement(VAL_CN);
+ }
+ }
+ String c_ou3 = getConfig(CONFIG_OU3);
+ if (c_ou3 == null || c_ou3.equals("")) {
+ v.addElement(VAL_OU3);
+ } else {
+ if (c_ou3.equals("true")) {
+ v.addElement(VAL_OU3);
+ }
+ }
+ String c_ou2 = getConfig(CONFIG_OU2);
+ if (c_ou2 == null || c_ou2.equals("")) {
+ v.addElement(VAL_OU2);
+ } else {
+ if (c_ou2.equals("true")) {
+ v.addElement(VAL_OU2);
+ }
+ }
+ String c_ou1 = getConfig(CONFIG_OU1);
+ if (c_ou1 == null || c_ou1.equals("")) {
+ v.addElement(VAL_OU1);
+ } else {
+ if (c_ou1.equals("true")) {
+ v.addElement(VAL_OU1);
+ }
+ }
+ String c_ou = getConfig(CONFIG_OU);
+ if (c_ou == null || c_ou.equals("")) {
+ v.addElement(VAL_OU);
+ } else {
+ if (c_ou.equals("true")) {
+ v.addElement(VAL_OU);
+ }
+ }
+ String c_o = getConfig(CONFIG_O);
+ if (c_o == null || c_o.equals("")) {
+ v.addElement(VAL_O);
+ } else {
+ if (c_o.equals("true")) {
+ v.addElement(VAL_O);
+ }
+ }
+ String c_c = getConfig(CONFIG_C);
+ if (c_c == null || c_c.equals("")) {
+ v.addElement(VAL_C);
+ } else {
+ if (c_c.equals("true")) {
+ v.addElement(VAL_C);
+ }
+ }
+ return v.elements();
}
/**
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
- X509CertInfo info =
- request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ throws EProfileException {
+ X509CertInfo info = request
+ .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
String subjectName = "";
String uid = ctx.get(VAL_UID);
@@ -269,59 +267,48 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
subjectName += "C=" + c;
}
if (subjectName.equals("")) {
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
}
X500Name name = null;
try {
name = new X500Name(subjectName);
} catch (Exception e) {
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
}
- parseSubjectName(name, info, request);
+ parseSubjectName(name, info, request);
request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
}
public IDescriptor getConfigDescriptor(Locale locale, String name) {
if (name.equals(CONFIG_UID)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID"));
} else if (name.equals(CONFIG_EMAIL)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID"));
} else if (name.equals(CONFIG_CN)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN"));
} else if (name.equals(CONFIG_OU3)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
} else if (name.equals(CONFIG_OU2)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
} else if (name.equals(CONFIG_OU1)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
} else if (name.equals(CONFIG_OU)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
} else if (name.equals(CONFIG_O)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_SN_O"));
} else if (name.equals(CONFIG_C)) {
- return new Descriptor(IDescriptor.BOOLEAN, null,
- "true",
+ return new Descriptor(IDescriptor.BOOLEAN, null, "true",
CMS.getUserMessage(locale, "CMS_PROFILE_SN_C"));
} else {
return null;
@@ -329,58 +316,47 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_UID)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SN_UID"));
} else if (name.equals(VAL_EMAIL)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SN_EMAIL"));
} else if (name.equals(VAL_CN)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SN_CN"));
} else if (name.equals(VAL_OU3)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 3");
} else if (name.equals(VAL_OU2)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 2");
} else if (name.equals(VAL_OU1)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU") + " 1");
} else if (name.equals(VAL_OU)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SN_OU"));
} else if (name.equals(VAL_O)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SN_O"));
} else if (name.equals(VAL_C)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_SN_C"));
}
return null;
}
- protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req)
- throws EProfileException {
+ protected void parseSubjectName(X500Name subj, X509CertInfo info,
+ IRequest req) throws EProfileException {
try {
req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
new CertificateSubjectName(subj));
} catch (Exception e) {
- CMS.debug("SubjectNameInput: parseSubject Name " +
- e.toString());
+ CMS.debug("SubjectNameInput: parseSubject Name " + e.toString());
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
index 52df2d41..f45a0c38 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Locale;
import com.netscape.certsrv.apps.CMS;
@@ -30,16 +29,14 @@ import com.netscape.certsrv.property.Descriptor;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
- * This class implements the submitter information
- * input that collects certificate requestor's
- * information such as name, email and phone.
+ * This class implements the submitter information input that collects
+ * certificate requestor's information such as name, email and phone.
* <p>
- *
+ *
* @version $Revision$, $Date$
*/
-public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
+public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
public static final String NAME = "requestor_name";
public static final String EMAIL = "requestor_email";
@@ -55,7 +52,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -77,26 +74,22 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
//
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(NAME)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_NAME"));
} else if (name.equals(EMAIL)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_EMAIL"));
} else if (name.equals(PHONE)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale, "CMS_PROFILE_REQUESTOR_PHONE"));
}
return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
index 64988fed..4b46f3c6 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Locale;
import netscape.security.x509.X509CertInfo;
@@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the certificate request input from TPS.
- * This input populates 2 main fields to the enrollment "page":
- * 1/ token cuid, 2/ publickey
+ * This class implements the certificate request input from TPS. This input
+ * populates 2 main fields to the enrollment "page": 1/ token cuid, 2/ publickey
* <p>
*
- * This input usually is used by an enrollment profile for
- * certificate requests coming from TPS.
- *
+ * This input usually is used by an enrollment profile for certificate requests
+ * coming from TPS.
+ *
* @version $Revision$, $Date$
*/
-public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
+public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
public static final String VAL_TOKEN_CUID = "tokencuid";
public static final String VAL_PUBLIC_KEY = "publickey";
@@ -60,7 +57,7 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
mEnrollProfile = (EnrollProfile) profile;
@@ -70,94 +67,86 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
* Retrieves the localizable name of this policy.
*/
public String getName(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME");
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME");
}
/**
* Retrieves the localizable description of this policy.
*/
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT");
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT");
}
- /*
- * Pretty print token cuid
- */
- public String toPrettyPrint(String cuid)
- {
- if (cuid == null)
- return null;
-
- if (cuid.length() != 20)
- return null;
-
- StringBuffer sb = new StringBuffer();
- for (int i=0; i < cuid.length(); i++) {
- if (i == 4 || i == 8 || i == 12 || i == 16) {
- sb.append("-");
- }
- sb.append(cuid.charAt(i));
- }
- return sb.toString();
- }
+ /*
+ * Pretty print token cuid
+ */
+ public String toPrettyPrint(String cuid) {
+ if (cuid == null)
+ return null;
+
+ if (cuid.length() != 20)
+ return null;
+
+ StringBuffer sb = new StringBuffer();
+ for (int i = 0; i < cuid.length(); i++) {
+ if (i == 4 || i == 8 || i == 12 || i == 16) {
+ sb.append("-");
+ }
+ sb.append(cuid.charAt(i));
+ }
+ return sb.toString();
+ }
/**
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
String tcuid = ctx.get(VAL_TOKEN_CUID);
- // pretty print tcuid
- String prettyPrintCuid = toPrettyPrint(tcuid);
- if (prettyPrintCuid == null) {
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_TOKENKEY_NO_TOKENCUID",
- ""));
- }
+ // pretty print tcuid
+ String prettyPrintCuid = toPrettyPrint(tcuid);
+ if (prettyPrintCuid == null) {
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", ""));
+ }
- request.setExtData("pretty_print_tokencuid", prettyPrintCuid);
+ request.setExtData("pretty_print_tokencuid", prettyPrintCuid);
String pk = ctx.get(VAL_PUBLIC_KEY);
- X509CertInfo info =
- request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ X509CertInfo info = request
+ .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
if (tcuid == null) {
- CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " +
- "");
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_TOKENKEY_NO_TOKENCUID",
- ""));
+ CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found "
+ + "");
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", ""));
}
if (pk == null) {
- CMS.debug("nsHKeyCertReqInput: populate - public key not found " +
- "");
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY",
- ""));
+ CMS.debug("nsHKeyCertReqInput: populate - public key not found "
+ + "");
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", ""));
}
- mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request);
+ mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request);
request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_TOKEN_CUID)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale,
- "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID"));
+ "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID"));
} else if (name.equals(VAL_PUBLIC_KEY)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale,
- "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
+ "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
}
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
index 58984c6c..3c80835c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.input;
-
import java.util.Locale;
import netscape.security.x509.X509CertInfo;
@@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the certificate request input from TPS.
- * This input populates 2 main fields to the enrollment "page":
- * 1/ id, 2/ publickey
+ * This class implements the certificate request input from TPS. This input
+ * populates 2 main fields to the enrollment "page": 1/ id, 2/ publickey
* <p>
*
- * This input usually is used by an enrollment profile for
- * certificate requests coming from TPS.
- *
+ * This input usually is used by an enrollment profile for certificate requests
+ * coming from TPS.
+ *
* @version $Revision$, $Date$
*/
-public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
+public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
public static final String VAL_SN = "screenname";
public static final String VAL_PUBLIC_KEY = "publickey";
@@ -60,7 +57,7 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
mEnrollProfile = (EnrollProfile) profile;
@@ -70,62 +67,56 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
* Retrieves the localizable name of this policy.
*/
public String getName(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME");
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_NAME");
}
/**
* Retrieves the localizable description of this policy.
*/
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT");
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT");
}
/**
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
String sn = ctx.get(VAL_SN);
String pk = ctx.get(VAL_PUBLIC_KEY);
- X509CertInfo info =
- request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+ X509CertInfo info = request
+ .getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
if (sn == null) {
- CMS.debug("nsNKeyCertReqInput: populate - id not found " +
- "");
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_TOKENKEY_NO_ID",
- ""));
+ CMS.debug("nsNKeyCertReqInput: populate - id not found " + "");
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_TOKENKEY_NO_ID", ""));
}
if (pk == null) {
- CMS.debug("nsNKeyCertReqInput: populate - public key not found " +
- "");
- throw new EProfileException(
- CMS.getUserMessage(getLocale(request),
- "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY",
- ""));
+ CMS.debug("nsNKeyCertReqInput: populate - public key not found "
+ + "");
+ throw new EProfileException(CMS.getUserMessage(getLocale(request),
+ "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", ""));
}
- mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request);
+ mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request);
request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_SN)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale,
- "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID"));
+ "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID"));
} else if (name.equals(VAL_PUBLIC_KEY)) {
- return new Descriptor(IDescriptor.STRING, null,
- null,
+ return new Descriptor(IDescriptor.STRING, null, null,
CMS.getUserMessage(locale,
- "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
+ "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
}
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
index 999bdc67..66d34c6e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.output;
-
import java.io.ByteArrayOutputStream;
import java.security.cert.X509Certificate;
import java.util.Locale;
@@ -45,14 +44,13 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the output plugin that outputs
- * CMMF response for the issued certificate.
- *
+ * This class implements the output plugin that outputs CMMF response for the
+ * issued certificate.
+ *
* @version $Revision$, $Date$
*/
-public class CMMFOutput extends EnrollOutput implements IProfileOutput {
+public class CMMFOutput extends EnrollOutput implements IProfileOutput {
public static final String VAL_PRETTY_CERT = "pretty_cert";
public static final String VAL_CMMF_RESPONSE = "cmmf_response";
@@ -66,7 +64,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -88,72 +86,66 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_PRETTY_CERT)) {
- return new Descriptor(IDescriptor.PRETTY_PRINT, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_OUTPUT_CERT_PP"));
+ return new Descriptor(IDescriptor.PRETTY_PRINT, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_PP"));
} else if (name.equals(VAL_CMMF_RESPONSE)) {
- return new Descriptor(IDescriptor.PRETTY_PRINT, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_OUTPUT_CMMF_B64"));
+ return new Descriptor(IDescriptor.PRETTY_PRINT, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CMMF_B64"));
}
return null;
}
public String getValue(String name, Locale locale, IRequest request)
- throws EProfileException {
+ throws EProfileException {
if (name.equals(VAL_PRETTY_CERT)) {
- X509CertImpl cert = request.getExtDataInCert(
- EnrollProfile.REQUEST_ISSUED_CERT);
- ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
+ X509CertImpl cert = request
+ .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT);
+ ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
return prettyCert.toString(locale);
} else if (name.equals(VAL_CMMF_RESPONSE)) {
try {
- X509CertImpl cert = request.getExtDataInCert(
- EnrollProfile.REQUEST_ISSUED_CERT);
- if (cert == null)
- return null;
-
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem("ca");
- CertificateChain cachain = ca.getCACertChain();
- X509Certificate[] cacerts = cachain.getChain();
-
- byte[][] caPubs = new byte[cacerts.length][];
-
- for (int j = 0; j < cacerts.length; j++) {
- caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
- }
-
- CertRepContent certRepContent = null;
- certRepContent = new CertRepContent(caPubs);
-
- PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
- CertifiedKeyPair certifiedKP =
- new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded()));
- CertResponse resp =
- new CertResponse(new INTEGER(request.getRequestId().toString()),
- status, certifiedKP);
- certRepContent.addCertResponse(resp);
-
- ByteArrayOutputStream certRepOut = new ByteArrayOutputStream();
- certRepContent.encode(certRepOut);
- byte[] certRepBytes = certRepOut.toByteArray();
-
- return CMS.BtoA(certRepBytes);
+ X509CertImpl cert = request
+ .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT);
+ if (cert == null)
+ return null;
+
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
+ CertificateChain cachain = ca.getCACertChain();
+ X509Certificate[] cacerts = cachain.getChain();
+
+ byte[][] caPubs = new byte[cacerts.length][];
+
+ for (int j = 0; j < cacerts.length; j++) {
+ caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
+ }
+
+ CertRepContent certRepContent = null;
+ certRepContent = new CertRepContent(caPubs);
+
+ PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
+ CertifiedKeyPair certifiedKP = new CertifiedKeyPair(
+ new CertOrEncCert(cert.getEncoded()));
+ CertResponse resp = new CertResponse(new INTEGER(request
+ .getRequestId().toString()), status, certifiedKP);
+ certRepContent.addCertResponse(resp);
+
+ ByteArrayOutputStream certRepOut = new ByteArrayOutputStream();
+ certRepContent.encode(certRepOut);
+ byte[] certRepBytes = certRepOut.toByteArray();
+
+ return CMS.BtoA(certRepBytes);
} catch (Exception e) {
- return null;
+ return null;
}
} else {
return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java
index 7a2631da..ae71532d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.output;
-
import java.util.Locale;
import netscape.security.x509.X509CertImpl;
@@ -34,14 +33,13 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the pretty print certificate output
- * that displays the issued certificate in a pretty print format.
- *
+ * This class implements the pretty print certificate output that displays the
+ * issued certificate in a pretty print format.
+ *
* @version $Revision$, $Date$
*/
-public class CertOutput extends EnrollOutput implements IProfileOutput {
+public class CertOutput extends EnrollOutput implements IProfileOutput {
public static final String VAL_PRETTY_CERT = "pretty_cert";
public static final String VAL_B64_CERT = "b64_cert";
@@ -54,7 +52,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -76,44 +74,39 @@ public class CertOutput extends EnrollOutput implements IProfileOutput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_PRETTY_CERT)) {
- return new Descriptor(IDescriptor.PRETTY_PRINT, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_OUTPUT_CERT_PP"));
+ return new Descriptor(IDescriptor.PRETTY_PRINT, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_PP"));
} else if (name.equals(VAL_B64_CERT)) {
- return new Descriptor(IDescriptor.PRETTY_PRINT, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_OUTPUT_CERT_B64"));
+ return new Descriptor(IDescriptor.PRETTY_PRINT, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_B64"));
}
return null;
}
public String getValue(String name, Locale locale, IRequest request)
- throws EProfileException {
+ throws EProfileException {
if (name.equals(VAL_PRETTY_CERT)) {
- X509CertImpl cert = request.getExtDataInCert(
- EnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl cert = request
+ .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT);
if (cert == null)
return null;
- ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
+ ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
return prettyCert.toString(locale);
} else if (name.equals(VAL_B64_CERT)) {
- X509CertImpl cert = request.getExtDataInCert(
- EnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl cert = request
+ .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT);
if (cert == null)
return null;
- return CMS.getEncodedCert(cert);
+ return CMS.getEncodedCert(cert);
} else {
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
index 3013e881..64c61f43 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.output;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Vector;
@@ -31,22 +30,21 @@ import com.netscape.certsrv.property.EPropertyException;
import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
-
/**
* This class implements the basic enrollment output.
- *
+ *
* @version $Revision$, $Date$
*/
-public abstract class EnrollOutput implements IProfileOutput {
+public abstract class EnrollOutput implements IProfileOutput {
private IConfigStore mConfig = null;
private Vector mValueNames = new Vector();
protected Vector mConfigNames = new Vector();
-
+
/**
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
mConfig = config;
}
@@ -60,28 +58,26 @@ public abstract class EnrollOutput implements IProfileOutput {
/**
* Populates the request with this policy default.
- *
+ *
* @param ctx profile context
* @param request request
* @exception EProfileException failed to populate
*/
public abstract void populate(IProfileContext ctx, IRequest request)
- throws EProfileException;
+ throws EProfileException;
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
- *
+ * Retrieves the descriptor of the given value parameter by name.
+ *
* @param locale user locale
* @param name property name
* @return property descriptor
*/
public abstract IDescriptor getValueDescriptor(Locale locale, String name);
-
/**
* Retrieves the localizable name of this policy.
- *
+ *
* @param locale user locale
* @return output policy name
*/
@@ -89,7 +85,7 @@ public abstract class EnrollOutput implements IProfileOutput {
/**
* Retrieves the localizable description of this policy.
- *
+ *
* @param locale user locale
* @return output policy description
*/
@@ -103,7 +99,7 @@ public abstract class EnrollOutput implements IProfileOutput {
}
public String getValue(String name, Locale locale, IRequest request)
- throws EProfileException {
+ throws EProfileException {
return request.getExtDataInString(name);
}
@@ -111,7 +107,7 @@ public abstract class EnrollOutput implements IProfileOutput {
* Sets the value of the given value parameter by name.
*/
public void setValue(String name, Locale locale, IRequest request,
- String value) throws EPropertyException {
+ String value) throws EPropertyException {
request.setExtData(name, value);
}
@@ -123,8 +119,7 @@ public abstract class EnrollOutput implements IProfileOutput {
return null;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
}
public String getConfig(String name) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
index 65718481..01550c1a 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.output;
-
import java.io.ByteArrayOutputStream;
import java.security.cert.X509Certificate;
import java.util.Locale;
@@ -42,14 +41,13 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the output plugin that outputs
- * PKCS7 for the issued certificate.
- *
+ * This class implements the output plugin that outputs PKCS7 for the issued
+ * certificate.
+ *
* @version $Revision$, $Date$
*/
-public class PKCS7Output extends EnrollOutput implements IProfileOutput {
+public class PKCS7Output extends EnrollOutput implements IProfileOutput {
public static final String VAL_PRETTY_CERT = "pretty_cert";
public static final String VAL_PKCS7 = "pkcs7";
@@ -63,7 +61,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -85,72 +83,65 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput {
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_PRETTY_CERT)) {
- return new Descriptor(IDescriptor.PRETTY_PRINT, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_OUTPUT_CERT_PP"));
+ return new Descriptor(IDescriptor.PRETTY_PRINT, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_PP"));
} else if (name.equals(VAL_PKCS7)) {
- return new Descriptor(IDescriptor.PRETTY_PRINT, null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_OUTPUT_PKCS7_B64"));
+ return new Descriptor(IDescriptor.PRETTY_PRINT, null, null,
+ CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_PKCS7_B64"));
}
return null;
}
public String getValue(String name, Locale locale, IRequest request)
- throws EProfileException {
+ throws EProfileException {
if (name.equals(VAL_PRETTY_CERT)) {
- X509CertImpl cert = request.getExtDataInCert(
- EnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl cert = request
+ .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT);
if (cert == null)
- return null;
- ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
+ return null;
+ ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
return prettyCert.toString(locale);
} else if (name.equals(VAL_PKCS7)) {
try {
- X509CertImpl cert = request.getExtDataInCert(
- EnrollProfile.REQUEST_ISSUED_CERT);
- if (cert == null)
- return null;
-
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem("ca");
- CertificateChain cachain = ca.getCACertChain();
- X509Certificate[] cacerts = cachain.getChain();
-
- X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
- int m = 1, n = 0;
-
- for (; n < cacerts.length; m++, n++) {
- userChain[m] = (X509CertImpl) cacerts[n];
- }
-
- userChain[0] = cert;
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]),
- userChain,
- new SignerInfo[0]);
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
- p7.encodeSignedData(bos);
- byte[] p7Bytes = bos.toByteArray();
- String p7Str = CMS.BtoA(p7Bytes);
-
- return p7Str;
+ X509CertImpl cert = request
+ .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT);
+ if (cert == null)
+ return null;
+
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
+ CertificateChain cachain = ca.getCACertChain();
+ X509Certificate[] cacerts = cachain.getChain();
+
+ X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
+ int m = 1, n = 0;
+
+ for (; n < cacerts.length; m++, n++) {
+ userChain[m] = (X509CertImpl) cacerts[n];
+ }
+
+ userChain[0] = cert;
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
+ new byte[0]), userChain, new SignerInfo[0]);
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+
+ p7.encodeSignedData(bos);
+ byte[] p7Bytes = bos.toByteArray();
+ String p7Str = CMS.BtoA(p7Bytes);
+
+ return p7Str;
} catch (Exception e) {
- return "";
+ return "";
}
} else {
return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
index 90aa40a1..31a1ddba 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.profile.output;
-
import java.util.Locale;
import netscape.security.x509.X509CertImpl;
@@ -33,14 +32,13 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.profile.common.EnrollProfile;
-
/**
- * This class implements the output plugin that outputs
- * DER for the issued certificate for token keys
- *
+ * This class implements the output plugin that outputs DER for the issued
+ * certificate for token keys
+ *
* @version $Revision$, $Date$
*/
-public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
+public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
public static final String VAL_DER = "der";
@@ -52,7 +50,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
* Initializes this default policy.
*/
public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ throws EProfileException {
super.init(profile, config);
}
@@ -60,49 +58,48 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
* Retrieves the localizable name of this policy.
*/
public String getName(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_NAME");
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_NAME");
}
/**
* Retrieves the localizable description of this policy.
*/
public String getText(Locale locale) {
- return CMS.getUserMessage(locale, "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_TEXT");
+ return CMS.getUserMessage(locale,
+ "CMS_PROFILE_OUTPUT_CERT_TOKENKEY_TEXT");
}
/**
* Populates the request with this policy default.
*/
public void populate(IProfileContext ctx, IRequest request)
- throws EProfileException {
+ throws EProfileException {
}
/**
- * Retrieves the descriptor of the given value
- * parameter by name.
+ * Retrieves the descriptor of the given value parameter by name.
*/
public IDescriptor getValueDescriptor(Locale locale, String name) {
if (name.equals(VAL_DER)) {
- return new Descriptor("der_b64", null,
- null,
- CMS.getUserMessage(locale,
- "CMS_PROFILE_OUTPUT_DER_B64"));
+ return new Descriptor("der_b64", null, null, CMS.getUserMessage(
+ locale, "CMS_PROFILE_OUTPUT_DER_B64"));
}
return null;
}
public String getValue(String name, Locale locale, IRequest request)
- throws EProfileException {
+ throws EProfileException {
if (name.equals(VAL_DER)) {
try {
- X509CertImpl cert = request.getExtDataInCert(
- EnrollProfile.REQUEST_ISSUED_CERT);
- if (cert == null)
- return null;
- return CMS.BtoA(cert.getEncoded());
+ X509CertImpl cert = request
+ .getExtDataInCert(EnrollProfile.REQUEST_ISSUED_CERT);
+ if (cert == null)
+ return null;
+ return CMS.BtoA(cert.getEncoded());
} catch (Exception e) {
- return "";
+ return "";
}
} else {
return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
index 69803421..e48b85a3 100644
--- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
+++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
@@ -43,8 +43,8 @@ import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cms.profile.common.EnrollProfile;
/**
- * This updater class will create the new user to the subsystem group and
- * then add the subsystem certificate to the user.
+ * This updater class will create the new user to the subsystem group and then
+ * add the subsystem certificate to the user.
*
* @version $Revision$, $Date$
*/
@@ -57,8 +57,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
private Vector mConfigNames = new Vector();
private Vector mValueNames = new Vector();
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
- "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********";
private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown";
private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;";
@@ -67,8 +66,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
public SubsystemGroupUpdater() {
}
- public void init(IProfile profile, IConfigStore config)
- throws EProfileException {
+ public void init(IProfile profile, IConfigStore config)
+ throws EProfileException {
mConfig = config;
mProfile = profile;
mEnrollProfile = (EnrollProfile) profile;
@@ -82,8 +81,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
return null;
}
- public void setConfig(String name, String value)
- throws EPropertyException {
+ public void setConfig(String name, String value) throws EPropertyException {
if (mConfig.getSubStore("params") == null) {
//
} else {
@@ -108,8 +106,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
return mConfig;
}
- public void update(IRequest req, RequestStatus status)
- throws EProfileException {
+ public void update(IRequest req, RequestStatus status)
+ throws EProfileException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -119,41 +117,45 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
return;
}
- X509CertImpl cert = req.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl cert = req
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
if (cert == null)
return;
IConfigStore mainConfig = CMS.getConfigStore();
-
- int num=0;
+
+ int num = 0;
try {
num = mainConfig.getInteger("subsystem.count", 0);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
String requestor_name = "subsystem";
try {
- requestor_name = req.getExtDataInString("requestor_name");
+ requestor_name = req.getExtDataInString("requestor_name");
} catch (Exception e1) {
- // ignore
+ // ignore
}
// i.e. tps-1.2.3.4-4
String id = requestor_name;
-
+
num++;
mainConfig.putInteger("subsystem.count", num);
-
+
try {
mainConfig.commit(false);
} catch (Exception e) {
}
- String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
- "+Resource;;"+ id +
- "+fullname;;" + id +
- "+state;;1" +
- "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>";
+ String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater"
+ + "+Resource;;"
+ + id
+ + "+fullname;;"
+ + id
+ + "+state;;1"
+ + "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>";
IUser user = null;
CMS.debug("SubsystemGroupUpdater adduser");
@@ -171,11 +173,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
system.addUser(user);
CMS.debug("SubsystemGroupUpdater update: successfully add the user");
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.SUCCESS, auditParams);
audit(auditMessage);
String b64 = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -192,57 +191,49 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
}
b64 = sb.toString();
} catch (Exception ence) {
- CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: " + ence);
+ CMS.debug("SubsystemGroupUpdater update: user cert encoding failed: "
+ + ence);
}
- auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
- "+Resource;;"+ id +
- "+cert;;"+ b64;
+ auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater"
+ + "+Resource;;" + id + "+cert;;" + b64;
system.addUserCert(user);
CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate");
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.SUCCESS, auditParams);
audit(auditMessage);
} catch (LDAPException e) {
CMS.debug("UpdateSubsystemGroup: update " + e.toString());
if (e.getLDAPResultCode() != LDAPException.ENTRY_ALREADY_EXISTS) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams);
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams);
audit(auditMessage);
- throw new EProfileException(e.toString());
+ throw new EProfileException(e.toString());
}
} catch (Exception e) {
CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString());
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams);
audit(auditMessage);
throw new EProfileException(e.toString());
}
IGroup group = null;
String groupName = "Subsystem Group";
- auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" +
- "+Resource;;"+ groupName;
+ auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater"
+ + "+Resource;;" + groupName;
try {
group = system.getGroupFromName(groupName);
-
+
auditParams += "+user;;";
Enumeration members = group.getMemberNames();
while (members.hasMoreElements()) {
auditParams += (String) members.nextElement();
if (members.hasMoreElements()) {
- auditParams +=",";
+ auditParams += ",";
}
}
@@ -252,10 +243,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
system.modifyGroup(group);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams);
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams);
audit(auditMessage);
CMS.debug("UpdateSubsystemGroup: update: successfully added the user to the group.");
@@ -263,12 +252,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
CMS.debug("UpdateSubsystemGroup: update: user already a member of the group");
}
} catch (Exception e) {
- CMS.debug("UpdateSubsystemGroup update: modifyGroup " + e.toString());
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams);
+ CMS.debug("UpdateSubsystemGroup update: modifyGroup "
+ + e.toString());
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams);
audit(auditMessage);
}
}
@@ -286,11 +273,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
private String auditSubjectID() {
@@ -304,8 +288,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String)
- auditContext.get(SessionContext.USER_ID);
+ subjectID = (String) auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
index 9f337cbb..b3305d4d 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
@@ -20,7 +20,6 @@
package com.netscape.cms.publish.mappers;
-
///////////////////////
// import statements //
///////////////////////
@@ -48,24 +47,24 @@ import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.publish.ECompSyntaxErr;
import com.netscape.certsrv.request.IRequest;
-
//////////////////////
// class definition //
//////////////////////
/**
- * avaPattern is a string representing an ldap
- * attribute formulated from the certificate
- * subject name, extension or request attributes.
+ * avaPattern is a string representing an ldap attribute formulated from the
+ * certificate subject name, extension or request attributes.
* <p>
*
- * The syntax is
+ * The syntax is
+ *
* <pre>
* avaPattern := constant-value |
* "$subj" "." attrName [ "." attrNumber ] |
* "$req" "." [ prefix .] attrName [ "." attrNumber ] |
- * "$ext" "." extName [ "." nameType ] [ "." attrNumber ]
+ * "$ext" "." extName [ "." nameType ] [ "." attrNumber ]
* </pre>
+ *
* <pre>
* Example: <i>$ext.SubjectAlternativeName.RFC822Name.1</i>
* cert subjectAltName is rfc822Name: jjames@mcom.com
@@ -76,15 +75,16 @@ import com.netscape.certsrv.request.IRequest;
* The first rfc822name value in the subjAltName extension. <br>
* <p>
* </pre>
- * If a request attribute or subject DN component does not exist,
- * the attribute is skipped.
- *
+ *
+ * If a request attribute or subject DN component does not exist, the attribute
+ * is skipped.
+ *
* @version $Revision$, $Date$
*/
class AVAPattern {
- ////////////////
+ // //////////////
// parameters //
- ////////////////
+ // //////////////
/* the value type of the dn component */
public static final String TYPE_REQ = "$req";
@@ -92,37 +92,31 @@ class AVAPattern {
public static final String TYPE_EXT = "$ext";
public static final String TYPE_CONSTANT = "constant";
- public static final String[] GENERAL_NAME_TYPE = { "ANY",
- "RFC822Name",
- "DNSName",
- "X400Name",
- "DIRECTORYName",
- "EDIName",
- "URIName",
- "IPAddress",
- "OIDName"};
+ public static final String[] GENERAL_NAME_TYPE = { "ANY", "RFC822Name",
+ "DNSName", "X400Name", "DIRECTORYName", "EDIName", "URIName",
+ "IPAddress", "OIDName" };
private static final char[] endChars = new char[] { '+', ',' };
- private static final LdapV3DNStrConverter mLdapDNStrConverter =
- new LdapV3DNStrConverter();
+ private static final LdapV3DNStrConverter mLdapDNStrConverter = new LdapV3DNStrConverter();
- /* the list of request attributes needed by this AVA */
+ /* the list of request attributes needed by this AVA */
protected String[] mReqAttrs = null;
- /* the list of cert attributes needed by this AVA*/
+ /* the list of cert attributes needed by this AVA */
protected String[] mCertAttrs = null;
/* value type */
protected String mType = null;
- /* value - could be name of a request attribute or
- * cert subject attribute or extension name.
+ /*
+ * value - could be name of a request attribute or cert subject attribute or
+ * extension name.
*/
protected String mValue = null;
- /* value type - general name type of an
- * extension attribute if any.
+ /*
+ * value type - general name type of an extension attribute if any.
*/
protected String mGNType = null;
@@ -134,107 +128,108 @@ class AVAPattern {
protected String mTestDN = null;
- /////////////
+ // ///////////
// methods //
- /////////////
+ // ///////////
- public AVAPattern(String component)
- throws ELdapException {
+ public AVAPattern(String component) throws ELdapException {
if (component == null || component.length() == 0) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
}
parse(new PushbackReader(new StringReader(component)));
}
- public AVAPattern(PushbackReader in)
- throws ELdapException {
+ public AVAPattern(PushbackReader in) throws ELdapException {
parse(in);
}
- private void parse(PushbackReader in)
- throws ELdapException {
+ private void parse(PushbackReader in) throws ELdapException {
int c;
// skip spaces
- //System.out.println("============ AVAPattern Begin ===========");
- //System.out.println("skip spaces");
+ // System.out.println("============ AVAPattern Begin ===========");
+ // System.out.println("skip spaces");
try {
- while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c);
+ while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c);
;
}
} catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
}
- if (c == -1) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
+ if (c == -1) {
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
}
if (c == '$') {
- // check for $subj $ext or $req
+ // check for $subj $ext or $req
try {
c = in.read();
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
if (c == -1) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $subj $ext or $req in ava pattern"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $subj $ext or $req in ava pattern"));
}
if (c == 'r') {
try {
- if (in.read() != 'e' ||
- in.read() != 'q' ||
- in.read() != '.') {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $req in ava pattern"));
+ if (in.read() != 'e' || in.read() != 'q'
+ || in.read() != '.') {
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $req in ava pattern"));
}
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
mType = TYPE_REQ;
- //System.out.println("---- mtype $req");
+ // System.out.println("---- mtype $req");
} else if (c == 's') {
try {
- if (in.read() != 'u' ||
- in.read() != 'b' ||
- in.read() != 'j' ||
- in.read() != '.') {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $subj in ava pattern"));
+ if (in.read() != 'u' || in.read() != 'b'
+ || in.read() != 'j' || in.read() != '.') {
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $subj in ava pattern"));
}
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
mType = TYPE_SUBJ;
- //System.out.println("----- mtype $subj");
+ // System.out.println("----- mtype $subj");
} else if (c == 'e') {
try {
- if (in.read() != 'x' ||
- in.read() != 't' ||
- in.read() != '.') {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $ext in ava pattern"));
+ if (in.read() != 'x' || in.read() != 't'
+ || in.read() != '.') {
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $ext in ava pattern"));
}
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
mType = TYPE_EXT;
- //System.out.println("----- mtype $ext");
+ // System.out.println("----- mtype $ext");
} else {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "unknown keyword. expecting $subj $ext or $req."));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "unknown keyword. expecting $subj $ext or $req."));
}
// get request attribute or
@@ -244,26 +239,27 @@ class AVAPattern {
StringBuffer valueBuf = new StringBuffer();
try {
- while ((c = in.read()) != ',' &&
- c != -1 && c != '.' && c != '+') {
- //System.out.println("mValue read "+(char)c);
+ while ((c = in.read()) != ',' && c != -1 && c != '.'
+ && c != '+') {
+ // System.out.println("mValue read "+(char)c);
valueBuf.append((char) c);
}
if (c == '+' || c == ',') { // either ',' or '+'
- in.unread(c); // pushback last , or +
+ in.unread(c); // pushback last , or +
}
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
mValue = valueBuf.toString().trim();
- if (mValue.length() == 0) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "$subj $ext or $req attribute name expected"));
+ if (mValue.length() == 0) {
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "$subj $ext or $req attribute name expected"));
}
- //System.out.println("----- mValue "+mValue);
+ // System.out.println("----- mValue "+mValue);
// get nth dn xxx not nth request attribute .
if (c == '.') {
@@ -271,24 +267,25 @@ class AVAPattern {
try {
while ((c = in.read()) != ',' && c != -1 && c != '.'
- && c != '+') {
- //System.out.println("mElement read "+(char)c);
+ && c != '+') {
+ // System.out.println("mElement read "+(char)c);
attrNumberBuf.append((char) c);
}
- if (c == ',' || c == '+') { // either ',' or '+'
- in.unread(c); // pushback last , or +
+ if (c == ',' || c == '+') { // either ',' or '+'
+ in.unread(c); // pushback last , or +
}
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
String attrNumber = attrNumberBuf.toString().trim();
if (attrNumber.length() == 0) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "nth element $req $ext or $subj expected"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "nth element $req $ext or $subj expected"));
}
try {
@@ -301,9 +298,10 @@ class AVAPattern {
} else if (TYPE_EXT.equals(mType)) {
mGNType = attrNumber;
} else {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "Invalid format in nth element " +
- "$req $ext or $subj"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid format in nth element "
+ + "$req $ext or $subj"));
}
// get nth request attribute .
@@ -311,44 +309,46 @@ class AVAPattern {
StringBuffer attrNumberBuf1 = new StringBuffer();
try {
- while ((c = in.read()) != ',' &&
- c != -1 && c != '+') {
- //System.out.println("mElement read "+
- // (char)c);
+ while ((c = in.read()) != ',' && c != -1
+ && c != '+') {
+ // System.out.println("mElement read "+
+ // (char)c);
attrNumberBuf1.append((char) c);
}
- if (c != -1) { // either ',' or '+'
- in.unread(c); // pushback last , or +
+ if (c != -1) { // either ',' or '+'
+ in.unread(c); // pushback last , or +
}
} catch (IOException ex) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", ex.toString()));
}
- String attrNumber1 =
- attrNumberBuf1.toString().trim();
+ String attrNumber1 = attrNumberBuf1.toString().trim();
if (attrNumber1.length() == 0) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req or $ext expected"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "nth element $req or $ext expected"));
}
- try {
- mElement = Integer.parseInt(attrNumber1) - 1;
+ try {
+ mElement = Integer.parseInt(attrNumber1) - 1;
} catch (NumberFormatException ex) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "Invalid format in nth element " +
- "$req or $ext."));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid format in nth element "
+ + "$req or $ext."));
}
}
}
}
- //System.out.println("----- mElement "+mElement);
+ // System.out.println("----- mElement "+mElement);
} else {
// value is constant. treat as regular ava.
mType = TYPE_CONSTANT;
- // parse ava value.
+ // parse ava value.
StringBuffer valueBuf = new StringBuffer();
valueBuf.append((char) c);
@@ -360,31 +360,26 @@ class AVAPattern {
}
if (c == '+' || c == ',') { // either ',' or '+'
- in.unread(c); // pushback last , or +
+ in.unread(c); // pushback last , or +
}
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
mValue = valueBuf.toString().trim();
- /* try {
- * AVA ava = mLdapDNStrConverter.parseAVA(
- * valueBuf.toString());
- * mValue = ava.toLdapDNString();
- * //System.out.println("----- mValue "+mValue);
- * } catch (IOException e) {
- * throw new ECompSyntaxErr(e.toString());
- * }
+ /*
+ * try { AVA ava = mLdapDNStrConverter.parseAVA(
+ * valueBuf.toString()); mValue = ava.toLdapDNString();
+ * //System.out.println("----- mValue "+mValue); } catch
+ * (IOException e) { throw new ECompSyntaxErr(e.toString()); }
*/
}
}
- public String formAVA(IRequest req,
- X500Name subject,
- CertificateExtensions extensions)
- throws ELdapException {
+ public String formAVA(IRequest req, X500Name subject,
+ CertificateExtensions extensions) throws ELdapException {
if (TYPE_CONSTANT.equals(mType)) {
return mValue;
}
@@ -392,11 +387,11 @@ class AVAPattern {
if (TYPE_SUBJ.equals(mType)) {
String dn = subject.toString();
- if (mTestDN != null) {
+ if (mTestDN != null) {
dn = mTestDN;
}
- //System.out.println("AVAPattern Using dn "+mTestDN);
+ // System.out.println("AVAPattern Using dn "+mTestDN);
String[] rdns = LDAPDN.explodeDN(dn, false);
String value = null;
@@ -409,8 +404,8 @@ class AVAPattern {
for (int j = 0; j < avas.length; j++) {
String[] exploded = explodeAVA(avas[j]);
- if (exploded[0].equalsIgnoreCase(mValue) &&
- ++nFound == mElement) {
+ if (exploded[0].equalsIgnoreCase(mValue)
+ && ++nFound == mElement) {
value = exploded[1];
break;
}
@@ -429,11 +424,9 @@ class AVAPattern {
if (extensions != null) {
for (int i = 0; i < extensions.size(); i++) {
- Extension ext = (Extension)
- extensions.elementAt(i);
+ Extension ext = (Extension) extensions.elementAt(i);
- String extName =
- OIDMap.getName(ext.getExtensionId());
+ String extName = OIDMap.getName(ext.getExtensionId());
int index = extName.lastIndexOf(".");
@@ -445,13 +438,11 @@ class AVAPattern {
// Check the extensions one by one.
// For now, just give subjectAltName
// as an example.
- if (mValue.equalsIgnoreCase(
- SubjectAlternativeNameExtension.NAME)) {
+ if (mValue
+ .equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) {
try {
- GeneralNames subjectNames = (GeneralNames)
- ((SubjectAlternativeNameExtension)
- ext).get(
- SubjectAlternativeNameExtension.SUBJECT_NAME);
+ GeneralNames subjectNames = (GeneralNames) ((SubjectAlternativeNameExtension) ext)
+ .get(SubjectAlternativeNameExtension.SUBJECT_NAME);
if (subjectNames.size() == 0) {
break;
@@ -459,12 +450,11 @@ class AVAPattern {
int j = 0;
- for (Enumeration n =
- subjectNames.elements();
- n.hasMoreElements();) {
+ for (Enumeration n = subjectNames.elements(); n
+ .hasMoreElements();) {
- GeneralName gn = (GeneralName)
- n.nextElement();
+ GeneralName gn = (GeneralName) n
+ .nextElement();
String gname = gn.toString();
@@ -474,14 +464,13 @@ class AVAPattern {
break;
}
- String gType =
- gname.substring(0, index);
+ String gType = gname.substring(0, index);
if (mGNType != null) {
if (mGNType.equalsIgnoreCase(gType)) {
if (mElement == j) {
- gname =
- gname.substring(index + 2);
+ gname = gname
+ .substring(index + 2);
return gname;
} else {
j++;
@@ -489,30 +478,25 @@ class AVAPattern {
}
} else {
if (mElement == j) {
- gname =
- gname.substring(index + 2);
+ gname = gname.substring(index + 2);
return gname;
}
j++;
}
}
- } catch (IOException e) {
- CMS.debug(
- "AVAPattern: Publishing attr not formed " +
- "from extension " +
- "-- no attr : " +
- mValue);
+ } catch (IOException e) {
+ CMS.debug("AVAPattern: Publishing attr not formed "
+ + "from extension "
+ + "-- no attr : "
+ + mValue);
}
}
}
}
}
- CMS.debug(
- "AVAPattern: Publishing:attr not formed " +
- "from extension " +
- "-- no attr : " +
- mValue);
+ CMS.debug("AVAPattern: Publishing:attr not formed "
+ + "from extension " + "-- no attr : " + mValue);
return null;
}
@@ -521,9 +505,8 @@ class AVAPattern {
// mPrefix and mValue are looked up case-insensitive
String reqAttr = req.getExtDataInString(mPrefix, mValue);
if (reqAttr == null) {
- throw new
- ELdapException(
- CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, ""));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_REQUEST", mValue, ""));
}
return reqAttr;
@@ -549,10 +532,9 @@ class AVAPattern {
}
/**
- * Explode RDN into AVAs.
- * Does not handle escaped '+'
- * Java ldap library does not yet support multiple avas per rdn.
- * If RDN is malformed returns empty array.
+ * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does
+ * not yet support multiple avas per rdn. If RDN is malformed returns empty
+ * array.
*/
public static String[] explodeRDN(String rdn) {
int plus = rdn.indexOf('+');
@@ -577,9 +559,8 @@ class AVAPattern {
}
/**
- * Explode AVA into name and value.
- * Does not handle escaped '='
- * If AVA is malformed empty array is returned.
+ * Explode AVA into name and value. Does not handle escaped '=' If AVA is
+ * malformed empty array is returned.
*/
public static String[] explodeAVA(String ava) {
int equals = ava.indexOf('=');
@@ -592,4 +573,3 @@ class AVAPattern {
ava.substring(equals + 1).trim() };
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
index 9f605678..282e5411 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Locale;
@@ -48,20 +47,18 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapMapper;
import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a request to an entry in the LDAP server.
- * Takes a dnPattern to form the baseDN from the request attributes
- * and certificate subject name.Do a base search for the entry
- * in the directory to publish the cert or crl.
- * The restriction of this mapper is that the ldap dn components must
- * be part of certificate subject name or request attributes or constant.
- *
+/**
+ * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the
+ * baseDN from the request attributes and certificate subject name.Do a base
+ * search for the entry in the directory to publish the cert or crl. The
+ * restriction of this mapper is that the ldap dn components must be part of
+ * certificate subject name or request attributes or constant.
+ *
* @version $Revision$, $Date$
*/
public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
- protected static final String PROP_DNPATTERN = "dnPattern";
- protected static final String PROP_CREATECA = "createCAEntry";
+ protected static final String PROP_DNPATTERN = "dnPattern";
+ protected static final String PROP_CREATECA = "createCAEntry";
protected String mDnPattern = null;
protected boolean mCreateCAEntry = true;
@@ -72,28 +69,28 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
/* the subject DN pattern */
protected MapDNPattern mPattern = null;
- /* the list of request attriubutes to retrieve*/
+ /* the list of request attriubutes to retrieve */
protected String[] mReqAttrs = null;
- /* the list of cert attriubutes to retrieve*/
+ /* the list of cert attriubutes to retrieve */
protected String[] mCertAttrs = null;
/* default dn pattern if left blank or not set in the config */
- public static final String DEFAULT_DNPATTERN =
- "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c";
+ public static final String DEFAULT_DNPATTERN = "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c";
- /**
+ /**
* Constructor.
- *
- * @param dnPattern The base DN.
+ *
+ * @param dnPattern The base DN.
*/
public LdapCaSimpleMap(String dnPattern) {
try {
init(dnPattern);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
-
+
}
/**
@@ -104,16 +101,17 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
public String[] getExtendedPluginInfo(Locale locale) {
String params[] = {
- "dnPattern;string;Describes how to form the Ldap Subject name in" +
- " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" +
- " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " +
- "$req means: take the attribute from the request. " +
- "$subj means: take the attribute from the certificate subject name. " +
- "$ext means: take the attribute from the certificate extension",
+ "dnPattern;string;Describes how to form the Ldap Subject name in"
+ + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:"
+ + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. "
+ + "$req means: take the attribute from the request. "
+ + "$subj means: take the attribute from the certificate subject name. "
+ + "$ext means: take the attribute from the certificate extension",
"createCAEntry;boolean;If checked, CA entry will be created automatically",
- IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-casimplemapper",
- IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-mapper-casimplemapper",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Describes how to form the LDAP DN of the entry to publish to" };
return params;
}
@@ -122,11 +120,10 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
return mConfig;
}
- /**
+ /**
* for initializing from config store.
*/
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
mConfig = config;
String dnPattern = mConfig.getString(PROP_DNPATTERN);
@@ -137,51 +134,51 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
/**
* common initialization routine.
*/
- protected void init(String dnPattern)
- throws EBaseException {
- if (mInited)
+ protected void init(String dnPattern) throws EBaseException {
+ if (mInited)
return;
mDnPattern = dnPattern;
- if (mDnPattern == null || mDnPattern.length() == 0)
+ if (mDnPattern == null || mDnPattern.length() == 0)
mDnPattern = DEFAULT_DNPATTERN;
try {
mPattern = new MapDNPattern(mDnPattern);
String[] mReqAttrs = mPattern.getReqAttrs();
String[] mCertAttrs = mPattern.getCertAttrs();
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString()));
- throw new EBaseException("falied to init with pattern " +
- dnPattern + " " + e);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern,
+ e.toString()));
+ throw new EBaseException("falied to init with pattern " + dnPattern
+ + " " + e);
}
mInited = true;
}
/**
- * Maps a X500 subject name to LDAP entry.
- * Uses DN pattern to form a DN for a LDAP base search.
+ * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+ * a LDAP base search.
*
- * @param conn the LDAP connection.
- * @param obj the object to map.
+ * @param conn the LDAP connection.
+ * @param obj the object to map.
* @exception ELdapException if any LDAP exceptions occured.
- */
- public String map(LDAPConnection conn, Object obj)
- throws ELdapException {
+ */
+ public String map(LDAPConnection conn, Object obj) throws ELdapException {
return map(conn, null, obj);
}
/**
- * Maps a X500 subject name to LDAP entry.
- * Uses DN pattern to form a DN for a LDAP base search.
+ * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+ * a LDAP base search.
*
- * @param conn the LDAP connection.
- * @param req the request to map.
- * @param obj the object to map.
+ * @param conn the LDAP connection.
+ * @param req the request to map.
+ * @param obj the object to map.
* @exception ELdapException if any LDAP exceptions occured.
- */
+ */
public String map(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null)
return null;
String dn = null;
@@ -189,13 +186,14 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
try {
dn = formDN(req, obj);
if (dn == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
String s1 = "";
if (req != null)
s1 = req.getRequestId().toString();
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_DN_MATCH", s1));
}
int scope = LDAPv2.SCOPE_BASE;
String filter = "(objectclass=*)";
@@ -204,75 +202,82 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
String[] attrs = new String[] { LDAPv3.NO_ATTRS };
log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:"
- + filter + " scope: base");
+ + filter + " scope: base");
- LDAPSearchResults results =
- conn.search(dn, scope, filter, attrs, false);
+ LDAPSearchResults results = conn.search(dn, scope, filter, attrs,
+ false);
LDAPEntry entry = results.next();
if (results.hasMoreElements()) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn,
- ((req == null) ? "" : req.getRequestId().toString())));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
- ((req == null) ? "" : req.getRequestId().toString())));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? ""
+ : req.getRequestId().toString())));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? ""
+ : req.getRequestId().toString())));
}
if (entry != null)
return entry.getDN();
else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn,
- ((req == null) ? "" : req.getRequestId().toString())));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
- "null entry"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? ""
+ : req.getRequestId().toString())));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", "null entry"));
}
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
- } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) {
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
+ } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT
+ && mCreateCAEntry) {
try {
createCAEntry(conn, dn);
log(ILogger.LL_INFO, "CA Entry " + dn + " Created");
return dn;
} catch (LDAPException e1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e1.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_DN_MAP_EXCEPTION", dn, e1.toString()));
if (e1.getLDAPResultCode() == LDAPException.CONSTRAINT_VIOLATION) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED"));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1"));
}
- throw new
- ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_CREATE_CA_FAILED", dn));
}
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn,
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
}
private void createCAEntry(LDAPConnection conn, String dn)
- throws LDAPException {
+ throws LDAPException {
LDAPAttributeSet attrs = new LDAPAttributeSet();
// OID 2.5.6.16
- String caOc[] = new String[] {"top",
- "person",
- "organizationalPerson",
- "inetOrgPerson"};
-
- String oOc[] = {"top",
- "organization"};
- String oiOc[] = {"top",
- "organizationalunit"};
-
+ String caOc[] = new String[] { "top", "person", "organizationalPerson",
+ "inetOrgPerson" };
+
+ String oOc[] = { "top", "organization" };
+ String oiOc[] = { "top", "organizationalunit" };
+
DN dnobj = new DN(dn);
String attrval[] = dnobj.explodeDN(true);
@@ -286,6 +291,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
/**
* form a dn from component in the request and cert subject name
+ *
* @param req The request
* @param obj The certificate or crl
*/
@@ -296,33 +302,35 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
try {
X509Certificate cert = (X509Certificate) obj;
- subjectDN =
- (X500Name) ((X509Certificate) cert).getSubjectDN();
+ subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN();
- CMS.debug("LdapCaSimpleMap: cert subject dn:" + subjectDN.toString());
- X509CertInfo info = (X509CertInfo)
- ((X509CertImpl) cert).get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ CMS.debug("LdapCaSimpleMap: cert subject dn:"
+ + subjectDN.toString());
+ X509CertInfo info = (X509CertInfo) ((X509CertImpl) cert)
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
- certExt = (CertificateExtensions) info.get(
- CertificateExtensions.NAME);
+ certExt = (CertificateExtensions) info
+ .get(CertificateExtensions.NAME);
} catch (java.security.cert.CertificateParsingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
} catch (java.security.cert.CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
} catch (ClassCastException e) {
try {
X509CRLImpl crl = (X509CRLImpl) obj;
- subjectDN =
- (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+ subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN();
- CMS.debug("LdapCaSimpleMap: crl issuer dn: " +
- subjectDN.toString());
- }catch (ClassCastException ex) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
+ CMS.debug("LdapCaSimpleMap: crl issuer dn: "
+ + subjectDN.toString());
+ } catch (ClassCastException ex) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
((req == null) ? "" : req.getRequestId().toString())));
return null;
}
@@ -332,11 +340,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
return dn;
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
- ((req == null) ? "" : req.getRequestId().toString()), e.toString()));
- throw new EBaseException("falied to form dn for request: " +
- ((req == null) ? "" : req.getRequestId().toString()) + " " + e);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
+ ((req == null) ? "" : req.getRequestId().toString()),
+ e.toString()));
+ throw new EBaseException("falied to form dn for request: "
+ + ((req == null) ? "" : req.getRequestId().toString())
+ + " " + e);
}
}
@@ -362,11 +371,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
try {
if (mDnPattern == null) {
v.addElement(PROP_DNPATTERN + "=");
- }else {
- v.addElement(PROP_DNPATTERN + "=" +
- mConfig.getString(PROP_DNPATTERN));
+ } else {
+ v.addElement(PROP_DNPATTERN + "="
+ + mConfig.getString(PROP_DNPATTERN));
}
- v.addElement(PROP_CREATECA + "=" + mConfig.getBoolean(PROP_CREATECA, true));
+ v.addElement(PROP_CREATECA + "="
+ + mConfig.getBoolean(PROP_CREATECA, true));
} catch (Exception e) {
}
return v;
@@ -374,8 +384,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCaSimpleMapper: " + msg);
+ "LdapCaSimpleMapper: " + msg);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
index b8cc06f7..8b7a1dbe 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -34,22 +33,19 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapMapper;
import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's
- * subject name to form the ldap search dn and filter.
- * Takes a optional root search dn.
- * The DN comps are used to form a LDAP entry to begin a subtree search.
- * The filter comps are used to form a search filter for the subtree.
- * If none of the DN comps matched, baseDN is used for the subtree.
- * If the baseDN is null and none of the DN comps matched, it is an error.
- * If none of the DN comps and filter comps matched, it is an error.
- * If just the filter comps is null, a base search is performed.
- *
+/**
+ * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's
+ * subject name to form the ldap search dn and filter. Takes a optional root
+ * search dn. The DN comps are used to form a LDAP entry to begin a subtree
+ * search. The filter comps are used to form a search filter for the subtree. If
+ * none of the DN comps matched, baseDN is used for the subtree. If the baseDN
+ * is null and none of the DN comps matched, it is an error. If none of the DN
+ * comps and filter comps matched, it is an error. If just the filter comps is
+ * null, a base search is performed.
+ *
* @version $Revision$, $Date$
*/
-public class LdapCertCompsMap
- extends LdapDNCompsMap implements ILdapMapper {
+public class LdapCertCompsMap extends LdapDNCompsMap implements ILdapMapper {
ILogger mLogger = CMS.getLogger();
public LdapCertCompsMap() {
@@ -57,22 +53,22 @@ public class LdapCertCompsMap
// via configuration
}
- /**
+ /**
* Constructor.
- *
- * The DN comps are used to form a LDAP entry to begin a subtree search.
- * The filter comps are used to form a search filter for the subtree.
- * If none of the DN comps matched, baseDN is used for the subtree.
- * If the baseDN is null and none of the DN comps matched, it is an error.
- * If none of the DN comps and filter comps matched, it is an error.
- * If just the filter comps is null, a base search is performed.
*
- * @param baseDN The base DN.
+ * The DN comps are used to form a LDAP entry to begin a subtree search. The
+ * filter comps are used to form a search filter for the subtree. If none of
+ * the DN comps matched, baseDN is used for the subtree. If the baseDN is
+ * null and none of the DN comps matched, it is an error. If none of the DN
+ * comps and filter comps matched, it is an error. If just the filter comps
+ * is null, a base search is performed.
+ *
+ * @param baseDN The base DN.
* @param dnComps Components to form the LDAP base dn for search.
* @param filterComps Components to form the LDAP search filter.
*/
public LdapCertCompsMap(String baseDN, ObjectIdentifier[] dnComps,
- ObjectIdentifier[] filterComps) {
+ ObjectIdentifier[] filterComps) {
init(baseDN, dnComps, filterComps);
}
@@ -99,40 +95,35 @@ public class LdapCertCompsMap
/**
* constructor using non-standard certificate attribute.
*/
- public LdapCertCompsMap(String certAttr, String baseDN,
- ObjectIdentifier[] dnComps,
- ObjectIdentifier[] filterComps) {
+ public LdapCertCompsMap(String certAttr, String baseDN,
+ ObjectIdentifier[] dnComps, ObjectIdentifier[] filterComps) {
super(certAttr, baseDN, dnComps, filterComps);
}
protected void init(String baseDN, ObjectIdentifier[] dnComps,
- ObjectIdentifier[] filterComps) {
+ ObjectIdentifier[] filterComps) {
super.init(baseDN, dnComps, filterComps);
}
/**
- * Maps a certificate to LDAP entry.
- * Uses DN components and filter components to form a DN and
- * filter for a LDAP search.
- * If the formed DN is null the baseDN will be used.
- * If the formed DN is null and baseDN is null an error is thrown.
- * If the filter is null a base search is performed.
- * If both are null an error is thrown.
+ * Maps a certificate to LDAP entry. Uses DN components and filter
+ * components to form a DN and filter for a LDAP search. If the formed DN is
+ * null the baseDN will be used. If the formed DN is null and baseDN is null
+ * an error is thrown. If the filter is null a base search is performed. If
+ * both are null an error is thrown.
*
* @param conn - the LDAP connection.
* @param obj - the X509Certificate.
*/
- public String
- map(LDAPConnection conn, Object obj)
- throws ELdapException {
+ public String map(LDAPConnection conn, Object obj) throws ELdapException {
if (conn == null)
return null;
try {
X509Certificate cert = (X509Certificate) obj;
String result = null;
// form dn and filter for search.
- X500Name subjectDN =
- (X500Name) ((X509Certificate) cert).getSubjectDN();
+ X500Name subjectDN = (X500Name) ((X509Certificate) cert)
+ .getSubjectDN();
CMS.debug("LdapCertCompsMap: " + subjectDN.toString());
@@ -141,15 +132,16 @@ public class LdapCertCompsMap
result = super.map(conn, subjectDN, certbytes);
return result;
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (ClassCastException e) {
try {
X509CRLImpl crl = (X509CRLImpl) obj;
String result = null;
- X500Name issuerDN =
- (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+ X500Name issuerDN = (X500Name) ((X509CRLImpl) crl)
+ .getIssuerDN();
CMS.debug("LdapCertCompsMap: " + issuerDN.toString());
@@ -158,24 +150,27 @@ public class LdapCertCompsMap
result = super.map(conn, issuerDN, crlbytes);
return result;
} catch (CRLException ex) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", ex.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL",
+ ex.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", ex.toString()));
} catch (ClassCastException ex) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
return null;
}
}
}
public String map(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
return map(conn, obj);
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCertCompsMap: " + msg);
+ "LdapCertCompsMap: " + msg);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
index 7ce49748..93fd58ee 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.Vector;
@@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapMapper;
import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a X509 certificate to a LDAP entry by using the subject name
- * of the certificate as the LDAP entry DN.
- *
+/**
+ * Maps a X509 certificate to a LDAP entry by using the subject name of the
+ * certificate as the LDAP entry DN.
+ *
* @version $Revision$, $Date$
*/
public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
@@ -63,8 +61,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
if (mInited == true)
return;
mConfig = config;
@@ -73,11 +70,10 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-mapper-certexactmapper",
- IExtendedPluginInfo.HELP_TEXT +
- ";Literally uses the subject name of the certificate as the DN to publish to"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-mapper-certexactmapper",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Literally uses the subject name of the certificate as the DN to publish to" };
return params;
}
@@ -95,7 +91,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
return v;
}
-
+
public Vector getInstanceParams() {
Vector v = new Vector();
@@ -103,15 +99,13 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
}
/**
- * Finds the entry for the certificate by looking for the cert
- * subject name in the subject name attribute.
+ * Finds the entry for the certificate by looking for the cert subject name
+ * in the subject name attribute.
*
* @param conn - the LDAP connection.
* @param obj - the X509Certificate.
- */
- public String
- map(LDAPConnection conn, Object obj)
- throws ELdapException {
+ */
+ public String map(LDAPConnection conn, Object obj) throws ELdapException {
if (conn == null)
return null;
@@ -120,40 +114,40 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
try {
X509Certificate cert = (X509Certificate) obj;
- subjectDN =
- (X500Name) ((X509Certificate) cert).getSubjectDN();
+ subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN();
- CMS.debug("LdapCertExactMap: cert subject dn:" + subjectDN.toString());
+ CMS.debug("LdapCertExactMap: cert subject dn:"
+ + subjectDN.toString());
} catch (ClassCastException e) {
try {
X509CRLImpl crl = (X509CRLImpl) obj;
- subjectDN =
- (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+ subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN();
- CMS.debug("LdapCertExactMap: crl issuer dn: " +
- subjectDN.toString());
- }catch (ClassCastException ex) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
+ CMS.debug("LdapCertExactMap: crl issuer dn: "
+ + subjectDN.toString());
+ } catch (ClassCastException ex) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
return null;
}
}
try {
boolean hasCert = false;
boolean hasSubjectName = false;
- String[] attrs = new String[] { LDAPv3.NO_ATTRS };
+ String[] attrs = new String[] { LDAPv3.NO_ATTRS };
log(ILogger.LL_INFO, "Searching for " + subjectDN.toString());
- LDAPSearchResults results =
- conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE,
- "(objectclass=*)", attrs, false);
-
+ LDAPSearchResults results = conn.search(subjectDN.toString(),
+ LDAPv2.SCOPE_BASE, "(objectclass=*)", attrs, false);
+
LDAPEntry entry = results.next();
if (results.hasMoreElements()) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "",
+ subjectDN.toString()));
}
if (entry != null) {
log(ILogger.LL_INFO, "entry found");
@@ -165,39 +159,37 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
}
/*
- catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString()));
- throw new ELdapException(
- LdapResources.GET_CERT_SUBJECT_DN_FAILED, e);
- }
- catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
- throw new ELdapException(
- LdapResources.GET_DER_ENCODED_CERT_FAILED, e);
- }
+ * catch (IOException e) { log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw
+ * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); }
+ * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw
+ * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); }
*/
}
public String map(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
return map(conn, obj);
}
private void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCertExactMap: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
+ "LdapCertExactMap: " + msg);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
index 017441df..b4ce10bc 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.Vector;
@@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapMapper;
import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a X509 certificate to a LDAP entry by finding an LDAP entry
- * which has an attribute whose contents are equal to the cert subject name.
- *
+/**
+ * Maps a X509 certificate to a LDAP entry by finding an LDAP entry which has an
+ * attribute whose contents are equal to the cert subject name.
+ *
* @version $Revision$, $Date$
*/
public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
@@ -64,13 +62,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
/**
* constructs a certificate subject name mapper with search base.
- * @param searchBase the dn to start searching for the certificate
- * subject name.
+ *
+ * @param searchBase the dn to start searching for the certificate subject
+ * name.
*/
public LdapCertSubjMap(String searchBase) {
if (searchBase == null)
throw new IllegalArgumentException(
- "a null argument to constructor " + this.getClass().getName());
+ "a null argument to constructor "
+ + this.getClass().getName());
mSearchBase = searchBase;
mInited = true;
}
@@ -82,23 +82,23 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
* @param certSubjNameAttr attribute for certificate subject names.
* @param certAttr attribute to find certificate.
*/
- public LdapCertSubjMap(String searchBase,
- String certSubjNameAttr, String certAttr) {
- if (searchBase == null ||
- certSubjNameAttr == null || certAttr == null)
+ public LdapCertSubjMap(String searchBase, String certSubjNameAttr,
+ String certAttr) {
+ if (searchBase == null || certSubjNameAttr == null || certAttr == null)
throw new IllegalArgumentException(
- "a null argument to constructor " + this.getClass().getName());
+ "a null argument to constructor "
+ + this.getClass().getName());
mCertSubjNameAttr = certSubjNameAttr;
mSearchBase = searchBase;
mInited = true;
}
- public LdapCertSubjMap(String searchBase,
- String certSubjNameAttr, String certAttr, boolean useAllEntries) {
- if (searchBase == null ||
- certSubjNameAttr == null || certAttr == null)
+ public LdapCertSubjMap(String searchBase, String certSubjNameAttr,
+ String certAttr, boolean useAllEntries) {
+ if (searchBase == null || certSubjNameAttr == null || certAttr == null)
throw new IllegalArgumentException(
- "a null argument to constructor " + this.getClass().getName());
+ "a null argument to constructor "
+ + this.getClass().getName());
mCertSubjNameAttr = certSubjNameAttr;
mSearchBase = searchBase;
mUseAllEntries = useAllEntries;
@@ -127,16 +127,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
"certSubjNameAttr;string;Name of Ldap attribute containing cert subject name",
"searchBase;string;Base DN to search from",
"useAllEntries;boolean;Use all entries for publishing",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-mapper-certsubjmapper",
- IExtendedPluginInfo.HELP_TEXT +
- ";This plugin assumes you want to publish to an LDAP entry which has " +
- "an attribute whose contents are equal to the cert subject name"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-mapper-certsubjmapper",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This plugin assumes you want to publish to an LDAP entry which has "
+ + "an attribute whose contents are equal to the cert subject name" };
return params;
}
-
+
public Vector getInstanceParams() {
Vector v = new Vector();
@@ -158,28 +157,25 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
if (mInited == true)
return;
mConfig = config;
mCertSubjNameAttr = config.getString("certSubjNameAttr",
- LDAP_CERTSUBJNAME_ATTR);
+ LDAP_CERTSUBJNAME_ATTR);
mSearchBase = config.getString("searchBase");
mUseAllEntries = config.getBoolean("useAllEntries", false);
mInited = true;
}
/**
- * Finds the entry for the certificate by looking for the cert
- * subject name in the subject name attribute.
+ * Finds the entry for the certificate by looking for the cert subject name
+ * in the subject name attribute.
*
* @param conn - the LDAP connection.
* @param obj - the X509Certificate.
- */
- public String
- map(LDAPConnection conn, Object obj)
- throws ELdapException {
+ */
+ public String map(LDAPConnection conn, Object obj) throws ELdapException {
if (conn == null)
return null;
X500Name subjectDN = null;
@@ -187,41 +183,43 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
try {
X509Certificate cert = (X509Certificate) obj;
- subjectDN =
- (X500Name) ((X509Certificate) cert).getSubjectDN();
+ subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN();
- CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString());
+ CMS.debug("LdapCertSubjMap: cert subject dn:"
+ + subjectDN.toString());
} catch (ClassCastException e) {
try {
X509CRLImpl crl = (X509CRLImpl) obj;
- subjectDN =
- (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+ subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN();
- CMS.debug("LdapCertSubjMap: crl issuer dn: " +
- subjectDN.toString());
- }catch (ClassCastException ex) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
+ CMS.debug("LdapCertSubjMap: crl issuer dn: "
+ + subjectDN.toString());
+ } catch (ClassCastException ex) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
return null;
}
}
try {
boolean hasCert = false;
boolean hasSubjectName = false;
- String[] attrs = new String[] { LDAPv3.NO_ATTRS };
+ String[] attrs = new String[] { LDAPv3.NO_ATTRS };
+
+ log(ILogger.LL_INFO, "search " + mSearchBase + " ("
+ + mCertSubjNameAttr + "=" + subjectDN + ") "
+ + mCertSubjNameAttr);
- log(ILogger.LL_INFO, "search " + mSearchBase +
- " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+ LDAPSearchResults results = conn.search(mSearchBase,
+ LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN
+ + ")", attrs, false);
- LDAPSearchResults results =
- conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
- "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
-
LDAPEntry entry = results.next();
if (results.hasMoreElements()) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "",
+ subjectDN.toString()));
}
if (entry != null) {
log(ILogger.LL_INFO, "entry found");
@@ -233,38 +231,35 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_DN_MAP_EXCEPTION", "LDAPException",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
}
/*
- catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString()));
- throw new ELdapException(
- LdapResources.GET_CERT_SUBJECT_DN_FAILED, e);
- }
- catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
- throw new ELdapException(
- LdapResources.GET_DER_ENCODED_CERT_FAILED, e);
- }
+ * catch (IOException e) { log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw
+ * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); }
+ * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw
+ * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); }
*/
}
public String map(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
return map(conn, obj);
}
- public Vector mapAll(LDAPConnection conn, Object obj)
- throws ELdapException {
+ public Vector mapAll(LDAPConnection conn, Object obj) throws ELdapException {
Vector v = new Vector();
if (conn == null)
@@ -274,28 +269,31 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
try {
X509Certificate cert = (X509Certificate) obj;
subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN();
- CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString());
+ CMS.debug("LdapCertSubjMap: cert subject dn:"
+ + subjectDN.toString());
} catch (ClassCastException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
return v;
}
try {
boolean hasCert = false;
boolean hasSubjectName = false;
- String[] attrs = new String[] { LDAPv3.NO_ATTRS };
+ String[] attrs = new String[] { LDAPv3.NO_ATTRS };
- log(ILogger.LL_INFO, "search " + mSearchBase +
- " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+ log(ILogger.LL_INFO, "search " + mSearchBase + " ("
+ + mCertSubjNameAttr + "=" + subjectDN + ") "
+ + mCertSubjNameAttr);
+
+ LDAPSearchResults results = conn.search(mSearchBase,
+ LDAPv2.SCOPE_SUB, "(" + mCertSubjNameAttr + "=" + subjectDN
+ + ")", attrs, false);
- LDAPSearchResults results =
- conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
- "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
-
while (results.hasMoreElements()) {
LDAPEntry entry = results.next();
String dn = entry.getDN();
v.addElement(dn);
- CMS.debug("LdapCertSubjMap: dn="+dn);
+ CMS.debug("LdapCertSubjMap: dn=" + dn);
}
CMS.debug("LdapCertSubjMap: Number of entries: " + v.size());
} catch (LDAPException e) {
@@ -303,12 +301,16 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_DN_MAP_EXCEPTION", "LDAPException",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
}
@@ -316,13 +318,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
}
public Vector mapAll(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
return mapAll(conn, obj);
}
private void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCertSubjMap: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
+ "LdapCertSubjMap: " + msg);
}
/**
@@ -344,4 +346,3 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
index 40283e98..05d25e5f 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.security.cert.CRLException;
import java.util.Vector;
@@ -32,16 +31,14 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapMapper;
import com.netscape.certsrv.request.IRequest;
-
-/**
- * Default crl mapper.
- * maps the crl to a ldap entry by using components in the issuer name
- * to find the CA's entry.
- *
+/**
+ * Default crl mapper. maps the crl to a ldap entry by using components in the
+ * issuer name to find the CA's entry.
+ *
* @version $Revision$, $Date$
*/
-public class LdapCrlIssuerCompsMap
- extends LdapDNCompsMap implements ILdapMapper {
+public class LdapCrlIssuerCompsMap extends LdapDNCompsMap implements
+ ILdapMapper {
ILogger mLogger = CMS.getLogger();
public LdapCrlIssuerCompsMap() {
@@ -49,31 +46,30 @@ public class LdapCrlIssuerCompsMap
// via configuration
}
- /**
+ /**
* Constructor.
- *
- * The DN comps are used to form a LDAP entry to begin a subtree search.
- * The filter comps are used to form a search filter for the subtree.
- * If none of the DN comps matched, baseDN is used for the subtree.
- * If the baseDN is null and none of the DN comps matched, it is an error.
- * If none of the DN comps and filter comps matched, it is an error.
- * If just the filter comps is null, a base search is performed.
*
- * @param baseDN The base DN.
+ * The DN comps are used to form a LDAP entry to begin a subtree search. The
+ * filter comps are used to form a search filter for the subtree. If none of
+ * the DN comps matched, baseDN is used for the subtree. If the baseDN is
+ * null and none of the DN comps matched, it is an error. If none of the DN
+ * comps and filter comps matched, it is an error. If just the filter comps
+ * is null, a base search is performed.
+ *
+ * @param baseDN The base DN.
* @param dnComps Components to form the LDAP base dn for search.
* @param filterComps Components to form the LDAP search filter.
*/
public LdapCrlIssuerCompsMap(String baseDN, ObjectIdentifier[] dnComps,
- ObjectIdentifier[] filterComps) {
+ ObjectIdentifier[] filterComps) {
init(baseDN, dnComps, filterComps);
}
/**
* constructor using non-standard certificate attribute.
*/
- public LdapCrlIssuerCompsMap(String crlAttr, String baseDN,
- ObjectIdentifier[] dnComps,
- ObjectIdentifier[] filterComps) {
+ public LdapCrlIssuerCompsMap(String crlAttr, String baseDN,
+ ObjectIdentifier[] dnComps, ObjectIdentifier[] filterComps) {
super(crlAttr, baseDN, dnComps, filterComps);
}
@@ -88,7 +84,7 @@ public class LdapCrlIssuerCompsMap
public Vector getDefaultParams() {
Vector v = super.getDefaultParams();
- //v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR);
+ // v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR);
return v;
}
@@ -99,35 +95,30 @@ public class LdapCrlIssuerCompsMap
}
protected void init(String baseDN, ObjectIdentifier[] dnComps,
- ObjectIdentifier[] filterComps) {
- //mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR;
+ ObjectIdentifier[] filterComps) {
+ // mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR;
super.init(baseDN, dnComps, filterComps);
}
/**
- * Maps a crl to LDAP entry.
- * Uses issuer DN components and filter components to form a DN and
- * filter for a LDAP search.
- * If the formed DN is null the baseDN will be used.
- * If the formed DN is null and baseDN is null an error is thrown.
- * If the filter is null a base search is performed.
- * If both are null an error is thrown.
+ * Maps a crl to LDAP entry. Uses issuer DN components and filter components
+ * to form a DN and filter for a LDAP search. If the formed DN is null the
+ * baseDN will be used. If the formed DN is null and baseDN is null an error
+ * is thrown. If the filter is null a base search is performed. If both are
+ * null an error is thrown.
*
* @param conn - the LDAP connection.
* @param obj - the X509Certificate.
* @return the result. LdapCertMapResult is also used for CRL.
- */
- public String
- map(LDAPConnection conn, Object obj)
- throws ELdapException {
+ */
+ public String map(LDAPConnection conn, Object obj) throws ELdapException {
if (conn == null)
return null;
X509CRLImpl crl = (X509CRLImpl) obj;
try {
String result = null;
- X500Name issuerDN =
- (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+ X500Name issuerDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN();
CMS.debug("LdapCrlIssuerCompsMap: " + issuerDN.toString());
@@ -136,14 +127,15 @@ public class LdapCrlIssuerCompsMap
result = super.map(conn, issuerDN, crlbytes);
return result;
} catch (CRLException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString()));
}
}
public String map(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
return map(conn, obj);
}
@@ -152,8 +144,7 @@ public class LdapCrlIssuerCompsMap
*/
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCrlCompsMap: " + msg);
+ "LdapCrlCompsMap: " + msg);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
index 1662283f..36374ddb 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -46,23 +45,20 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPlugin;
-
-/**
- * Maps a Subject name to an entry in the LDAP server.
- * subject name to form the ldap search dn and filter.
- * Takes a optional root search dn.
- * The DN comps are used to form a LDAP entry to begin a subtree search.
- * The filter comps are used to form a search filter for the subtree.
- * If none of the DN comps matched, baseDN is used for the subtree.
- * If the baseDN is null and none of the DN comps matched, it is an error.
- * If none of the DN comps and filter comps matched, it is an error.
- * If just the filter comps is null, a base search is performed.
- *
+/**
+ * Maps a Subject name to an entry in the LDAP server. subject name to form the
+ * ldap search dn and filter. Takes a optional root search dn. The DN comps are
+ * used to form a LDAP entry to begin a subtree search. The filter comps are
+ * used to form a search filter for the subtree. If none of the DN comps
+ * matched, baseDN is used for the subtree. If the baseDN is null and none of
+ * the DN comps matched, it is an error. If none of the DN comps and filter
+ * comps matched, it is an error. If just the filter comps is null, a base
+ * search is performed.
+ *
* @version $Revision$, $Date$
*/
-public class LdapDNCompsMap
- implements ILdapPlugin, IExtendedPluginInfo {
- //protected String mLdapAttr = null;
+public class LdapDNCompsMap implements ILdapPlugin, IExtendedPluginInfo {
+ // protected String mLdapAttr = null;
protected String mBaseDN = null;
protected ObjectIdentifier[] mDnComps = null;
protected ObjectIdentifier[] mFilterComps = null;
@@ -71,24 +67,23 @@ public class LdapDNCompsMap
private boolean mInited = false;
protected IConfigStore mConfig = null;
- /**
+ /**
* Constructor.
- *
- * The DN comps are used to form a LDAP entry to begin a subtree search.
- * The filter comps are used to form a search filter for the subtree.
- * If none of the DN comps matched, baseDN is used for the subtree.
- * If the baseDN is null and none of the DN comps matched, it is an error.
- * If none of the DN comps and filter comps matched, it is an error.
- * If just the filter comps is null, a base search is performed.
*
- * @param baseDN The base DN.
+ * The DN comps are used to form a LDAP entry to begin a subtree search. The
+ * filter comps are used to form a search filter for the subtree. If none of
+ * the DN comps matched, baseDN is used for the subtree. If the baseDN is
+ * null and none of the DN comps matched, it is an error. If none of the DN
+ * comps and filter comps matched, it is an error. If just the filter comps
+ * is null, a base search is performed.
+ *
+ * @param baseDN The base DN.
* @param dnComps Components to form the LDAP base dn for search.
* @param filterComps Components to form the LDAP search filter.
*/
- public LdapDNCompsMap(String ldapAttr, String baseDN,
- ObjectIdentifier[] dnComps,
- ObjectIdentifier[] filterComps) {
- //mLdapAttr = ldapAttr;
+ public LdapDNCompsMap(String ldapAttr, String baseDN,
+ ObjectIdentifier[] dnComps, ObjectIdentifier[] filterComps) {
+ // mLdapAttr = ldapAttr;
init(baseDN, dnComps, filterComps);
}
@@ -102,17 +97,16 @@ public class LdapDNCompsMap
return mConfig;
}
- /**
+ /**
* for initializing from config store.
*/
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
mConfig = config;
String baseDN = mConfig.getString("baseDN");
- ObjectIdentifier[] dnComps =
- getCompsFromString(mConfig.getString("dnComps"));
- ObjectIdentifier[] filterComps =
- getCompsFromString(mConfig.getString("filterComps"));
+ ObjectIdentifier[] dnComps = getCompsFromString(mConfig
+ .getString("dnComps"));
+ ObjectIdentifier[] filterComps = getCompsFromString(mConfig
+ .getString("filterComps"));
init(baseDN, dnComps, filterComps);
}
@@ -130,14 +124,13 @@ public class LdapDNCompsMap
"baseDN;string;Base to search from. E.g ou=Engineering,o=Fedora",
"dnComps;string;Comma-separated list of attributes to put in the DN",
"filterComps;string;Comma-separated list of attributes to form the filter",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-mapper-dncompsmapper",
- IExtendedPluginInfo.HELP_TEXT +
- ";More complex mapper. Used when there is not enough information " +
- "in the cert request to form the complete LDAP DN. Using this " +
- "plugin, you can specify additional LDAP filters to narrow down the " +
- "search"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-mapper-dncompsmapper",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";More complex mapper. Used when there is not enough information "
+ + "in the cert request to form the complete LDAP DN. Using this "
+ + "plugin, you can specify additional LDAP filters to narrow down the "
+ + "search" };
return s;
}
@@ -163,14 +156,12 @@ public class LdapDNCompsMap
if (mDnComps == null) {
v.addElement("dnComps=");
} else {
- v.addElement("dnComps=" +
- mConfig.getString("dnComps"));
+ v.addElement("dnComps=" + mConfig.getString("dnComps"));
}
if (mFilterComps == null) {
v.addElement("filterComps=");
} else {
- v.addElement("filterComps=" +
- mConfig.getString("filterComps"));
+ v.addElement("filterComps=" + mConfig.getString("filterComps"));
}
} catch (Exception e) {
}
@@ -181,8 +172,8 @@ public class LdapDNCompsMap
* common initialization routine.
*/
protected void init(String baseDN, ObjectIdentifier[] dnComps,
- ObjectIdentifier[] filterComps) {
- if (mInited)
+ ObjectIdentifier[] filterComps) {
+ if (mInited)
return;
mBaseDN = baseDN;
@@ -191,36 +182,33 @@ public class LdapDNCompsMap
if (filterComps != null)
mFilterComps = (ObjectIdentifier[]) filterComps.clone();
- // log debug info.
+ // log debug info.
for (int i = 0; i < mDnComps.length; i++) {
- CMS.debug(
- "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i]));
+ CMS.debug("LdapDNCompsMap: dnComp "
+ + X500NameAttrMap.getDefault().getName(mDnComps[i]));
}
for (int i = 0; i < mFilterComps.length; i++) {
- CMS.debug("LdapDNCompsMap: filterComp " +
- X500NameAttrMap.getDefault().getName(mFilterComps[i]));
+ CMS.debug("LdapDNCompsMap: filterComp "
+ + X500NameAttrMap.getDefault().getName(mFilterComps[i]));
}
mInited = true;
}
/**
- * Maps a X500 subject name to LDAP entry.
- * Uses DN components and filter components to form a DN and
- * filter for a LDAP search.
- * If the formed DN is null the baseDN will be used.
- * If the formed DN is null and baseDN is null an error is thrown.
- * If the filter is null a base search is performed.
- * If both are null an error is thrown.
+ * Maps a X500 subject name to LDAP entry. Uses DN components and filter
+ * components to form a DN and filter for a LDAP search. If the formed DN is
+ * null the baseDN will be used. If the formed DN is null and baseDN is null
+ * an error is thrown. If the filter is null a base search is performed. If
+ * both are null an error is thrown.
*
- * @param conn the LDAP connection.
- * @param x500name the dn to map.
- * @param obj the object
+ * @param conn the LDAP connection.
+ * @param x500name the dn to map.
+ * @param obj the object
* @exception ELdapException if any LDAP exceptions occured.
* @return the DN of the entry.
- */
- public String map(LDAPConnection conn, X500Name x500name,
- byte[] obj)
- throws ELdapException {
+ */
+ public String map(LDAPConnection conn, X500Name x500name, byte[] obj)
+ throws ELdapException {
try {
if (conn == null)
return null;
@@ -234,17 +222,17 @@ public class LdapDNCompsMap
if (dn == null) {
// #362332
// if (filter == null) {
- // log(ILogger.LL_FAILURE, "No dn and filter formed");
- // throw new ELdapException(
- // LdapResources.NO_DN_AND_FILTER_COMPS,
- // x500name.toString());
+ // log(ILogger.LL_FAILURE, "No dn and filter formed");
+ // throw new ELdapException(
+ // LdapResources.NO_DN_AND_FILTER_COMPS,
+ // x500name.toString());
// }
if (mBaseDN == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_BASE"));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN",
- x500name.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_NO_BASE"));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_DN_COMPS_AND_BASEDN",
+ x500name.toString()));
}
dn = mBaseDN;
}
@@ -260,53 +248,57 @@ public class LdapDNCompsMap
attrs = new String[] { LDAPv3.NO_ATTRS };
- log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " +
- ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base"));
+ log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " "
+ + ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base"));
- LDAPSearchResults results =
- conn.search(dn, scope, filter, attrs, false);
+ LDAPSearchResults results = conn.search(dn, scope, filter, attrs,
+ false);
LDAPEntry entry = results.next();
if (results.hasMoreElements()) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
- x500name.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_MORE_THAN_ONE_ENTRY", x500name.toString()));
}
if (entry != null) {
return entry.getDN();
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
- "null entry"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", "null entry"));
}
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_DN_MAP_EXCEPTION", "LDAPException",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
}
}
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapDNCompsMap: " + msg);
+ "LdapDNCompsMap: " + msg);
}
/**
* form a dn and filter from component in the cert subject name
+ *
* @param subjName subject name
*/
- public String[] formDNandFilter(X500Name subjName)
- throws ELdapException {
+ public String[] formDNandFilter(X500Name subjName) throws ELdapException {
Vector dnRdns = new Vector();
SearchFilter filter = new SearchFilter();
X500NameAttrMap attrMap = X500NameAttrMap.getDefault();
@@ -327,17 +319,16 @@ public class LdapDNCompsMap
if (oid == EOid) {
DerValue val = ava.getValue();
AVA newAVA = new AVA(mailOid, val);
- RDN newRDN = new RDN(new AVA[] { newAVA }
- );
+ RDN newRDN = new RDN(new AVA[] { newAVA });
- CMS.debug(
- "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " +
- newRDN.toLdapDNString() + " in DN");
+ CMS.debug("LdapDNCompsMap: Converted "
+ + rdn.toLdapDNString() + " to "
+ + newRDN.toLdapDNString() + " in DN");
rdn = newRDN;
}
dnRdns.addElement(rdn);
- CMS.debug(
- "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString());
+ CMS.debug("LdapDNCompsMap: adding dn comp "
+ + rdn.toLdapDNString());
break;
}
}
@@ -347,31 +338,32 @@ public class LdapDNCompsMap
DerValue val = ava.getValue();
AVA newAVA = new AVA(mailOid, val);
- CMS.debug(
- "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " +
- newAVA.toLdapDNString() + " in filter");
+ CMS.debug("LdapDNCompsMap: Converted "
+ + ava.toLdapDNString() + " to "
+ + newAVA.toLdapDNString() + " in filter");
ava = newAVA;
}
filter.addElement(ava.toLdapDNString());
- CMS.debug(
- "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString());
+ CMS.debug("LdapDNCompsMap: adding filter comp "
+ + ava.toLdapDNString());
break;
}
}
- // XXX should be an error when string is null?
+ // XXX should be an error when string is null?
// return to caller to decide.
if (dnRdns.size() != 0) {
dnStr = new X500Name(dnRdns).toLdapDNString();
- }
+ }
if (filter.size() != 0) {
filterStr = filter.toFilterString();
}
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString()));
}
return new String[] { dnStr, filterStr };
@@ -386,8 +378,8 @@ public class LdapDNCompsMap
}
/**
- * class for forming search filters for ldap searching from
- * name=value components. components are anded.
+ * class for forming search filters for ldap searching from name=value
+ * components. components are anded.
*/
public static class SearchFilter extends Vector {
/**
@@ -415,21 +407,22 @@ public class LdapDNCompsMap
}
/**
- * useful routine for parsing components given as string to
- * arrays of objectidentifiers.
- * The string is expected to be comma separated AVA attribute names.
- * For example, "uid,cn,o,ou". Attribute names are case insensitive.
+ * useful routine for parsing components given as string to arrays of
+ * objectidentifiers. The string is expected to be comma separated AVA
+ * attribute names. For example, "uid,cn,o,ou". Attribute names are case
+ * insensitive.
+ *
* @param val the string specifying the comps
* @exception ELdapException if any error occurs.
*/
public static ObjectIdentifier[] getCompsFromString(String val)
- throws ELdapException {
+ throws ELdapException {
StringTokenizer tokens;
ObjectIdentifier[] comps;
String attr;
ObjectIdentifier oid;
- if (val == null || val.length() == 0)
+ if (val == null || val.length() == 0)
return new ObjectIdentifier[0];
tokens = new StringTokenizer(val, ", \t\n\r");
@@ -442,18 +435,17 @@ public class LdapDNCompsMap
while (tokens.hasMoreTokens()) {
attr = tokens.nextToken().trim();
// mail -> E hack to look for E in subject names.
- if (attr.equalsIgnoreCase("mail"))
+ if (attr.equalsIgnoreCase("mail"))
attr = "E";
oid = X500NameAttrMap.getDefault().getOid(attr);
if (oid != null) {
comps[i++] = oid;
} else {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_UNKNOWN_ATTR_IN_DN_FILTER_COMPS", attr));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_UNKNOWN_ATTR_IN_DN_FILTER_COMPS", attr));
}
}
return comps;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
index c3c26951..a19e3c21 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
@@ -20,7 +20,6 @@
package com.netscape.cms.publish.mappers;
-
///////////////////////
// import statements //
///////////////////////
@@ -56,38 +55,29 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapMapper;
import com.netscape.certsrv.request.IRequest;
-
//////////////////////
// class definition //
//////////////////////
-/**
- * Maps a request to an entry in the LDAP server.
- * Takes a dnPattern to form the baseDN from the
- * request attributes and certificate subject name.
- * Does a base search for the entry in the directory
- * to publish the cert or crl. The restriction of
- * this mapper is that the ldap dn components must
- * be part of certificate subject name or request
- * attributes or constant. The difference of this
- * mapper and LdapSimpleMap is that if the ldap
- * entry is not found, it has the option to create
- * the ldap entry given the dn and attributes
- * formulated.
- *
+/**
+ * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the
+ * baseDN from the request attributes and certificate subject name. Does a base
+ * search for the entry in the directory to publish the cert or crl. The
+ * restriction of this mapper is that the ldap dn components must be part of
+ * certificate subject name or request attributes or constant. The difference of
+ * this mapper and LdapSimpleMap is that if the ldap entry is not found, it has
+ * the option to create the ldap entry given the dn and attributes formulated.
+ *
* @version $Revision$, $Date$
*/
-public class LdapEnhancedMap
- implements ILdapMapper, IExtendedPluginInfo {
- ////////////////////////
+public class LdapEnhancedMap implements ILdapMapper, IExtendedPluginInfo {
+ // //////////////////////
// default parameters //
- ////////////////////////
-
-
+ // //////////////////////
- //////////////////////////////////////
+ // ////////////////////////////////////
// local LdapEnhancedMap parameters //
- //////////////////////////////////////
+ // ////////////////////////////////////
private boolean mInited = false;
@@ -102,14 +92,14 @@ public class LdapEnhancedMap
protected String[] mLdapValues = null;
- ////////////////////////////
+ // //////////////////////////
// ILdapMapper parameters //
- ////////////////////////////
+ // //////////////////////////
/* mapper plug-in fields */
- protected static final String PROP_DNPATTERN = "dnPattern";
+ protected static final String PROP_DNPATTERN = "dnPattern";
protected static final String PROP_CREATE = "createEntry";
- // the object class of the entry to be created. xxxx not done yet
+ // the object class of the entry to be created. xxxx not done yet
protected static final String PROP_OBJCLASS = "objectClass";
// req/cert/ext attribute --> directory attribute table
protected static final String PROP_ATTRNUM = "attrNum";
@@ -119,10 +109,10 @@ public class LdapEnhancedMap
/* mapper plug-in fields initialization values */
private static final int DEFAULT_NUM_ATTRS = 1;
- /* Holds mapper plug-in fields accepted by this implementation.
- * This list is passed to the configuration console so configuration
- * for instances of this implementation can be configured through the
- * console.
+ /*
+ * Holds mapper plug-in fields accepted by this implementation. This list is
+ * passed to the configuration console so configuration for instances of
+ * this implementation can be configured through the console.
*/
private static Vector defaultParams = new Vector();
@@ -145,9 +135,8 @@ public class LdapEnhancedMap
/* miscellaneous constants local to this mapper plug-in */
// default dn pattern if left blank or not set in the config
- public static final String DEFAULT_DNPATTERN =
- "UID=$req.HTTP_PARAMS.UID, " +
- "OU=people, O=$subj.o, C=$subj.c";
+ public static final String DEFAULT_DNPATTERN = "UID=$req.HTTP_PARAMS.UID, "
+ + "OU=people, O=$subj.o, C=$subj.c";
private static final int MAX_ATTRS = 10;
protected static final int DEFAULT_ATTRNUM = 1;
@@ -155,21 +144,19 @@ public class LdapEnhancedMap
protected IConfigStore mConfig = null;
protected AVAPattern[] mPatterns = null;
- ////////////////////////////////////
+ // //////////////////////////////////
// IExtendedPluginInfo parameters //
- ////////////////////////////////////
+ // //////////////////////////////////
-
-
- ///////////////////////
+ // /////////////////////
// Logger parameters //
- ///////////////////////
+ // /////////////////////
private ILogger mLogger = CMS.getLogger();
- /////////////////////
+ // ///////////////////
// default methods //
- /////////////////////
+ // ///////////////////
/**
* Default constructor, initialization must follow.
@@ -177,22 +164,20 @@ public class LdapEnhancedMap
public LdapEnhancedMap() {
}
- ///////////////////////////////////
+ // /////////////////////////////////
// local LdapEnhancedMap methods //
- ///////////////////////////////////
+ // /////////////////////////////////
/**
* common initialization routine.
*/
- protected void init(String dnPattern)
- throws EBaseException {
+ protected void init(String dnPattern) throws EBaseException {
if (mInited) {
return;
}
mDnPattern = dnPattern;
- if (mDnPattern == null ||
- mDnPattern.length() == 0) {
+ if (mDnPattern == null || mDnPattern.length() == 0) {
mDnPattern = DEFAULT_DNPATTERN;
}
@@ -202,11 +187,10 @@ public class LdapEnhancedMap
String[] mCertAttrs = mPattern.getCertAttrs();
} catch (ELdapException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
- dnPattern, e.toString()));
- throw new EBaseException(
- "falied to init with pattern " +
- dnPattern + " " + e);
+ CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern,
+ e.toString()));
+ throw new EBaseException("falied to init with pattern " + dnPattern
+ + " " + e);
}
mInited = true;
@@ -214,60 +198,52 @@ public class LdapEnhancedMap
/**
* form a dn from component in the request and cert subject name
+ *
* @param req The request
* @param obj The certificate or crl
*/
- private String formDN(IRequest req, Object obj)
- throws EBaseException {
+ private String formDN(IRequest req, Object obj) throws EBaseException {
CertificateExtensions certExt = null;
X500Name subjectDN = null;
try {
X509Certificate cert = (X509Certificate) obj;
- subjectDN =
- (X500Name) ((X509Certificate) cert).getSubjectDN();
- CMS.debug(
- "LdapEnhancedMap: cert subject dn:" +
- subjectDN.toString());
+ subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN();
+ CMS.debug("LdapEnhancedMap: cert subject dn:"
+ + subjectDN.toString());
+
+ // certExt = (CertificateExtensions)
+ // ((X509CertImpl)cert).get(
+ // X509CertInfo.EXTENSIONS);
+ X509CertInfo info = (X509CertInfo) ((X509CertImpl) cert)
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
- //certExt = (CertificateExtensions)
- // ((X509CertImpl)cert).get(
- // X509CertInfo.EXTENSIONS);
- X509CertInfo info = (X509CertInfo)
- ((X509CertImpl) cert).get(
- X509CertImpl.NAME +
- "." +
- X509CertImpl.INFO);
-
- certExt = (CertificateExtensions)
- info.get(CertificateExtensions.NAME);
+ certExt = (CertificateExtensions) info
+ .get(CertificateExtensions.NAME);
} catch (java.security.cert.CertificateParsingException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+ CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+ CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
} catch (java.security.cert.CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+ CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
} catch (ClassCastException e) {
try {
X509CRLImpl crl = (X509CRLImpl) obj;
- subjectDN = (X500Name)
- ((X509CRLImpl) crl).getIssuerDN();
+ subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN();
- CMS.debug(
- "LdapEnhancedMap: crl issuer dn: " +
+ CMS.debug("LdapEnhancedMap: crl issuer dn: " +
- subjectDN.toString());
+ subjectDN.toString());
} catch (ClassCastException ex) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
- ((req == null) ? ""
- : req.getRequestId().toString())));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
+ ((req == null) ? "" : req.getRequestId().toString())));
return null;
}
}
@@ -277,10 +253,8 @@ public class LdapEnhancedMap
for (int i = 0; i < mNumAttrs; i++) {
if (mPatterns[i] != null) {
- mLdapValues[i] = mPatterns[i].formAVA(
- req,
- subjectDN,
- certExt);
+ mLdapValues[i] = mPatterns[i].formAVA(req, subjectDN,
+ certExt);
}
}
@@ -288,27 +262,22 @@ public class LdapEnhancedMap
return dn;
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
- ((req == null) ? ""
- : req.getRequestId().toString()), e.toString()));
-
- throw new EBaseException(
- "failed to form dn for request: " +
- ((req == null) ? ""
- : req.getRequestId().toString()) +
- " " + e);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
+ ((req == null) ? "" : req.getRequestId().toString()),
+ e.toString()));
+
+ throw new EBaseException("failed to form dn for request: "
+ + ((req == null) ? "" : req.getRequestId().toString())
+ + " " + e);
}
}
private void createEntry(LDAPConnection conn, String dn)
- throws LDAPException {
+ throws LDAPException {
LDAPAttributeSet attrs = new LDAPAttributeSet();
// OID 2.5.6.16
- String caOc[] = { "top",
- "person",
- "organizationalPerson",
+ String caOc[] = { "top", "person", "organizationalPerson",
"inetOrgPerson" };
DN dnobj = new DN(dn);
@@ -319,12 +288,10 @@ public class LdapEnhancedMap
attrs.add(new LDAPAttribute("objectclass", caOc));
for (int i = 0; i < mNumAttrs; i++) {
- if (mLdapNames[i] != null &&
- !mLdapNames[i].trim().equals("") &&
- mLdapValues[i] != null &&
- !mLdapValues[i].trim().equals("")) {
- attrs.add(new LDAPAttribute(mLdapNames[i],
- mLdapValues[i]));
+ if (mLdapNames[i] != null && !mLdapNames[i].trim().equals("")
+ && mLdapValues[i] != null
+ && !mLdapValues[i].trim().equals("")) {
+ attrs.add(new LDAPAttribute(mLdapNames[i], mLdapValues[i]));
}
}
@@ -333,28 +300,23 @@ public class LdapEnhancedMap
conn.add(entry);
}
- /////////////////////////
+ // ///////////////////////
// ILdapMapper methods //
- /////////////////////////
+ // ///////////////////////
- /**
+ /**
* for initializing from config store.
- *
- * implementation for extended
- * ILdapPlugin interface method
+ *
+ * implementation for extended ILdapPlugin interface method
*/
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
mConfig = config;
- mDnPattern = mConfig.getString(PROP_DNPATTERN,
- DEFAULT_DNPATTERN);
+ mDnPattern = mConfig.getString(PROP_DNPATTERN, DEFAULT_DNPATTERN);
- mCreateEntry = mConfig.getBoolean(PROP_CREATE,
- true);
+ mCreateEntry = mConfig.getBoolean(PROP_CREATE, true);
- mNumAttrs = mConfig.getInteger(PROP_ATTRNUM,
- 0);
+ mNumAttrs = mConfig.getInteger(PROP_ATTRNUM, 0);
mLdapNames = new String[mNumAttrs];
@@ -362,18 +324,13 @@ public class LdapEnhancedMap
mPatterns = new AVAPattern[mNumAttrs];
for (int i = 0; i < mNumAttrs; i++) {
- mLdapNames[i] =
- mConfig.getString(PROP_ATTR_NAME +
- Integer.toString(i),
- "");
-
- mLdapPatterns[i] =
- mConfig.getString(PROP_ATTR_PATTERN +
- Integer.toString(i),
- "");
-
- if (mLdapPatterns[i] != null &&
- !mLdapPatterns[i].trim().equals("")) {
+ mLdapNames[i] = mConfig.getString(
+ PROP_ATTR_NAME + Integer.toString(i), "");
+
+ mLdapPatterns[i] = mConfig.getString(
+ PROP_ATTR_PATTERN + Integer.toString(i), "");
+
+ if (mLdapPatterns[i] != null && !mLdapPatterns[i].trim().equals("")) {
mPatterns[i] = new AVAPattern(mLdapPatterns[i]);
}
}
@@ -381,9 +338,8 @@ public class LdapEnhancedMap
init(mDnPattern);
}
- /**
- * implementation for extended
- * ILdapPlugin interface method
+ /**
+ * implementation for extended ILdapPlugin interface method
*/
public IConfigStore getConfigStore() {
return mConfig;
@@ -407,34 +363,28 @@ public class LdapEnhancedMap
try {
if (mDnPattern == null) {
v.addElement(PROP_DNPATTERN + "=");
- }else {
- v.addElement(PROP_DNPATTERN + "=" +
- mConfig.getString(PROP_DNPATTERN));
+ } else {
+ v.addElement(PROP_DNPATTERN + "="
+ + mConfig.getString(PROP_DNPATTERN));
}
- v.addElement(PROP_CREATE + "=" +
- mConfig.getBoolean(PROP_CREATE,
- true));
+ v.addElement(PROP_CREATE + "="
+ + mConfig.getBoolean(PROP_CREATE, true));
- v.addElement(PROP_ATTRNUM + "=" +
- mConfig.getInteger(PROP_ATTRNUM,
- DEFAULT_NUM_ATTRS));
+ v.addElement(PROP_ATTRNUM + "="
+ + mConfig.getInteger(PROP_ATTRNUM, DEFAULT_NUM_ATTRS));
for (int i = 0; i < mNumAttrs; i++) {
if (mLdapNames[i] != null) {
- v.addElement(PROP_ATTR_NAME + i +
- "=" + mLdapNames[i]);
+ v.addElement(PROP_ATTR_NAME + i + "=" + mLdapNames[i]);
} else {
- v.addElement(PROP_ATTR_NAME + i +
- "=");
+ v.addElement(PROP_ATTR_NAME + i + "=");
}
if (mLdapPatterns[i] != null) {
- v.addElement(PROP_ATTR_PATTERN + i +
- "=" + mLdapPatterns[i]);
+ v.addElement(PROP_ATTR_PATTERN + i + "=" + mLdapPatterns[i]);
} else {
- v.addElement(PROP_ATTR_PATTERN + i +
- "=");
+ v.addElement(PROP_ATTR_PATTERN + i + "=");
}
}
} catch (Exception e) {
@@ -444,29 +394,28 @@ public class LdapEnhancedMap
}
/**
- * Maps an X500 subject name to an LDAP entry.
- * Uses DN pattern to form a DN for an LDAP base search.
+ * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN
+ * for an LDAP base search.
*
- * @param conn the LDAP connection.
- * @param obj the object to map.
- * @exception ELdapException if any LDAP exceptions occurred.
- */
- public String map(LDAPConnection conn, Object obj)
- throws ELdapException {
+ * @param conn the LDAP connection.
+ * @param obj the object to map.
+ * @exception ELdapException if any LDAP exceptions occurred.
+ */
+ public String map(LDAPConnection conn, Object obj) throws ELdapException {
return map(conn, null, obj);
}
/**
- * Maps an X500 subject name to an LDAP entry.
- * Uses DN pattern to form a DN for an LDAP base search.
+ * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN
+ * for an LDAP base search.
*
- * @param conn the LDAP connection.
- * @param req the request to map.
- * @param obj the object to map.
- * @exception ELdapException if any LDAP exceptions occurred.
- */
+ * @param conn the LDAP connection.
+ * @param req the request to map.
+ * @param obj the object to map.
+ * @exception ELdapException if any LDAP exceptions occurred.
+ */
public String map(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null) {
return null;
}
@@ -477,14 +426,14 @@ public class LdapEnhancedMap
dn = formDN(req, obj);
if (dn == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
+ CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
String s1 = "";
if (req != null)
s1 = req.getRequestId().toString();
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_DN_MATCH", s1));
}
int scope = LDAPv2.SCOPE_BASE;
@@ -493,155 +442,132 @@ public class LdapEnhancedMap
// search for entry
String[] attrs = new String[] { LDAPv3.NO_ATTRS };
- log(ILogger.LL_INFO,
- "searching for dn: " +
- dn + " filter:" +
- filter + " scope: base");
+ log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:"
+ + filter + " scope: base");
- LDAPSearchResults results = conn.search(dn,
- scope,
- filter,
- attrs,
+ LDAPSearchResults results = conn.search(dn, scope, filter, attrs,
false);
LDAPEntry entry = results.next();
if (results.hasMoreElements()) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY",
- dn +
- ((req == null) ? ""
- : req.getRequestId().toString())));
-
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
- ((req == null) ? ""
- : req.getRequestId().toString())));
+ CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn
+ + ((req == null) ? "" : req.getRequestId()
+ .toString())));
+
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? ""
+ : req.getRequestId().toString())));
}
if (entry != null) {
return entry.getDN();
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND",
- dn +
- ((req == null) ? ""
- : req.getRequestId().toString())));
-
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
- "null entry"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn
+ + ((req == null) ? "" : req.getRequestId()
+ .toString())));
+
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", "null entry"));
}
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
- } else if (e.getLDAPResultCode() ==
- LDAPException.NO_SUCH_OBJECT && mCreateEntry) {
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
+ } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT
+ && mCreateEntry) {
try {
createEntry(conn, dn);
- log(ILogger.LL_INFO,
- "Entry " +
- dn +
- " Created");
+ log(ILogger.LL_INFO, "Entry " + dn + " Created");
return dn;
} catch (LDAPException e1) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
- dn,
- e.toString()));
+ CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn,
+ e.toString()));
- log(ILogger.LL_FAILURE,
- "Entry is not created. " +
- "This may because there are " +
- "entries in the directory " +
- "hierachy not exit.");
+ log(ILogger.LL_FAILURE, "Entry is not created. "
+ + "This may because there are "
+ + "entries in the directory "
+ + "hierachy not exit.");
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_CREATE_ENTRY", dn));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_CREATE_ENTRY", dn));
}
} else {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
- dn,
- e.toString()));
+ CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn,
+ e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
} catch (EBaseException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT",
- e.toString()));
+ CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
}
- /////////////////////////////////
+ // ///////////////////////////////
// IExtendedPluginInfo methods //
- /////////////////////////////////
+ // ///////////////////////////////
public String[] getExtendedPluginInfo(Locale locale) {
Vector v = new Vector();
- v.addElement(PROP_DNPATTERN +
- ";string;Describes how to form the Ldap " +
- "Subject name in the directory. " +
- "Example 1: 'uid=CertMgr, o=Fedora'. " +
- "Example 2: 'uid=$req.HTTP_PARAMS.uid, " +
- "E=$ext.SubjectAlternativeName.RFC822Name, " +
- "ou=$subj.ou'. " +
- "$req means: take the attribute from the " +
- "request. " +
- "$subj means: take the attribute from the " +
- "certificate subject name. " +
- "$ext means: take the attribute from the " +
- "certificate extension");
- v.addElement(PROP_CREATE +
- ";boolean;If checked, An entry will be " +
- "created automatically");
- v.addElement(PROP_ATTRNUM +
- ";string;How many attributes to add.");
- v.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-mapper-enhancedmapper");
- v.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";Describes how to form the LDAP DN of the " +
- "entry to publish to");
+ v.addElement(PROP_DNPATTERN + ";string;Describes how to form the Ldap "
+ + "Subject name in the directory. "
+ + "Example 1: 'uid=CertMgr, o=Fedora'. "
+ + "Example 2: 'uid=$req.HTTP_PARAMS.uid, "
+ + "E=$ext.SubjectAlternativeName.RFC822Name, "
+ + "ou=$subj.ou'. " + "$req means: take the attribute from the "
+ + "request. " + "$subj means: take the attribute from the "
+ + "certificate subject name. "
+ + "$ext means: take the attribute from the "
+ + "certificate extension");
+ v.addElement(PROP_CREATE + ";boolean;If checked, An entry will be "
+ + "created automatically");
+ v.addElement(PROP_ATTRNUM + ";string;How many attributes to add.");
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-mapper-enhancedmapper");
+ v.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";Describes how to form the LDAP DN of the "
+ + "entry to publish to");
for (int i = 0; i < MAX_ATTRS; i++) {
- v.addElement(PROP_ATTR_NAME +
- Integer.toString(i) +
- ";string;" +
- "The name of LDAP attribute " +
- "to be added. e.g. mail");
- v.addElement(PROP_ATTR_PATTERN +
- Integer.toString(i) +
- ";string;" +
- "How to create the LDAP attribute value. " +
- "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " +
- "$subj.E or " +
- "$ext.SubjectAlternativeName.RFC822Name");
+ v.addElement(PROP_ATTR_NAME + Integer.toString(i) + ";string;"
+ + "The name of LDAP attribute " + "to be added. e.g. mail");
+ v.addElement(PROP_ATTR_PATTERN + Integer.toString(i) + ";string;"
+ + "How to create the LDAP attribute value. "
+ + "e.g. $req.HTTP_PARAMS.csrRequestorEmail, "
+ + "$subj.E or " + "$ext.SubjectAlternativeName.RFC822Name");
}
- String params[] =
- com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
+ String params[] = com.netscape.cmsutil.util.Utils
+ .getStringArrayFromVector(v);
return params;
}
- ////////////////////
+ // //////////////////
// Logger methods //
- ////////////////////
+ // //////////////////
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapEnhancedMapper: " + msg);
+ "LdapEnhancedMapper: " + msg);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
index c08ec849..212f7237 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Locale;
@@ -45,19 +44,17 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapMapper;
import com.netscape.certsrv.request.IRequest;
-
-/**
- * Maps a request to an entry in the LDAP server.
- * Takes a dnPattern to form the baseDN from the request attributes
- * and certificate subject name.Do a base search for the entry
- * in the directory to publish the cert or crl.
- * The restriction of this mapper is that the ldap dn components must
- * be part of certificate subject name or request attributes or constant.
- *
+/**
+ * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the
+ * baseDN from the request attributes and certificate subject name.Do a base
+ * search for the entry in the directory to publish the cert or crl. The
+ * restriction of this mapper is that the ldap dn components must be part of
+ * certificate subject name or request attributes or constant.
+ *
* @version $Revision$, $Date$
*/
public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
- protected static final String PROP_DNPATTERN = "dnPattern";
+ protected static final String PROP_DNPATTERN = "dnPattern";
protected String mDnPattern = null;
private ILogger mLogger = CMS.getLogger();
@@ -67,28 +64,28 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
/* the subject DN pattern */
protected MapDNPattern mPattern = null;
- /* the list of request attriubutes to retrieve*/
+ /* the list of request attriubutes to retrieve */
protected String[] mReqAttrs = null;
- /* the list of cert attriubutes to retrieve*/
+ /* the list of cert attriubutes to retrieve */
protected String[] mCertAttrs = null;
/* default dn pattern if left blank or not set in the config */
- public static final String DEFAULT_DNPATTERN =
- "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c";
+ public static final String DEFAULT_DNPATTERN = "UID=$req.HTTP_PARAMS.UID, OU=people, O=$subj.o, C=$subj.c";
- /**
+ /**
* Constructor.
- *
- * @param dnPattern The base DN.
+ *
+ * @param dnPattern The base DN.
*/
public LdapSimpleMap(String dnPattern) {
try {
init(dnPattern);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("OPERATION_ERROR", e.toString()));
}
-
+
}
/**
@@ -99,15 +96,16 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
public String[] getExtendedPluginInfo(Locale locale) {
String params[] = {
- "dnPattern;string;Describes how to form the Ldap Subject name in" +
- " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:" +
- " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " +
- "$req means: take the attribute from the request. " +
- "$subj means: take the attribute from the certificate subject name. " +
- "$ext means: take the attribute from the certificate extension",
- IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper",
- IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to"
- };
+ "dnPattern;string;Describes how to form the Ldap Subject name in"
+ + " the directory. Example 1: 'uid=CertMgr, o=Fedora'. Example 2:"
+ + " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. "
+ + "$req means: take the attribute from the request. "
+ + "$subj means: take the attribute from the certificate subject name. "
+ + "$ext means: take the attribute from the certificate extension",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-mapper-simplemapper",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Describes how to form the LDAP DN of the entry to publish to" };
return params;
}
@@ -116,11 +114,10 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
return mConfig;
}
- /**
+ /**
* for initializing from config store.
*/
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
mConfig = config;
String dnPattern = mConfig.getString(PROP_DNPATTERN);
@@ -130,52 +127,51 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
/**
* common initialization routine.
*/
- protected void init(String dnPattern)
- throws EBaseException {
- if (mInited)
+ protected void init(String dnPattern) throws EBaseException {
+ if (mInited)
return;
mDnPattern = dnPattern;
- if (mDnPattern == null || mDnPattern.length() == 0)
+ if (mDnPattern == null || mDnPattern.length() == 0)
mDnPattern = DEFAULT_DNPATTERN;
try {
mPattern = new MapDNPattern(mDnPattern);
String[] mReqAttrs = mPattern.getReqAttrs();
String[] mCertAttrs = mPattern.getCertAttrs();
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
- dnPattern, e.toString()));
- throw new EBaseException("falied to init with pattern " +
- dnPattern + " " + e);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern,
+ e.toString()));
+ throw new EBaseException("falied to init with pattern " + dnPattern
+ + " " + e);
}
mInited = true;
}
/**
- * Maps a X500 subject name to LDAP entry.
- * Uses DN pattern to form a DN for a LDAP base search.
+ * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+ * a LDAP base search.
*
- * @param conn the LDAP connection.
- * @param obj the object to map.
+ * @param conn the LDAP connection.
+ * @param obj the object to map.
* @exception ELdapException if any LDAP exceptions occured.
- */
- public String map(LDAPConnection conn, Object obj)
- throws ELdapException {
+ */
+ public String map(LDAPConnection conn, Object obj) throws ELdapException {
return map(conn, null, obj);
}
/**
- * Maps a X500 subject name to LDAP entry.
- * Uses DN pattern to form a DN for a LDAP base search.
+ * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+ * a LDAP base search.
*
- * @param conn the LDAP connection.
- * @param req the request to map.
- * @param obj the object to map.
+ * @param conn the LDAP connection.
+ * @param req the request to map.
+ * @param obj the object to map.
* @exception ELdapException if any LDAP exceptions occured.
- */
+ */
public String map(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null)
return null;
String dn = null;
@@ -183,13 +179,14 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
try {
dn = formDN(req, obj);
if (dn == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
String s1 = "";
if (req != null)
s1 = req.getRequestId().toString();
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_NO_DN_MATCH", s1));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_DN_MATCH", s1));
}
int scope = LDAPv2.SCOPE_BASE;
String filter = "(objectclass=*)";
@@ -198,24 +195,28 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
String[] attrs = new String[] { LDAPv3.NO_ATTRS };
log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:"
- + filter + " scope: base");
+ + filter + " scope: base");
- LDAPSearchResults results =
- conn.search(dn, scope, filter, attrs, false);
+ LDAPSearchResults results = conn.search(dn, scope, filter, attrs,
+ false);
LDAPEntry entry = results.next();
if (results.hasMoreElements()) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString())));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
- ((req == null) ? "" : req.getRequestId().toString())));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? ""
+ : req.getRequestId().toString())));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_MORE_THAN_ONE_ENTRY", ((req == null) ? ""
+ : req.getRequestId().toString())));
}
if (entry != null)
return entry.getDN();
else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString())));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
- "null entry"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? ""
+ : req.getRequestId().toString())));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", "null entry"));
}
} catch (ELdapException e) {
throw e;
@@ -224,61 +225,69 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_MATCH_FOUND", e.toString()));
}
}
/**
* form a dn from component in the request and cert subject name
+ *
* @param req The request
* @param obj The certificate or crl
*/
- private String formDN(IRequest req, Object obj) throws
- EBaseException, ELdapException {
+ private String formDN(IRequest req, Object obj) throws EBaseException,
+ ELdapException {
X500Name subjectDN = null;
CertificateExtensions certExt = null;
try {
X509Certificate cert = (X509Certificate) obj;
- subjectDN =
- (X500Name) ((X509Certificate) cert).getSubjectDN();
+ subjectDN = (X500Name) ((X509Certificate) cert).getSubjectDN();
CMS.debug("LdapSimpleMap: cert subject dn:" + subjectDN.toString());
- //certExt = (CertificateExtensions)
- // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS);
- X509CertInfo info = (X509CertInfo)
- ((X509CertImpl) cert).get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
-
- certExt = (CertificateExtensions) info.get(
- CertificateExtensions.NAME);
+ // certExt = (CertificateExtensions)
+ // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS);
+ X509CertInfo info = (X509CertInfo) ((X509CertImpl) cert)
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+
+ certExt = (CertificateExtensions) info
+ .get(CertificateExtensions.NAME);
} catch (java.security.cert.CertificateParsingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
} catch (java.security.cert.CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
} catch (ClassCastException e) {
try {
X509CRLImpl crl = (X509CRLImpl) obj;
- subjectDN =
- (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+ subjectDN = (X500Name) ((X509CRLImpl) crl).getIssuerDN();
- CMS.debug("LdapSimpleMap: crl issuer dn: " +
- subjectDN.toString());
- }catch (ClassCastException ex) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
+ CMS.debug("LdapSimpleMap: crl issuer dn: "
+ + subjectDN.toString());
+ } catch (ClassCastException ex) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
((req == null) ? "" : req.getRequestId().toString())));
return null;
}
@@ -289,7 +298,8 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
return dn;
} catch (ELdapException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
- ((req == null) ? "" : req.getRequestId().toString()), e.toString()));
+ ((req == null) ? "" : req.getRequestId().toString()),
+ e.toString()));
throw e;
}
}
@@ -315,9 +325,9 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
try {
if (mDnPattern == null) {
v.addElement(PROP_DNPATTERN + "=");
- }else {
- v.addElement(PROP_DNPATTERN + "=" +
- mConfig.getString(PROP_DNPATTERN));
+ } else {
+ v.addElement(PROP_DNPATTERN + "="
+ + mConfig.getString(PROP_DNPATTERN));
}
} catch (Exception e) {
}
@@ -326,8 +336,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapSimpleMapper: " + msg);
+ "LdapSimpleMapper: " + msg);
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
index 26503040..41cc5308 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.io.IOException;
import java.io.PushbackReader;
import java.io.StringReader;
@@ -41,26 +40,28 @@ import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.publish.ECompSyntaxErr;
import com.netscape.certsrv.request.IRequest;
-
/**
- * class for parsing a DN pattern used to construct a ldap dn from
- * request attributes and cert subject name.<p>
+ * class for parsing a DN pattern used to construct a ldap dn from request
+ * attributes and cert subject name.
+ * <p>
+ *
+ * dnpattern is a string representing a ldap dn pattern to formulate from the
+ * certificate subject name attributes and request attributes . If empty or not
+ * set, the certificate subject name will be used as the ldap dn.
+ * <p>
*
- * dnpattern is a string representing a ldap dn pattern to formulate from
- * the certificate subject name attributes and request attributes .
- * If empty or not set, the certificate subject name
- * will be used as the ldap dn. <p>
+ * The syntax is
*
- * The syntax is
* <pre>
- * dnPattern := rdnPattern *[ "," rdnPattern ]
- * rdnPattern := avaPattern *[ "+" avaPattern ]
+ * dnPattern := rdnPattern *[ "," rdnPattern ]
+ * rdnPattern := avaPattern *[ "+" avaPattern ]
* avaPattern := name "=" value |
- * name "=" "$subj" "." attrName [ "." attrNumber ] |
- * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ]
- * name "=" "$req" "." attrName [ "." attrNumber ] |
- * "$rdn" "." number
+ * name "=" "$subj" "." attrName [ "." attrNumber ] |
+ * name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ]
+ * name "=" "$req" "." attrName [ "." attrNumber ] |
+ * "$rdn" "." number
* </pre>
+ *
* <pre>
* Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
* cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com
@@ -71,7 +72,7 @@ import com.netscape.certsrv.request.IRequest;
* <p>
* note: Subordinate ca enrollment will use ca mapper. Use predicate
* to distinguish the ca itself and the subordinates.
- *
+ *
* Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, OU=people, , O=mcom.com</i>
* cert subject name: dn: UID=jjames, OU=IS, OU=people, , O=mcom.com
* request attributes: uid: cmanager
@@ -96,10 +97,10 @@ import com.netscape.certsrv.request.IRequest;
* O = the string mcom.com. <br>
* <p>
* </pre>
- * If an request attribute or subject DN component does not exist,
- * the attribute is skipped. There is potential risk that a wrong dn
- * will be mapped into.
- *
+ *
+ * If an request attribute or subject DN component does not exist, the attribute
+ * is skipped. There is potential risk that a wrong dn will be mapped into.
+ *
* @version $Revision$, $Date$
*/
class MapAVAPattern {
@@ -111,34 +112,29 @@ class MapAVAPattern {
public static final String TYPE_RDN = "$rdn";
public static final String TYPE_CONSTANT = "constant";
- public static final String[] GENERAL_NAME_TYPE = { "ANY",
- "RFC822Name",
- "DNSName",
- "X400Name",
- "DIRECTORYName",
- "EDIName",
- "URIName",
- "IPAddress",
- "OIDName"};
+ public static final String[] GENERAL_NAME_TYPE = { "ANY", "RFC822Name",
+ "DNSName", "X400Name", "DIRECTORYName", "EDIName", "URIName",
+ "IPAddress", "OIDName" };
private static final char[] endChars = new char[] { '+', ',' };
- private static final LdapV3DNStrConverter mLdapDNStrConverter =
- new LdapV3DNStrConverter();
+ private static final LdapV3DNStrConverter mLdapDNStrConverter = new LdapV3DNStrConverter();
- /* the list of request attributes needed by this AVA */
+ /* the list of request attributes needed by this AVA */
protected String[] mReqAttrs = null;
- /* the list of cert attributes needed by this AVA*/
+ /* the list of cert attributes needed by this AVA */
protected String[] mCertAttrs = null;
/* value type */
protected String mType = null;
/* the attribute in the AVA pair */
- protected String mAttr = null;
+ protected String mAttr = null;
- /* value - could be name of a request attribute or
- * cert subject dn attribute. */
+ /*
+ * value - could be name of a request attribute or cert subject dn
+ * attribute.
+ */
protected String mValue = null;
/* value type - general name type of an extension attribute if any. */
@@ -152,192 +148,202 @@ class MapAVAPattern {
protected String mTestDN = null;
- public MapAVAPattern(String component)
- throws ELdapException {
- if (component == null || component.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
+ public MapAVAPattern(String component) throws ELdapException {
+ if (component == null || component.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
parse(new PushbackReader(new StringReader(component)));
}
- public MapAVAPattern(PushbackReader in)
- throws ELdapException {
+ public MapAVAPattern(PushbackReader in) throws ELdapException {
parse(in);
}
- private void parse(PushbackReader in)
- throws ELdapException {
+ private void parse(PushbackReader in) throws ELdapException {
int c;
// mark ava beginning.
// skip spaces
- //System.out.println("============ AVAPattern Begin ===========");
- //System.out.println("skip spaces");
+ // System.out.println("============ AVAPattern Begin ===========");
+ // System.out.println("skip spaces");
try {
- while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c);
+ while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c);
;
}
} catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
}
- if (c == -1)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
+ if (c == -1)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
- // $rdn "." number syntax.
+ // $rdn "." number syntax.
if (c == '$') {
- //System.out.println("$rdn syntax");
+ // System.out.println("$rdn syntax");
mType = TYPE_RDN;
try {
- if (in.read() != 'r' ||
- in.read() != 'd' ||
- in.read() != 'n' ||
- in.read() != '.')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
+ if (in.read() != 'r' || in.read() != 'd' || in.read() != 'n'
+ || in.read() != '.')
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid $ syntax, expecting $rdn"));
} catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid $ syntax, expecting $rdn"));
}
StringBuffer rdnNumberBuf = new StringBuffer();
try {
while ((c = in.read()) != ',' && c != -1 && c != '+') {
- //System.out.println("rdnNumber read "+(char)c);
+ // System.out.println("rdnNumber read "+(char)c);
rdnNumberBuf.append((char) c);
}
if (c != -1) // either ',' or '+'
in.unread(c);
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
String rdnNumber = rdnNumberBuf.toString().trim();
- if (rdnNumber.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern"));
+ if (rdnNumber.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "$rdn number not set in ava pattern"));
try {
mElement = Integer.parseInt(rdnNumber) - 1;
} catch (NumberFormatException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $rdn number in ava pattern"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid $rdn number in ava pattern"));
}
return;
}
- // name "=" ... syntax.
+ // name "=" ... syntax.
- // read name
- //System.out.println("reading name");
+ // read name
+ // System.out.println("reading name");
- StringBuffer attrBuf = new StringBuffer();
+ StringBuffer attrBuf = new StringBuffer();
try {
while (c != '=' && c != -1 && c != ',' && c != '+') {
attrBuf.append((char) c);
c = in.read();
- //System.out.println("name read "+(char)c);
- }
- if (c == ',' || c == '+')
+ // System.out.println("name read "+(char)c);
+ }
+ if (c == ',' || c == '+')
in.unread(c);
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
if (c != '=')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern"));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Missing \"=\" in ava pattern"));
- // read value
- //System.out.println("reading value");
+ // read value
+ // System.out.println("reading value");
- // skip spaces
- //System.out.println("skip spaces for value");
+ // skip spaces
+ // System.out.println("skip spaces for value");
try {
- while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c);
+ while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces2 read "+(char)c);
;
}
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
- if (c == -1)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern"));
+ if (c == -1)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "no value after = in ava pattern"));
if (c == '$') {
- // check for $subj $ext or $req
+ // check for $subj $ext or $req
try {
c = in.read();
- //System.out.println("check $dn or $attr read "+(char)c);
+ // System.out.println("check $dn or $attr read "+(char)c);
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
- if (c == -1)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $subj or $req in ava pattern"));
+ if (c == -1)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $subj or $req in ava pattern"));
if (c == 'r') {
try {
- if (in.read() != 'e' ||
- in.read() != 'q' ||
- in.read() != '.')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $req in ava pattern"));
+ if (in.read() != 'e' || in.read() != 'q'
+ || in.read() != '.')
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $req in ava pattern"));
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
mType = TYPE_REQ;
- //System.out.println("---- mtype $req");
+ // System.out.println("---- mtype $req");
} else if (c == 's') {
try {
- if (in.read() != 'u' ||
- in.read() != 'b' ||
- in.read() != 'j' ||
- in.read() != '.')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $subj in ava pattern"));
+ if (in.read() != 'u' || in.read() != 'b'
+ || in.read() != 'j' || in.read() != '.')
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $subj in ava pattern"));
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
mType = TYPE_SUBJ;
- //System.out.println("----- mtype $subj");
+ // System.out.println("----- mtype $subj");
} else if (c == 'e') {
try {
- if (in.read() != 'x' ||
- in.read() != 't' ||
- in.read() != '.')
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "expecting $ext in ava pattern"));
+ if (in.read() != 'x' || in.read() != 't'
+ || in.read() != '.')
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "expecting $ext in ava pattern"));
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
mType = TYPE_EXT;
- //System.out.println("----- mtype $ext");
+ // System.out.println("----- mtype $ext");
} else {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "unknown keyword. expecting $subj $ext or $req."));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "unknown keyword. expecting $subj $ext or $req."));
}
- // get request attr name of subject dn pattern from above.
+ // get request attr name of subject dn pattern from above.
String attrName = attrBuf.toString().trim();
- //System.out.println("----- attrName "+attrName);
- if (attrName.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected"));
- mAttr = attrName;
+ // System.out.println("----- attrName "+attrName);
+ if (attrName.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "attribute name expected"));
+ mAttr = attrName;
/*
- try {
- ObjectIdentifier attrOid =
- mLdapDNStrConverter.parseAVAKeyword(attrName);
- mAttr = mLdapDNStrConverter.encodeOID(attrOid);
- //System.out.println("----- mAttr "+mAttr);
- }
- catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString()));
- }
+ * try { ObjectIdentifier attrOid =
+ * mLdapDNStrConverter.parseAVAKeyword(attrName); mAttr =
+ * mLdapDNStrConverter.encodeOID(attrOid);
+ * //System.out.println("----- mAttr "+mAttr); } catch (IOException
+ * e) { throw new ECompSyntaxErr(CMS.getUserMessage(
+ * "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); }
*/
// get request attribute or cert subject dn attribute
@@ -345,45 +351,47 @@ class MapAVAPattern {
StringBuffer valueBuf = new StringBuffer();
try {
- while ((c = in.read()) != ',' &&
- c != -1 && c != '.' && c != '+') {
- //System.out.println("mValue read "+(char)c);
+ while ((c = in.read()) != ',' && c != -1 && c != '.'
+ && c != '+') {
+ // System.out.println("mValue read "+(char)c);
valueBuf.append((char) c);
}
if (c == '+' || c == ',') // either ',' or '+'
- in.unread(c); // pushback last , or +
+ in.unread(c); // pushback last , or +
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
mValue = valueBuf.toString().trim();
- if (mValue.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "$subj or $req attribute name expected"));
- //System.out.println("----- mValue "+mValue);
+ if (mValue.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "$subj or $req attribute name expected"));
+ // System.out.println("----- mValue "+mValue);
- // get nth dn xxx not nth request attribute .
+ // get nth dn xxx not nth request attribute .
if (c == '.') {
StringBuffer attrNumberBuf = new StringBuffer();
try {
while ((c = in.read()) != ',' && c != -1 && c != '.'
- && c != '+') {
- //System.out.println("mElement read "+(char)c);
+ && c != '+') {
+ // System.out.println("mElement read "+(char)c);
attrNumberBuf.append((char) c);
}
- if (c == ',' || c == '+') // either ',' or '+'
- in.unread(c); // pushback last , or +
+ if (c == ',' || c == '+') // either ',' or '+'
+ in.unread(c); // pushback last , or +
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
String attrNumber = attrNumberBuf.toString().trim();
- if (attrNumber.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "nth element $req $ext or $subj expected"));
+ if (attrNumber.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "nth element $req $ext or $subj expected"));
try {
mElement = Integer.parseInt(attrNumber) - 1;
} catch (NumberFormatException e) {
@@ -392,87 +400,93 @@ class MapAVAPattern {
mValue = attrNumber;
} else if (TYPE_EXT.equals(mType)) {
mGNType = attrNumber;
- } else
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "Invalid format in nth element $req $ext or $subj"));
+ } else
+ throw new ECompSyntaxErr(
+ CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid format in nth element $req $ext or $subj"));
- // get nth request attribute .
+ // get nth request attribute .
if (c == '.') {
StringBuffer attrNumberBuf1 = new StringBuffer();
try {
- while ((c = in.read()) != ',' && c != -1 && c != '+') {
- //System.out.println("mElement read "+(char)c);
+ while ((c = in.read()) != ',' && c != -1
+ && c != '+') {
+ // System.out.println("mElement read "+(char)c);
attrNumberBuf1.append((char) c);
}
if (c != -1) // either ',' or '+'
- in.unread(c); // pushback last , or +
+ in.unread(c); // pushback last , or +
} catch (IOException ex) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", ex.toString()));
}
String attrNumber1 = attrNumberBuf1.toString().trim();
- if (attrNumber1.length() == 0)
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "nth element $req expected"));
- try {
- mElement = Integer.parseInt(attrNumber1) - 1;
+ if (attrNumber1.length() == 0)
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "nth element $req expected"));
+ try {
+ mElement = Integer.parseInt(attrNumber1) - 1;
} catch (NumberFormatException ex) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
- "Invalid format in nth element $req."));
-
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+ "Invalid format in nth element $req."));
+
}
}
}
}
- //System.out.println("----- mElement "+mElement);
+ // System.out.println("----- mElement "+mElement);
} else {
// value is constant. treat as regular ava.
mType = TYPE_CONSTANT;
- //System.out.println("----- mType constant");
- // parse ava value.
+ // System.out.println("----- mType constant");
+ // parse ava value.
StringBuffer valueBuf = new StringBuffer();
valueBuf.append((char) c);
// read forward to get attribute value
try {
- while ((c = in.read()) != ',' &&
- c != -1) {
+ while ((c = in.read()) != ',' && c != -1) {
valueBuf.append((char) c);
}
if (c == '+' || c == ',') { // either ',' or '+'
- in.unread(c); // pushback last , or +
+ in.unread(c); // pushback last , or +
}
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
- try {
- AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
+ try {
+ AVA ava = mLdapDNStrConverter
+ .parseAVA(attrBuf + "=" + valueBuf);
mValue = ava.toLdapDNString();
- //System.out.println("----- mValue "+mValue);
+ // System.out.println("----- mValue "+mValue);
} catch (IOException e) {
- throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString()));
+ throw new ECompSyntaxErr(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString()));
}
}
}
- public String formAVA(IRequest req, X500Name subject, CertificateExtensions extensions)
- throws ELdapException {
+ public String formAVA(IRequest req, X500Name subject,
+ CertificateExtensions extensions) throws ELdapException {
if (TYPE_CONSTANT.equals(mType))
return mValue;
if (TYPE_RDN.equals(mType)) {
String dn = subject.toString();
- if (mTestDN != null)
+ if (mTestDN != null)
dn = mTestDN;
- //System.out.println("AVAPattern Using dn "+mTestDN);
+ // System.out.println("AVAPattern Using dn "+mTestDN);
String[] rdns = LDAPDN.explodeDN(dn, false);
- if (mElement >= rdns.length)
+ if (mElement >= rdns.length)
return null;
return rdns[mElement];
}
@@ -480,9 +494,9 @@ class MapAVAPattern {
if (TYPE_SUBJ.equals(mType)) {
String dn = subject.toString();
- if (mTestDN != null)
+ if (mTestDN != null)
dn = mTestDN;
- //System.out.println("AVAPattern Using dn "+mTestDN);
+ // System.out.println("AVAPattern Using dn "+mTestDN);
String[] rdns = LDAPDN.explodeDN(dn, false);
String value = null;
int nFound = -1;
@@ -493,19 +507,17 @@ class MapAVAPattern {
for (int j = 0; j < avas.length; j++) {
String[] exploded = explodeAVA(avas[j]);
- if (exploded[0].equalsIgnoreCase(mValue) &&
- ++nFound == mElement) {
+ if (exploded[0].equalsIgnoreCase(mValue)
+ && ++nFound == mElement) {
value = exploded[1];
break;
}
}
}
if (value == null) {
- CMS.debug(
- "MapAVAPattern: attr " + mAttr +
- " not formed from: cert subject " +
- dn +
- "-- no subject component : " + mValue);
+ CMS.debug("MapAVAPattern: attr " + mAttr
+ + " not formed from: cert subject " + dn
+ + "-- no subject component : " + mValue);
return null;
}
return mAttr + "=" + value;
@@ -514,40 +526,41 @@ class MapAVAPattern {
if (TYPE_EXT.equals(mType)) {
if (extensions != null) {
for (int i = 0; i < extensions.size(); i++) {
- Extension ext = (Extension)
- extensions.elementAt(i);
+ Extension ext = (Extension) extensions.elementAt(i);
String extName = OIDMap.getName(ext.getExtensionId());
int index = extName.lastIndexOf(".");
if (index != -1)
extName = extName.substring(index + 1);
- if (
- extName.equals(mValue)) {
+ if (extName.equals(mValue)) {
// Check the extensions one by one.
// For now, just give subjectAltName as an example.
- if
- (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) {
+ if (mValue
+ .equalsIgnoreCase(SubjectAlternativeNameExtension.NAME)) {
try {
- GeneralNames subjectNames = (GeneralNames)
- ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+ GeneralNames subjectNames = (GeneralNames) ((SubjectAlternativeNameExtension) ext)
+ .get(SubjectAlternativeNameExtension.SUBJECT_NAME);
if (subjectNames.size() == 0)
break;
int j = 0;
- for (Enumeration n = subjectNames.elements(); n.hasMoreElements();) {
- GeneralName gn = (GeneralName) n.nextElement();
+ for (Enumeration n = subjectNames.elements(); n
+ .hasMoreElements();) {
+ GeneralName gn = (GeneralName) n
+ .nextElement();
String gname = gn.toString();
index = gname.indexOf(":");
- if (index == -1) break;
+ if (index == -1)
+ break;
String gType = gname.substring(0, index);
if (mGNType != null) {
if (mGNType.equalsIgnoreCase(gType)) {
if (mElement == j) {
- gname =
- gname.substring(index + 2);
+ gname = gname
+ .substring(index + 2);
return mAttr + "=" + gname;
} else {
j++;
@@ -555,25 +568,22 @@ class MapAVAPattern {
}
} else {
if (mElement == j) {
- gname =
- gname.substring(index + 2);
+ gname = gname.substring(index + 2);
return mAttr + "=" + gname;
}
j++;
}
}
- } catch (IOException e) {
- CMS.debug(
- "MapAVAPattern: Publishing attr not formed from extension." +
- "-- no attr : " + mValue);
+ } catch (IOException e) {
+ CMS.debug("MapAVAPattern: Publishing attr not formed from extension."
+ + "-- no attr : " + mValue);
}
}
}
}
}
- CMS.debug(
- "MapAVAPattern: Publishing:attr not formed from extension " +
- "-- no attr : " + mValue);
+ CMS.debug("MapAVAPattern: Publishing:attr not formed from extension "
+ + "-- no attr : " + mValue);
return null;
}
@@ -582,9 +592,8 @@ class MapAVAPattern {
// mPrefix and mValue are looked up case-insensitive
String reqAttr = req.getExtDataInString(mPrefix, mValue);
if (reqAttr == null) {
- throw new
- ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST",
- mValue, mAttr));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_NO_REQUEST", mValue, mAttr));
}
return mAttr + "=" + reqAttr;
}
@@ -607,20 +616,19 @@ class MapAVAPattern {
}
/**
- * Explode RDN into AVAs.
- * Does not handle escaped '+'
- * Java ldap library does not yet support multiple avas per rdn.
- * If RDN is malformed returns empty array.
+ * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does
+ * not yet support multiple avas per rdn. If RDN is malformed returns empty
+ * array.
*/
public static String[] explodeRDN(String rdn) {
int plus = rdn.indexOf('+');
- if (plus == -1)
+ if (plus == -1)
return new String[] { rdn };
Vector avas = new Vector();
StringTokenizer token = new StringTokenizer(rdn, "+");
- while (token.hasMoreTokens())
+ while (token.hasMoreTokens())
avas.addElement(token.nextToken());
String[] theAvas = new String[avas.size()];
@@ -629,17 +637,15 @@ class MapAVAPattern {
}
/**
- * Explode AVA into name and value.
- * Does not handle escaped '='
- * If AVA is malformed empty array is returned.
+ * Explode AVA into name and value. Does not handle escaped '=' If AVA is
+ * malformed empty array is returned.
*/
public static String[] explodeAVA(String ava) {
int equals = ava.indexOf('=');
- if (equals == -1)
+ if (equals == -1)
return null;
- return new String[] {
- ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()};
+ return new String[] { ava.substring(0, equals).trim(),
+ ava.substring(equals + 1).trim() };
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
index 547e370a..090547bc 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.io.IOException;
import java.io.PushbackReader;
import java.io.StringReader;
@@ -31,25 +30,27 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.request.IRequest;
-
/**
- * class for parsing a DN pattern used to construct a ldap dn from
- * request attributes and cert subject name.<p>
+ * class for parsing a DN pattern used to construct a ldap dn from request
+ * attributes and cert subject name.
+ * <p>
*
- * dnpattern is a string representing a ldap dn pattern to formulate from
- * the certificate subject name attributes and request attributes .
- * If empty or not set, the certificate subject name
- * will be used as the ldap dn. <p>
+ * dnpattern is a string representing a ldap dn pattern to formulate from the
+ * certificate subject name attributes and request attributes . If empty or not
+ * set, the certificate subject name will be used as the ldap dn.
+ * <p>
+ *
+ * The syntax is
*
- * The syntax is
* <pre>
- * dnPattern := rdnPattern *[ "," rdnPattern ]
- * rdnPattern := avaPattern *[ "+" avaPattern ]
+ * dnPattern := rdnPattern *[ "," rdnPattern ]
+ * rdnPattern := avaPattern *[ "+" avaPattern ]
* avaPattern := name "=" value |
- * name "=" "$subj" "." attrName [ "." attrNumber ] |
- * name "=" "$req" "." attrName [ "." attrNumber ] |
- * "$rdn" "." number
+ * name "=" "$subj" "." attrName [ "." attrNumber ] |
+ * name "=" "$req" "." attrName [ "." attrNumber ] |
+ * "$rdn" "." number
* </pre>
+ *
* <pre>
* Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
* cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com
@@ -60,7 +61,7 @@ import com.netscape.certsrv.request.IRequest;
* <p>
* note: Subordinate ca enrollment will use ca mapper. Use predicate
* to distinguish the ca itself and the subordinates.
- *
+ *
* Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i>
* cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com
* request attributes: uid: cmanager
@@ -73,18 +74,18 @@ import com.netscape.certsrv.request.IRequest;
* O = the string people, mcom.com. <br>
* <p>
* </pre>
- * If an request attribute or subject DN component does not exist,
- * the attribute is skipped. There is potential risk that a wrong dn
- * will be mapped into.
- *
+ *
+ * If an request attribute or subject DN component does not exist, the attribute
+ * is skipped. There is potential risk that a wrong dn will be mapped into.
+ *
* @version $Revision$, $Date$
*/
public class MapDNPattern {
- /* the list of request attriubutes to retrieve*/
+ /* the list of request attriubutes to retrieve */
protected String[] mReqAttrs = null;
- /* the list of cert attriubutes to retrieve*/
+ /* the list of cert attriubutes to retrieve */
protected String[] mCertAttrs = null;
/* rdn patterns */
@@ -95,16 +96,15 @@ public class MapDNPattern {
protected String mTestDN = null;
- /**
+ /**
* Construct a DN pattern by parsing a pattern string.
+ *
* @param pattern the DN pattern
- * @exception EBaseException If parsing error occurs.
+ * @exception EBaseException If parsing error occurs.
*/
- public MapDNPattern(String pattern)
- throws ELdapException {
+ public MapDNPattern(String pattern) throws ELdapException {
if (pattern == null || pattern.equals("")) {
- CMS.debug(
- "MapDNPattern: null pattern");
+ CMS.debug("MapDNPattern: null pattern");
} else {
mPatternString = pattern;
PushbackReader in = new PushbackReader(new StringReader(pattern));
@@ -113,13 +113,11 @@ public class MapDNPattern {
}
}
- public MapDNPattern(PushbackReader in)
- throws ELdapException {
+ public MapDNPattern(PushbackReader in) throws ELdapException {
parse(in);
}
- private void parse(PushbackReader in)
- throws ELdapException {
+ private void parse(PushbackReader in) throws ELdapException {
Vector rdnPatterns = new Vector();
MapRDNPattern rdnPattern = null;
int lastChar = -1;
@@ -130,11 +128,10 @@ public class MapDNPattern {
try {
lastChar = in.read();
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
- }
- while (lastChar == ',');
+ } while (lastChar == ',');
mRDNPatterns = new MapRDNPattern[rdnPatterns.size()];
rdnPatterns.copyInto(mRDNPatterns);
@@ -144,8 +141,8 @@ public class MapDNPattern {
for (int i = 0; i < mRDNPatterns.length; i++) {
String[] rdnAttrs = mRDNPatterns[i].getReqAttrs();
- if (rdnAttrs != null && rdnAttrs.length > 0)
- for (int j = 0; j < rdnAttrs.length; j++)
+ if (rdnAttrs != null && rdnAttrs.length > 0)
+ for (int j = 0; j < rdnAttrs.length; j++)
reqAttrs.addElement(rdnAttrs[j]);
}
mReqAttrs = new String[reqAttrs.size()];
@@ -156,8 +153,8 @@ public class MapDNPattern {
for (int i = 0; i < mRDNPatterns.length; i++) {
String[] rdnAttrs = mRDNPatterns[i].getCertAttrs();
- if (rdnAttrs != null && rdnAttrs.length > 0)
- for (int j = 0; j < rdnAttrs.length; j++)
+ if (rdnAttrs != null && rdnAttrs.length > 0)
+ for (int j = 0; j < rdnAttrs.length; j++)
certAttrs.addElement(rdnAttrs[j]);
}
mCertAttrs = new String[certAttrs.size()];
@@ -166,12 +163,13 @@ public class MapDNPattern {
/**
* Form a Ldap v3 DN string from a request and a cert subject name.
+ *
* @param req the request for (un)publish
* @param subject the subjectDN of the certificate
- * @return Ldap v3 DN string to use for base ldap search.
+ * @return Ldap v3 DN string to use for base ldap search.
*/
- public String formDN(IRequest req, X500Name subject, CertificateExtensions ext)
- throws ELdapException {
+ public String formDN(IRequest req, X500Name subject,
+ CertificateExtensions ext) throws ELdapException {
StringBuffer formedDN = new StringBuffer();
for (int i = 0; i < mRDNPatterns.length; i++) {
@@ -180,11 +178,11 @@ public class MapDNPattern {
String rdn = mRDNPatterns[i].formRDN(req, subject, ext);
if (rdn != null && rdn.length() != 0) {
- if (formedDN.length() != 0)
- formedDN.append(",");
- formedDN.append(rdn);
+ if (formedDN.length() != 0)
+ formedDN.append(",");
+ formedDN.append(rdn);
} else {
- throw new ELdapException("pattern not matched");
+ throw new ELdapException("pattern not matched");
}
}
return formedDN.toString();
@@ -198,4 +196,3 @@ public class MapDNPattern {
return (String[]) mCertAttrs.clone();
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
index 3720d02d..87ca5d2d 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.io.IOException;
import java.io.PushbackReader;
import java.io.StringReader;
@@ -30,25 +29,27 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.request.IRequest;
-
/**
- * class for parsing a DN pattern used to construct a ldap dn from
- * request attributes and cert subject name.<p>
+ * class for parsing a DN pattern used to construct a ldap dn from request
+ * attributes and cert subject name.
+ * <p>
*
- * dnpattern is a string representing a ldap dn pattern to formulate from
- * the certificate subject name attributes and request attributes .
- * If empty or not set, the certificate subject name
- * will be used as the ldap dn. <p>
+ * dnpattern is a string representing a ldap dn pattern to formulate from the
+ * certificate subject name attributes and request attributes . If empty or not
+ * set, the certificate subject name will be used as the ldap dn.
+ * <p>
+ *
+ * The syntax is
*
- * The syntax is
* <pre>
- * dnPattern := rdnPattern *[ "," rdnPattern ]
- * rdnPattern := avaPattern *[ "+" avaPattern ]
+ * dnPattern := rdnPattern *[ "," rdnPattern ]
+ * rdnPattern := avaPattern *[ "+" avaPattern ]
* avaPattern := name "=" value |
- * name "=" "$subj" "." attrName [ "." attrNumber ] |
- * name "=" "$req" "." attrName [ "." attrNumber ] |
- * "$rdn" "." number
+ * name "=" "$subj" "." attrName [ "." attrNumber ] |
+ * name "=" "$req" "." attrName [ "." attrNumber ] |
+ * "$rdn" "." number
* </pre>
+ *
* <pre>
* Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
* cert subject name: dn: CN=Certificate Manager, OU=people, O=mcom.com
@@ -59,7 +60,7 @@ import com.netscape.certsrv.request.IRequest;
* <p>
* note: Subordinate ca enrollment will use ca mapper. Use predicate
* to distinguish the ca itself and the subordinates.
- *
+ *
* Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i>
* cert subject name: dn: UID=jjames, OU=IS, O=people, , O=mcom.com
* request attributes: uid: cmanager
@@ -72,18 +73,18 @@ import com.netscape.certsrv.request.IRequest;
* O = the string people, mcom.com. <br>
* <p>
* </pre>
- * If an request attribute or subject DN component does not exist,
- * the attribute is skipped.There is potential risk that a wrong dn
- * will be mapped into.
- *
+ *
+ * If an request attribute or subject DN component does not exist, the attribute
+ * is skipped.There is potential risk that a wrong dn will be mapped into.
+ *
* @version $Revision$, $Date$
*/
class MapRDNPattern {
- /* the list of request attributes needed by this RDN */
+ /* the list of request attributes needed by this RDN */
protected String[] mReqAttrs = null;
- /* the list of cert attributes needed by this RDN */
+ /* the list of cert attributes needed by this RDN */
protected String[] mCertAttrs = null;
/* AVA patterns */
@@ -94,16 +95,15 @@ class MapRDNPattern {
protected String mTestDN = null;
- /**
+ /**
* Construct a DN pattern by parsing a pattern string.
+ *
* @param pattenr the DN pattern
- * @exception ELdapException If parsing error occurs.
+ * @exception ELdapException If parsing error occurs.
*/
- public MapRDNPattern(String pattern)
- throws ELdapException {
+ public MapRDNPattern(String pattern) throws ELdapException {
if (pattern == null || pattern.equals("")) {
- CMS.debug(
- "MapDNPattern: null pattern");
+ CMS.debug("MapDNPattern: null pattern");
} else {
mPatternString = pattern;
PushbackReader in = new PushbackReader(new StringReader(pattern));
@@ -113,16 +113,14 @@ class MapRDNPattern {
}
/**
- * Construct a DN pattern from a input stream of pattern
+ * Construct a DN pattern from a input stream of pattern
*/
- public MapRDNPattern(PushbackReader in)
- throws ELdapException {
+ public MapRDNPattern(PushbackReader in) throws ELdapException {
parse(in);
}
- private void parse(PushbackReader in)
- throws ELdapException {
- //System.out.println("_________ begin rdn _________");
+ private void parse(PushbackReader in) throws ELdapException {
+ // System.out.println("_________ begin rdn _________");
Vector avaPatterns = new Vector();
MapAVAPattern avaPattern = null;
int lastChar;
@@ -130,26 +128,25 @@ class MapRDNPattern {
do {
avaPattern = new MapAVAPattern(in);
avaPatterns.addElement(avaPattern);
- //System.out.println("added AVAPattern"+
- //" mType "+avaPattern.mType+
- //" mAttr "+avaPattern.mAttr+
- //" mValue "+avaPattern.mValue+
- //" mElement "+avaPattern.mElement);
- try {
- lastChar = in.read();
+ // System.out.println("added AVAPattern"+
+ // " mType "+avaPattern.mType+
+ // " mAttr "+avaPattern.mAttr+
+ // " mValue "+avaPattern.mValue+
+ // " mElement "+avaPattern.mElement);
+ try {
+ lastChar = in.read();
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
- }
- while (lastChar == '+');
+ } while (lastChar == '+');
if (lastChar != -1) {
try {
- in.unread(lastChar); // pushback last ,
+ in.unread(lastChar); // pushback last ,
} catch (IOException e) {
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
}
@@ -161,7 +158,7 @@ class MapRDNPattern {
for (int i = 0; i < mAVAPatterns.length; i++) {
String avaAttr = mAVAPatterns[i].getReqAttr();
- if (avaAttr == null || avaAttr.length() == 0)
+ if (avaAttr == null || avaAttr.length() == 0)
continue;
reqAttrs.addElement(avaAttr);
}
@@ -173,7 +170,7 @@ class MapRDNPattern {
for (int i = 0; i < mAVAPatterns.length; i++) {
String avaAttr = mAVAPatterns[i].getCertAttr();
- if (avaAttr == null || avaAttr.length() == 0)
+ if (avaAttr == null || avaAttr.length() == 0)
continue;
certAttrs.addElement(avaAttr);
}
@@ -183,16 +180,17 @@ class MapRDNPattern {
/**
* Form a Ldap v3 DN string from a request and a cert subject name.
+ *
* @param req the request for (un)publish
* @param subject the subjectDN of the certificate
- * @return Ldap v3 DN string to use for base ldap search.
+ * @return Ldap v3 DN string to use for base ldap search.
*/
- public String formRDN(IRequest req, X500Name subject, CertificateExtensions ext)
- throws ELdapException {
+ public String formRDN(IRequest req, X500Name subject,
+ CertificateExtensions ext) throws ELdapException {
StringBuffer formedRDN = new StringBuffer();
for (int i = 0; i < mAVAPatterns.length; i++) {
- if (mTestDN != null)
+ if (mTestDN != null)
mAVAPatterns[i].mTestDN = mTestDN;
String ava = mAVAPatterns[i].formAVA(req, subject, ext);
@@ -202,7 +200,7 @@ class MapRDNPattern {
formedRDN.append(ava);
}
}
- //System.out.println("formed RDN "+formedRDN.toString());
+ // System.out.println("formed RDN "+formedRDN.toString());
return formedRDN.toString();
}
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
index b1d10902..4b15a5ab 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.mappers;
-
import java.util.Locale;
import java.util.Vector;
@@ -30,10 +29,9 @@ import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.publish.ILdapMapper;
import com.netscape.certsrv.request.IRequest;
-
-/**
+/**
* No Map
- *
+ *
* @version $Revision$, $Date$
*/
public class NoMap implements ILdapMapper, IExtendedPluginInfo {
@@ -48,40 +46,39 @@ public class NoMap implements ILdapMapper, IExtendedPluginInfo {
public String[] getExtendedPluginInfo(Locale locale) {
String params[] = {
- IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper",
- IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the name of the entry to publish to"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-mapper-simplemapper",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Describes how to form the name of the entry to publish to" };
return params;
}
public IConfigStore getConfigStore() {
- return mConfig;
+ return mConfig;
}
- /**
+ /**
* for initializing from config store.
*/
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
mConfig = config;
}
/**
- * Maps a X500 subject name to LDAP entry.
- * Uses DN pattern to form a DN for a LDAP base search.
+ * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+ * a LDAP base search.
*
- * @param conn the LDAP connection.
- * @param obj the object to map.
+ * @param conn the LDAP connection.
+ * @param obj the object to map.
* @exception ELdapException if any LDAP exceptions occured.
- */
- public String map(LDAPConnection conn, Object obj)
- throws ELdapException {
+ */
+ public String map(LDAPConnection conn, Object obj) throws ELdapException {
return null;
}
public String map(LDAPConnection conn, IRequest req, Object obj)
- throws ELdapException {
+ throws ELdapException {
return null;
}
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
index f0154e44..c7ccd41e 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
@@ -47,10 +46,9 @@ import com.netscape.certsrv.ldap.ELdapException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-/**
- * This publisher writes certificate and CRL into
- * a directory.
- *
+/**
+ * This publisher writes certificate and CRL into a directory.
+ *
* @version $Revision$, $Date$
*/
public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -74,10 +72,10 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
protected String mLinkExt = null;
protected int mZipLevel = 9;
- public void setIssuingPointId(String crlIssuingPointId)
- {
+ public void setIssuingPointId(String crlIssuingPointId) {
mCrlIssuingPointId = crlIssuingPointId;
}
+
/**
* Returns the implementation name.
*/
@@ -95,19 +93,26 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
- PROP_DIR + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).",
- PROP_DER + ";boolean;Store certificates or CRLs into *.der files.",
- PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.",
- PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.",
- PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '"+PROP_DER+"' to be enabled.",
- PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.",
+ PROP_DIR
+ + ";string;Directory in which to put the files (absolute path or relative path to cert-* instance directory).",
+ PROP_DER
+ + ";boolean;Store certificates or CRLs into *.der files.",
+ PROP_B64
+ + ";boolean;Store certificates or CRLs into *.b64 files.",
+ PROP_GMT
+ + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.",
+ PROP_LNK
+ + ";boolean;Generate link to the latest binary CRL. It requires '"
+ + PROP_DER + "' to be enabled.",
+ PROP_EXT
+ + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.",
PROP_ZIP + ";boolean;Generate compressed CRLs.",
- PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-filepublisher",
- IExtendedPluginInfo.HELP_TEXT +
- ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64."
- };
+ PROP_LEV
+ + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-publisher-filepublisher",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64." };
return params;
}
@@ -139,14 +144,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
try {
if (mTimeStamp == null || (!mTimeStamp.equals("GMT")))
mTimeStamp = "LocalTime";
- v.addElement(PROP_DIR+"=" + dir);
- v.addElement(PROP_DER+"=" + mConfig.getBoolean(PROP_DER,true));
- v.addElement(PROP_B64+"=" + mConfig.getBoolean(PROP_B64,false));
- v.addElement(PROP_GMT+"=" + mTimeStamp);
- v.addElement(PROP_LNK+"=" + mConfig.getBoolean(PROP_LNK,false));
- v.addElement(PROP_EXT+"=" + ext);
- v.addElement(PROP_ZIP+"=" + mConfig.getBoolean(PROP_ZIP,false));
- v.addElement(PROP_LEV+"=" + mZipLevel);
+ v.addElement(PROP_DIR + "=" + dir);
+ v.addElement(PROP_DER + "=" + mConfig.getBoolean(PROP_DER, true));
+ v.addElement(PROP_B64 + "=" + mConfig.getBoolean(PROP_B64, false));
+ v.addElement(PROP_GMT + "=" + mTimeStamp);
+ v.addElement(PROP_LNK + "=" + mConfig.getBoolean(PROP_LNK, false));
+ v.addElement(PROP_EXT + "=" + ext);
+ v.addElement(PROP_ZIP + "=" + mConfig.getBoolean(PROP_ZIP, false));
+ v.addElement(PROP_LEV + "=" + mZipLevel);
} catch (Exception e) {
}
return v;
@@ -158,14 +163,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
public Vector<String> getDefaultParams() {
Vector<String> v = new Vector<String>();
- v.addElement(PROP_DIR+"=");
- v.addElement(PROP_DER+"=true");
- v.addElement(PROP_B64+"=false");
- v.addElement(PROP_GMT+"=LocalTime");
- v.addElement(PROP_LNK+"=false");
- v.addElement(PROP_EXT+"=");
- v.addElement(PROP_ZIP+"=false");
- v.addElement(PROP_LEV+"=9");
+ v.addElement(PROP_DIR + "=");
+ v.addElement(PROP_DER + "=true");
+ v.addElement(PROP_B64 + "=false");
+ v.addElement(PROP_GMT + "=LocalTime");
+ v.addElement(PROP_LNK + "=false");
+ v.addElement(PROP_EXT + "=");
+ v.addElement(PROP_ZIP + "=false");
+ v.addElement(PROP_LEV + "=9");
return v;
}
@@ -193,7 +198,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
}
// convert to forward slash
- dir = dir.replace('\\', '/');
+ dir = dir.replace('\\', '/');
config.putString(PROP_DIR, dir);
File dirCheck = new File(dir);
@@ -209,8 +214,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
} catch (Exception e) {
throw new RuntimeException("Invalid Instance Dir " + e);
}
- dirCheck = new File(mInstanceRoot +
- File.separator + dir);
+ dirCheck = new File(mInstanceRoot + File.separator + dir);
if (dirCheck.isDirectory()) {
mDir = mInstanceRoot + File.separator + dir;
} else {
@@ -224,18 +228,20 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
}
private String[] getCrlNamePrefix(X509CRL crl, boolean useGMT) {
- String[] namePrefix = {"crl", "crl"};
+ String[] namePrefix = { "crl", "crl" };
if (mCrlIssuingPointId != null && mCrlIssuingPointId.length() != 0) {
namePrefix[0] = mCrlIssuingPointId;
namePrefix[1] = mCrlIssuingPointId;
}
- java.text.SimpleDateFormat format = new java.text.SimpleDateFormat("yyyyMMdd-HHmmss");
+ java.text.SimpleDateFormat format = new java.text.SimpleDateFormat(
+ "yyyyMMdd-HHmmss");
TimeZone tz = TimeZone.getTimeZone("GMT");
- if (useGMT) format.setTimeZone(tz);
+ if (useGMT)
+ format.setTimeZone(tz);
String timeStamp = format.format(crl.getThisUpdate()).toString();
namePrefix[0] += "-" + timeStamp;
- if (((netscape.security.x509.X509CRLImpl)crl).isDeltaCRL()) {
+ if (((netscape.security.x509.X509CRLImpl) crl).isDeltaCRL()) {
namePrefix[0] += "-delta";
namePrefix[1] += "-delta";
}
@@ -243,65 +249,60 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
return namePrefix;
}
- private void createLink(String linkName, String fileName) {
+ private void createLink(String linkName, String fileName) {
String cmd = "ln -s " + fileName + " " + linkName + ".new";
if (com.netscape.cmsutil.util.Utils.exec(cmd)) {
File oldLink = new File(linkName + ".old");
- if (oldLink.exists()) { // remove old link if exists
+ if (oldLink.exists()) { // remove old link if exists
oldLink.delete();
}
File link = new File(linkName);
- if (link.exists()) { // current link becomes an old link
+ if (link.exists()) { // current link becomes an old link
link.renameTo(new File(linkName + ".old"));
}
File newLink = new File(linkName + ".new");
- if (newLink.exists()) { // new link becomes current link
+ if (newLink.exists()) { // new link becomes current link
newLink.renameTo(new File(linkName));
}
oldLink = new File(linkName + ".old");
- if (oldLink.exists()) { // remove a new old link
+ if (oldLink.exists()) { // remove a new old link
oldLink.delete();
}
} else {
- CMS.debug("FileBasedPublisher: createLink: '" + cmd + "' --- failed");
+ CMS.debug("FileBasedPublisher: createLink: '" + cmd
+ + "' --- failed");
}
}
/**
* Publishs a object to the ldap directory.
*
- * @param conn a Ldap connection
- * (null if LDAP publishing is not enabled)
- * @param dn dn of the ldap entry to publish cert
- * (null if LDAP publishing is not enabled)
- * @param object object to publish
- * (java.security.cert.X509Certificate or,
- * java.security.cert.X509CRL)
+ * @param conn a Ldap connection (null if LDAP publishing is not enabled)
+ * @param dn dn of the ldap entry to publish cert (null if LDAP publishing
+ * is not enabled)
+ * @param object object to publish (java.security.cert.X509Certificate or,
+ * java.security.cert.X509CRL)
*/
public void publish(LDAPConnection conn, String dn, Object object)
- throws ELdapException {
+ throws ELdapException {
CMS.debug("FileBasedPublisher: publish");
try {
if (object instanceof X509Certificate) {
X509Certificate cert = (X509Certificate) object;
BigInteger sno = cert.getSerialNumber();
- String name = mDir +
- File.separator + "cert-" +
- sno.toString();
- if (mDerAttr)
- {
+ String name = mDir + File.separator + "cert-" + sno.toString();
+ if (mDerAttr) {
String fileName = name + ".der";
FileOutputStream fos = new FileOutputStream(fileName);
fos.write(cert.getEncoded());
fos.close();
}
- if (mB64Attr)
- {
+ if (mB64Attr) {
String fileName = name + ".b64";
FileOutputStream fos = new FileOutputStream(fileName);
ByteArrayOutputStream output = new ByteArrayOutputStream();
- Base64OutputStream b64 =
- new Base64OutputStream(new PrintStream(new FilterOutputStream(output)));
+ Base64OutputStream b64 = new Base64OutputStream(
+ new PrintStream(new FilterOutputStream(output)));
b64.write(cert.getEncoded());
b64.flush();
(new PrintStream(fos)).print(output.toString("8859_1"));
@@ -309,12 +310,13 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
}
} else if (object instanceof X509CRL) {
X509CRL crl = (X509CRL) object;
- String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT"));
+ String[] namePrefix = getCrlNamePrefix(crl,
+ mTimeStamp.equals("GMT"));
String baseName = mDir + File.separator + namePrefix[0];
String tempFile = baseName + ".temp";
FileOutputStream fos;
ZipOutputStream zos;
- byte [] encodedArray = null;
+ byte[] encodedArray = null;
File destFile = null;
String destName = null;
File renameFile = null;
@@ -325,16 +327,17 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
fos.write(encodedArray);
fos.close();
if (mZipCRL) {
- zos = new ZipOutputStream(new FileOutputStream(baseName+".zip"));
+ zos = new ZipOutputStream(new FileOutputStream(baseName
+ + ".zip"));
zos.setLevel(mZipLevel);
- zos.putNextEntry(new ZipEntry(baseName+".der"));
+ zos.putNextEntry(new ZipEntry(baseName + ".der"));
zos.write(encodedArray, 0, encodedArray.length);
zos.closeEntry();
zos.close();
}
destName = baseName + ".der";
destFile = new File(destName);
-
+
if (destFile.exists())
destFile.delete();
renameFile = new File(tempFile);
@@ -347,59 +350,71 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
} else {
linkExt += "der";
}
- String linkName = mDir + File.separator + namePrefix[1] + linkExt;
- createLink(linkName, destName);
+ String linkName = mDir + File.separator + namePrefix[1]
+ + linkExt;
+ createLink(linkName, destName);
if (mZipCRL) {
- linkName = mDir + File.separator + namePrefix[1] + ".zip";
- createLink(linkName, baseName+".zip");
+ linkName = mDir + File.separator + namePrefix[1]
+ + ".zip";
+ createLink(linkName, baseName + ".zip");
}
}
}
-
+
// output base64 file
- if(mB64Attr==true)
- {
- if (encodedArray ==null)
- encodedArray = crl.getEncoded();
-
- ByteArrayOutputStream os = new ByteArrayOutputStream();
-
- fos = new FileOutputStream(tempFile);
- fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes());
- fos.close();
- destName = baseName + ".b64";
- destFile = new File(destName);
-
- if(destFile.exists())
- destFile.delete();
- renameFile = new File(tempFile);
- renameFile.renameTo(destFile);
- }
+ if (mB64Attr == true) {
+ if (encodedArray == null)
+ encodedArray = crl.getEncoded();
+
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+
+ fos = new FileOutputStream(tempFile);
+ fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray)
+ .getBytes());
+ fos.close();
+ destName = baseName + ".b64";
+ destFile = new File(destName);
+
+ if (destFile.exists())
+ destFile.delete();
+ renameFile = new File(tempFile);
+ renameFile.renameTo(destFile);
+ }
}
} catch (IOException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
+ mLogger.log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR",
+ e.toString()));
} catch (CertificateEncodingException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
+ mLogger.log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR",
+ e.toString()));
} catch (CRLException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
+ mLogger.log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR",
+ e.toString()));
}
}
/**
* Unpublishs a object to the ldap directory.
- *
- * @param conn the Ldap connection
- * (null if LDAP publishing is not enabled)
- * @param dn dn of the ldap entry to unpublish cert
- * (null if LDAP publishing is not enabled)
- * @param object object to unpublish
- * (java.security.cert.X509Certificate)
+ *
+ * @param conn the Ldap connection (null if LDAP publishing is not enabled)
+ * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing
+ * is not enabled)
+ * @param object object to unpublish (java.security.cert.X509Certificate)
*/
public void unpublish(LDAPConnection conn, String dn, Object object)
- throws ELdapException {
+ throws ELdapException {
CMS.debug("FileBasedPublisher: unpublish");
String name = mDir + File.separator;
String fileName;
@@ -410,7 +425,8 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
name += "cert-" + sno.toString();
} else if (object instanceof X509CRL) {
X509CRL crl = (X509CRL) object;
- String[] namePrefix = getCrlNamePrefix(crl, mTimeStamp.equals("GMT"));
+ String[] namePrefix = getCrlNamePrefix(crl,
+ mTimeStamp.equals("GMT"));
name += namePrefix[0];
fileName = name + ".zip";
@@ -425,13 +441,15 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
f = new File(fileName);
f.delete();
}
- /**
+
+ /**
* returns the Der attribute where it'll be published.
*/
public boolean getDerAttr() {
return mDerAttr;
}
- /**
+
+ /**
* returns the B64 attribute where it'll be published.
*/
public boolean getB64Attr() {
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
index 4727a690..121636af 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Locale;
@@ -42,14 +41,12 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for publishing a CA certificate to
- *
+/**
+ * Interface for publishing a CA certificate to
+ *
* @version $Revision$, $Date$
*/
-public class LdapCaCertPublisher
- implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapCaCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
public static final String LDAP_CACERT_ATTR = "caCertificate;binary";
public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
@@ -64,7 +61,6 @@ public class LdapCaCertPublisher
private boolean mInited = false;
protected IConfigStore mConfig = null;
private String mcrlIssuingPointId;
-
/**
* constructor constructs default values.
@@ -75,15 +71,14 @@ public class LdapCaCertPublisher
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
"caCertAttr;string;Name of Ldap attribute in which to store certificate",
- "caObjectClass;string;The name of the objectclasses which should be " +
- "added to this entry, if they do not already exist. This can be " +
- "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-cacertpublisher",
- IExtendedPluginInfo.HELP_TEXT +
- ";This plugin knows how to publish the CA cert to " +
- "'certificateAuthority' and 'pkiCA' -type entries"
- };
+ "caObjectClass;string;The name of the objectclasses which should be "
+ + "added to this entry, if they do not already exist. This can be "
+ + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-publisher-cacertpublisher",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This plugin knows how to publish the CA cert to "
+ + "'certificateAuthority' and 'pkiCA' -type entries" };
return s;
}
@@ -116,14 +111,13 @@ public class LdapCaCertPublisher
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
- if (mInited)
+ public void init(IConfigStore config) throws EBaseException {
+ if (mInited)
return;
mConfig = config;
mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR);
- mCaObjectclass = mConfig.getString("caObjectClass",
- LDAP_CA_OBJECTCLASS);
+ mCaObjectclass = mConfig
+ .getString("caObjectClass", LDAP_CA_OBJECTCLASS);
mObjAdded = mConfig.getString("caObjectClassAdded", "");
mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
mInited = true;
@@ -151,16 +145,16 @@ public class LdapCaCertPublisher
}
/**
- * publish a CA certificate
- * Adds the cert to the multi-valued certificate attribute as a
- * DER encoded binary blob. Does not check if cert already exists.
- * Converts the class to certificateAuthority.
+ * publish a CA certificate Adds the cert to the multi-valued certificate
+ * attribute as a DER encoded binary blob. Does not check if cert already
+ * exists. Converts the class to certificateAuthority.
+ *
* @param conn the LDAP connection
* @param dn dn of the entry to publish the certificate
- * @param certObj the certificate object.
+ * @param certObj the certificate object.
*/
public void publish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null) {
log(ILogger.LL_INFO, "LdapCaCertPublisher: no LDAP connection");
return;
@@ -168,7 +162,8 @@ public class LdapCaCertPublisher
try {
mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR);
- mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS);
+ mCaObjectclass = mConfig.getString("caObjectClass",
+ LDAP_CA_OBJECTCLASS);
} catch (EBaseException e) {
}
@@ -176,31 +171,31 @@ public class LdapCaCertPublisher
// see if we should create local connection
LDAPConnection altConn = null;
try {
- String host = mConfig.getString("host", null);
- String port = mConfig.getString("port", null);
- if (host != null && port != null) {
- int portVal = Integer.parseInt(port);
- int version = Integer.parseInt(mConfig.getString("version", "2"));
- String cert_nick = mConfig.getString("clientCertNickname", null);
- LDAPSSLSocketFactoryExt sslSocket = null;
- if (cert_nick != null) {
- sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ String host = mConfig.getString("host", null);
+ String port = mConfig.getString("port", null);
+ if (host != null && port != null) {
+ int portVal = Integer.parseInt(port);
+ int version = Integer.parseInt(mConfig
+ .getString("version", "2"));
+ String cert_nick = mConfig
+ .getString("clientCertNickname", null);
+ LDAPSSLSocketFactoryExt sslSocket = null;
+ if (cert_nick != null) {
+ sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ }
+ String mgr_dn = mConfig.getString("bindDN", null);
+ String mgr_pwd = mConfig.getString("bindPWD", null);
+
+ altConn = CMS.getBoundConnection(host, portVal, version,
+ sslSocket, mgr_dn, mgr_pwd);
+ conn = altConn;
}
- String mgr_dn = mConfig.getString("bindDN", null);
- String mgr_pwd = mConfig.getString("bindPWD", null);
-
- altConn = CMS.getBoundConnection(host, portVal,
- version,
- sslSocket, mgr_dn, mgr_pwd);
- conn = altConn;
- }
} catch (LDAPException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
} catch (EBaseException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
}
-
if (!(certObj instanceof X509Certificate))
throw new IllegalArgumentException("Illegal arg to publish");
@@ -210,40 +205,40 @@ public class LdapCaCertPublisher
byte[] certEnc = cert.getEncoded();
/* search for attribute names to determine existence of attributes */
- LDAPSearchResults res =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ "(objectclass=*)", new String[] { LDAP_CRL_ATTR,
+ LDAP_ARL_ATTR }, true);
LDAPEntry entry = res.next();
LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
/* search for objectclass and caCert values */
- LDAPSearchResults res1 =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { "objectclass", mCaCertAttr }, false);
+ LDAPSearchResults res1 = conn.search(dn, LDAPv2.SCOPE_BASE,
+ "(objectclass=*)", new String[] { "objectclass",
+ mCaCertAttr }, false);
LDAPEntry entry1 = res1.next();
LDAPAttribute ocs = entry1.getAttribute("objectclass");
LDAPAttribute certs = entry1.getAttribute(mCaCertAttr);
- boolean hasCert =
- LdapUserCertPublisher.ByteValueExists(certs, certEnc);
+ boolean hasCert = LdapUserCertPublisher.ByteValueExists(certs,
+ certEnc);
LDAPModificationSet modSet = new LDAPModificationSet();
if (hasCert) {
log(ILogger.LL_INFO, "publish: CA " + dn + " already has Cert");
- } else {
+ } else {
/*
- fix for 360458 - if no cert, use add, if has cert but
- not equal, use replace
+ * fix for 360458 - if no cert, use add, if has cert but not
+ * equal, use replace
*/
if (certs == null) {
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(mCaCertAttr, certEnc));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ mCaCertAttr, certEnc));
log(ILogger.LL_INFO, "CA cert added");
} else {
- modSet.add(LDAPModification.REPLACE,
- new LDAPAttribute(mCaCertAttr, certEnc));
+ modSet.add(LDAPModification.REPLACE, new LDAPAttribute(
+ mCaCertAttr, certEnc));
log(ILogger.LL_INFO, "CA cert replaced");
}
}
@@ -251,22 +246,25 @@ public class LdapCaCertPublisher
String[] oclist = mCaObjectclass.split(",");
boolean attrsAdded = false;
- for (int i=0; i < oclist.length; i++) {
+ for (int i = 0; i < oclist.length; i++) {
String oc = oclist[i].trim();
- boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
+ boolean hasoc = LdapUserCertPublisher
+ .StringValueExists(ocs, oc);
if (!hasoc) {
- log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute("objectclass", oc));
+ log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to "
+ + dn);
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ "objectclass", oc));
- if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
+ if ((!attrsAdded)
+ && oc.equalsIgnoreCase("certificationAuthority")) {
// add MUST attributes
- if (arls == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_ARL_ATTR, ""));
+ if (arls == null)
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_ARL_ATTR, ""));
if (crls == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_CRL_ATTR, ""));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_CRL_ATTR, ""));
attrsAdded = true;
}
}
@@ -275,26 +273,28 @@ public class LdapCaCertPublisher
// delete objectclasses that have been deleted from config
String[] delList = mObjDeleted.split(",");
if (delList.length > 0) {
- for (int i=0; i< delList.length; i++) {
+ for (int i = 0; i < delList.length; i++) {
String deloc = delList[i].trim();
- boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
+ boolean hasoc = LdapUserCertPublisher.StringValueExists(
+ ocs, deloc);
boolean match = false;
- for (int j=0; j< oclist.length; j++) {
+ for (int j = 0; j < oclist.length; j++) {
if ((oclist[j].trim()).equals(deloc)) {
match = true;
break;
- }
+ }
}
if (!match && hasoc) {
- log(ILogger.LL_INFO, "deleting CA objectclass " + deloc + " from " + dn);
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute("objectclass", deloc));
+ log(ILogger.LL_INFO, "deleting CA objectclass " + deloc
+ + " from " + dn);
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(
+ "objectclass", deloc));
}
}
}
// reset mObjAdded and mObjDeleted, if needed
- if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) {
+ if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) {
mObjAdded = "";
mObjDeleted = "";
mConfig.putString("caObjectClassAdded", "");
@@ -302,45 +302,53 @@ public class LdapCaCertPublisher
try {
mConfig.commit(false);
} catch (Exception e) {
- log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
+ log(ILogger.LL_INFO,
+ "Failure in updating mObjAdded and mObjDeleted");
}
}
-
- if (modSet.size() > 0) conn.modify(dn, modSet);
+
+ if (modSet.size() > 0)
+ conn.modify(dn, modSet);
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString()));
}
} finally {
- if (altConn != null) {
- try {
- altConn.disconnect();
- } catch (LDAPException e) {
- // safely ignored
- }
- }
+ if (altConn != null) {
+ try {
+ altConn.disconnect();
+ } catch (LDAPException e) {
+ // safely ignored
+ }
+ }
}
return;
}
/**
- * deletes the certificate from CA's certificate attribute.
- * if it's the last cert will also remove the certificateAuthority
- * objectclass.
+ * deletes the certificate from CA's certificate attribute. if it's the last
+ * cert will also remove the certificateAuthority objectclass.
*/
public void unpublish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (!(certObj instanceof X509Certificate))
throw new IllegalArgumentException("Illegal arg to publish");
@@ -348,63 +356,74 @@ public class LdapCaCertPublisher
try {
mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR);
- mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS);
+ mCaObjectclass = mConfig.getString("caObjectClass",
+ LDAP_CA_OBJECTCLASS);
} catch (EBaseException e) {
}
try {
byte[] certEnc = cert.getEncoded();
- LDAPSearchResults res =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { mCaCertAttr, "objectclass" }, false);
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ "(objectclass=*)", new String[] { mCaCertAttr,
+ "objectclass" }, false);
LDAPEntry entry = res.next();
LDAPAttribute certs = entry.getAttribute(mCaCertAttr);
LDAPAttribute ocs = entry.getAttribute("objectclass");
- boolean hasCert =
- LdapUserCertPublisher.ByteValueExists(certs, certEnc);
+ boolean hasCert = LdapUserCertPublisher.ByteValueExists(certs,
+ certEnc);
if (!hasCert) {
- log(ILogger.LL_INFO, "unpublish: " + dn + " has not cert already");
- //throw new ELdapException(
- // LdapResources.ALREADY_UNPUBLISHED_1, dn);
+ log(ILogger.LL_INFO, "unpublish: " + dn
+ + " has not cert already");
+ // throw new ELdapException(
+ // LdapResources.ALREADY_UNPUBLISHED_1, dn);
return;
}
LDAPModificationSet modSet = new LDAPModificationSet();
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute(mCaCertAttr, certEnc));
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(mCaCertAttr,
+ certEnc));
if (certs.size() == 1) {
// if last ca cert, remove oc also.
- String[] oclist = mCaObjectclass.split(",");
- for (int i =0 ; i < oclist.length; i++) {
+ String[] oclist = mCaObjectclass.split(",");
+ for (int i = 0; i < oclist.length; i++) {
String oc = oclist[i].trim();
- boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc);
+ boolean hasOC = LdapUserCertPublisher.StringValueExists(
+ ocs, oc);
if (hasOC) {
- log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc + " from " + dn);
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute("objectclass", oc));
+ log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc
+ + " from " + dn);
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(
+ "objectclass", oc));
}
- }
+ }
}
- conn.modify(dn, modSet);
+ conn.modify(dn, modSet);
} catch (CertificateEncodingException e) {
- CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " + dn);
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for "
+ + dn);
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CACERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_UNPUBLISH_CACERT_ERROR", e.toString()));
}
}
return;
@@ -415,7 +434,7 @@ public class LdapCaCertPublisher
*/
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCaPublisher: " + msg);
+ "LdapCaPublisher: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
index 0c596f3b..3ed46b19 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
@@ -44,12 +43,11 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for mapping a X509 certificate to a LDAP entry
- * Publishes a certificate as binary and its subject name.
- * there is one subject name value for each certificate.
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry Publishes a
+ * certificate as binary and its subject name. there is one subject name value
+ * for each certificate.
+ *
* @version $Revision$, $Date$
*/
public class LdapCertSubjPublisher implements ILdapPublisher {
@@ -96,21 +94,20 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
if (mInited)
return;
mConfig = config;
- mCertAttr = mConfig.getString("certAttr",
- LdapUserCertPublisher.LDAP_USERCERT_ATTR);
- mSubjNameAttr = mConfig.getString("certSubjectName",
- LDAP_CERTSUBJNAME_ATTR);
+ mCertAttr = mConfig.getString("certAttr",
+ LdapUserCertPublisher.LDAP_USERCERT_ATTR);
+ mSubjNameAttr = mConfig.getString("certSubjectName",
+ LDAP_CERTSUBJNAME_ATTR);
mInited = true;
}
/**
- * constrcutor using specified certificate attribute and
- * certificate subject name attribute.
+ * constrcutor using specified certificate attribute and certificate subject
+ * name attribute.
*/
public LdapCertSubjPublisher(String certAttr, String subjNameAttr) {
mCertAttr = certAttr;
@@ -134,19 +131,21 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
}
/**
- * publish a user certificate
- * Adds the cert to the multi-valued certificate attribute as a
- * DER encoded binary blob. Does not check if cert already exists.
- * Then adds the subject name of the cert to the subject name attribute.
+ * publish a user certificate Adds the cert to the multi-valued certificate
+ * attribute as a DER encoded binary blob. Does not check if cert already
+ * exists. Then adds the subject name of the cert to the subject name
+ * attribute.
+ *
* @param conn the LDAP connection
* @param dn dn of the entry to publish the certificate
- * @param certObj the certificate object.
- * @exception ELdapException if cert or subject name already exists,
- * if cert encoding fails, if getting cert subject name fails.
- * Use ELdapException.getException() to find underlying exception.
+ * @param certObj the certificate object.
+ * @exception ELdapException if cert or subject name already exists, if cert
+ * encoding fails, if getting cert subject name fails. Use
+ * ELdapException.getException() to find underlying
+ * exception.
*/
public void publish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null) {
log(ILogger.LL_INFO, "LdapCertSubjPublisher: no LDAP connection");
return;
@@ -162,8 +161,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
byte[] certEnc = cert.getEncoded();
String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString();
- LDAPSearchResults res =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ "(objectclass=*)",
new String[] { mCertAttr, mSubjNameAttr }, false);
LDAPEntry entry = res.next();
@@ -177,14 +176,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
// check if has subject name already.
if (subjnames != null) {
- hasSubjname =
- LdapUserCertPublisher.StringValueExists(subjnames, subjName);
+ hasSubjname = LdapUserCertPublisher.StringValueExists(
+ subjnames, subjName);
}
// if has both, done.
if (hasCert && hasSubjname) {
- log(ILogger.LL_INFO,
- "publish: " + subjName + " already has cert & subject name");
+ log(ILogger.LL_INFO, "publish: " + subjName
+ + " already has cert & subject name");
return;
}
@@ -193,44 +192,53 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
if (!hasCert) {
log(ILogger.LL_INFO, "publish: adding cert to " + subjName);
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(mCertAttr, certEnc));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(mCertAttr,
+ certEnc));
}
// add subject name if not already there.
if (!hasSubjname) {
- log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + dn);
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(mSubjNameAttr, subjName));
+ log(ILogger.LL_INFO, "publish: adding " + subjName + " to "
+ + dn);
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ mSubjNameAttr, subjName));
}
conn.modify(dn, modSet);
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
}
}
/**
- * deletes the certificate from the list of certificates.
- * does not check if certificate is already there.
- * also takes out the subject name if no other certificate remain
- * with the same subject name.
+ * deletes the certificate from the list of certificates. does not check if
+ * certificate is already there. also takes out the subject name if no other
+ * certificate remain with the same subject name.
*/
public void unpublish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (!(certObj instanceof X509Certificate))
throw new IllegalArgumentException("Illegal arg to publish");
@@ -242,8 +250,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
byte[] certEnc = cert.getEncoded();
- LDAPSearchResults res =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ "(objectclass=*)",
new String[] { mCertAttr, mSubjNameAttr }, false);
LDAPEntry entry = res.next();
@@ -266,74 +274,82 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
try {
X509CertImpl certval = new X509CertImpl(val);
// XXX use some sort of X500name equals function here.
- String subjnam =
- ((X500Name) certval.getSubjectDN()).toLdapDNString();
+ String subjnam = ((X500Name) certval.getSubjectDN())
+ .toLdapDNString();
if (subjnam.equalsIgnoreCase(subjName)) {
hasAnotherCert = true;
}
} catch (CertificateEncodingException e) {
// ignore this certificate.
- CMS.debug(
- "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
+ CMS.debug("LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
} catch (CertificateException e) {
// ignore this certificate.
- CMS.debug(
- "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
+ CMS.debug("LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
}
}
}
// check if doesn't have subject name already.
if (subjnames != null) {
- hasSubjname =
- LdapUserCertPublisher.StringValueExists(subjnames, subjName);
+ hasSubjname = LdapUserCertPublisher.StringValueExists(
+ subjnames, subjName);
}
// if doesn't have both, done.
if (!hasCert && !hasSubjname) {
- log(ILogger.LL_INFO,
- "unpublish: " + subjName + " already has not cert & subjname");
+ log(ILogger.LL_INFO, "unpublish: " + subjName
+ + " already has not cert & subjname");
return;
}
- // delete cert if there.
+ // delete cert if there.
LDAPModificationSet modSet = new LDAPModificationSet();
if (hasCert) {
- log(ILogger.LL_INFO,
- "unpublish: deleting cert " + subjName + " from " + dn);
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute(mCertAttr, certEnc));
+ log(ILogger.LL_INFO, "unpublish: deleting cert " + subjName
+ + " from " + dn);
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(
+ mCertAttr, certEnc));
}
// delete subject name if no other cert has the same name.
if (hasSubjname && !hasAnotherCert) {
- log(ILogger.LL_INFO,
- "unpublish: deleting subject name " + subjName + " from " + dn);
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute(mSubjNameAttr, subjName));
+ log(ILogger.LL_INFO, "unpublish: deleting subject name "
+ + subjName + " from " + dn);
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(
+ mSubjNameAttr, subjName));
}
- conn.modify(dn, modSet);
+ conn.modify(dn, modSet);
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(
- CMS.getUserMessage("CMS_LDAP_DECODING_CERT_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_DECODING_CERT_FAILED", e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_LDAP_DN_STRING_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_LDAP_DN_STRING_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
}
}
return;
@@ -341,7 +357,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCertSubjPublisher: " + msg);
+ "LdapCertSubjPublisher: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
index e4a7e0b7..d61f5bf6 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.util.Locale;
import java.util.Vector;
@@ -39,15 +38,14 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * module for publishing a cross certificate pair to ldap
- * crossCertificatePair attribute
- *
+/**
+ * module for publishing a cross certificate pair to ldap crossCertificatePair
+ * attribute
+ *
* @version $Revision$, $Date$
*/
-public class LdapCertificatePairPublisher
- implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapCertificatePairPublisher implements ILdapPublisher,
+ IExtendedPluginInfo {
public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary";
public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
@@ -72,15 +70,14 @@ public class LdapCertificatePairPublisher
public String[] getExtendedPluginInfo(Locale locale) {
String s[] = {
"crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates",
- "caObjectClass;string;The name of the objectclasses which should be " +
- "added to this entry, if they do not already exist. This can be " +
- "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-crosscertpairpublisher",
- IExtendedPluginInfo.HELP_TEXT +
- ";This plugin knows how to publish the CA cert to " +
- "'certificateAuthority' and 'pkiCA' -type entries"
- };
+ "caObjectClass;string;The name of the objectclasses which should be "
+ + "added to this entry, if they do not already exist. This can be "
+ + "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-publisher-crosscertpairpublisher",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This plugin knows how to publish the CA cert to "
+ + "'certificateAuthority' and 'pkiCA' -type entries" };
return s;
}
@@ -117,14 +114,14 @@ public class LdapCertificatePairPublisher
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
- if (mInited)
+ public void init(IConfigStore config) throws EBaseException {
+ if (mInited)
return;
mConfig = config;
- mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
- mCaObjectclass = mConfig.getString("caObjectClass",
- LDAP_CA_OBJECTCLASS);
+ mCrossCertPairAttr = mConfig.getString("crossCertPairAttr",
+ LDAP_CROSS_CERT_PAIR_ATTR);
+ mCaObjectclass = mConfig
+ .getString("caObjectClass", LDAP_CA_OBJECTCLASS);
mObjAdded = mConfig.getString("caObjectClassAdded", "");
mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
@@ -132,7 +129,8 @@ public class LdapCertificatePairPublisher
}
// don't think anyone would ever use this but just in case.
- public LdapCertificatePairPublisher(String crossCertPairAttr, String caObjectclass) {
+ public LdapCertificatePairPublisher(String crossCertPairAttr,
+ String caObjectclass) {
mCrossCertPairAttr = crossCertPairAttr;
mCaObjectclass = caObjectclass;
mInited = true;
@@ -153,116 +151,126 @@ public class LdapCertificatePairPublisher
}
/**
- * publish a certificatePair
- * -should not be called from listeners.
+ * publish a certificatePair -should not be called from listeners.
+ *
* @param conn the LDAP connection
* @param dn dn of the entry to publish the XcertificatePair
- * @param pair the Xcertificate bytes object.
+ * @param pair the Xcertificate bytes object.
*/
public synchronized void publish(LDAPConnection conn, String dn, Object pair)
- throws ELdapException {
+ throws ELdapException {
publish(conn, dn, (byte[]) pair);
}
/**
- * publish a certificatePair
- * -should not be called from listeners.
+ * publish a certificatePair -should not be called from listeners.
+ *
* @param conn the LDAP connection
* @param dn dn of the entry to publish the XcertificatePair
* @param pair the cross cert bytes
*/
- public synchronized void publish(LDAPConnection conn, String dn,
- byte[] pair)
- throws ELdapException {
+ public synchronized void publish(LDAPConnection conn, String dn, byte[] pair)
+ throws ELdapException {
if (conn == null) {
- log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection");
+ log(ILogger.LL_INFO,
+ "LdapCertificatePairPublisher: no LDAP connection");
return;
}
try {
- mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
- mCaObjectclass = mConfig.getString("caObjectClass", LDAP_CA_OBJECTCLASS);
+ mCrossCertPairAttr = mConfig.getString("crossCertPairAttr",
+ LDAP_CROSS_CERT_PAIR_ATTR);
+ mCaObjectclass = mConfig.getString("caObjectClass",
+ LDAP_CA_OBJECTCLASS);
} catch (EBaseException e) {
}
try {
// search for attributes to determine if they exist
- LDAPSearchResults res =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ "(objectclass=*)", new String[] { LDAP_CACERT_ATTR,
+ LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
LDAPEntry entry = res.next();
LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR);
LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
// search for objectclass and crosscertpair attributes and values
- LDAPSearchResults res1 =
- conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { "objectclass", mCrossCertPairAttr }, false);
+ LDAPSearchResults res1 = conn.search(dn, LDAPv2.SCOPE_BASE,
+ "(objectclass=*)", new String[] { "objectclass",
+ mCrossCertPairAttr }, false);
LDAPEntry entry1 = res1.next();
LDAPAttribute ocs = entry1.getAttribute("objectclass");
- LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary");
+ LDAPAttribute certPairs = entry1
+ .getAttribute("crosscertificatepair;binary");
LDAPModificationSet modSet = new LDAPModificationSet();
- boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair);
- if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) {
+ boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs,
+ pair);
+ if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) {
CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again.");
return;
}
if (hasCert) {
- log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes");
+ log(ILogger.LL_INFO, "publish: CA " + dn
+ + " already has cross cert pair bytes");
} else {
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(mCrossCertPairAttr, pair));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ mCrossCertPairAttr, pair));
log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn);
}
String[] oclist = mCaObjectclass.split(",");
boolean attrsAdded = false;
- for (int i=0; i < oclist.length; i++) {
+ for (int i = 0; i < oclist.length; i++) {
String oc = oclist[i].trim();
- boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
+ boolean hasoc = LdapUserCertPublisher
+ .StringValueExists(ocs, oc);
if (!hasoc) {
- log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute("objectclass", oc));
+ log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to "
+ + dn);
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ "objectclass", oc));
- if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
+ if ((!attrsAdded)
+ && oc.equalsIgnoreCase("certificationAuthority")) {
// add MUST attributes
- if (arls == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_ARL_ATTR, ""));
+ if (arls == null)
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_ARL_ATTR, ""));
if (crls == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_CRL_ATTR, ""));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_CRL_ATTR, ""));
if (certs == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_CACERT_ATTR, ""));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_CACERT_ATTR, ""));
attrsAdded = true;
}
}
- }
+ }
// delete objectclasses that have been deleted from config
String[] delList = mObjDeleted.split(",");
if (delList.length > 0) {
- for (int i=0; i< delList.length; i++) {
+ for (int i = 0; i < delList.length; i++) {
String deloc = delList[i].trim();
- boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
+ boolean hasoc = LdapUserCertPublisher.StringValueExists(
+ ocs, deloc);
boolean match = false;
- for (int j=0; j< oclist.length; j++) {
+ for (int j = 0; j < oclist.length; j++) {
if ((oclist[j].trim()).equals(deloc)) {
match = true;
break;
}
}
if (!match && hasoc) {
- log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn);
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute("objectclass", deloc));
+ log(ILogger.LL_INFO, "deleting CRL objectclass "
+ + deloc + " from " + dn);
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(
+ "objectclass", deloc));
}
}
}
@@ -276,22 +284,29 @@ public class LdapCertificatePairPublisher
try {
mConfig.commit(false);
} catch (Exception e) {
- log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
+ log(ILogger.LL_INFO,
+ "Failure in updating mObjAdded and mObjDeleted");
}
}
- if (modSet.size() > 0) conn.modify(dn, modSet);
+ if (modSet.size() > 0)
+ conn.modify(dn, modSet);
CMS.debug("LdapCertificatePairPublisher: in publish() just published");
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
- throw new ELdapException("error publishing cross cert pair:" + e.toString());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "",
+ e.toString()));
+ throw new ELdapException("error publishing cross cert pair:"
+ + e.toString());
}
}
return;
@@ -301,7 +316,7 @@ public class LdapCertificatePairPublisher
* unsupported
*/
public void unpublish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision");
}
@@ -310,7 +325,7 @@ public class LdapCertificatePairPublisher
*/
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCertificatePairPublisher: " + msg);
+ "LdapCertificatePairPublisher: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
index 22dc1294..e6a4e45c 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.security.cert.CRLException;
import java.security.cert.X509CRL;
import java.util.Locale;
@@ -42,10 +41,9 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
/**
- * For publishing master or global CRL.
- * Publishes (replaces) the CRL in the CA's LDAP entry.
+ * For publishing master or global CRL. Publishes (replaces) the CRL in the CA's
+ * LDAP entry.
*
* @version $Revision$, $Date$
*/
@@ -81,16 +79,15 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
"crlAttr;string;Name of Ldap attribute in which to store the CRL",
- "crlObjectClass;string;The name of the objectclasses which should be " +
- "added to this entry, if they do not already exist. This can be a comma-" +
- "separated list such as 'certificationAuthority,certificationAuthority-V2' " +
- "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-crlpublisher",
- IExtendedPluginInfo.HELP_TEXT +
- ";This plugin knows how to publish CRL's to " +
- "'certificateAuthority' and 'pkiCA' -type entries"
- };
+ "crlObjectClass;string;The name of the objectclasses which should be "
+ + "added to this entry, if they do not already exist. This can be a comma-"
+ + "separated list such as 'certificationAuthority,certificationAuthority-V2' "
+ + "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-publisher-crlpublisher",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This plugin knows how to publish CRL's to "
+ + "'certificateAuthority' and 'pkiCA' -type entries" };
return params;
}
@@ -115,14 +112,13 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
if (mInited)
return;
mConfig = config;
mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR);
mCrlObjectClass = mConfig.getString("crlObjectClass",
- LDAP_CRL_OBJECTCLASS);
+ LDAP_CRL_OBJECTCLASS);
mObjAdded = mConfig.getString("crlObjectClassAdded", "");
mObjDeleted = mConfig.getString("crlObjectClassDeleted", "");
@@ -142,11 +138,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
}
/**
- * Replaces the CRL in the certificateRevocationList attribute.
- * CRL's are published as a DER encoded blob.
+ * Replaces the CRL in the certificateRevocationList attribute. CRL's are
+ * published as a DER encoded blob.
*/
public void publish(LDAPConnection conn, String dn, Object crlObj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null) {
log(ILogger.LL_INFO, "publish CRL: no LDAP connection");
return;
@@ -154,7 +150,8 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
try {
mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR);
- mCrlObjectClass = mConfig.getString("crlObjectClass", LDAP_CRL_OBJECTCLASS);
+ mCrlObjectClass = mConfig.getString("crlObjectClass",
+ LDAP_CRL_OBJECTCLASS);
} catch (EBaseException e) {
}
@@ -162,28 +159,29 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
// see if we should create local connection
LDAPConnection altConn = null;
try {
- String host = mConfig.getString("host", null);
- String port = mConfig.getString("port", null);
- if (host != null && port != null) {
- int portVal = Integer.parseInt(port);
- int version = Integer.parseInt(mConfig.getString("version", "2"));
- String cert_nick = mConfig.getString("clientCertNickname", null);
- LDAPSSLSocketFactoryExt sslSocket = null;
- if (cert_nick != null) {
- sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ String host = mConfig.getString("host", null);
+ String port = mConfig.getString("port", null);
+ if (host != null && port != null) {
+ int portVal = Integer.parseInt(port);
+ int version = Integer.parseInt(mConfig
+ .getString("version", "2"));
+ String cert_nick = mConfig
+ .getString("clientCertNickname", null);
+ LDAPSSLSocketFactoryExt sslSocket = null;
+ if (cert_nick != null) {
+ sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ }
+ String mgr_dn = mConfig.getString("bindDN", null);
+ String mgr_pwd = mConfig.getString("bindPWD", null);
+
+ altConn = CMS.getBoundConnection(host, portVal, version,
+ sslSocket, mgr_dn, mgr_pwd);
+ conn = altConn;
}
- String mgr_dn = mConfig.getString("bindDN", null);
- String mgr_pwd = mConfig.getString("bindPWD", null);
-
- altConn = CMS.getBoundConnection(host, portVal,
- version,
- sslSocket, mgr_dn, mgr_pwd);
- conn = altConn;
- }
} catch (LDAPException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
} catch (EBaseException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
}
try {
@@ -194,10 +192,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
LDAPSearchResults res = null;
if (mCrlAttr.equals(LDAP_CRL_ATTR)) {
res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
+ new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
} else {
res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
- new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
+ new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR,
+ LDAP_ARL_ATTR }, true);
}
LDAPEntry entry = res.next();
@@ -216,50 +215,56 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
String[] oclist = mCrlObjectClass.split(",");
boolean attrsAdded = false;
- for (int i=0; i < oclist.length; i++) {
+ for (int i = 0; i < oclist.length; i++) {
String oc = oclist[i].trim();
- boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
+ boolean hasoc = LdapUserCertPublisher
+ .StringValueExists(ocs, oc);
if (!hasoc) {
- log(ILogger.LL_INFO, "adding CRL objectclass " + oc + " to " + dn);
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute("objectclass", oc));
+ log(ILogger.LL_INFO, "adding CRL objectclass " + oc
+ + " to " + dn);
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ "objectclass", oc));
- if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
+ if ((!attrsAdded)
+ && oc.equalsIgnoreCase("certificationAuthority")) {
// add MUST attributes
if (arls == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_ARL_ATTR, ""));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_ARL_ATTR, ""));
if (certs == null)
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_CACERT_ATTR, ""));
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_CACERT_ATTR, ""));
- if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR)))
- modSet.add(LDAPModification.ADD,
- new LDAPAttribute(LDAP_CRL_ATTR, ""));
+ if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR)))
+ modSet.add(LDAPModification.ADD, new LDAPAttribute(
+ LDAP_CRL_ATTR, ""));
attrsAdded = true;
}
}
}
- modSet.add(LDAPModification.REPLACE, new LDAPAttribute(mCrlAttr, crlEnc));
+ modSet.add(LDAPModification.REPLACE, new LDAPAttribute(mCrlAttr,
+ crlEnc));
// delete objectclasses that have been deleted from config
String[] delList = mObjDeleted.split(",");
if (delList.length > 0) {
- for (int i=0; i< delList.length; i++) {
+ for (int i = 0; i < delList.length; i++) {
String deloc = delList[i].trim();
- boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
+ boolean hasoc = LdapUserCertPublisher.StringValueExists(
+ ocs, deloc);
boolean match = false;
- for (int j=0; j< oclist.length; j++) {
+ for (int j = 0; j < oclist.length; j++) {
if ((oclist[j].trim()).equals(deloc)) {
match = true;
break;
}
}
if (!match && hasoc) {
- log(ILogger.LL_INFO, "deleting CRL objectclass " + deloc + " from " + dn);
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute("objectclass", deloc));
+ log(ILogger.LL_INFO, "deleting CRL objectclass "
+ + deloc + " from " + dn);
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(
+ "objectclass", deloc));
}
}
}
@@ -273,56 +278,64 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
try {
mConfig.commit(false);
} catch (Exception e) {
- log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
+ log(ILogger.LL_INFO,
+ "Failure in updating mObjAdded and mObjDeleted");
}
- }
+ }
conn.modify(dn, modSet);
} catch (CRLException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_PUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
}
} finally {
- if (altConn != null) {
- try {
- altConn.disconnect();
- } catch (LDAPException e) {
- // safely ignored
- }
- }
+ if (altConn != null) {
+ try {
+ altConn.disconnect();
+ } catch (LDAPException e) {
+ // safely ignored
+ }
+ }
}
}
/**
- * There shouldn't be a need to call this.
- * CRLs are always replaced but this is implemented anyway in case
- * there is ever a reason to remove a global CRL.
+ * There shouldn't be a need to call this. CRLs are always replaced but this
+ * is implemented anyway in case there is ever a reason to remove a global
+ * CRL.
*/
public void unpublish(LDAPConnection conn, String dn, Object crlObj)
- throws ELdapException {
+ throws ELdapException {
try {
byte[] crlEnc = ((X509CRL) crlObj).getEncoded();
try {
mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR);
- mCrlObjectClass = mConfig.getString("crlObjectClass", LDAP_CRL_OBJECTCLASS);
+ mCrlObjectClass = mConfig.getString("crlObjectClass",
+ LDAP_CRL_OBJECTCLASS);
} catch (EBaseException e) {
}
-
LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
- "(objectclass=*)", new String[] { mCrlAttr, "objectclass" }, false);
+ "(objectclass=*)",
+ new String[] { mCrlAttr, "objectclass" }, false);
LDAPEntry e = res.next();
LDAPAttribute crls = e.getAttribute(mCrlAttr);
LDAPAttribute ocs = e.getAttribute("objectclass");
@@ -330,21 +343,23 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
LDAPModificationSet modSet = new LDAPModificationSet();
boolean hasOC = false;
- boolean hasCRL =
- LdapUserCertPublisher.ByteValueExists(crls, crlEnc);
+ boolean hasCRL = LdapUserCertPublisher
+ .ByteValueExists(crls, crlEnc);
if (hasCRL) {
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute(mCrlAttr, crlEnc));
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(mCrlAttr,
+ crlEnc));
}
-
+
String[] oclist = mCrlObjectClass.split(",");
- for (int i=0; i < oclist.length; i++) {
+ for (int i = 0; i < oclist.length; i++) {
String oc = oclist[i].trim();
if (LdapUserCertPublisher.StringValueExists(ocs, oc)) {
- log(ILogger.LL_INFO, "unpublish: deleting CRL object class " + oc + " from " + dn);
- modSet.add(LDAPModification.DELETE,
- new LDAPAttribute("objectClass", oc));
+ log(ILogger.LL_INFO,
+ "unpublish: deleting CRL object class " + oc
+ + " from " + dn);
+ modSet.add(LDAPModification.DELETE, new LDAPAttribute(
+ "objectClass", oc));
hasOC = true;
}
}
@@ -352,22 +367,29 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
if (hasCRL || hasOC) {
conn.modify(dn, modSet);
} else {
- log(ILogger.LL_INFO,
- "unpublish: " + dn + " already has not CRL");
+ log(ILogger.LL_INFO, "unpublish: " + dn
+ + " already has not CRL");
}
} catch (CRLException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_CRL_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_UNPUBLISH_CRL_ERROR", e.toString()));
}
}
return;
@@ -375,6 +397,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapCrlPublisher: " + msg);
+ "LdapCrlPublisher: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
index 902763b4..0dedf8f4 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
@@ -51,13 +50,13 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for mapping a X509 certificate to a LDAP entry
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry
+ *
* @version $Revision$, $Date$
*/
-public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapEncryptCertPublisher implements ILdapPublisher,
+ IExtendedPluginInfo {
public static final String LDAP_USERCERT_ATTR = "userCertificate;binary";
public static final String PROP_REVOKE_CERT = "revokeCert";
@@ -81,11 +80,10 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
"certAttr;string;LDAP attribute in which to store the certificate",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-usercertpublisher",
- IExtendedPluginInfo.HELP_TEXT +
- ";This plugin knows how to publish user certificates"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-publisher-usercertpublisher",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This plugin knows how to publish user certificates" };
return params;
@@ -109,8 +107,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
if (mInited)
return;
mConfig = config;
@@ -124,16 +121,16 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
}
/**
- * publish a user certificate
- * Adds the cert to the multi-valued certificate attribute as a
- * DER encoded binary blob. Does not check if cert already exists.
+ * publish a user certificate Adds the cert to the multi-valued certificate
+ * attribute as a DER encoded binary blob. Does not check if cert already
+ * exists.
*
* @param conn the LDAP connection
* @param dn dn of the entry to publish the certificate
- * @param certObj the certificate object.
+ * @param certObj the certificate object.
*/
public void publish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null)
return;
@@ -147,45 +144,52 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
byte[] certEnc = cert.getEncoded();
// check if cert already exists.
- LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
"(objectclass=*)", new String[] { mCertAttr }, false);
LDAPEntry entry = res.next();
- LDAPAttribute attr = getModificationAttribute(entry.getAttribute(mCertAttr), certEnc);
+ LDAPAttribute attr = getModificationAttribute(
+ entry.getAttribute(mCertAttr), certEnc);
if (attr == null) {
log(ILogger.LL_INFO, "publish: " + dn + " already has cert.");
return;
}
- // publish
- LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
+ // publish
+ LDAPModification mod = new LDAPModification(
+ LDAPModification.REPLACE, attr);
- conn.modify(dn, mod);
+ conn.modify(dn, mod);
} catch (CertificateEncodingException e) {
- CMS.debug("LdapEncryptCertPublisher: error in publish: " + e.toString());
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ CMS.debug("LdapEncryptCertPublisher: error in publish: "
+ + e.toString());
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_PUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
}
}
return;
}
/**
- * unpublish a user certificate
- * deletes the certificate from the list of certificates.
- * does not check if certificate is already there.
+ * unpublish a user certificate deletes the certificate from the list of
+ * certificates. does not check if certificate is already there.
*/
public void unpublish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (!(certObj instanceof X509Certificate))
throw new IllegalArgumentException("Illegal arg to publish");
@@ -195,7 +199,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
byte[] certEnc = cert.getEncoded();
// check if cert already deleted.
- LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
"(objectclass=*)", new String[] { mCertAttr }, false);
LDAPEntry entry = res.next();
@@ -204,23 +208,31 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
return;
}
- LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
- new LDAPAttribute(mCertAttr, certEnc));
+ LDAPModification mod = new LDAPModification(
+ LDAPModification.DELETE, new LDAPAttribute(mCertAttr,
+ certEnc));
- conn.modify(dn, mod);
+ conn.modify(dn, mod);
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR",
+ e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
}
}
return;
@@ -228,11 +240,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapUserCertPublisher: " + msg);
+ "LdapUserCertPublisher: " + msg);
}
- public LDAPAttribute getModificationAttribute(
- LDAPAttribute attr, byte[] bval) {
+ public LDAPAttribute getModificationAttribute(LDAPAttribute attr,
+ byte[] bval) {
LDAPAttribute at = new LDAPAttribute(attr.getName(), bval);
// determine if the given cert is a signing or an encryption
@@ -256,13 +268,13 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
X509CertImpl cert = new X509CertImpl(val);
log(ILogger.LL_INFO, "Checking " + cert);
- if (CMS.isEncryptionCert(thisCert) &&
- CMS.isEncryptionCert(cert)) {
+ if (CMS.isEncryptionCert(thisCert)
+ && CMS.isEncryptionCert(cert)) {
// skip
log(ILogger.LL_INFO, "SKIP ENCRYPTION " + cert);
revokeCert(cert);
- } else if (CMS.isSigningCert(thisCert) &&
- CMS.isSigningCert(cert)) {
+ } else if (CMS.isSigningCert(thisCert)
+ && CMS.isSigningCert(cert)) {
// skip
log(ILogger.LL_INFO, "SKIP SIGNING " + cert);
revokeCert(cert);
@@ -270,33 +282,35 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
at.addValue(val);
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CHECK_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_CHECK_FAILED", e.toString()));
}
}
return at;
}
- private RevokedCertImpl formCRLEntry(
- BigInteger serialNo, RevocationReason reason)
- throws EBaseException {
+ private RevokedCertImpl formCRLEntry(BigInteger serialNo,
+ RevocationReason reason) throws EBaseException {
CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
CRLExtensions crlentryexts = new CRLExtensions();
try {
crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_SET_CRL_REASON", reason.toString(), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_SET_CRL_REASON",
+ reason.toString(), e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_INTERNAL_ERROR", e.toString()));
}
- RevokedCertImpl crlentry =
- new RevokedCertImpl(serialNo, new Date(), crlentryexts);
+ RevokedCertImpl crlentry = new RevokedCertImpl(serialNo, new Date(),
+ crlentryexts);
return crlentry;
}
- private void revokeCert(X509CertImpl cert)
- throws EBaseException {
+ private void revokeCert(X509CertImpl cert) throws EBaseException {
try {
if (mConfig.getBoolean(PROP_REVOKE_CERT, true) == false) {
return;
@@ -306,11 +320,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
}
BigInteger serialNum = cert.getSerialNumber();
// need to revoke certificate also
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
ICAService service = (ICAService) ca.getCAService();
- RevokedCertImpl crlEntry = formCRLEntry(
- serialNum, RevocationReason.KEY_COMPROMISE);
+ RevokedCertImpl crlEntry = formCRLEntry(serialNum,
+ RevocationReason.KEY_COMPROMISE);
service.revokeCert(crlEntry);
}
@@ -354,4 +368,3 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
index f612d005..3867a3b8 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
@@ -43,13 +42,13 @@ import com.netscape.certsrv.logging.AuditFormat;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.publish.ILdapPublisher;
-
-/**
- * Interface for mapping a X509 certificate to a LDAP entry
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry
+ *
* @version $Revision$, $Date$
*/
-public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapUserCertPublisher implements ILdapPublisher,
+ IExtendedPluginInfo {
public static final String LDAP_USERCERT_ATTR = "userCertificate;binary";
protected String mCertAttr = LDAP_USERCERT_ATTR;
@@ -71,11 +70,10 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
public String[] getExtendedPluginInfo(Locale locale) {
String[] params = {
"certAttr;string;LDAP attribute in which to store the certificate",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-usercertpublisher",
- IExtendedPluginInfo.HELP_TEXT +
- ";This plugin knows how to publish user certificates"
- };
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-publisher-usercertpublisher",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";This plugin knows how to publish user certificates" };
return params;
@@ -99,8 +97,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
return mConfig;
}
- public void init(IConfigStore config)
- throws EBaseException {
+ public void init(IConfigStore config) throws EBaseException {
if (mInited)
return;
mConfig = config;
@@ -113,16 +110,16 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
}
/**
- * publish a user certificate
- * Adds the cert to the multi-valued certificate attribute as a
- * DER encoded binary blob. Does not check if cert already exists.
+ * publish a user certificate Adds the cert to the multi-valued certificate
+ * attribute as a DER encoded binary blob. Does not check if cert already
+ * exists.
*
* @param conn the LDAP connection
* @param dn dn of the entry to publish the certificate
- * @param certObj the certificate object.
+ * @param certObj the certificate object.
*/
public void publish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
if (conn == null)
return;
@@ -130,28 +127,29 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
// see if we should create local connection
LDAPConnection altConn = null;
try {
- String host = mConfig.getString("host", null);
- String port = mConfig.getString("port", null);
- if (host != null && port != null) {
- int portVal = Integer.parseInt(port);
- int version = Integer.parseInt(mConfig.getString("version", "2"));
- String cert_nick = mConfig.getString("clientCertNickname", null);
- LDAPSSLSocketFactoryExt sslSocket = null;
- if (cert_nick != null) {
- sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ String host = mConfig.getString("host", null);
+ String port = mConfig.getString("port", null);
+ if (host != null && port != null) {
+ int portVal = Integer.parseInt(port);
+ int version = Integer.parseInt(mConfig
+ .getString("version", "2"));
+ String cert_nick = mConfig
+ .getString("clientCertNickname", null);
+ LDAPSSLSocketFactoryExt sslSocket = null;
+ if (cert_nick != null) {
+ sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+ }
+ String mgr_dn = mConfig.getString("bindDN", null);
+ String mgr_pwd = mConfig.getString("bindPWD", null);
+
+ altConn = CMS.getBoundConnection(host, portVal, version,
+ sslSocket, mgr_dn, mgr_pwd);
+ conn = altConn;
}
- String mgr_dn = mConfig.getString("bindDN", null);
- String mgr_pwd = mConfig.getString("bindPWD", null);
-
- altConn = CMS.getBoundConnection(host, portVal,
- version,
- sslSocket, mgr_dn, mgr_pwd);
- conn = altConn;
- }
} catch (LDAPException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
} catch (EBaseException e) {
- CMS.debug("Failed to create alt connection " + e);
+ CMS.debug("Failed to create alt connection " + e);
}
if (!(certObj instanceof X509Certificate))
@@ -169,7 +167,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
byte[] certEnc = cert.getEncoded();
// check if cert already exists.
- LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
"(objectclass=*)", new String[] { mCertAttr }, false);
LDAPEntry entry = res.next();
@@ -178,59 +176,65 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
return;
}
- // publish
+ // publish
LDAPModification mod = null;
if (deleteCert) {
- mod = new LDAPModification(LDAPModification.REPLACE,
- new LDAPAttribute(mCertAttr, certEnc));
+ mod = new LDAPModification(LDAPModification.REPLACE,
+ new LDAPAttribute(mCertAttr, certEnc));
} else {
- mod = new LDAPModification(LDAPModification.ADD,
- new LDAPAttribute(mCertAttr, certEnc));
+ mod = new LDAPModification(LDAPModification.ADD,
+ new LDAPAttribute(mCertAttr, certEnc));
}
- conn.modify(dn, mod);
+ conn.modify(dn, mod);
// log a successful message to the "transactions" log
- mLogger.log( ILogger.EV_AUDIT,
- ILogger.S_LDAP,
- ILogger.LL_INFO,
- AuditFormat.LDAP_PUBLISHED_FORMAT,
- new Object[] { "LdapUserCertPublisher",
- cert.getSerialNumber().toString(16),
- cert.getSubjectDN() } );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_LDAP,
+ ILogger.LL_INFO,
+ AuditFormat.LDAP_PUBLISHED_FORMAT,
+ new Object[] { "LdapUserCertPublisher",
+ cert.getSerialNumber().toString(16),
+ cert.getSubjectDN() });
} catch (CertificateEncodingException e) {
- CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString());
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ CMS.debug("LdapUserCertPublisher: error in publish: "
+ + e.toString());
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "PUBLISH_PUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
}
} finally {
- if (altConn != null) {
- try {
- altConn.disconnect();
- } catch (LDAPException e) {
- // safely ignored
- }
- }
+ if (altConn != null) {
+ try {
+ altConn.disconnect();
+ } catch (LDAPException e) {
+ // safely ignored
+ }
+ }
}
return;
}
/**
- * unpublish a user certificate
- * deletes the certificate from the list of certificates.
- * does not check if certificate is already there.
+ * unpublish a user certificate deletes the certificate from the list of
+ * certificates. does not check if certificate is already there.
*/
public void unpublish(LDAPConnection conn, String dn, Object certObj)
- throws ELdapException {
+ throws ELdapException {
boolean disableUnpublish = false;
try {
@@ -239,8 +243,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
}
if (disableUnpublish) {
- CMS.debug("UserCertPublisher: disable unpublish");
- return;
+ CMS.debug("UserCertPublisher: disable unpublish");
+ return;
}
if (!(certObj instanceof X509Certificate))
@@ -252,7 +256,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
byte[] certEnc = cert.getEncoded();
// check if cert already deleted.
- LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
+ LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
"(objectclass=*)", new String[] { mCertAttr }, false);
LDAPEntry entry = res.next();
@@ -261,23 +265,30 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
return;
}
- LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
- new LDAPAttribute(mCertAttr, certEnc));
+ LDAPModification mod = new LDAPModification(
+ LDAPModification.DELETE, new LDAPAttribute(mCertAttr,
+ certEnc));
- conn.modify(dn, mod);
+ conn.modify(dn, mod);
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
- throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
+ CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+ throw new ELdapServerDownException(CMS.getUserMessage(
+ "CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), ""
+ + conn.getPort()));
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR"));
- throw new ELdapException(CMS.getUserMessage("CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR"));
+ throw new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_UNPUBLISH_USERCERT_ERROR", e.toString()));
}
}
return;
@@ -285,7 +296,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
private void log(int level, String msg) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
- "LdapUserCertPublisher: " + msg);
+ "LdapUserCertPublisher: " + msg);
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
index ad37a666..e6ebf34a 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.io.DataInputStream;
import java.io.IOException;
import java.io.OutputStream;
@@ -42,11 +41,9 @@ import com.netscape.certsrv.publish.ILdapPublisher;
import com.netscape.cmsutil.http.HttpRequest;
import com.netscape.cmsutil.http.JssSSLSocketFactory;
-
-/**
- * This publisher writes certificate and CRL into
- * a directory.
- *
+/**
+ * This publisher writes certificate and CRL into a directory.
+ *
* @version $Revision$, $Date$
*/
public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -83,13 +80,14 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
PROP_HOST + ";string;Host of CMS's OCSP Secure agent service",
PROP_PORT + ";string;Port of CMS's OCSP Secure agent service",
PROP_PATH + ";string;URI of CMS's OCSP Secure agent service",
- PROP_NICK + ";string;Nickname of cert used for client authentication",
- PROP_CLIENT_AUTH_ENABLE + ";boolean;Client Authentication enabled",
- IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-ldappublish-publisher-ocsppublisher",
- IExtendedPluginInfo.HELP_TEXT +
- ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS."
- };
+ PROP_NICK
+ + ";string;Nickname of cert used for client authentication",
+ PROP_CLIENT_AUTH_ENABLE
+ + ";boolean;Client Authentication enabled",
+ IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-ldappublish-publisher-ocsppublisher",
+ IExtendedPluginInfo.HELP_TEXT
+ + ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS." };
return params;
}
@@ -145,12 +143,12 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
try {
nickname = config.getString("ca.subsystem.nickname", "");
String tokenname = config.getString("ca.subsystem.tokenname", "");
- if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname+":"+nickname;
+ if (!tokenname.equals("internal")
+ && !tokenname.equals("Internal Key Storage Token"))
+ nickname = tokenname + ":" + nickname;
} catch (Exception e) {
}
-
v.addElement(PROP_HOST + "=");
v.addElement(PROP_PORT + "=");
v.addElement(PROP_PATH + "=/ocsp/agent/ocsp/addCRL");
@@ -169,7 +167,8 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
mPort = mConfig.getString(PROP_PORT, "");
mPath = mConfig.getString(PROP_PATH, "");
mNickname = mConfig.getString(PROP_NICK, "");
- mClientAuthEnabled = mConfig.getBoolean(PROP_CLIENT_AUTH_ENABLE, true);
+ mClientAuthEnabled = mConfig.getBoolean(PROP_CLIENT_AUTH_ENABLE,
+ true);
} catch (EBaseException e) {
}
}
@@ -178,45 +177,43 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
return mConfig;
}
- protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory)
- {
- Socket socket = null;
- StringTokenizer st = new StringTokenizer(host, " ");
- while (st.hasMoreTokens()) {
- String hp = st.nextToken(); // host:port
- StringTokenizer st1 = new StringTokenizer(hp, ":");
- String h = st1.nextToken();
- int p = Integer.parseInt(st1.nextToken());
- try {
- if (secure) {
- socket = factory.makeSocket(h, p);
- } else {
- socket = new Socket(h, p);
- }
- return socket;
- } catch (Exception e) {
- }
- try {
- Thread.sleep(5000); // 5 seconds delay
- } catch (Exception e) {
- }
- }
- return null;
+ protected Socket Connect(String host, boolean secure,
+ JssSSLSocketFactory factory) {
+ Socket socket = null;
+ StringTokenizer st = new StringTokenizer(host, " ");
+ while (st.hasMoreTokens()) {
+ String hp = st.nextToken(); // host:port
+ StringTokenizer st1 = new StringTokenizer(hp, ":");
+ String h = st1.nextToken();
+ int p = Integer.parseInt(st1.nextToken());
+ try {
+ if (secure) {
+ socket = factory.makeSocket(h, p);
+ } else {
+ socket = new Socket(h, p);
+ }
+ return socket;
+ } catch (Exception e) {
+ }
+ try {
+ Thread.sleep(5000); // 5 seconds delay
+ } catch (Exception e) {
+ }
+ }
+ return null;
}
/**
* Publishs a object to the ldap directory.
*
- * @param conn a Ldap connection
- * (null if LDAP publishing is not enabled)
- * @param dn dn of the ldap entry to publish cert
- * (null if LDAP publishing is not enabled)
- * @param object object to publish
- * (java.security.cert.X509Certificate or,
- * java.security.cert.X509CRL)
+ * @param conn a Ldap connection (null if LDAP publishing is not enabled)
+ * @param dn dn of the ldap entry to publish cert (null if LDAP publishing
+ * is not enabled)
+ * @param object object to publish (java.security.cert.X509Certificate or,
+ * java.security.cert.X509CRL)
*/
- public synchronized void publish(LDAPConnection conn, String dn, Object object)
- throws ELdapException {
+ public synchronized void publish(LDAPConnection conn, String dn,
+ Object object) throws ELdapException {
try {
if (!(object instanceof X509CRL))
return;
@@ -226,24 +223,24 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
// open the connection and prepare it to POST
boolean secure = true;
-
+
String host = mHost;
int port = Integer.parseInt(mPort);
String path = mPath;
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_INFO, "OCSPPublisher: " +
- "Host='" + host + "' Port='" + port +
- "' URL='" + path + "'");
- CMS.debug("OCSPPublisher: " +
- "Host='" + host + "' Port='" + port +
- "' URL='" + path + "'");
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
+ "OCSPPublisher: " + "Host='" + host + "' Port='" + port
+ + "' URL='" + path + "'");
+ CMS.debug("OCSPPublisher: " + "Host='" + host + "' Port='" + port
+ + "' URL='" + path + "'");
StringBuffer query = new StringBuffer();
query.append("crl=");
- query.append(URLEncoder.encode("-----BEGIN CERTIFICATE REVOCATION LIST-----\n"));
+ query.append(URLEncoder
+ .encode("-----BEGIN CERTIFICATE REVOCATION LIST-----\n"));
query.append(URLEncoder.encode(CMS.BtoA(crl.getEncoded())));
- query.append(URLEncoder.encode("\n-----END CERTIFICATE REVOCATION LIST-----"));
+ query.append(URLEncoder
+ .encode("\n-----END CERTIFICATE REVOCATION LIST-----"));
query.append("&noui=true");
Socket socket = null;
@@ -256,23 +253,23 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
}
if (mHost != null && mHost.indexOf(' ') != -1) {
- // support failover hosts configuration
- // host parameter can be
- // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
- do {
- socket = Connect(mHost, secure, factory);
- } while (socket == null);
+ // support failover hosts configuration
+ // host parameter can be
+ // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
+ do {
+ socket = Connect(mHost, secure, factory);
+ } while (socket == null);
} else {
- if (secure) {
- socket = factory.makeSocket(host, port);
- } else {
- socket = new Socket(host, port);
- }
+ if (secure) {
+ socket = factory.makeSocket(host, port);
+ } else {
+ socket = new Socket(host, port);
+ }
}
- if( socket == null ) {
- CMS.debug( "OCSPPublisher::publish() - socket is null!" );
- throw new ELdapException( "socket is null" );
+ if (socket == null) {
+ CMS.debug("OCSPPublisher::publish() - socket is null!");
+ throw new ELdapException("socket is null");
}
// use HttpRequest and POST
@@ -283,26 +280,28 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
httpReq.setHeader("Connection", "Keep-Alive");
httpReq.setHeader("Content-Type",
- "application/x-www-form-urlencoded");
+ "application/x-www-form-urlencoded");
httpReq.setHeader("Content-Transfer-Encoding", "7bit");
- httpReq.setHeader("Content-Length",
- Integer.toString(query.length()));
+ httpReq.setHeader("Content-Length",
+ Integer.toString(query.length()));
httpReq.setContent(query.toString());
OutputStream os = socket.getOutputStream();
- OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, "UTF8");
+ OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os,
+ "UTF8");
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_INFO, "OCSPPublisher: start sending CRL");
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
+ "OCSPPublisher: start sending CRL");
long startTime = CMS.getCurrentDate().getTime();
CMS.debug("OCSPPublisher: start CRL sending startTime=" + startTime);
httpReq.write(outputStreamWriter);
long endTime = CMS.getCurrentDate().getTime();
- CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime + " diff=" + (endTime - startTime));
+ CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime
+ + " diff=" + (endTime - startTime));
// Read the response
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_INFO, "OCSPPublisher: start getting response");
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
+ "OCSPPublisher: start getting response");
DataInputStream dis = new DataInputStream(socket.getInputStream());
String nextline;
String line = "";
@@ -321,40 +320,50 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
}
dis.close();
if (status) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_INFO, "OCSPPublisher: successful");
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_INFO, "OCSPPublisher: successful");
} else {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_INFO, "OCSPPublisher: failed - " + error);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_INFO, "OCSPPublisher: failed - " + error);
}
-
+
} catch (IOException e) {
CMS.debug("OCSPPublisher: publish failed " + e.toString());
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
+ mLogger.log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR",
+ e.toString()));
} catch (CRLException e) {
CMS.debug("OCSPPublisher: publish failed " + e.toString());
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
+ mLogger.log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR",
+ e.toString()));
} catch (Exception e) {
CMS.debug("OCSPPublisher: publish failed " + e.toString());
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
+ mLogger.log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR",
+ e.toString()));
}
}
/**
* Unpublishs a object to the ldap directory.
- *
- * @param conn the Ldap connection
- * (null if LDAP publishing is not enabled)
- * @param dn dn of the ldap entry to unpublish cert
- * (null if LDAP publishing is not enabled)
- * @param object object to unpublish
- * (java.security.cert.X509Certificate)
+ *
+ * @param conn the Ldap connection (null if LDAP publishing is not enabled)
+ * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing
+ * is not enabled)
+ * @param object object to unpublish (java.security.cert.X509Certificate)
*/
public void unpublish(LDAPConnection conn, String dn, Object object)
- throws ELdapException {
+ throws ELdapException {
// NOT USED
}
}
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java
index d5717aad..3abc0a44 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.publish.publishers;
-
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
@@ -29,10 +28,9 @@ import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Vector;
-
/**
* Publisher utility class.
- *
+ *
* @version $Revision$, $Date$
*/
public class Utils {
@@ -40,7 +38,8 @@ public class Utils {
InetAddress addr = InetAddress.getByName(hostname);
}
- public static void copyStream(InputStream in, OutputStream out) throws IOException {
+ public static void copyStream(InputStream in, OutputStream out)
+ throws IOException {
byte[] buf = new byte[4096];
int len;
@@ -49,7 +48,8 @@ public class Utils {
}
}
- public static void copyStream(BufferedReader in, OutputStreamWriter out) throws IOException {
+ public static void copyStream(BufferedReader in, OutputStreamWriter out)
+ throws IOException {
char[] buf = new char[4096];
int len;
@@ -58,8 +58,8 @@ public class Utils {
}
}
- /// Sorts an array of Strings.
- // Java currently has no general sort function. Sorting Strings is
+ // / Sorts an array of Strings.
+ // Java currently has no general sort function. Sorting Strings is
// common enough that it's worth making a special case.
public static void sortStrings(String[] strings) {
// Just does a bubblesort.
@@ -75,8 +75,8 @@ public class Utils {
}
}
- /// Returns a date string formatted in Unix ls style - if it's within
- // six months of now, Mmm dd hh:ss, else Mmm dd yyyy.
+ // / Returns a date string formatted in Unix ls style - if it's within
+ // six months of now, Mmm dd hh:ss, else Mmm dd yyyy.
public static String lsDateStr(Date date) {
long dateTime = date.getTime();
@@ -104,9 +104,10 @@ public class Utils {
}
return true;
}
-
+
/**
* strips out double quotes around String parameter
+ *
* @param s the string potentially bracketed with double quotes
* @return string stripped of surrounding double quotes
*/
@@ -123,9 +124,8 @@ public class Utils {
}
/**
- * returns an array of strings from a vector of Strings
- * there'll be trouble if the Vector contains something other
- * than just Strings
+ * returns an array of strings from a vector of Strings there'll be trouble
+ * if the Vector contains something other than just Strings
*/
public static String[] getStringArrayFromVector(Vector v) {
String s[] = new String[v.size()];
diff --git a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java
index b48af995..ad4672a6 100644
--- a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java
+++ b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java
@@ -17,18 +17,15 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.request;
-
import java.util.Vector;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.IRequestScheduler;
-
/**
- * This class represents a request scheduler that prioritizes
- * the threads based on the request processing order.
- * The request that enters the request queue first should
- * be processed first.
+ * This class represents a request scheduler that prioritizes the threads based
+ * on the request processing order. The request that enters the request queue
+ * first should be processed first.
*
* @version $Revision$, $Date$
*/
@@ -37,7 +34,7 @@ public class RequestScheduler implements IRequestScheduler {
/**
* Request entered the request queue processing.
- *
+ *
* @param r request
*/
public synchronized void requestIn(IRequest r) {
@@ -51,10 +48,10 @@ public class RequestScheduler implements IRequestScheduler {
/**
* Request exited the request queue processing.
- *
+ *
* @param r request
*/
- public synchronized void requestOut(IRequest r) {
+ public synchronized void requestOut(IRequest r) {
Thread current = Thread.currentThread();
Thread first = (Thread) mRequestThreads.elementAt(0);
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java
index df7f02bc..bc9a5b75 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java
@@ -20,7 +20,6 @@
package com.netscape.cms.selftests;
-
///////////////////////
// import statements //
///////////////////////
@@ -37,7 +36,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
import com.netscape.certsrv.selftests.ISelfTest;
import com.netscape.certsrv.selftests.ISelfTestSubsystem;
-
//////////////////////
// class definition //
//////////////////////
@@ -50,17 +48,14 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem;
* @author thomask
* @version $Revision$, $Date$
*/
-public abstract class ASelfTest
- implements ISelfTest {
- ////////////////////////
+public abstract class ASelfTest implements ISelfTest {
+ // //////////////////////
// default parameters //
- ////////////////////////
-
-
+ // //////////////////////
- //////////////////////////
+ // ////////////////////////
// ISelfTest parameters //
- //////////////////////////
+ // ////////////////////////
// parameter information
private static final String SELF_TEST_NAME = "ASelfTest";
@@ -71,34 +66,29 @@ public abstract class ASelfTest
protected IConfigStore mConfig = null;
protected String mPrefix = null;
- /////////////////////
+ // ///////////////////
// default methods //
- /////////////////////
+ // ///////////////////
-
-
- ///////////////////////
+ // /////////////////////
// ISelfTest methods //
- ///////////////////////
+ // /////////////////////
/**
- * Initializes this subsystem with the configuration store
- * associated with this instance name.
+ * Initializes this subsystem with the configuration store associated with
+ * this instance name.
* <P>
- *
+ *
* @param subsystem the associated subsystem
- * @param instanceName the name of this self test instance
+ * @param instanceName the name of this self test instance
* @param parameters configuration store (self test parameters)
* @exception EDuplicateSelfTestException subsystem has duplicate name/value
* @exception EInvalidSelfTestException subsystem has invalid name/value
* @exception EMissingSelfTestException subsystem has missing name/value
*/
- public void initSelfTest(ISelfTestSubsystem subsystem,
- String instanceName,
- IConfigStore parameters)
- throws EDuplicateSelfTestException,
- EInvalidSelfTestException,
- EMissingSelfTestException {
+ public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName,
+ IConfigStore parameters) throws EDuplicateSelfTestException,
+ EInvalidSelfTestException, EMissingSelfTestException {
// store individual self test class values for this instance
mSelfTestSubsystem = (ISelfTestSubsystem) subsystem;
@@ -107,10 +97,9 @@ public abstract class ASelfTest
if (instanceName != null) {
instanceName = instanceName.trim();
} else {
- mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_PARAMETER_WAS_NULL",
- SELF_TEST_NAME));
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_PARAMETER_WAS_NULL",
+ SELF_TEST_NAME));
throw new EMissingSelfTestException();
}
@@ -123,15 +112,13 @@ public abstract class ASelfTest
mConfig = parameters.getSubStore(pluginPath);
- if ((mConfig != null) &&
- (mConfig.getName() != null) &&
- (mConfig.getName() != "")) {
+ if ((mConfig != null) && (mConfig.getName() != null)
+ && (mConfig.getName() != "")) {
mPrefix = mConfig.getName().trim();
} else {
- mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_PARAMETER_WAS_NULL",
- SELF_TEST_NAME));
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_PARAMETER_WAS_NULL",
+ SELF_TEST_NAME));
throw new EMissingSelfTestException();
}
@@ -142,24 +129,23 @@ public abstract class ASelfTest
/**
* Notifies this subsystem if it is in execution mode.
* <P>
- *
+ *
* @exception ESelfTestException failed to start
*/
- public abstract void startupSelfTest()
- throws ESelfTestException;
+ public abstract void startupSelfTest() throws ESelfTestException;
/**
- * Stops this subsystem. The subsystem may call shutdownSelfTest
- * anytime after initialization.
+ * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+ * after initialization.
* <P>
*/
public abstract void shutdownSelfTest();
/**
- * Returns the name associated with this self test. This method may
- * return null if the self test has not been intialized.
+ * Returns the name associated with this self test. This method may return
+ * null if the self test has not been intialized.
* <P>
- *
+ *
* @return instanceName of this self test
*/
public String getSelfTestName() {
@@ -167,10 +153,10 @@ public abstract class ASelfTest
}
/**
- * Returns the root configuration storage (self test parameters)
- * associated with this subsystem.
+ * Returns the root configuration storage (self test parameters) associated
+ * with this subsystem.
* <P>
- *
+ *
* @return configuration store (self test parameters) of this subsystem
*/
public IConfigStore getSelfTestConfigStore() {
@@ -178,10 +164,10 @@ public abstract class ASelfTest
}
/**
- * Retrieves description associated with an individual self test.
- * This method may return null.
+ * Retrieves description associated with an individual self test. This
+ * method may return null.
* <P>
- *
+ *
* @param locale locale of the client that requests the description
* @return description of self test
*/
@@ -190,11 +176,10 @@ public abstract class ASelfTest
/**
* Execute an individual self test.
* <P>
- *
+ *
* @param logger specifies logging subsystem
* @exception ESelfTestException self test exception
*/
public abstract void runSelfTest(ILogEventListener logger)
- throws ESelfTestException;
+ throws ESelfTestException;
}
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
index cf3338ef..edbac11b 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
@@ -20,8 +20,6 @@
package com.netscape.cms.selftests.ca;
-
-
///////////////////////
// import statements //
///////////////////////
@@ -44,8 +42,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
import com.netscape.certsrv.selftests.ISelfTestSubsystem;
import com.netscape.cms.selftests.ASelfTest;
-
-
//////////////////////
// class definition //
//////////////////////
@@ -58,84 +54,63 @@ import com.netscape.cms.selftests.ASelfTest;
* @author thomask
* @version $Revision$, $Date$
*/
-public class CAPresence
-extends ASelfTest
-{
- ////////////////////////
+public class CAPresence extends ASelfTest {
+ // //////////////////////
// default parameters //
- ////////////////////////
-
+ // //////////////////////
-
- ///////////////////////////
+ // /////////////////////////
// CAPresence parameters //
- ///////////////////////////
+ // /////////////////////////
// parameter information
public static final String PROP_CA_SUB_ID = "CaSubId";
- private String mCaSubId = null;
-
-
+ private String mCaSubId = null;
- /////////////////////
+ // ///////////////////
// default methods //
- /////////////////////
-
-
+ // ///////////////////
- ////////////////////////
+ // //////////////////////
// CAPresence methods //
- ////////////////////////
+ // //////////////////////
/**
- * Initializes this subsystem with the configuration store
- * associated with this instance name.
+ * Initializes this subsystem with the configuration store associated with
+ * this instance name.
* <P>
- *
+ *
* @param subsystem the associated subsystem
- * @param instanceName the name of this self test instance
+ * @param instanceName the name of this self test instance
* @param parameters configuration store (self test parameters)
* @exception EDuplicateSelfTestException subsystem has duplicate name/value
* @exception EInvalidSelfTestException subsystem has invalid name/value
* @exception EMissingSelfTestException subsystem has missing name/value
*/
- public void initSelfTest( ISelfTestSubsystem subsystem,
- String instanceName,
- IConfigStore parameters )
- throws EDuplicateSelfTestException,
- EInvalidSelfTestException,
- EMissingSelfTestException
- {
- super.initSelfTest( subsystem, instanceName, parameters );
+ public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName,
+ IConfigStore parameters) throws EDuplicateSelfTestException,
+ EInvalidSelfTestException, EMissingSelfTestException {
+ super.initSelfTest(subsystem, instanceName, parameters);
// retrieve mandatory parameter(s)
try {
- mCaSubId = mConfig.getString( PROP_CA_SUB_ID );
- if( mCaSubId != null ) {
+ mCaSubId = mConfig.getString(PROP_CA_SUB_ID);
+ if (mCaSubId != null) {
mCaSubId = mCaSubId.trim();
} else {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_VALUES",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_CA_SUB_ID ) );
-
- throw new EMissingSelfTestException( PROP_CA_SUB_ID );
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
+ CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
+ getSelfTestName(), mPrefix + "."
+ + PROP_CA_SUB_ID));
+
+ throw new EMissingSelfTestException(PROP_CA_SUB_ID);
}
- } catch( EBaseException e ) {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_NAME",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_CA_SUB_ID ) );
-
- throw new EMissingSelfTestException( mPrefix,
- PROP_CA_SUB_ID,
- null );
+ } catch (EBaseException e) {
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_NAME", getSelfTestName(),
+ mPrefix + "." + PROP_CA_SUB_ID));
+
+ throw new EMissingSelfTestException(mPrefix, PROP_CA_SUB_ID, null);
}
// retrieve optional parameter(s)
@@ -143,145 +118,124 @@ extends ASelfTest
return;
}
-
/**
* Notifies this subsystem if it is in execution mode.
* <P>
- *
+ *
* @exception ESelfTestException failed to start
*/
- public void startupSelfTest()
- throws ESelfTestException
- {
+ public void startupSelfTest() throws ESelfTestException {
return;
}
-
/**
- * Stops this subsystem. The subsystem may call shutdownSelfTest
- * anytime after initialization.
+ * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+ * after initialization.
* <P>
*/
- public void shutdownSelfTest()
- {
+ public void shutdownSelfTest() {
return;
}
-
/**
- * Returns the name associated with this self test. This method may
- * return null if the self test has not been intialized.
+ * Returns the name associated with this self test. This method may return
+ * null if the self test has not been intialized.
* <P>
- *
+ *
* @return instanceName of this self test
*/
- public String getSelfTestName()
- {
+ public String getSelfTestName() {
return super.getSelfTestName();
}
-
/**
- * Returns the root configuration storage (self test parameters)
- * associated with this subsystem.
+ * Returns the root configuration storage (self test parameters) associated
+ * with this subsystem.
* <P>
- *
+ *
* @return configuration store (self test parameters) of this subsystem
*/
- public IConfigStore getSelfTestConfigStore()
- {
+ public IConfigStore getSelfTestConfigStore() {
return super.getSelfTestConfigStore();
}
-
/**
- * Retrieves description associated with an individual self test.
- * This method may return null.
+ * Retrieves description associated with an individual self test. This
+ * method may return null.
* <P>
- *
+ *
* @param locale locale of the client that requests the description
* @return description of self test
*/
- public String getSelfTestDescription( Locale locale )
- {
- return CMS.getUserMessage( locale,
- "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION" );
+ public String getSelfTestDescription(Locale locale) {
+ return CMS.getUserMessage(locale,
+ "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION");
}
-
/**
* Execute an individual self test.
* <P>
- *
+ *
* @param logger specifies logging subsystem
* @exception ESelfTestException self test exception
*/
- public void runSelfTest( ILogEventListener logger )
- throws ESelfTestException
- {
+ public void runSelfTest(ILogEventListener logger) throws ESelfTestException {
String logMessage = null;
ICertificateAuthority ca = null;
X509CertImpl caCert = null;
X509Key caPubKey = null;
- ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId );
+ ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
- if( ca == null ) {
+ if (ca == null) {
// log that the CA is not installed
- logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
} else {
// Retrieve the CA certificate
caCert = ca.getCACert();
- if( caCert == null ) {
+ if (caCert == null) {
// log that the CA is not yet initialized
- logMessage = CMS.getLogMessage(
- "SELFTESTS_CA_IS_NOT_INITIALIZED",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_CA_IS_NOT_INITIALIZED", getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
// Retrieve the CA certificate public key
try {
- caPubKey = ( X509Key ) caCert.get( X509CertImpl.PUBLIC_KEY );
+ caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY);
- if( caPubKey == null ) {
+ if (caPubKey == null) {
// log that something is seriously wrong with the CA
- logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_CORRUPT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
- } catch( CertificateParsingException e ) {
+ } catch (CertificateParsingException e) {
// log that something is seriously wrong with the CA
- mSelfTestSubsystem.log( logger,
- e.toString() );
+ mSelfTestSubsystem.log(logger, e.toString());
- throw new ESelfTestException( e.toString() );
+ throw new ESelfTestException(e.toString());
}
// log that the CA is present
- logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
}
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
index cff35ce5..c2072dbb 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
@@ -20,8 +20,6 @@
package com.netscape.cms.selftests.ca;
-
-
///////////////////////
// import statements //
///////////////////////
@@ -44,98 +42,75 @@ import com.netscape.certsrv.selftests.ESelfTestException;
import com.netscape.certsrv.selftests.ISelfTestSubsystem;
import com.netscape.cms.selftests.ASelfTest;
-
-
//////////////////////
// class definition //
//////////////////////
/**
- * This class implements a self test to check the validity of the CA.
+ * This class implements a self test to check the validity of the CA.
* <P>
*
* @author mharmsen
* @author thomask
* @version $Revision$, $Date$
*/
-public class CAValidity
-extends ASelfTest
-{
- ////////////////////////
+public class CAValidity extends ASelfTest {
+ // //////////////////////
// default parameters //
- ////////////////////////
-
+ // //////////////////////
-
- ///////////////////////////
+ // /////////////////////////
// CAValidity parameters //
- ///////////////////////////
+ // /////////////////////////
// parameter information
public static final String PROP_CA_SUB_ID = "CaSubId";
- private String mCaSubId = null;
-
-
+ private String mCaSubId = null;
- /////////////////////
+ // ///////////////////
// default methods //
- /////////////////////
-
-
+ // ///////////////////
- ////////////////////////
+ // //////////////////////
// CAValidity methods //
- ////////////////////////
+ // //////////////////////
/**
- * Initializes this subsystem with the configuration store
- * associated with this instance name.
+ * Initializes this subsystem with the configuration store associated with
+ * this instance name.
* <P>
- *
+ *
* @param subsystem the associated subsystem
- * @param instanceName the name of this self test instance
+ * @param instanceName the name of this self test instance
* @param parameters configuration store (self test parameters)
* @exception EDuplicateSelfTestException subsystem has duplicate name/value
* @exception EInvalidSelfTestException subsystem has invalid name/value
* @exception EMissingSelfTestException subsystem has missing name/value
*/
- public void initSelfTest( ISelfTestSubsystem subsystem,
- String instanceName,
- IConfigStore parameters )
- throws EDuplicateSelfTestException,
- EInvalidSelfTestException,
- EMissingSelfTestException
- {
- super.initSelfTest( subsystem, instanceName, parameters );
+ public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName,
+ IConfigStore parameters) throws EDuplicateSelfTestException,
+ EInvalidSelfTestException, EMissingSelfTestException {
+ super.initSelfTest(subsystem, instanceName, parameters);
// retrieve mandatory parameter(s)
try {
- mCaSubId = mConfig.getString( PROP_CA_SUB_ID );
- if( mCaSubId != null ) {
+ mCaSubId = mConfig.getString(PROP_CA_SUB_ID);
+ if (mCaSubId != null) {
mCaSubId = mCaSubId.trim();
} else {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_VALUES",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_CA_SUB_ID ) );
-
- throw new EMissingSelfTestException( PROP_CA_SUB_ID );
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
+ CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
+ getSelfTestName(), mPrefix + "."
+ + PROP_CA_SUB_ID));
+
+ throw new EMissingSelfTestException(PROP_CA_SUB_ID);
}
- } catch( EBaseException e ) {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_NAME",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_CA_SUB_ID ) );
-
- throw new EMissingSelfTestException( mPrefix,
- PROP_CA_SUB_ID,
- null );
+ } catch (EBaseException e) {
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_NAME", getSelfTestName(),
+ mPrefix + "." + PROP_CA_SUB_ID));
+
+ throw new EMissingSelfTestException(mPrefix, PROP_CA_SUB_ID, null);
}
// retrieve optional parameter(s)
@@ -143,145 +118,124 @@ extends ASelfTest
return;
}
-
/**
* Notifies this subsystem if it is in execution mode.
* <P>
- *
+ *
* @exception ESelfTestException failed to start
*/
- public void startupSelfTest()
- throws ESelfTestException
- {
+ public void startupSelfTest() throws ESelfTestException {
return;
}
-
/**
- * Stops this subsystem. The subsystem may call shutdownSelfTest
- * anytime after initialization.
+ * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+ * after initialization.
* <P>
*/
- public void shutdownSelfTest()
- {
+ public void shutdownSelfTest() {
return;
}
-
/**
- * Returns the name associated with this self test. This method may
- * return null if the self test has not been intialized.
+ * Returns the name associated with this self test. This method may return
+ * null if the self test has not been intialized.
* <P>
- *
+ *
* @return instanceName of this self test
*/
- public String getSelfTestName()
- {
+ public String getSelfTestName() {
return super.getSelfTestName();
}
-
/**
- * Returns the root configuration storage (self test parameters)
- * associated with this subsystem.
+ * Returns the root configuration storage (self test parameters) associated
+ * with this subsystem.
* <P>
- *
+ *
* @return configuration store (self test parameters) of this subsystem
*/
- public IConfigStore getSelfTestConfigStore()
- {
+ public IConfigStore getSelfTestConfigStore() {
return super.getSelfTestConfigStore();
}
-
/**
- * Retrieves description associated with an individual self test.
- * This method may return null.
+ * Retrieves description associated with an individual self test. This
+ * method may return null.
* <P>
- *
+ *
* @param locale locale of the client that requests the description
* @return description of self test
*/
- public String getSelfTestDescription( Locale locale )
- {
- return CMS.getUserMessage( locale,
- "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION" );
+ public String getSelfTestDescription(Locale locale) {
+ return CMS.getUserMessage(locale,
+ "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION");
}
-
/**
* Execute an individual self test.
* <P>
- *
+ *
* @param logger specifies logging subsystem
* @exception ESelfTestException self test exception
*/
- public void runSelfTest( ILogEventListener logger )
- throws ESelfTestException
- {
+ public void runSelfTest(ILogEventListener logger) throws ESelfTestException {
String logMessage = null;
ICertificateAuthority ca = null;
X509CertImpl caCert = null;
- ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId );
+ ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
- if( ca == null ) {
+ if (ca == null) {
// log that the CA is not installed
- logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
} else {
// Retrieve the CA certificate
caCert = ca.getCACert();
- if( caCert == null ) {
+ if (caCert == null) {
// log that the CA is not yet initialized
- logMessage = CMS.getLogMessage(
- "SELFTESTS_CA_IS_NOT_INITIALIZED",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_CA_IS_NOT_INITIALIZED", getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
// Retrieve the CA validity period
try {
caCert.checkValidity();
- } catch( CertificateNotYetValidException e ) {
+ } catch (CertificateNotYetValidException e) {
// log that the CA is not yet valid
- logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_YET_VALID",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
- } catch( CertificateExpiredException e ) {
+ throw new ESelfTestException(logMessage);
+ } catch (CertificateExpiredException e) {
// log that the CA is expired
- logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_EXPIRED",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
// log that the CA is valid
- logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_VALID",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
}
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
index b3388d9e..b0e943c1 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
@@ -20,8 +20,6 @@
package com.netscape.cms.selftests.common;
-
-
///////////////////////
// import statements //
///////////////////////
@@ -39,97 +37,74 @@ import com.netscape.certsrv.selftests.ESelfTestException;
import com.netscape.certsrv.selftests.ISelfTestSubsystem;
import com.netscape.cms.selftests.ASelfTest;
-
-
//////////////////////
// class definition //
//////////////////////
/**
- * This class implements a self test to check the system certs
- * of the subsystem
+ * This class implements a self test to check the system certs of the subsystem
* <P>
*
- * @version $Revision: $, $Date: $
+ * @version $Revision: $, $Date: $
*/
-public class SystemCertsVerification
-extends ASelfTest
-{
- ////////////////////////
+public class SystemCertsVerification extends ASelfTest {
+ // //////////////////////
// default parameters //
- ////////////////////////
-
+ // //////////////////////
-
- ///////////////////////////
+ // /////////////////////////
// SystemCertsVerification parameters //
- ///////////////////////////
+ // /////////////////////////
// parameter information
public static final String PROP_SUB_ID = "SubId";
- private String mSubId = null;
-
-
+ private String mSubId = null;
- /////////////////////
+ // ///////////////////
// default methods //
- /////////////////////
-
-
+ // ///////////////////
- ////////////////////////
+ // //////////////////////
// SystemCertsVerification methods //
- ////////////////////////
+ // //////////////////////
/**
- * Initializes this subsystem with the configuration store
- * associated with this instance name.
+ * Initializes this subsystem with the configuration store associated with
+ * this instance name.
* <P>
- *
+ *
* @param subsystem the associated subsystem
- * @param instanceName the name of this self test instance
+ * @param instanceName the name of this self test instance
* @param parameters configuration store (self test parameters)
* @exception EDuplicateSelfTestException subsystem has duplicate name/value
* @exception EInvalidSelfTestException subsystem has invalid name/value
* @exception EMissingSelfTestException subsystem has missing name/value
*/
- public void initSelfTest( ISelfTestSubsystem subsystem,
- String instanceName,
- IConfigStore parameters )
- throws EDuplicateSelfTestException,
- EInvalidSelfTestException,
- EMissingSelfTestException
- {
- super.initSelfTest( subsystem, instanceName, parameters );
+ public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName,
+ IConfigStore parameters) throws EDuplicateSelfTestException,
+ EInvalidSelfTestException, EMissingSelfTestException {
+ super.initSelfTest(subsystem, instanceName, parameters);
// retrieve mandatory parameter(s)
try {
- mSubId = mConfig.getString( PROP_SUB_ID );
- if( mSubId != null ) {
+ mSubId = mConfig.getString(PROP_SUB_ID);
+ if (mSubId != null) {
mSubId = mSubId.trim();
} else {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_VALUES",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_SUB_ID ) );
-
- throw new EMissingSelfTestException( PROP_SUB_ID );
+ mSelfTestSubsystem
+ .log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_VALUES",
+ getSelfTestName(), mPrefix + "."
+ + PROP_SUB_ID));
+
+ throw new EMissingSelfTestException(PROP_SUB_ID);
}
- } catch( EBaseException e ) {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_NAME",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_SUB_ID ) );
-
- throw new EMissingSelfTestException( mPrefix,
- PROP_SUB_ID,
- null );
+ } catch (EBaseException e) {
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_NAME", getSelfTestName(),
+ mPrefix + "." + PROP_SUB_ID));
+
+ throw new EMissingSelfTestException(mPrefix, PROP_SUB_ID, null);
}
// retrieve optional parameter(s)
@@ -137,102 +112,87 @@ extends ASelfTest
return;
}
-
/**
* Notifies this subsystem if it is in execution mode.
* <P>
- *
+ *
* @exception ESelfTestException failed to start
*/
- public void startupSelfTest()
- throws ESelfTestException
- {
+ public void startupSelfTest() throws ESelfTestException {
return;
}
-
/**
- * Stops this subsystem. The subsystem may call shutdownSelfTest
- * anytime after initialization.
+ * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+ * after initialization.
* <P>
*/
- public void shutdownSelfTest()
- {
+ public void shutdownSelfTest() {
return;
}
-
/**
- * Returns the name associated with this self test. This method may
- * return null if the self test has not been intialized.
+ * Returns the name associated with this self test. This method may return
+ * null if the self test has not been intialized.
* <P>
- *
+ *
* @return instanceName of this self test
*/
- public String getSelfTestName()
- {
+ public String getSelfTestName() {
return super.getSelfTestName();
}
-
/**
- * Returns the root configuration storage (self test parameters)
- * associated with this subsystem.
+ * Returns the root configuration storage (self test parameters) associated
+ * with this subsystem.
* <P>
- *
+ *
* @return configuration store (self test parameters) of this subsystem
*/
- public IConfigStore getSelfTestConfigStore()
- {
+ public IConfigStore getSelfTestConfigStore() {
return super.getSelfTestConfigStore();
}
-
/**
- * Retrieves description associated with an individual self test.
- * This method may return null.
+ * Retrieves description associated with an individual self test. This
+ * method may return null.
* <P>
- *
+ *
* @param locale locale of the client that requests the description
* @return description of self test
*/
- public String getSelfTestDescription( Locale locale )
- {
- return CMS.getUserMessage( locale,
- "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION" );
+ public String getSelfTestDescription(Locale locale) {
+ return CMS.getUserMessage(locale,
+ "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION");
}
-
/**
* Execute an individual self test.
* <P>
- *
+ *
* @param logger specifies logging subsystem
* @exception ESelfTestException self test exception
*/
- public void runSelfTest( ILogEventListener logger )
- throws ESelfTestException
- {
+ public void runSelfTest(ILogEventListener logger) throws ESelfTestException {
String logMessage = null;
boolean rc = false;
rc = CMS.verifySystemCerts();
if (rc == true) {
- logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
} else {
- logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
- throw new ESelfTestException( logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
+ throw new ESelfTestException(logMessage);
}
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
index 52255e24..e90072c0 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
@@ -20,8 +20,6 @@
package com.netscape.cms.selftests.kra;
-
-
///////////////////////
// import statements //
///////////////////////
@@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
import com.netscape.certsrv.selftests.ISelfTestSubsystem;
import com.netscape.cms.selftests.ASelfTest;
-
-
//////////////////////
// class definition //
//////////////////////
@@ -55,84 +51,63 @@ import com.netscape.cms.selftests.ASelfTest;
* @author thomask
* @version $Revision$, $Date$
*/
-public class KRAPresence
-extends ASelfTest
-{
- ////////////////////////
+public class KRAPresence extends ASelfTest {
+ // //////////////////////
// default parameters //
- ////////////////////////
-
+ // //////////////////////
-
- ///////////////////////////
+ // /////////////////////////
// KRAPresence parameters //
- ///////////////////////////
+ // /////////////////////////
// parameter information
public static final String PROP_KRA_SUB_ID = "SubId";
- private String mSubId = null;
-
-
+ private String mSubId = null;
- /////////////////////
+ // ///////////////////
// default methods //
- /////////////////////
-
-
+ // ///////////////////
- ////////////////////////
+ // //////////////////////
// KRAPresence methods //
- ////////////////////////
+ // //////////////////////
/**
- * Initializes this subsystem with the configuration store
- * associated with this instance name.
+ * Initializes this subsystem with the configuration store associated with
+ * this instance name.
* <P>
- *
+ *
* @param subsystem the associated subsystem
- * @param instanceName the name of this self test instance
+ * @param instanceName the name of this self test instance
* @param parameters configuration store (self test parameters)
* @exception EDuplicateSelfTestException subsystem has duplicate name/value
* @exception EInvalidSelfTestException subsystem has invalid name/value
* @exception EMissingSelfTestException subsystem has missing name/value
*/
- public void initSelfTest( ISelfTestSubsystem subsystem,
- String instanceName,
- IConfigStore parameters )
- throws EDuplicateSelfTestException,
- EInvalidSelfTestException,
- EMissingSelfTestException
- {
- super.initSelfTest( subsystem, instanceName, parameters );
+ public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName,
+ IConfigStore parameters) throws EDuplicateSelfTestException,
+ EInvalidSelfTestException, EMissingSelfTestException {
+ super.initSelfTest(subsystem, instanceName, parameters);
// retrieve mandatory parameter(s)
try {
- mSubId = mConfig.getString( PROP_KRA_SUB_ID );
- if( mSubId != null ) {
+ mSubId = mConfig.getString(PROP_KRA_SUB_ID);
+ if (mSubId != null) {
mSubId = mSubId.trim();
} else {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_VALUES",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_KRA_SUB_ID ) );
-
- throw new EMissingSelfTestException( PROP_KRA_SUB_ID );
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
+ CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
+ getSelfTestName(), mPrefix + "."
+ + PROP_KRA_SUB_ID));
+
+ throw new EMissingSelfTestException(PROP_KRA_SUB_ID);
}
- } catch( EBaseException e ) {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_NAME",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_KRA_SUB_ID ) );
-
- throw new EMissingSelfTestException( mPrefix,
- PROP_KRA_SUB_ID,
- null );
+ } catch (EBaseException e) {
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_NAME", getSelfTestName(),
+ mPrefix + "." + PROP_KRA_SUB_ID));
+
+ throw new EMissingSelfTestException(mPrefix, PROP_KRA_SUB_ID, null);
}
// retrieve optional parameter(s)
@@ -140,137 +115,117 @@ extends ASelfTest
return;
}
-
/**
* Notifies this subsystem if it is in execution mode.
* <P>
- *
+ *
* @exception ESelfTestException failed to start
*/
- public void startupSelfTest()
- throws ESelfTestException
- {
+ public void startupSelfTest() throws ESelfTestException {
return;
}
-
/**
- * Stops this subsystem. The subsystem may call shutdownSelfTest
- * anytime after initialization.
+ * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+ * after initialization.
* <P>
*/
- public void shutdownSelfTest()
- {
+ public void shutdownSelfTest() {
return;
}
-
/**
- * Returns the name associated with this self test. This method may
- * return null if the self test has not been intialized.
+ * Returns the name associated with this self test. This method may return
+ * null if the self test has not been intialized.
* <P>
- *
+ *
* @return instanceName of this self test
*/
- public String getSelfTestName()
- {
+ public String getSelfTestName() {
return super.getSelfTestName();
}
-
/**
- * Returns the root configuration storage (self test parameters)
- * associated with this subsystem.
+ * Returns the root configuration storage (self test parameters) associated
+ * with this subsystem.
* <P>
- *
+ *
* @return configuration store (self test parameters) of this subsystem
*/
- public IConfigStore getSelfTestConfigStore()
- {
+ public IConfigStore getSelfTestConfigStore() {
return super.getSelfTestConfigStore();
}
-
/**
- * Retrieves description associated with an individual self test.
- * This method may return null.
+ * Retrieves description associated with an individual self test. This
+ * method may return null.
* <P>
- *
+ *
* @param locale locale of the client that requests the description
* @return description of self test
*/
- public String getSelfTestDescription( Locale locale )
- {
- return CMS.getUserMessage( locale,
- "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION" );
+ public String getSelfTestDescription(Locale locale) {
+ return CMS.getUserMessage(locale,
+ "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION");
}
-
/**
* Execute an individual self test.
* <P>
- *
+ *
* @param logger specifies logging subsystem
* @exception ESelfTestException self test exception
*/
- public void runSelfTest( ILogEventListener logger )
- throws ESelfTestException
- {
+ public void runSelfTest(ILogEventListener logger) throws ESelfTestException {
String logMessage = null;
IKeyRecoveryAuthority kra = null;
org.mozilla.jss.crypto.X509Certificate kraCert = null;
PublicKey kraPubKey = null;
- kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( mSubId );
+ kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId);
- if( kra == null ) {
+ if (kra == null) {
// log that the KRA is not installed
- logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_NOT_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
} else {
// Retrieve the KRA certificate
kraCert = kra.getTransportCert();
- if( kraCert == null ) {
+ if (kraCert == null) {
// log that the RA is not yet initialized
- logMessage = CMS.getLogMessage(
- "SELFTESTS_KRA_IS_NOT_INITIALIZED",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_KRA_IS_NOT_INITIALIZED", getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
// Retrieve the KRA certificate public key
- kraPubKey = ( PublicKey ) kraCert.getPublicKey();
+ kraPubKey = (PublicKey) kraCert.getPublicKey();
- if( kraPubKey == null ) {
+ if (kraPubKey == null) {
// log that something is seriously wrong with the KRA
- logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_CORRUPT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
// log that the KRA is present
- logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
}
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
index 507148bd..b8f48b4a 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
@@ -20,8 +20,6 @@
package com.netscape.cms.selftests.ocsp;
-
-
///////////////////////
// import statements //
///////////////////////
@@ -45,8 +43,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
import com.netscape.certsrv.selftests.ISelfTestSubsystem;
import com.netscape.cms.selftests.ASelfTest;
-
-
//////////////////////
// class definition //
//////////////////////
@@ -59,84 +55,63 @@ import com.netscape.cms.selftests.ASelfTest;
* @author thomask
* @version $Revision$, $Date$
*/
-public class OCSPPresence
-extends ASelfTest
-{
- ////////////////////////
+public class OCSPPresence extends ASelfTest {
+ // //////////////////////
// default parameters //
- ////////////////////////
-
-
+ // //////////////////////
- /////////////////////////////
+ // ///////////////////////////
// OCSPPresence parameters //
- /////////////////////////////
+ // ///////////////////////////
// parameter information
public static final String PROP_OCSP_SUB_ID = "OcspSubId";
- private String mOcspSubId = null;
+ private String mOcspSubId = null;
-
-
- /////////////////////
+ // ///////////////////
// default methods //
- /////////////////////
-
+ // ///////////////////
-
- //////////////////////////
+ // ////////////////////////
// OCSPPresence methods //
- //////////////////////////
+ // ////////////////////////
/**
- * Initializes this subsystem with the configuration store
- * associated with this instance name.
+ * Initializes this subsystem with the configuration store associated with
+ * this instance name.
* <P>
- *
+ *
* @param subsystem the associated subsystem
- * @param instanceName the name of this self test instance
+ * @param instanceName the name of this self test instance
* @param parameters configuration store (self test parameters)
* @exception EDuplicateSelfTestException subsystem has duplicate name/value
* @exception EInvalidSelfTestException subsystem has invalid name/value
* @exception EMissingSelfTestException subsystem has missing name/value
*/
- public void initSelfTest( ISelfTestSubsystem subsystem,
- String instanceName,
- IConfigStore parameters )
- throws EDuplicateSelfTestException,
- EInvalidSelfTestException,
- EMissingSelfTestException
- {
- super.initSelfTest( subsystem, instanceName, parameters );
+ public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName,
+ IConfigStore parameters) throws EDuplicateSelfTestException,
+ EInvalidSelfTestException, EMissingSelfTestException {
+ super.initSelfTest(subsystem, instanceName, parameters);
// retrieve mandatory parameter(s)
try {
- mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID );
- if( mOcspSubId != null ) {
+ mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID);
+ if (mOcspSubId != null) {
mOcspSubId = mOcspSubId.trim();
} else {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_VALUES",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_OCSP_SUB_ID ) );
-
- throw new EMissingSelfTestException( PROP_OCSP_SUB_ID );
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
+ CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
+ getSelfTestName(), mPrefix + "."
+ + PROP_OCSP_SUB_ID));
+
+ throw new EMissingSelfTestException(PROP_OCSP_SUB_ID);
}
- } catch( EBaseException e ) {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_NAME",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_OCSP_SUB_ID ) );
-
- throw new EMissingSelfTestException( mPrefix,
- PROP_OCSP_SUB_ID,
- null );
+ } catch (EBaseException e) {
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_NAME", getSelfTestName(),
+ mPrefix + "." + PROP_OCSP_SUB_ID));
+
+ throw new EMissingSelfTestException(mPrefix, PROP_OCSP_SUB_ID, null);
}
// retrieve optional parameter(s)
@@ -144,162 +119,138 @@ extends ASelfTest
return;
}
-
/**
* Notifies this subsystem if it is in execution mode.
* <P>
- *
+ *
* @exception ESelfTestException failed to start
*/
- public void startupSelfTest()
- throws ESelfTestException
- {
+ public void startupSelfTest() throws ESelfTestException {
return;
}
-
/**
- * Stops this subsystem. The subsystem may call shutdownSelfTest
- * anytime after initialization.
+ * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+ * after initialization.
* <P>
*/
- public void shutdownSelfTest()
- {
+ public void shutdownSelfTest() {
return;
}
-
/**
- * Returns the name associated with this self test. This method may
- * return null if the self test has not been intialized.
+ * Returns the name associated with this self test. This method may return
+ * null if the self test has not been intialized.
* <P>
- *
+ *
* @return instanceName of this self test
*/
- public String getSelfTestName()
- {
+ public String getSelfTestName() {
return super.getSelfTestName();
}
-
/**
- * Returns the root configuration storage (self test parameters)
- * associated with this subsystem.
+ * Returns the root configuration storage (self test parameters) associated
+ * with this subsystem.
* <P>
- *
+ *
* @return configuration store (self test parameters) of this subsystem
*/
- public IConfigStore getSelfTestConfigStore()
- {
+ public IConfigStore getSelfTestConfigStore() {
return super.getSelfTestConfigStore();
}
-
/**
- * Retrieves description associated with an individual self test.
- * This method may return null.
+ * Retrieves description associated with an individual self test. This
+ * method may return null.
* <P>
- *
+ *
* @param locale locale of the client that requests the description
* @return description of self test
*/
- public String getSelfTestDescription( Locale locale )
- {
- return CMS.getUserMessage( locale,
- "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION" );
+ public String getSelfTestDescription(Locale locale) {
+ return CMS.getUserMessage(locale,
+ "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION");
}
-
/**
* Execute an individual self test.
* <P>
- *
+ *
* @param logger specifies logging subsystem
* @exception ESelfTestException self test exception
*/
- public void runSelfTest( ILogEventListener logger )
- throws ESelfTestException
- {
+ public void runSelfTest(ILogEventListener logger) throws ESelfTestException {
String logMessage = null;
IOCSPAuthority ocsp = null;
ISigningUnit ocspSigningUnit = null;
X509CertImpl ocspCert = null;
X509Key ocspPubKey = null;
- ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId );
+ ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
- if( ocsp == null ) {
+ if (ocsp == null) {
// log that the OCSP is not installed
- logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
} else {
// Retrieve the OCSP signing unit
ocspSigningUnit = ocsp.getSigningUnit();
- if( ocspSigningUnit == null ) {
+ if (ocspSigningUnit == null) {
// log that the OCSP is not yet initialized
- logMessage = CMS.getLogMessage(
- "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
- getSelfTestName() );
-
- mSelfTestSubsystem.log( logger,
- logMessage );
-
- throw new ESelfTestException( logMessage );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_OCSP_IS_NOT_INITIALIZED", getSelfTestName());
+
+ mSelfTestSubsystem.log(logger, logMessage);
+
+ throw new ESelfTestException(logMessage);
}
// Retrieve the OCSP certificate
ocspCert = ocspSigningUnit.getCertImpl();
- if( ocspCert == null ) {
+ if (ocspCert == null) {
// log that the OCSP is not yet initialized
- logMessage = CMS.getLogMessage(
- "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
- getSelfTestName() );
-
- mSelfTestSubsystem.log( logger,
- logMessage );
-
- throw new ESelfTestException( logMessage );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_OCSP_IS_NOT_INITIALIZED", getSelfTestName());
+
+ mSelfTestSubsystem.log(logger, logMessage);
+
+ throw new ESelfTestException(logMessage);
}
// Retrieve the OCSP certificate public key
try {
- ocspPubKey = ( X509Key )
- ocspCert.get( X509CertImpl.PUBLIC_KEY );
+ ocspPubKey = (X509Key) ocspCert.get(X509CertImpl.PUBLIC_KEY);
- if( ocspPubKey == null ) {
+ if (ocspPubKey == null) {
// log that something is seriously wrong with the OCSP
- logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_CORRUPT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
- } catch( CertificateParsingException e ) {
+ } catch (CertificateParsingException e) {
// log that something is seriously wrong with the OCSP
- mSelfTestSubsystem.log( logger,
- e.toString() );
+ mSelfTestSubsystem.log(logger, e.toString());
- throw new ESelfTestException( e.toString() );
+ throw new ESelfTestException(e.toString());
}
// log that the OCSP is present
- logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
}
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
index e6516b2a..089f2ba3 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
@@ -20,8 +20,6 @@
package com.netscape.cms.selftests.ocsp;
-
-
///////////////////////
// import statements //
///////////////////////
@@ -45,98 +43,75 @@ import com.netscape.certsrv.selftests.ESelfTestException;
import com.netscape.certsrv.selftests.ISelfTestSubsystem;
import com.netscape.cms.selftests.ASelfTest;
-
-
//////////////////////
// class definition //
//////////////////////
/**
- * This class implements a self test to check the validity of the OCSP.
+ * This class implements a self test to check the validity of the OCSP.
* <P>
*
* @author mharmsen
* @author thomask
* @version $Revision$, $Date$
*/
-public class OCSPValidity
-extends ASelfTest
-{
- ////////////////////////
+public class OCSPValidity extends ASelfTest {
+ // //////////////////////
// default parameters //
- ////////////////////////
-
-
+ // //////////////////////
- /////////////////////////////
+ // ///////////////////////////
// OCSPValidity parameters //
- /////////////////////////////
+ // ///////////////////////////
// parameter information
public static final String PROP_OCSP_SUB_ID = "OcspSubId";
- private String mOcspSubId = null;
+ private String mOcspSubId = null;
-
-
- /////////////////////
+ // ///////////////////
// default methods //
- /////////////////////
-
+ // ///////////////////
-
- //////////////////////////
+ // ////////////////////////
// OCSPValidity methods //
- //////////////////////////
+ // ////////////////////////
/**
- * Initializes this subsystem with the configuration store
- * associated with this instance name.
+ * Initializes this subsystem with the configuration store associated with
+ * this instance name.
* <P>
- *
+ *
* @param subsystem the associated subsystem
- * @param instanceName the name of this self test instance
+ * @param instanceName the name of this self test instance
* @param parameters configuration store (self test parameters)
* @exception EDuplicateSelfTestException subsystem has duplicate name/value
* @exception EInvalidSelfTestException subsystem has invalid name/value
* @exception EMissingSelfTestException subsystem has missing name/value
*/
- public void initSelfTest( ISelfTestSubsystem subsystem,
- String instanceName,
- IConfigStore parameters )
- throws EDuplicateSelfTestException,
- EInvalidSelfTestException,
- EMissingSelfTestException
- {
- super.initSelfTest( subsystem, instanceName, parameters );
+ public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName,
+ IConfigStore parameters) throws EDuplicateSelfTestException,
+ EInvalidSelfTestException, EMissingSelfTestException {
+ super.initSelfTest(subsystem, instanceName, parameters);
// retrieve mandatory parameter(s)
try {
- mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID );
- if( mOcspSubId != null ) {
+ mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID);
+ if (mOcspSubId != null) {
mOcspSubId = mOcspSubId.trim();
} else {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_VALUES",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_OCSP_SUB_ID ) );
-
- throw new EMissingSelfTestException( PROP_OCSP_SUB_ID );
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
+ CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
+ getSelfTestName(), mPrefix + "."
+ + PROP_OCSP_SUB_ID));
+
+ throw new EMissingSelfTestException(PROP_OCSP_SUB_ID);
}
- } catch( EBaseException e ) {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_NAME",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_OCSP_SUB_ID ) );
-
- throw new EMissingSelfTestException( mPrefix,
- PROP_OCSP_SUB_ID,
- null );
+ } catch (EBaseException e) {
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_NAME", getSelfTestName(),
+ mPrefix + "." + PROP_OCSP_SUB_ID));
+
+ throw new EMissingSelfTestException(mPrefix, PROP_OCSP_SUB_ID, null);
}
// retrieve optional parameter(s)
@@ -144,162 +119,138 @@ extends ASelfTest
return;
}
-
/**
* Notifies this subsystem if it is in execution mode.
* <P>
- *
+ *
* @exception ESelfTestException failed to start
*/
- public void startupSelfTest()
- throws ESelfTestException
- {
+ public void startupSelfTest() throws ESelfTestException {
return;
}
-
/**
- * Stops this subsystem. The subsystem may call shutdownSelfTest
- * anytime after initialization.
+ * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+ * after initialization.
* <P>
*/
- public void shutdownSelfTest()
- {
+ public void shutdownSelfTest() {
return;
}
-
/**
- * Returns the name associated with this self test. This method may
- * return null if the self test has not been intialized.
+ * Returns the name associated with this self test. This method may return
+ * null if the self test has not been intialized.
* <P>
- *
+ *
* @return instanceName of this self test
*/
- public String getSelfTestName()
- {
+ public String getSelfTestName() {
return super.getSelfTestName();
}
-
/**
- * Returns the root configuration storage (self test parameters)
- * associated with this subsystem.
+ * Returns the root configuration storage (self test parameters) associated
+ * with this subsystem.
* <P>
- *
+ *
* @return configuration store (self test parameters) of this subsystem
*/
- public IConfigStore getSelfTestConfigStore()
- {
+ public IConfigStore getSelfTestConfigStore() {
return super.getSelfTestConfigStore();
}
-
/**
- * Retrieves description associated with an individual self test.
- * This method may return null.
+ * Retrieves description associated with an individual self test. This
+ * method may return null.
* <P>
- *
+ *
* @param locale locale of the client that requests the description
* @return description of self test
*/
- public String getSelfTestDescription( Locale locale )
- {
- return CMS.getUserMessage( locale,
- "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION" );
+ public String getSelfTestDescription(Locale locale) {
+ return CMS.getUserMessage(locale,
+ "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION");
}
-
/**
* Execute an individual self test.
* <P>
- *
+ *
* @param logger specifies logging subsystem
* @exception ESelfTestException self test exception
*/
- public void runSelfTest( ILogEventListener logger )
- throws ESelfTestException
- {
+ public void runSelfTest(ILogEventListener logger) throws ESelfTestException {
String logMessage = null;
IOCSPAuthority ocsp = null;
ISigningUnit ocspSigningUnit = null;
X509CertImpl ocspCert = null;
- ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId );
+ ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
- if( ocsp == null ) {
+ if (ocsp == null) {
// log that the OCSP is not installed
- logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
} else {
// Retrieve the OCSP signing unit
ocspSigningUnit = ocsp.getSigningUnit();
- if( ocspSigningUnit == null ) {
+ if (ocspSigningUnit == null) {
// log that the OCSP is not yet initialized
- logMessage = CMS.getLogMessage(
- "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
- getSelfTestName() );
-
- mSelfTestSubsystem.log( logger,
- logMessage );
-
- throw new ESelfTestException( logMessage );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_OCSP_IS_NOT_INITIALIZED", getSelfTestName());
+
+ mSelfTestSubsystem.log(logger, logMessage);
+
+ throw new ESelfTestException(logMessage);
}
// Retrieve the OCSP certificate
ocspCert = ocspSigningUnit.getCertImpl();
- if( ocspCert == null ) {
+ if (ocspCert == null) {
// log that the OCSP is not yet initialized
- logMessage = CMS.getLogMessage(
- "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_OCSP_IS_NOT_INITIALIZED", getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
// Retrieve the OCSP validity period
try {
ocspCert.checkValidity();
- } catch( CertificateNotYetValidException e ) {
+ } catch (CertificateNotYetValidException e) {
// log that the OCSP is not yet valid
logMessage = CMS.getLogMessage(
- "SELFTESTS_OCSP_IS_NOT_YET_VALID",
- getSelfTestName() );
+ "SELFTESTS_OCSP_IS_NOT_YET_VALID", getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
- } catch( CertificateExpiredException e ) {
+ throw new ESelfTestException(logMessage);
+ } catch (CertificateExpiredException e) {
// log that the OCSP is expired
- logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_EXPIRED",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
// log that the OCSP is valid
- logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_VALID",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
}
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
index 1a8b4c3e..55f921d2 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
@@ -20,8 +20,6 @@
package com.netscape.cms.selftests.ra;
-
-
///////////////////////
// import statements //
///////////////////////
@@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
import com.netscape.certsrv.selftests.ISelfTestSubsystem;
import com.netscape.cms.selftests.ASelfTest;
-
-
//////////////////////
// class definition //
//////////////////////
@@ -50,6 +46,7 @@ import com.netscape.cms.selftests.ASelfTest;
/**
* This class implements a self test to check for RA presence.
* <P>
+ *
* <PRE>
* NOTE: This self-test is for Registration Authorities prior to
* Netscape Certificate Management System 7.0. It does NOT
@@ -64,84 +61,63 @@ import com.netscape.cms.selftests.ASelfTest;
* @author thomask
* @version $Revision$, $Date$
*/
-public class RAPresence
-extends ASelfTest
-{
- ////////////////////////
+public class RAPresence extends ASelfTest {
+ // //////////////////////
// default parameters //
- ////////////////////////
+ // //////////////////////
-
-
- ///////////////////////////
+ // /////////////////////////
// RAPresence parameters //
- ///////////////////////////
+ // /////////////////////////
// parameter information
public static final String PROP_RA_SUB_ID = "RaSubId";
- private String mRaSubId = null;
-
+ private String mRaSubId = null;
-
- /////////////////////
+ // ///////////////////
// default methods //
- /////////////////////
-
+ // ///////////////////
-
- ////////////////////////
+ // //////////////////////
// RAPresence methods //
- ////////////////////////
+ // //////////////////////
/**
- * Initializes this subsystem with the configuration store
- * associated with this instance name.
+ * Initializes this subsystem with the configuration store associated with
+ * this instance name.
* <P>
- *
+ *
* @param subsystem the associated subsystem
- * @param instanceName the name of this self test instance
+ * @param instanceName the name of this self test instance
* @param parameters configuration store (self test parameters)
* @exception EDuplicateSelfTestException subsystem has duplicate name/value
* @exception EInvalidSelfTestException subsystem has invalid name/value
* @exception EMissingSelfTestException subsystem has missing name/value
*/
- public void initSelfTest( ISelfTestSubsystem subsystem,
- String instanceName,
- IConfigStore parameters )
- throws EDuplicateSelfTestException,
- EInvalidSelfTestException,
- EMissingSelfTestException
- {
- super.initSelfTest( subsystem, instanceName, parameters );
+ public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName,
+ IConfigStore parameters) throws EDuplicateSelfTestException,
+ EInvalidSelfTestException, EMissingSelfTestException {
+ super.initSelfTest(subsystem, instanceName, parameters);
// retrieve mandatory parameter(s)
try {
- mRaSubId = mConfig.getString( PROP_RA_SUB_ID );
- if( mRaSubId != null ) {
+ mRaSubId = mConfig.getString(PROP_RA_SUB_ID);
+ if (mRaSubId != null) {
mRaSubId = mRaSubId.trim();
} else {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_VALUES",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_RA_SUB_ID ) );
-
- throw new EMissingSelfTestException( PROP_RA_SUB_ID );
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
+ CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
+ getSelfTestName(), mPrefix + "."
+ + PROP_RA_SUB_ID));
+
+ throw new EMissingSelfTestException(PROP_RA_SUB_ID);
}
- } catch( EBaseException e ) {
- mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage(
- "SELFTESTS_MISSING_NAME",
- getSelfTestName(),
- mPrefix
- + "."
- + PROP_RA_SUB_ID ) );
-
- throw new EMissingSelfTestException( mPrefix,
- PROP_RA_SUB_ID,
- null );
+ } catch (EBaseException e) {
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_NAME", getSelfTestName(),
+ mPrefix + "." + PROP_RA_SUB_ID));
+
+ throw new EMissingSelfTestException(mPrefix, PROP_RA_SUB_ID, null);
}
// retrieve optional parameter(s)
@@ -149,137 +125,117 @@ extends ASelfTest
return;
}
-
/**
* Notifies this subsystem if it is in execution mode.
* <P>
- *
+ *
* @exception ESelfTestException failed to start
*/
- public void startupSelfTest()
- throws ESelfTestException
- {
+ public void startupSelfTest() throws ESelfTestException {
return;
}
-
/**
- * Stops this subsystem. The subsystem may call shutdownSelfTest
- * anytime after initialization.
+ * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+ * after initialization.
* <P>
*/
- public void shutdownSelfTest()
- {
+ public void shutdownSelfTest() {
return;
}
-
/**
- * Returns the name associated with this self test. This method may
- * return null if the self test has not been intialized.
+ * Returns the name associated with this self test. This method may return
+ * null if the self test has not been intialized.
* <P>
- *
+ *
* @return instanceName of this self test
*/
- public String getSelfTestName()
- {
+ public String getSelfTestName() {
return super.getSelfTestName();
}
-
/**
- * Returns the root configuration storage (self test parameters)
- * associated with this subsystem.
+ * Returns the root configuration storage (self test parameters) associated
+ * with this subsystem.
* <P>
- *
+ *
* @return configuration store (self test parameters) of this subsystem
*/
- public IConfigStore getSelfTestConfigStore()
- {
+ public IConfigStore getSelfTestConfigStore() {
return super.getSelfTestConfigStore();
}
-
/**
- * Retrieves description associated with an individual self test.
- * This method may return null.
+ * Retrieves description associated with an individual self test. This
+ * method may return null.
* <P>
- *
+ *
* @param locale locale of the client that requests the description
* @return description of self test
*/
- public String getSelfTestDescription( Locale locale )
- {
- return CMS.getUserMessage( locale,
- "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION" );
+ public String getSelfTestDescription(Locale locale) {
+ return CMS.getUserMessage(locale,
+ "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION");
}
-
/**
* Execute an individual self test.
* <P>
- *
+ *
* @param logger specifies logging subsystem
* @exception ESelfTestException self test exception
*/
- public void runSelfTest( ILogEventListener logger )
- throws ESelfTestException
- {
+ public void runSelfTest(ILogEventListener logger) throws ESelfTestException {
String logMessage = null;
IRegistrationAuthority ra = null;
org.mozilla.jss.crypto.X509Certificate raCert = null;
PublicKey raPubKey = null;
- ra = ( IRegistrationAuthority ) CMS.getSubsystem( mRaSubId );
+ ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId);
- if( ra == null ) {
+ if (ra == null) {
// log that the RA is not installed
- logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_NOT_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
} else {
// Retrieve the RA certificate
raCert = ra.getRACert();
- if( raCert == null ) {
+ if (raCert == null) {
// log that the RA is not yet initialized
- logMessage = CMS.getLogMessage(
- "SELFTESTS_RA_IS_NOT_INITIALIZED",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_RA_IS_NOT_INITIALIZED", getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
// Retrieve the RA certificate public key
- raPubKey = ( PublicKey ) raCert.getPublicKey();
+ raPubKey = (PublicKey) raCert.getPublicKey();
- if( raPubKey == null ) {
+ if (raPubKey == null) {
// log that something is seriously wrong with the RA
- logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_CORRUPT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
- throw new ESelfTestException( logMessage );
+ throw new ESelfTestException(logMessage);
}
// log that the RA is present
- logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_PRESENT",
- getSelfTestName() );
+ logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT",
+ getSelfTestName());
- mSelfTestSubsystem.log( logger,
- logMessage );
+ mSelfTestSubsystem.log(logger, logMessage);
}
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
index ba0ae3cb..ce088045 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
@@ -20,8 +20,6 @@
package com.netscape.cms.selftests.tks;
-
-
///////////////////////
// import statements //
///////////////////////
@@ -42,8 +40,6 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem;
import com.netscape.cms.selftests.ASelfTest;
import com.netscape.symkey.SessionKey;
-
-
//////////////////////
// class definition //
//////////////////////
@@ -57,47 +53,40 @@ import com.netscape.symkey.SessionKey;
* @author awnuk
* @version $Revision$, $Date$
*/
-public class TKSKnownSessionKey
-extends ASelfTest
-{
+public class TKSKnownSessionKey extends ASelfTest {
// parameter information
public static final String PROP_TKS_SUB_ID = "TksSubId";
- private String mTksSubId = null;
- private String mToken = null;
- private String mUseSoftToken = null;
- private String mKeyName = null;
- private byte[] mKeyInfo = null;
+ private String mTksSubId = null;
+ private String mToken = null;
+ private String mUseSoftToken = null;
+ private String mKeyName = null;
+ private byte[] mKeyInfo = null;
private byte[] mCardChallenge = null;
private byte[] mHostChallenge = null;
- private byte[] mCUID = null;
- private byte[] mMacKey = null;
- private byte[] mSessionKey = null;
-
+ private byte[] mCUID = null;
+ private byte[] mMacKey = null;
+ private byte[] mSessionKey = null;
/**
- * Initializes this subsystem with the configuration store
- * associated with this instance name.
+ * Initializes this subsystem with the configuration store associated with
+ * this instance name.
* <P>
- *
+ *
* @param subsystem the associated subsystem
- * @param instanceName the name of this self test instance
+ * @param instanceName the name of this self test instance
* @param parameters configuration store (self test parameters)
* @exception EDuplicateSelfTestException subsystem has duplicate name/value
* @exception EInvalidSelfTestException subsystem has invalid name/value
* @exception EMissingSelfTestException subsystem has missing name/value
*/
- public void initSelfTest (ISelfTestSubsystem subsystem,
- String instanceName,
- IConfigStore parameters)
- throws EDuplicateSelfTestException,
- EInvalidSelfTestException,
- EMissingSelfTestException
- {
+ public void initSelfTest(ISelfTestSubsystem subsystem, String instanceName,
+ IConfigStore parameters) throws EDuplicateSelfTestException,
+ EInvalidSelfTestException, EMissingSelfTestException {
ISubsystem tks = null;
IConfigStore tksConfig = null;
String logMessage = null;
- super.initSelfTest( subsystem, instanceName, parameters );
+ super.initSelfTest(subsystem, instanceName, parameters);
mTksSubId = getConfigString(PROP_TKS_SUB_ID);
mToken = getConfigString("token");
@@ -116,7 +105,8 @@ extends ASelfTest
if (tksConfig != null) {
try {
defKeySetMacKey = tksConfig.getString("defKeySet.mac_key");
- byte defMacKey[] = com.netscape.cmsutil.util.Utils.SpecialDecode(defKeySetMacKey);
+ byte defMacKey[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(defKeySetMacKey);
if (!Arrays.equals(mMacKey, defMacKey)) {
defKeySetMacKey = null;
}
@@ -128,34 +118,36 @@ extends ASelfTest
if (defKeySetMacKey == null) {
CMS.debug("TKSKnownSessionKey: invalid mac key");
CMS.debug("TKSKnownSessionKey self test FAILED");
- mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage("SELFTESTS_INVALID_VALUES",
- getSelfTestName(), mPrefix + "." + "macKey"));
- throw new EInvalidSelfTestException (mPrefix, "macKey", null);
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_INVALID_VALUES",
+ getSelfTestName(), mPrefix + "." + "macKey"));
+ throw new EInvalidSelfTestException(mPrefix, "macKey", null);
}
-
+
try {
mSessionKey = getConfigByteArray("sessionKey", 16);
} catch (EMissingSelfTestException e) {
if (mSessionKey == null) {
- mSessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName,
- mCardChallenge, mHostChallenge,
- mKeyInfo, mCUID, mMacKey, mUseSoftToken, null, null);
+ mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName,
+ mCardChallenge, mHostChallenge, mKeyInfo, mCUID,
+ mMacKey, mUseSoftToken, null, null);
if (mSessionKey == null || mSessionKey.length != 16) {
- mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
- getSelfTestName(), mPrefix + ".sessionKey"));
- throw new EMissingSelfTestException ("sessionKey");
+ mSelfTestSubsystem.log(mSelfTestSubsystem
+ .getSelfTestLogger(), CMS.getLogMessage(
+ "SELFTESTS_MISSING_VALUES", getSelfTestName(),
+ mPrefix + ".sessionKey"));
+ throw new EMissingSelfTestException("sessionKey");
}
String sessionKey = SpecialEncode(mSessionKey);
mConfig.putString("sessionKey", sessionKey);
try {
CMS.getConfigStore().commit(true);
} catch (EBaseException be) {
- mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
- getSelfTestName(), mPrefix + ".sessionKey"));
- throw new EMissingSelfTestException ("sessionKey");
+ mSelfTestSubsystem.log(mSelfTestSubsystem
+ .getSelfTestLogger(), CMS.getLogMessage(
+ "SELFTESTS_MISSING_VALUES", getSelfTestName(),
+ mPrefix + ".sessionKey"));
+ throw new EMissingSelfTestException("sessionKey");
}
}
}
@@ -163,9 +155,7 @@ extends ASelfTest
return;
}
-
- private String SpecialEncode (byte data[])
- {
+ private String SpecialEncode(byte data[]) {
StringBuffer sb = new StringBuffer();
for (int i = 0; i < data.length; i++) {
@@ -179,9 +169,8 @@ extends ASelfTest
return sb.toString();
}
-
- private String getConfigString (String name) throws EMissingSelfTestException
- {
+ private String getConfigString(String name)
+ throws EMissingSelfTestException {
String value = null;
try {
@@ -189,137 +178,126 @@ extends ASelfTest
if (value != null) {
value = value.trim();
} else {
- mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
- getSelfTestName(), mPrefix + "." + name));
- throw new EMissingSelfTestException (name);
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
+ CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
+ getSelfTestName(), mPrefix + "." + name));
+ throw new EMissingSelfTestException(name);
}
} catch (EBaseException e) {
- mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage("SELFTESTS_MISSING_NAME",
- getSelfTestName(), mPrefix + "." + name));
- throw new EMissingSelfTestException (mPrefix, name, null);
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_NAME", getSelfTestName(),
+ mPrefix + "." + name));
+ throw new EMissingSelfTestException(mPrefix, name, null);
}
return value;
}
-
- private byte[] getConfigByteArray (String name, int size) throws EMissingSelfTestException,
- EInvalidSelfTestException
- {
+ private byte[] getConfigByteArray(String name, int size)
+ throws EMissingSelfTestException, EInvalidSelfTestException {
String stringValue = getConfigString(name);
- byte byteValue[] = com.netscape.cmsutil.util.Utils.SpecialDecode(stringValue);
+ byte byteValue[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(stringValue);
if (byteValue == null) {
- mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage("SELFTESTS_MISSING_NAME",
- getSelfTestName(), mPrefix + "." + name));
- throw new EMissingSelfTestException (name);
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_MISSING_NAME", getSelfTestName(),
+ mPrefix + "." + name));
+ throw new EMissingSelfTestException(name);
}
if (byteValue.length != size) {
- mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
- CMS.getLogMessage("SELFTESTS_INVALID_VALUES",
- getSelfTestName(), mPrefix + "." + name));
- throw new EInvalidSelfTestException (mPrefix, name, stringValue);
+ mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), CMS
+ .getLogMessage("SELFTESTS_INVALID_VALUES",
+ getSelfTestName(), mPrefix + "." + name));
+ throw new EInvalidSelfTestException(mPrefix, name, stringValue);
}
return byteValue;
}
-
/**
* Notifies this subsystem if it is in execution mode.
* <P>
- *
+ *
* @exception ESelfTestException failed to start
*/
- public void startupSelfTest()
- throws ESelfTestException
- {
+ public void startupSelfTest() throws ESelfTestException {
return;
}
-
/**
- * Stops this subsystem. The subsystem may call shutdownSelfTest
- * anytime after initialization.
+ * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+ * after initialization.
* <P>
*/
- public void shutdownSelfTest()
- {
+ public void shutdownSelfTest() {
return;
}
-
/**
- * Returns the name associated with this self test. This method may
- * return null if the self test has not been intialized.
+ * Returns the name associated with this self test. This method may return
+ * null if the self test has not been intialized.
* <P>
- *
+ *
* @return instanceName of this self test
*/
- public String getSelfTestName()
- {
+ public String getSelfTestName() {
return super.getSelfTestName();
}
-
/**
- * Returns the root configuration storage (self test parameters)
- * associated with this subsystem.
+ * Returns the root configuration storage (self test parameters) associated
+ * with this subsystem.
* <P>
- *
+ *
* @return configuration store (self test parameters) of this subsystem
*/
- public IConfigStore getSelfTestConfigStore()
- {
+ public IConfigStore getSelfTestConfigStore() {
return super.getSelfTestConfigStore();
}
-
/**
- * Retrieves description associated with an individual self test.
- * This method may return null.
+ * Retrieves description associated with an individual self test. This
+ * method may return null.
* <P>
- *
+ *
* @param locale locale of the client that requests the description
* @return description of self test
*/
- public String getSelfTestDescription( Locale locale )
- {
- return CMS.getUserMessage (locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION");
+ public String getSelfTestDescription(Locale locale) {
+ return CMS.getUserMessage(locale,
+ "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION");
}
-
/**
* Execute an individual self test.
* <P>
- *
+ *
* @param logger specifies logging subsystem
* @exception ESelfTestException self test exception
*/
- public void runSelfTest (ILogEventListener logger)
- throws ESelfTestException
- {
+ public void runSelfTest(ILogEventListener logger) throws ESelfTestException {
String logMessage = null;
String keySet = "defKeySet";
- byte[] sessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName,
- mCardChallenge, mHostChallenge,
- mKeyInfo, mCUID, mMacKey, mUseSoftToken, keySet, null);
+ byte[] sessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName,
+ mCardChallenge, mHostChallenge, mKeyInfo, mCUID, mMacKey,
+ mUseSoftToken, keySet, null);
// Now we just see if we can successfully generate a session key.
- // For FIPS compliance, the routine now returns a wrapped key, which can't be extracted and compared.
+ // For FIPS compliance, the routine now returns a wrapped key, which
+ // can't be extracted and compared.
if (sessionKey == null) {
CMS.debug("TKSKnownSessionKey: generated no session key");
CMS.debug("TKSKnownSessionKey self test FAILED");
- logMessage = CMS.getLogMessage ("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName());
- mSelfTestSubsystem.log (logger, logMessage);
- throw new ESelfTestException( logMessage );
- } else {
- logMessage = CMS.getLogMessage ("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName());
- mSelfTestSubsystem.log (logger, logMessage);
+ logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED",
+ getSelfTestName(), getSelfTestName());
+ mSelfTestSubsystem.log(logger, logMessage);
+ throw new ESelfTestException(logMessage);
+ } else {
+ logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED",
+ getSelfTestName(), getSelfTestName());
+ mSelfTestSubsystem.log(logger, logMessage);
CMS.debug("TKSKnownSessionKey self test SUCCEEDED");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
index c4fa440d..0087375c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -45,10 +44,9 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
-
/**
* Manage Access Control List configuration
- *
+ *
* @version $Revision$, $Date$
*/
public class ACLAdminServlet extends AdminServlet {
@@ -63,8 +61,7 @@ public class ACLAdminServlet extends AdminServlet {
private final static String INFO = "ACLAdminServlet";
private IAuthzManager mAuthzMgr = null;
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL =
- "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL = "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3";
/**
* Constructs servlet.
@@ -74,17 +71,18 @@ public class ACLAdminServlet extends AdminServlet {
mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
}
- /**
- * initialize the servlet.
+ /**
+ * initialize the servlet.
* <ul>
* <li>http.param OP_TYPE = OP_SEARCH,
* <li>http.param OP_SCOPE - the scope of the request operation:
- * <ul><LI>"impl" ACL implementations
- * <LI>"acls" ACL rules
- * <LI>"evaluatorTypes" ACL evaluators.
- * </ul>
+ * <ul>
+ * <LI>"impl" ACL implementations
+ * <LI>"acls" ACL rules
+ * <LI>"evaluatorTypes" ACL evaluators.
* </ul>
- *
+ * </ul>
+ *
* @param config servlet configuration, read from the web.xml file
*/
public void init(ServletConfig config) throws ServletException {
@@ -99,24 +97,24 @@ public class ACLAdminServlet extends AdminServlet {
return INFO;
}
- /**
+ /**
* Process the HTTP request.
- *
+ *
* @param req the object holding the request information
* @param resp the object holding the response information
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = super.getParameter(req, Constants.OP_SCOPE);
String op = super.getParameter(req, Constants.OP_TYPE);
if (op == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp);
return;
}
@@ -125,9 +123,10 @@ public class ACLAdminServlet extends AdminServlet {
try {
super.authenticate(req);
} catch (IOException e) {
- log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp);
return;
}
@@ -136,13 +135,11 @@ public class ACLAdminServlet extends AdminServlet {
try {
SessionContext mSC = SessionContext.getContext();
- user = (IUser)
- mSC.get(SessionContext.USER);
+ user = (IUser) mSC.get(SessionContext.USER);
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp);
return;
}
@@ -152,9 +149,8 @@ public class ACLAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL)) {
@@ -170,9 +166,8 @@ public class ACLAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL)) {
@@ -182,9 +177,8 @@ public class ACLAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL)) {
@@ -194,9 +188,8 @@ public class ACLAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
@@ -206,9 +199,8 @@ public class ACLAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
@@ -216,41 +208,37 @@ public class ACLAdminServlet extends AdminServlet {
return;
}
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, e.toString());
- sendResponse(ERROR, e.toString(getLocale(req)),
- null, resp);
+ sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp);
return;
}
log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp);
return;
}
/**
* list acls resources by name
*/
- private void listResources(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
- EBaseException {
+ private void listResources(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -260,7 +248,7 @@ public class ACLAdminServlet extends AdminServlet {
ACL acl = (ACL) res.nextElement();
String desc = acl.getDescription();
- if (desc == null)
+ if (desc == null)
params.add(acl.getName(), "");
else
params.add(acl.getName(), desc);
@@ -272,19 +260,17 @@ public class ACLAdminServlet extends AdminServlet {
/**
* get acls information for a resource
*/
- private void getResourceACL(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
- EBaseException {
+ private void getResourceACL(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
- //get resource id first
+ // get resource id first
String resourceId = super.getParameter(req, Constants.RS_ID);
if (resourceId == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -329,10 +315,10 @@ public class ACLAdminServlet extends AdminServlet {
return;
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_RESOURCE_NOT_FOUND"),
- null, resp);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND"));
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ACL_RESOURCE_NOT_FOUND"), null, resp);
return;
}
}
@@ -340,19 +326,20 @@ public class ACLAdminServlet extends AdminServlet {
/**
* modify acls information for a resource
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
* Access Control List (ACL) information
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private void updateResources(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
+ private void updateResources(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
EBaseException {
String auditMessage = null;
@@ -365,27 +352,25 @@ public class ACLAdminServlet extends AdminServlet {
String resourceId = super.getParameter(req, Constants.RS_ID);
if (resourceId == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// get resource acls
String resourceACLs = super.getParameter(req, Constants.PR_ACI);
String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS);
- String desc = super.getParameter(req, Constants.PR_ACL_DESC);
+ String desc = super.getParameter(req, Constants.PR_ACL_DESC);
try {
mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc);
@@ -394,10 +379,8 @@ public class ACLAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -408,62 +391,56 @@ public class ACLAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_UPDATE_FAIL"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ACL_UPDATE_FAIL"), null, resp);
return;
}
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
-
+
/**
* list access evaluators by types and class paths
*/
- private void listACLsEvaluators(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
+ private void listACLsEvaluators(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration res = mAuthzMgr.aclEvaluatorElements();
@@ -479,7 +456,7 @@ public class ACLAdminServlet extends AdminServlet {
}
private void listACLsEvaluatorTypes(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
+ HttpServletResponse resp) throws ServletException, IOException,
EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration res = mAuthzMgr.aclEvaluatorElements();
@@ -490,7 +467,7 @@ public class ACLAdminServlet extends AdminServlet {
StringBuffer str = new StringBuffer();
for (int i = 0; i < operators.length; i++) {
- if (str.length() > 0)
+ if (str.length() > 0)
str.append(",");
str.append(operators[i]);
}
@@ -504,22 +481,23 @@ public class ACLAdminServlet extends AdminServlet {
/**
* add access evaluators
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
* Access Control List (ACL) information
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this ACL evaluator's
- * substore
+ * substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addACLsEvaluator(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addACLsEvaluator(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -533,35 +511,30 @@ public class ACLAdminServlet extends AdminServlet {
if (type == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// is the evaluator type unique?
/*
- if (!mACLs.isTypeUnique(type)) {
- String infoMsg = "replacing existing type: "+ type;
- log(ILogger.LL_WARN, infoMsg);
- }
+ * if (!mACLs.isTypeUnique(type)) { String infoMsg =
+ * "replacing existing type: "+ type; log(ILogger.LL_WARN, infoMsg);
+ * }
*/
// get class
String classPath = super.getParameter(req, Constants.PR_ACL_CLASS);
- IConfigStore destStore =
- mConfig.getSubStore(PROP_EVAL);
- IConfigStore mStore =
- destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
+ IConfigStore destStore = mConfig.getSubStore(PROP_EVAL);
+ IConfigStore mStore = destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
// Does the class exist?
Class newImpl = null;
@@ -575,60 +548,54 @@ public class ACLAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_CLASS_LOAD_FAIL"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ACL_CLASS_LOAD_FAIL"), null, resp);
return;
}
// is the class an IAccessEvaluator?
try {
- if
- (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) {
- String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
- classPath;
+ if (Class.forName(
+ "com.netscape.certsrv.evaluators.IAccessEvaluator")
+ .isAssignableFrom(newImpl) == false) {
+ String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator"
+ + classPath;
log(ILogger.LL_FAILURE, errMsg);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ACL_ILL_CLASS"), null, resp);
return;
}
} catch (Exception e) {
- String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
- classPath;
+ String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator"
+ + classPath;
log(ILogger.LL_FAILURE, errMsg);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"),
- null, resp);
+ sendResponse(
+ ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"),
+ null, resp);
return;
}
@@ -640,20 +607,18 @@ public class ACLAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ACL_COMMIT_FAIL"), null, resp);
return;
}
@@ -661,22 +626,20 @@ public class ACLAdminServlet extends AdminServlet {
IAccessEvaluator evaluator = null;
try {
- evaluator = (IAccessEvaluator) Class.forName(classPath).newInstance();
+ evaluator = (IAccessEvaluator) Class.forName(classPath)
+ .newInstance();
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_INST_CLASS_FAIL"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ACL_INST_CLASS_FAIL"), null, resp);
return;
}
@@ -687,76 +650,71 @@ public class ACLAdminServlet extends AdminServlet {
mAuthzMgr.registerEvaluator(type, evaluator);
}
- //...
+ // ...
NameValuePairs params = new NameValuePairs();
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
sendResponse(SUCCESS, null, params, resp);
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* remove access evaluators
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
* Access Control List (ACL) information
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this ACL evaluator's
- * substore
+ * substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void deleteACLsEvaluator(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void deleteACLsEvaluator(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -769,20 +727,18 @@ public class ACLAdminServlet extends AdminServlet {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -790,20 +746,18 @@ public class ACLAdminServlet extends AdminServlet {
Hashtable mEvaluators = mAuthzMgr.getAccessEvaluators();
if (mEvaluators.containsKey(id) == false) {
- log(ILogger.LL_FAILURE, "evaluator attempted to be removed not found");
+ log(ILogger.LL_FAILURE,
+ "evaluator attempted to be removed not found");
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_EVAL_NOT_FOUND"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ACL_EVAL_NOT_FOUND"), null, resp);
return;
}
@@ -812,116 +766,100 @@ public class ACLAdminServlet extends AdminServlet {
mEvaluators.remove((Object) id);
try {
- IConfigStore destStore =
- mConfig.getSubStore(PROP_EVAL);
- IConfigStore mStore =
- destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
+ IConfigStore destStore = mConfig.getSubStore(PROP_EVAL);
+ IConfigStore mStore = destStore
+ .getSubStore(ScopeDef.SC_ACL_IMPLS);
mStore.removeSubStore(id);
} catch (Exception eeee) {
- //CMS.debugStackTrace(eeee);
+ // CMS.debugStackTrace(eeee);
}
// commiting
try {
mConfig.commit(true);
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ACLS_SRVLT_FAIL_COMMIT"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ACL, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ACL_COMMIT_FAIL"), null, resp);
return;
}
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
sendResponse(SUCCESS, null, params, resp);
return;
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
-
+
/**
* Searchs for certificate requests.
*/
-
+
/*
- private void getACLs(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException,
- EBaseException {
- NameValuePairs params = new NameValuePairs();
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ObjectOutputStream oos = new ObjectOutputStream(bos);
- String names = getParameter(req, Constants.PT_NAMES);
- StringTokenizer st = new StringTokenizer(names, ",");
- while (st.hasMoreTokens()) {
- String target = st.nextToken();
- ACL acl = AccessManager.getInstance().getACL(target);
- oos.writeObject(acl);
- }
- // BASE64Encoder encoder = new BASE64Encoder();
- // params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray()));
- params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray()));
- sendResponse(SUCCESS, null, params, resp);
- }
+ * private void getACLs(HttpServletRequest req, HttpServletResponse resp)
+ * throws ServletException, IOException, EBaseException { NameValuePairs
+ * params = new NameValuePairs(); ByteArrayOutputStream bos = new
+ * ByteArrayOutputStream(); ObjectOutputStream oos = new
+ * ObjectOutputStream(bos); String names = getParameter(req,
+ * Constants.PT_NAMES); StringTokenizer st = new StringTokenizer(names,
+ * ","); while (st.hasMoreTokens()) { String target = st.nextToken(); ACL
+ * acl = AccessManager.getInstance().getACL(target); oos.writeObject(acl); }
+ * // BASE64Encoder encoder = new BASE64Encoder(); //
+ * params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray()));
+ * params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray()));
+ * sendResponse(SUCCESS, null, params, resp); }
*/
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "ACLAdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
+ "ACLAdminServlet: " + msg);
}
-}
-
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
index 2024e496..038355f0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
@@ -17,13 +17,11 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.util.ListResourceBundle;
-
/**
* A class represents a resource bundle for the remote admin.
- *
+ *
* @version $Revision$, $Date$
* @see java.util.ListResourceBundle
*/
@@ -37,8 +35,7 @@ public class AdminResources extends ListResourceBundle {
}
/**
- * Constants. The suffix represents the number of
- * possible parameters.
+ * Constants. The suffix represents the number of possible parameters.
*/
static final Object[][] contents = {};
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
index 08996734..a6fb0bfd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
@@ -56,32 +55,27 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cms.servlet.base.UserInfo;
-
/**
- * A class represents an administration servlet that
- * is responsible to serve administrative
- * operation such as configuration parameter updates.
- *
- * Since each administration servlet needs to perform
- * authentication information parsing and response
- * formulation, it makes sense to encapsulate the
+ * A class represents an administration servlet that is responsible to serve
+ * administrative operation such as configuration parameter updates.
+ *
+ * Since each administration servlet needs to perform authentication information
+ * parsing and response formulation, it makes sense to encapsulate the
* commonalities into this class.
- *
- * By extending this serlvet, the subclass does not
- * need to re-implement the request parsing code
- * (i.e. authentication information parsing).
- *
- * If a subsystem needs to expose configuration
- * parameters management, it should create an
- * administration servlet (i.e. CAAdminServlet)
- * and register it to RemoteAdmin subsystem.
- *
+ *
+ * By extending this serlvet, the subclass does not need to re-implement the
+ * request parsing code (i.e. authentication information parsing).
+ *
+ * If a subsystem needs to expose configuration parameters management, it should
+ * create an administration servlet (i.e. CAAdminServlet) and register it to
+ * RemoteAdmin subsystem.
+ *
* <code>
* public class CAAdminServlet extends AdminServlet {
* ...
* }
* </code>
- *
+ *
* @version $Revision$, $Date$
*/
public class AdminServlet extends HttpServlet {
@@ -117,8 +111,7 @@ public class AdminServlet extends HttpServlet {
public final static String AUTHZ_SRC_TYPE = "sourceType";
public final static String AUTHZ_SRC_LDAP = "ldap";
public final static String AUTHZ_SRC_XML = "web.xml";
- public static final String CERT_ATTR =
- "javax.servlet.request.X509Certificate";
+ public static final String CERT_ATTR = "javax.servlet.request.X509Certificate";
public final static String SIGNED_AUDIT_SCOPE = "Scope";
public final static String SIGNED_AUDIT_OPERATION = "Operation";
@@ -129,20 +122,13 @@ public class AdminServlet extends HttpServlet {
public final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;";
public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+";
- private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
- private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
- private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
- private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
- private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
- "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
- private final static String CERTUSERDB =
- IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
- private final static String PASSWDUSERDB =
- IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+ private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
+ private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
+ private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+ private final static String CERTUSERDB = IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
+ private final static String PASSWDUSERDB = IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
/**
* Constructs generic administration servlet.
@@ -165,18 +151,20 @@ public class AdminServlet extends HttpServlet {
srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP);
} catch (EBaseException e) {
- CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE"));
+ CMS.debug("AdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_FAIL_SRC_TYPE"));
}
- mAuthz =
- (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
+ mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
mServletID = getSCparam(sc, PROP_ID, "servlet id unknown");
- CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID));
+ CMS.debug("AdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", mServletID));
if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) {
- CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
- // get authz mgr from xml file; if not specified, use
- // ldap by default
+ CMS.debug("AdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
+ // get authz mgr from xml file; if not specified, use
+ // ldap by default
mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP);
if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
@@ -185,72 +173,79 @@ public class AdminServlet extends HttpServlet {
if (aclInfo != null) {
try {
addACLInfo(aclInfo);
- //mAuthz.authzMgrAccessInit(mAclMethod, aclInfo);
+ // mAuthz.authzMgrAccessInit(mAclMethod, aclInfo);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL"));
- throw new ServletException("failed to init authz info from xml config file");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL"));
+ throw new ServletException(
+ "failed to init authz info from xml config file");
}
- CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", mServletID));
+ CMS.debug("AdminServlet: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE",
+ mServletID));
} else { // PROP_AUTHZ_MGR not specified, use default authzmgr
- CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, mServletID, AUTHZ_MGR_LDAP));
+ CMS.debug("AdminServlet: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL,
+ mServletID, AUTHZ_MGR_LDAP));
}
} else { // PROP_AUTHZ_MGR not specified, use default authzmgr
- CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP));
+ CMS.debug("AdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_PROP_ACL_NOT_SPEC",
+ PROP_AUTHZ_MGR, mServletID, AUTHZ_MGR_LDAP));
}
} else {
mAclMethod = AUTHZ_MGR_LDAP;
- CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML", mServletID));
+ CMS.debug("AdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_AUTH_LDAP_NOT_XML",
+ mServletID));
}
}
- public void outputHttpParameters(HttpServletRequest httpReq)
- {
+ public void outputHttpParameters(HttpServletRequest httpReq) {
CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
- String pn = (String)paramNames.nextElement();
+ String pn = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
- // all sensitive parameters should be prefixed with
+ // all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("AdminServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") || pn.endsWith("password")
+ || pn.endsWith("passwd") || pn.endsWith("pwd")
+ || pn.equalsIgnoreCase("admin_password_again")
+ || pn.equalsIgnoreCase("directoryManagerPwd")
+ || pn.equalsIgnoreCase("bindpassword")
+ || pn.equalsIgnoreCase("bindpwd")
+ || pn.equalsIgnoreCase("passwd")
+ || pn.equalsIgnoreCase("password")
+ || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd")
+ || pn.equalsIgnoreCase("pwdagain")
+ || pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("AdminServlet::service() param name='" + pn
+ + "' value='(sensitive)'");
} else {
- CMS.debug("AdminServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("AdminServlet::service() param name='" + pn
+ + "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
-
+
/**
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
- throw new IOException(
- "CMS server is not ready to serve.");
+ throw new IOException("CMS server is not ready to serve.");
if (CMS.debugOn()) {
- outputHttpParameters(req);
+ outputHttpParameters(req);
}
}
@@ -274,22 +269,21 @@ public class AdminServlet extends HttpServlet {
}
/**
- * Authenticates to the identity scope with the given
- * userid and password via identity manager.
+ * Authenticates to the identity scope with the given userid and password
+ * via identity manager.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication
- * fails (in case of SSL-client auth, only webserver env can pick up the
- * SSL violation; CMS authMgr can pick up cert mis-match, so this event
- * is used)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication
- * succeeded
+ * fails (in case of SSL-client auth, only webserver env can pick up the SSL
+ * violation; CMS authMgr can pick up cert mis-match, so this event is used)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when
+ * authentication succeeded
* </ul>
+ *
* @exception IOException an input/output error has occurred
*/
- protected void authenticate(HttpServletRequest req) throws
- IOException {
+ protected void authenticate(HttpServletRequest req) throws IOException {
String auditMessage = null;
String auditSubjectID = ILogger.UNIDENTIFIED;
@@ -306,22 +300,20 @@ public class AdminServlet extends HttpServlet {
} catch (EBaseException e) {
// do nothing for now.
}
- IAuthSubsystem auth = (IAuthSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem auth = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
X509Certificate cert = null;
if (authType.equals("sslclientauth")) {
- X509Certificate[] allCerts =
- (X509Certificate[]) req.getAttribute(CERT_ATTR);
+ X509Certificate[] allCerts = (X509Certificate[]) req
+ .getAttribute(CERT_ATTR);
if (allCerts == null || allCerts.length == 0) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- CERTUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB,
+ auditUID);
audit(auditMessage);
@@ -358,25 +350,25 @@ public class AdminServlet extends HttpServlet {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
- log(ILogger.LL_DEBUG, CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH",
- mServletID));
+ log(ILogger.LL_DEBUG,
+ CMS.getLogMessage("ADMIN_SRVLT_ABOUT_AUTH", mServletID));
try {
if (authType.equals("sslclientauth")) {
- IAuthManager
- authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
- IAuthCredentials authCreds =
- getAuthCreds(authMgr, cert);
+ IAuthManager authMgr = auth
+ .get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
+ IAuthCredentials authCreds = getAuthCreds(authMgr, cert);
token = (AuthToken) authMgr.authenticate(authCreds);
} else {
String authToken = req.getHeader(HDR_AUTHORIZATION);
- String b64s = authToken.substring(
- authToken.lastIndexOf(' ') + 1);
- String authCode = new String(com.netscape.osutil.OSUtil.AtoB(b64s));
+ String b64s = authToken.substring(authToken
+ .lastIndexOf(' ') + 1);
+ String authCode = new String(
+ com.netscape.osutil.OSUtil.AtoB(b64s));
String userid = authCode.substring(0,
authCode.lastIndexOf(':'));
- String password = authCode.substring(
- authCode.lastIndexOf(':') + 1);
+ String password = authCode.substring(authCode
+ .lastIndexOf(':') + 1);
AuthCredentials cred = new AuthCredentials();
// save the "userid" of this certificate in case it
@@ -395,40 +387,36 @@ public class AdminServlet extends HttpServlet {
cred.set("pwd", password);
token = auth.authenticate(cred,
- IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID);
- CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT",
- mServletID));
+ IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID);
+ CMS.debug("AdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_AUTH_FOR_SRVLT",
+ mServletID));
}
} catch (EBaseException e) {
- //will fix it later for authorization
+ // will fix it later for authorization
/*
- String errMsg = "authenticate(): " +
- AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+
- e.getMessage();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL",
- CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"),
- userid,e.getMessage()));
+ * String errMsg = "authenticate(): " +
+ * AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+
+ * e.getMessage(); log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL",
+ * CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"),
+ * userid,e.getMessage()));
*/
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- CERTUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB,
+ auditUID);
audit(auditMessage);
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- PASSWDUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE,
+ PASSWDUSERDB, auditUID);
audit(auditMessage);
}
@@ -440,29 +428,24 @@ public class AdminServlet extends HttpServlet {
String tuserid = token.getInString("userid");
if (tuserid == null) {
- mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN",
- tuserid));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_NO_AUTH_TOKEN", tuserid));
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- CERTUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE,
+ CERTUSERDB, auditUID);
audit(auditMessage);
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- PASSWDUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE,
+ PASSWDUSERDB, auditUID);
audit(auditMessage);
}
@@ -476,29 +459,24 @@ public class AdminServlet extends HttpServlet {
IUser user = mUG.getUser(tuserid);
if (user == null) {
- mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND",
- tuserid));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_USER_NOT_FOUND", tuserid));
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- CERTUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE,
+ CERTUSERDB, auditUID);
audit(auditMessage);
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- PASSWDUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE,
+ PASSWDUSERDB, auditUID);
audit(auditMessage);
}
@@ -514,27 +492,27 @@ public class AdminServlet extends HttpServlet {
sessionContext.put(SessionContext.USER_ID, tuserid);
sessionContext.put(SessionContext.USER, user);
} catch (EUsrGrpException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
+ mLogger.log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR",
+ e.toString()));
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- CERTUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB,
+ auditUID);
audit(auditMessage);
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- PASSWDUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE,
+ PASSWDUSERDB, auditUID);
audit(auditMessage);
}
@@ -542,28 +520,23 @@ public class AdminServlet extends HttpServlet {
throw new IOException("authentication failed");
} catch (EBaseException e) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERROR",
- e.toString()));
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERROR", e.toString()));
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- CERTUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE, CERTUSERDB,
+ auditUID);
audit(auditMessage);
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- PASSWDUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ ILogger.UNIDENTIFIED, ILogger.FAILURE,
+ PASSWDUSERDB, auditUID);
audit(auditMessage);
}
@@ -579,19 +552,15 @@ public class AdminServlet extends HttpServlet {
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
- auditSubjectID(),
- ILogger.SUCCESS,
- CERTUSERDB);
+ LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(),
+ ILogger.SUCCESS, CERTUSERDB);
audit(auditMessage);
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
- auditSubjectID(),
- ILogger.SUCCESS,
- PASSWDUSERDB);
+ LOGGING_SIGNED_AUDIT_AUTH_SUCCESS, auditSubjectID(),
+ ILogger.SUCCESS, PASSWDUSERDB);
audit(auditMessage);
}
@@ -599,21 +568,15 @@ public class AdminServlet extends HttpServlet {
if (authType.equals("sslclientauth")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- CERTUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED,
+ ILogger.FAILURE, CERTUSERDB, auditUID);
audit(auditMessage);
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- ILogger.UNIDENTIFIED,
- ILogger.FAILURE,
- PASSWDUSERDB,
- auditUID);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL, ILogger.UNIDENTIFIED,
+ ILogger.FAILURE, PASSWDUSERDB, auditUID);
audit(auditMessage);
}
@@ -623,9 +586,8 @@ public class AdminServlet extends HttpServlet {
}
}
- public static AuthCredentials getAuthCreds(
- IAuthManager authMgr, X509Certificate clientCert)
- throws EBaseException {
+ public static AuthCredentials getAuthCreds(IAuthManager authMgr,
+ X509Certificate clientCert) throws EBaseException {
// get credentials from http parameters.
String[] reqCreds = authMgr.getRequiredCreds();
AuthCredentials creds = new AuthCredentials();
@@ -635,8 +597,7 @@ public class AdminServlet extends HttpServlet {
if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
// cert could be null;
- creds.set(reqCred, new X509Certificate[] { clientCert}
- );
+ creds.set(reqCred, new X509Certificate[] { clientCert });
}
}
return creds;
@@ -645,15 +606,16 @@ public class AdminServlet extends HttpServlet {
/**
* Authorize must occur after Authenticate
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization
* has failed
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization
- * is successful
- * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a
- * role (in current CMS that's when one accesses a role port)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when
+ * authorization is successful
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes
+ * a role (in current CMS that's when one accesses a role port)
* </ul>
+ *
* @param req HTTP servlet request
* @return the authorization token
*/
@@ -671,92 +633,79 @@ public class AdminServlet extends HttpServlet {
AuthzToken authzTok = null;
- CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID));
+ CMS.debug("AdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_AUTH", mServletID));
// hardcoded for now .. just testing
try {
// we check both "read" and "write" for now. later within
- // each servlet, they can break it down
- authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, mOp);
+ // each servlet, they can break it down
+ authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME,
+ mOp);
// initialize the ACL resource, overwriting "auditACLResource"
// if it is not null
- resource = (String)
- authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE);
+ resource = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_RESOURCE);
if (resource != null) {
auditACLResource = resource.trim();
}
// initialize the operation, overwriting "auditOperation"
// if it is not null
- operation = (String)
- authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION);
+ operation = (String) authzTok.get(AuthzToken.TOKEN_AUTHZ_OPERATION);
if (operation != null) {
auditOperation = operation.trim();
}
CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTH_SUCCEED", mServletID));
} catch (EAuthzAccessDenied e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
- auditSubjectID,
- ILogger.FAILURE,
- auditACLResource,
- auditOperation);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+ auditSubjectID, ILogger.FAILURE, auditACLResource,
+ auditOperation);
audit(auditMessage);
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditSubjectID,
- ILogger.FAILURE,
- auditGroups(auditSubjectID));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditSubjectID, ILogger.FAILURE,
+ auditGroups(auditSubjectID));
audit(auditMessage);
return null;
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
- auditSubjectID,
- ILogger.FAILURE,
- auditACLResource,
- auditOperation);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+ auditSubjectID, ILogger.FAILURE, auditACLResource,
+ auditOperation);
audit(auditMessage);
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditSubjectID,
- ILogger.FAILURE,
- auditGroups(auditSubjectID));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditSubjectID, ILogger.FAILURE,
+ auditGroups(auditSubjectID));
audit(auditMessage);
return null;
} catch (Exception e) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
- auditSubjectID,
- ILogger.FAILURE,
- auditACLResource,
- auditOperation);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+ auditSubjectID, ILogger.FAILURE, auditACLResource,
+ auditOperation);
audit(auditMessage);
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditSubjectID,
- ILogger.FAILURE,
- auditGroups(auditSubjectID));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditSubjectID, ILogger.FAILURE,
+ auditGroups(auditSubjectID));
audit(auditMessage);
@@ -764,21 +713,15 @@ public class AdminServlet extends HttpServlet {
}
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
- auditSubjectID,
- ILogger.SUCCESS,
- auditACLResource,
- auditOperation);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
+ auditSubjectID, ILogger.SUCCESS, auditACLResource,
+ auditOperation);
audit(auditMessage);
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditSubjectID,
- ILogger.SUCCESS,
- auditGroups(auditSubjectID));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditSubjectID, ILogger.SUCCESS, auditGroups(auditSubjectID));
audit(auditMessage);
@@ -797,7 +740,7 @@ public class AdminServlet extends HttpServlet {
locale = Locale.getDefault();
} else {
locale = new Locale(UserInfo.getUserLanguage(lang),
- UserInfo.getUserCountry(lang));
+ UserInfo.getUserCountry(lang));
}
return locale;
}
@@ -808,15 +751,14 @@ public class AdminServlet extends HttpServlet {
/**
* Sends response.
- *
+ *
* @param returnCode return code
* @param errorMsg localized error message
* @param params result parameters
* @param resp HTTP servlet response
*/
protected void sendResponse(int returnCode, String errorMsg,
- NameValuePairs params, HttpServletResponse resp)
- throws IOException {
+ NameValuePairs params, HttpServletResponse resp) throws IOException {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bos);
@@ -832,11 +774,10 @@ public class AdminServlet extends HttpServlet {
if (e.hasMoreElements()) {
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- String value = java.net.URLEncoder.encode((String)
- params.getValue(name));
+ String value = java.net.URLEncoder.encode((String) params
+ .getValue(name));
- buf.append(java.net.URLEncoder.encode(name) +
- "=" + value);
+ buf.append(java.net.URLEncoder.encode(name) + "=" + value);
if (e.hasMoreElements())
buf.append("&");
}
@@ -879,25 +820,24 @@ public class AdminServlet extends HttpServlet {
protected String getParameter(HttpServletRequest req, String name) {
// Servlet framework already apply URLdecode
- // return URLdecode(req.getParameter(name));
+ // return URLdecode(req.getParameter(name));
return req.getParameter(name);
}
/**
* Generic configuration store get operation.
*/
- protected synchronized void getConfig(
- IConfigStore config, HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ protected synchronized void getConfig(IConfigStore config,
+ HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- //if (name.equals(Constants.PT_OP))
- // continue;
+ // if (name.equals(Constants.PT_OP))
+ // continue;
if (name.equals(Constants.OP_TYPE))
continue;
if (name.equals(Constants.RS_ID))
@@ -905,38 +845,36 @@ public class AdminServlet extends HttpServlet {
if (name.equals(Constants.OP_SCOPE))
continue;
- //System.out.println(name);
- //System.out.println(name+","+config.getString(name));
+ // System.out.println(name);
+ // System.out.println(name+","+config.getString(name));
params.add(name, config.getString(name));
}
sendResponse(SUCCESS, null, params, resp);
}
/**
- * Generic configuration store set operation.
- * The caller is responsible to do validiation before
- * calling this, and commit changes after this call.
+ * Generic configuration store set operation. The caller is responsible to
+ * do validiation before calling this, and commit changes after this call.
*/
- protected synchronized void setConfig(
- IConfigStore config, HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ protected synchronized void setConfig(IConfigStore config,
+ HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- //if (name.equals(Constants.PT_OP))
- // continue;
+ // if (name.equals(Constants.PT_OP))
+ // continue;
if (name.equals(Constants.OP_TYPE))
continue;
if (name.equals(Constants.RS_ID))
continue;
if (name.equals(Constants.OP_SCOPE))
continue;
- // XXX Need validation...
- // XXX what if update failed
+ // XXX Need validation...
+ // XXX what if update failed
config.putString(name, req.getParameter(name));
}
commit(true);
@@ -946,10 +884,9 @@ public class AdminServlet extends HttpServlet {
/**
* Lists configuration store.
*/
- protected synchronized void listConfig(
- IConfigStore config, HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ protected synchronized void listConfig(IConfigStore config,
+ HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
Enumeration e = config.getPropertyNames();
NameValuePairs params = new NameValuePairs();
@@ -967,14 +904,14 @@ public class AdminServlet extends HttpServlet {
public boolean authorize(IAuthToken token) throws EBaseException {
String mGroupNames[] = { "Administrators" };
boolean mAnd = true;
-
+
try {
String userid = token.getInString("userid");
if (userid == null) {
- mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid));
return false;
}
@@ -983,9 +920,9 @@ public class AdminServlet extends HttpServlet {
IUser user = mUG.getUser(userid);
if (user == null) {
- mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid));
return false;
}
@@ -1001,10 +938,10 @@ public class AdminServlet extends HttpServlet {
if (mAnd) {
for (int i = 0; i < mGroupNames.length; i++) {
if (!mUG.isMemberOf(user, mGroupNames[i])) {
- mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid,
- mGroupNames[i]));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_USER_NOT_IN_GRP", userid,
+ mGroupNames[i]));
return false;
}
}
@@ -1012,10 +949,10 @@ public class AdminServlet extends HttpServlet {
} else {
for (int i = 0; i < mGroupNames.length; i++) {
if (mUG.isMemberOf(user, mGroupNames[i])) {
- mLogger.log(ILogger.EV_SYSTEM,
- ILogger.S_OTHER, ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid,
- mGroupNames[i]));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_INFO, CMS.getLogMessage(
+ "ADMIN_SRVLT_GRP_AUTH_SUCC_USER",
+ userid, mGroupNames[i]));
return true;
}
}
@@ -1027,24 +964,25 @@ public class AdminServlet extends HttpServlet {
groups.append(mGroupNames[j]);
}
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString()));
+ ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_USER_NOT_ANY_GRP", userid,
+ groups.toString()));
return false;
}
} catch (EUsrGrpException e) {
mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
return false;
}
}
/**
* FileConfigStore functionality
- *
- * The original config file is moved to <filename>.<date>.
- * Commits the current properties to the configuration file.
+ *
+ * The original config file is moved to <filename>.<date>. Commits the
+ * current properties to the configuration file.
* <P>
- *
+ *
* @param createBackup true if a backup file should be created
*/
protected void commit(boolean createBackup) throws EBaseException {
@@ -1054,17 +992,17 @@ public class AdminServlet extends HttpServlet {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN,
- level, "AdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN, level,
+ "AdminServlet: " + msg);
}
/**
* Signed Audit Log
- *
- * This method is inherited by all extended admin servlets
- * and is called to store messages to the signed audit log.
+ *
+ * This method is inherited by all extended admin servlets and is called to
+ * store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -1075,21 +1013,17 @@ public class AdminServlet extends HttpServlet {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is inherited by all extended "CMSServlet"s,
- * and is called to obtain the "SubjectID" for
- * a signed audit log message.
+ *
+ * This method is inherited by all extended "CMSServlet"s, and is called to
+ * obtain the "SubjectID" for a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -1104,8 +1038,7 @@ public class AdminServlet extends HttpServlet {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String)
- auditContext.get(SessionContext.USER_ID);
+ subjectID = (String) auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
@@ -1121,13 +1054,13 @@ public class AdminServlet extends HttpServlet {
/**
* Signed Audit Parameters
- *
- * This method is inherited by all extended admin servlets and
- * is called to extract parameters from the HttpServletRequest
- * and return a string of name;;value pairs separated by a '+'
- * if more than one name;;value pair exists.
+ *
+ * This method is inherited by all extended admin servlets and is called to
+ * extract parameters from the HttpServletRequest and return a string of
+ * name;;value pairs separated by a '+' if more than one name;;value pair
+ * exists.
* <P>
- *
+ *
* @param req HTTP servlet request
* @return a delimited string of one or more delimited name/value pairs
*/
@@ -1142,8 +1075,7 @@ public class AdminServlet extends HttpServlet {
// always identify the scope of the request
if (req.getParameter(Constants.OP_SCOPE) != null) {
- parameters = SIGNED_AUDIT_SCOPE
- + SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ parameters = SIGNED_AUDIT_SCOPE + SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ req.getParameter(Constants.OP_SCOPE);
}
@@ -1194,48 +1126,47 @@ public class AdminServlet extends HttpServlet {
value = value.trim();
if (value.equals("")) {
- parameters += name
- + SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE;
} else {
//
// To fix Blackflag Bug # 613800:
//
- // Check "com.netscape.certsrv.common.Constants" for
- // case-insensitive "password", "pwd", and "passwd"
- // name fields, and hide any password values:
+ // Check "com.netscape.certsrv.common.Constants" for
+ // case-insensitive "password", "pwd", and "passwd"
+ // name fields, and hide any password values:
//
- /* "password" */ if( name.equals( Constants.PASSWORDTYPE ) ||
- name.equals( Constants.TYPE_PASSWORD ) ||
- name.equals( Constants.PR_USER_PASSWORD ) ||
- name.equals( Constants.PT_OLD_PASSWORD ) ||
- name.equals( Constants.PT_NEW_PASSWORD ) ||
- name.equals( Constants.PT_DIST_STORE ) ||
- name.equals( Constants.PT_DIST_EMAIL ) ||
- /* "pwd" */ name.equals( Constants.PR_AUTH_ADMIN_PWD ) ||
- // ignore this one name.equals( Constants.PR_BINDPWD_PROMPT ) ||
- name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) ||
- name.equals( Constants.PR_OLD_AGENT_PWD ) ||
- name.equals( Constants.PR_AGENT_PWD ) ||
- name.equals( Constants.PT_PUBLISH_PWD ) ||
- /* "passwd" */ name.equals( Constants.PR_BIND_PASSWD ) ||
- name.equals( Constants.PR_BIND_PASSWD_AGAIN ) ||
- name.equals( Constants.PR_TOKEN_PASSWD ) ) {
+ /* "password" */if (name.equals(Constants.PASSWORDTYPE)
+ || name.equals(Constants.TYPE_PASSWORD)
+ || name.equals(Constants.PR_USER_PASSWORD)
+ || name.equals(Constants.PT_OLD_PASSWORD)
+ || name.equals(Constants.PT_NEW_PASSWORD)
+ || name.equals(Constants.PT_DIST_STORE)
+ || name.equals(Constants.PT_DIST_EMAIL)
+ ||
+ /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD)
+ ||
+ // ignore this one name.equals(
+ // Constants.PR_BINDPWD_PROMPT ) ||
+ name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)
+ || name.equals(Constants.PR_OLD_AGENT_PWD)
+ || name.equals(Constants.PR_AGENT_PWD)
+ || name.equals(Constants.PT_PUBLISH_PWD) ||
+ /* "passwd" */name.equals(Constants.PR_BIND_PASSWD)
+ || name.equals(Constants.PR_BIND_PASSWD_AGAIN)
+ || name.equals(Constants.PR_TOKEN_PASSWD)) {
// hide password value
- parameters += name
- + SIGNED_AUDIT_NAME_VALUE_DELIMITER
- + SIGNED_AUDIT_PASSWORD_VALUE;
+ parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ + SIGNED_AUDIT_PASSWORD_VALUE;
} else {
// process normally
- parameters += name
- + SIGNED_AUDIT_NAME_VALUE_DELIMITER
- + value;
+ parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ + value;
}
}
} else {
- parameters += name
- + SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ parameters += name + SIGNED_AUDIT_NAME_VALUE_DELIMITER
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
}
@@ -1245,14 +1176,14 @@ public class AdminServlet extends HttpServlet {
/**
* Signed Audit Groups
- *
- * This method is called to extract all "groups" associated
- * with the "auditSubjectID()".
+ *
+ * This method is called to extract all "groups" associated with the
+ * "auditSubjectID()".
* <P>
- *
+ *
* @param SubjectID string containing the signed audit log message SubjectID
- * @return a delimited string of groups associated
- * with the "auditSubjectID()"
+ * @return a delimited string of groups associated with the
+ * "auditSubjectID()"
*/
private String auditGroups(String SubjectID) {
// if no signed audit object exists, bail
@@ -1260,8 +1191,7 @@ public class AdminServlet extends HttpServlet {
return null;
}
- if ((SubjectID == null) ||
- (SubjectID.equals(ILogger.UNIDENTIFIED))) {
+ if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -1279,7 +1209,7 @@ public class AdminServlet extends HttpServlet {
IGroup group = (IGroup) groups.nextElement();
if (group.isMember(SubjectID) == true) {
- if (membersString.length()!=0) {
+ if (membersString.length() != 0) {
membersString.append(", ");
}
@@ -1287,7 +1217,7 @@ public class AdminServlet extends HttpServlet {
}
}
- if (membersString.length()!= 0) {
+ if (membersString.length() != 0) {
return membersString.toString();
} else {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -1295,7 +1225,8 @@ public class AdminServlet extends HttpServlet {
}
protected NameValuePairs convertStringArrayToNVPairs(String[] s) {
- if (s == null) return null;
+ if (s == null)
+ return null;
NameValuePairs nvps = new NameValuePairs();
int i;
@@ -1310,7 +1241,8 @@ public class AdminServlet extends HttpServlet {
}
- protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo(String className) {
+ protected static IExtendedPluginInfo getClassByNameAsExtendedPluginInfo(
+ String className) {
IExtendedPluginInfo epi = null;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
index ff9b9911..9945171f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -46,13 +45,12 @@ import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.ldap.ILdapAuthInfo;
import com.netscape.certsrv.logging.ILogger;
-
/**
- * A class representing an administration servlet for the
- * Authentication Management subsystem. This servlet is responsible
- * to serve configuration requests for the Auths Management subsystem.
+ * A class representing an administration servlet for the Authentication
+ * Management subsystem. This servlet is responsible to serve configuration
+ * requests for the Auths Management subsystem.
+ *
*
- *
* @version $Revision$, $Date$
*/
public class AuthAdminServlet extends AdminServlet {
@@ -64,13 +62,11 @@ public class AuthAdminServlet extends AdminServlet {
private final static String INFO = "AuthAdminServlet";
private IAuthSubsystem mAuths = null;
- private final static String PW_PASSWORD_CACHE_ADD =
- "PASSWORD_CACHE_ADD";
+ private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD";
private final static String VIEW = ";" + Constants.VIEW;
private final static String EDIT = ";" + Constants.EDIT;
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH =
- "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH = "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3";
public AuthAdminServlet() {
super();
@@ -88,19 +84,19 @@ public class AuthAdminServlet extends AdminServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
- * retrieve extended plugin info such as brief description, type info
- * from policy, authentication,
- * need to add: listener, mapper and publishing plugins
- * --- same as policy, should we move this into extendedpluginhelper?
+ * retrieve extended plugin info such as brief description, type info from
+ * policy, authentication, need to add: listener, mapper and publishing
+ * plugins --- same as policy, should we move this into
+ * extendedpluginhelper?
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
@@ -109,13 +105,14 @@ public class AuthAdminServlet extends AdminServlet {
String implType = id.substring(0, colon);
String implName = id.substring(colon + 1);
- NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType,
+ implName);
sendResponse(SUCCESS, null, params, resp);
}
- private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+ private NameValuePairs getExtendedPluginInfo(Locale locale,
+ String implType, String implName) {
IExtendedPluginInfo ext_info = null;
Object impl = null;
@@ -131,7 +128,8 @@ public class AuthAdminServlet extends AdminServlet {
if (ext_info == null) {
nvps = new NameValuePairs();
} else {
- nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
+ nvps = convertStringArrayToNVPairs(ext_info
+ .getExtendedPluginInfo(locale));
}
return nvps;
@@ -142,42 +140,41 @@ public class AuthAdminServlet extends AdminServlet {
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
if (op == null) {
- //System.out.println("SRVLT_INVALID_PROTOCOL");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ // System.out.println("SRVLT_INVALID_PROTOCOL");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp);
return;
}
// if it is not authentication, that means it is for CSC admin ping.
// the best way to do is to define another protocol for ping and move
// it to the generic servlet which is admin servlet.
- if (!op.equals(OpDef.OP_AUTH)) {
+ if (!op.equals(OpDef.OP_AUTH)) {
if (scope.equals(ScopeDef.SC_AUTH)) {
String id = req.getParameter(Constants.RS_ID);
// for CSC admin ping only
- if (op.equals(OpDef.OP_READ) &&
- id.equals(Constants.RS_ID_CONFIG)) {
+ if (op.equals(OpDef.OP_READ)
+ && id.equals(Constants.RS_ID_CONFIG)) {
- // no need to authenticate this. if we're alive, return true.
+ // no need to authenticate this. if we're alive, return
+ // true.
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_PING, Constants.TRUE);
sendResponse(SUCCESS, null, params, resp);
return;
} else {
- //System.out.println("SRVLT_INVALID_OP_TYPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ // System.out.println("SRVLT_INVALID_OP_TYPE");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp);
return;
}
}
@@ -186,7 +183,7 @@ public class AuthAdminServlet extends AdminServlet {
try {
if (op.equals(OpDef.OP_AUTH)) {
if (scope.equals(ScopeDef.SC_AUTHTYPE)) {
- IConfigStore configStore = CMS.getConfigStore();
+ IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("authType", "pwd");
NameValuePairs params = new NameValuePairs();
@@ -196,11 +193,11 @@ public class AuthAdminServlet extends AdminServlet {
}
}
} catch (Exception e) {
- sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp);
return;
}
- // for the rest
+ // for the rest
try {
super.authenticate(req);
if (op.equals(OpDef.OP_AUTH)) { // for admin authentication only
@@ -208,9 +205,9 @@ public class AuthAdminServlet extends AdminServlet {
return;
}
} catch (IOException e) {
- //System.out.println("SRVLT_FAIL_AUTHS");
- sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_AUTHS");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp);
return;
}
@@ -222,24 +219,24 @@ public class AuthAdminServlet extends AdminServlet {
try {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(
+ getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
getExtendedPluginInfo(req, resp);
return;
} catch (EBaseException e) {
- sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
+ sendResponse(ERROR, e.toString(getLocale(req)), null,
+ resp);
return;
}
}
if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -249,17 +246,15 @@ public class AuthAdminServlet extends AdminServlet {
listAuthMgrInsts(req, resp);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -269,17 +264,15 @@ public class AuthAdminServlet extends AdminServlet {
getInstConfig(req, resp);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -289,17 +282,15 @@ public class AuthAdminServlet extends AdminServlet {
addAuthMgrInst(req, resp, scope);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -309,17 +300,15 @@ public class AuthAdminServlet extends AdminServlet {
delAuthMgrInst(req, resp, scope);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) {
@@ -327,19 +316,17 @@ public class AuthAdminServlet extends AdminServlet {
return;
}
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
- }
+ }
} catch (EBaseException e) {
sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
- }
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ }
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp);
return;
}
@@ -356,22 +343,23 @@ public class AuthAdminServlet extends AdminServlet {
/**
* Add authentication manager plug-in
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
* authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addAuthMgrPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addAuthMgrPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -384,33 +372,30 @@ public class AuthAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// is the manager id unique?
if (mAuths.getPlugins().containsKey((Object) id)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthException(CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id))
+ .toString(), null, resp);
return;
}
@@ -419,39 +404,36 @@ public class AuthAdminServlet extends AdminServlet {
if (classPath == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"), null,
+ resp);
return;
}
- if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") ||
- classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) {
+ if (classPath
+ .equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication")
+ || classPath
+ .equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_PERMISSION_DENIED"), null, resp);
return;
}
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig
+ .getSubStore(DestDef.DEST_AUTH_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
// Does the class exist?
Class newImpl = null;
@@ -461,30 +443,26 @@ public class AuthAdminServlet extends AdminServlet {
} catch (ClassNotFoundException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), null,
+ resp);
return;
} catch (IllegalArgumentException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"), null,
+ resp);
return;
}
@@ -493,31 +471,26 @@ public class AuthAdminServlet extends AdminServlet {
if (IAuthManager.class.isAssignableFrom(newImpl) == false) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_ILL_CLASS"), null, resp);
return;
}
- } catch (NullPointerException e) { // unlikely, only if newImpl null.
+ } catch (NullPointerException e) { // unlikely, only if newImpl
+ // null.
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_ILL_CLASS"), null, resp);
return;
}
@@ -531,17 +504,14 @@ public class AuthAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -549,80 +519,75 @@ public class AuthAdminServlet extends AdminServlet {
AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath);
mAuths.getPlugins().put(id, plugin);
- mAuths.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id));
+ mAuths.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id));
NameValuePairs params = new NameValuePairs();
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
sendResponse(SUCCESS, null, params, resp);
return;
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* Add authentication manager instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
* authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addAuthMgrInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addAuthMgrInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -635,16 +600,13 @@ public class AuthAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -652,16 +614,13 @@ public class AuthAdminServlet extends AdminServlet {
if (mAuths.getInstances().containsKey((Object) id)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_MGR_INST_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_ILL_MGR_INST_ID"), null, resp);
return;
}
@@ -673,43 +632,41 @@ public class AuthAdminServlet extends AdminServlet {
if (implname == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MISSING_PARAMS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_MISSING_PARAMS"), null, resp);
return;
}
// prevent agent & admin creation.
- if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
- implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID)
+ || implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_PERMISSION_DENIED"), null, resp);
}
// check if implementation exists.
- AuthMgrPlugin plugin =
- (AuthMgrPlugin) mAuths.getPlugins().get(implname);
+ AuthMgrPlugin plugin = (AuthMgrPlugin) mAuths.getPlugins().get(
+ implname);
if (plugin == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthMgrPluginNotFound(CMS.getUserMessage(
+ getLocale(req),
+ "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND",
+ implname)).toString(), null, resp);
return;
}
@@ -718,10 +675,9 @@ public class AuthAdminServlet extends AdminServlet {
// are there, but not checking the values are valid
String[] configParams = mAuths.getConfigParams(implname);
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig
+ .getSubStore(DestDef.DEST_AUTH_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
IConfigStore substore = instancesConfig.makeSubStore(id);
if (configParams != null) {
@@ -747,52 +703,56 @@ public class AuthAdminServlet extends AdminServlet {
IAuthManager authMgrInst = null;
try {
- authMgrInst = (IAuthManager) Class.forName(className).newInstance();
+ authMgrInst = (IAuthManager) Class.forName(className)
+ .newInstance();
} catch (ClassNotFoundException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// cleanup
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthException(CMS
+ .getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
+ className)).toString(), null, resp);
return;
} catch (InstantiationException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthException(CMS
+ .getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
+ className)).toString(), null, resp);
return;
} catch (IllegalAccessException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthException(CMS
+ .getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
+ className)).toString(), null, resp);
return;
}
@@ -802,10 +762,8 @@ public class AuthAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -821,37 +779,31 @@ public class AuthAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// clean up.
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// inited and commited ok. now add manager instance to list.
mAuths.add(id, authMgrInst);
- mAuths.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id));
+ mAuths.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id));
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_AUTH_IMPL_NAME, implname);
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -859,11 +811,8 @@ public class AuthAdminServlet extends AdminServlet {
return;
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -871,42 +820,38 @@ public class AuthAdminServlet extends AdminServlet {
throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
- private synchronized void listAuthMgrPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listAuthMgrPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = mAuths.getPlugins().keys();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- AuthMgrPlugin value = (AuthMgrPlugin)
- mAuths.getPlugins().get(name);
+ AuthMgrPlugin value = (AuthMgrPlugin) mAuths.getPlugins().get(name);
if (value.isVisible()) {
params.add(name, value.getClassPath() + EDIT);
@@ -916,16 +861,16 @@ public class AuthAdminServlet extends AdminServlet {
return;
}
- private synchronized void listAuthMgrInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listAuthMgrInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
- for (Enumeration e = mAuths.getInstances().keys();
- e.hasMoreElements();) {
+ for (Enumeration e = mAuths.getInstances().keys(); e.hasMoreElements();) {
String name = (String) e.nextElement();
- AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name);
+ AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances()
+ .get(name);
IAuthManager value = proxy.getAuthManager();
String enableStr = "enabled";
@@ -933,11 +878,12 @@ public class AuthAdminServlet extends AdminServlet {
enableStr = "disabled";
}
- AuthMgrPlugin amgrplugin = (AuthMgrPlugin)
- mAuths.getPlugins().get(value.getImplName());
+ AuthMgrPlugin amgrplugin = (AuthMgrPlugin) mAuths.getPlugins().get(
+ value.getImplName());
if (!amgrplugin.isVisible()) {
- params.add(name, value.getImplName() + ";invisible;" + enableStr);
+ params.add(name, value.getImplName() + ";invisible;"
+ + enableStr);
} else {
params.add(name, value.getImplName() + ";visible;" + enableStr);
}
@@ -949,21 +895,22 @@ public class AuthAdminServlet extends AdminServlet {
/**
* Delete authentication manager plug-in
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
* authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void delAuthMgrPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delAuthMgrPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -978,74 +925,69 @@ public class AuthAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// prevent deletion of admin and agent.
- if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
- id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID)
+ || id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_PERMISSION_DENIED"), null, resp);
}
// does auth manager exist?
if (mAuths.getPlugins().containsKey(id) == false) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthMgrPluginNotFound(CMS.getUserMessage(
+ getLocale(req),
+ "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id))
+ .toString(), null, resp);
return;
}
// first check if any instances from this auth manager
// DON'T remove auth manager if any instance
- for (Enumeration e = mAuths.getInstances().keys();
- e.hasMoreElements();) {
- IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement());
+ for (Enumeration e = mAuths.getInstances().keys(); e
+ .hasMoreElements();) {
+ IAuthManager authMgr = (IAuthManager) mAuths.get((String) e
+ .nextElement());
if (authMgr.getImplName() == id) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MGR_IN_USE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_MGR_IN_USE"), null, resp);
return;
}
}
-
+
// then delete this auth manager
mAuths.getPlugins().remove((Object) id);
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig
+ .getSubStore(DestDef.DEST_AUTH_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
// commiting
@@ -1054,87 +996,79 @@ public class AuthAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
sendResponse(SUCCESS, null, params, resp);
return;
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
}
}
/**
* Delete authentication manager instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
* authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void delAuthMgrInst(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delAuthMgrInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
String auditMessage = null;
@@ -1149,56 +1083,52 @@ public class AuthAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// prevent deletion of admin and agent.
- if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
- id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)
+ || id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_PERMISSION_DENIED"), null, resp);
}
// does auth manager instance exist?
if (mAuths.getInstances().containsKey(id) == false) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id))
+ .toString(), null, resp);
return;
}
// only remove from memory
// cannot shutdown because we don't keep track of whether it's
- // being used.
+ // being used.
IAuthManager mgrInst = (IAuthManager) mAuths.get(id);
mAuths.getInstances().remove((Object) id);
// remove the configuration.
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig
+ .getSubStore(DestDef.DEST_AUTH_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
// commiting
@@ -1207,96 +1137,85 @@ public class AuthAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
- //This only works in the fact that we only support one instance per
- //auth plugin.
+ // This only works in the fact that we only support one instance per
+ // auth plugin.
ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
authInfo.removePassword("Rule " + id);
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
sendResponse(SUCCESS, null, params, resp);
return;
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
- * used for getting the required configuration parameters (with
- * possible default values) for a particular auth manager plugin
- * implementation name specified in the RS_ID. Actually, there is
- * no logic in here to set any default value here...there's no
- * default value for any parameter in this authentication subsystem
- * at this point. Later, if we do have one (or some), it can be
- * added. The interface remains the same.
+ * used for getting the required configuration parameters (with possible
+ * default values) for a particular auth manager plugin implementation name
+ * specified in the RS_ID. Actually, there is no logic in here to set any
+ * default value here...there's no default value for any parameter in this
+ * authentication subsystem at this point. Later, if we do have one (or
+ * some), it can be added. The interface remains the same.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1314,25 +1233,26 @@ public class AuthAdminServlet extends AdminServlet {
return;
}
- private synchronized void getInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void getInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does auth manager instance exist?
if (mAuths.getInstances().containsKey(id) == false) {
- sendResponse(ERROR,
- new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id))
+ .toString(), null, resp);
return;
}
@@ -1361,29 +1281,29 @@ public class AuthAdminServlet extends AdminServlet {
}
/**
- * Modify authentication manager instance
- * This will actually create a new instance with new configuration
- * parameters and replace the old instance if the new instance is
- * created and initialized successfully.
- * The old instance is left running, so this is very expensive.
- * Restart of server recommended.
+ * Modify authentication manager instance This will actually create a new
+ * instance with new configuration parameters and replace the old instance
+ * if the new instance is created and initialized successfully. The old
+ * instance is left running, so this is very expensive. Restart of server
+ * recommended.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
* authentication
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of this authentication
- * manager's substore
+ * manager's substore
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modAuthMgrInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modAuthMgrInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
// expensive operation.
@@ -1398,41 +1318,37 @@ public class AuthAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// prevent modification of admin and agent.
- if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
- id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+ if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)
+ || id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_PERMISSION_DENIED"), null, resp);
}
// Does the manager instance exist?
if (!mAuths.getInstances().containsKey((Object) id)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"),
- null, resp);
+ sendResponse(
+ ERROR,
+ CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"),
+ null, resp);
return;
}
@@ -1442,43 +1358,42 @@ public class AuthAdminServlet extends AdminServlet {
if (implname == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"),
- null, resp);
+ sendResponse(
+ ERROR,
+ CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"),
+ null, resp);
return;
}
- // get plugin for implementation
- AuthMgrPlugin plugin =
- (AuthMgrPlugin) mAuths.getPlugins().get(implname);
+ // get plugin for implementation
+ AuthMgrPlugin plugin = (AuthMgrPlugin) mAuths.getPlugins().get(
+ implname);
if (plugin == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthMgrPluginNotFound(CMS.getUserMessage(
+ getLocale(req),
+ "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND",
+ implname)).toString(), null, resp);
return;
}
- // save old instance substore params in case new one fails.
+ // save old instance substore params in case new one fails.
- IAuthManager oldinst =
- (IAuthManager) mAuths.get(id);
+ IAuthManager oldinst = (IAuthManager) mAuths.get(id);
IConfigStore oldConfig = oldinst.getConfigStore();
String[] oldConfigParms = oldinst.getConfigParams();
@@ -1486,7 +1401,7 @@ public class AuthAdminServlet extends AdminServlet {
// implName is always required so always include it it.
saveParams.add(IAuthSubsystem.PROP_PLUGIN,
- (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN));
+ (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN));
if (oldConfigParms != null) {
for (int i = 0; i < oldConfigParms.length; i++) {
String key = oldConfigParms[i];
@@ -1502,10 +1417,9 @@ public class AuthAdminServlet extends AdminServlet {
// remove old substore.
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig
+ .getSubStore(DestDef.DEST_AUTH_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
@@ -1533,52 +1447,56 @@ public class AuthAdminServlet extends AdminServlet {
IAuthManager newMgrInst = null;
try {
- newMgrInst = (IAuthManager) Class.forName(className).newInstance();
+ newMgrInst = (IAuthManager) Class.forName(className)
+ .newInstance();
} catch (ClassNotFoundException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// cleanup
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthException(CMS
+ .getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
+ className)).toString(), null, resp);
return;
} catch (InstantiationException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthException(CMS
+ .getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
+ className)).toString(), null, resp);
return;
} catch (IllegalAccessException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EAuthException(CMS
+ .getUserMessage(getLocale(req),
+ "CMS_AUTHENTICATION_LOAD_CLASS_FAIL",
+ className)).toString(), null, resp);
return;
}
@@ -1589,10 +1507,8 @@ public class AuthAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1602,25 +1518,22 @@ public class AuthAdminServlet extends AdminServlet {
return;
}
- // initialized ok. commiting
+ // initialized ok. commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_AUTH, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// clean up.
restore(instancesConfig, id, saveParams);
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -1628,17 +1541,14 @@ public class AuthAdminServlet extends AdminServlet {
mAuths.add(id, newMgrInst);
- mAuths.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id));
+ mAuths.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id));
NameValuePairs params = new NameValuePairs();
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1646,11 +1556,8 @@ public class AuthAdminServlet extends AdminServlet {
return;
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1658,34 +1565,31 @@ public class AuthAdminServlet extends AdminServlet {
throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
// convenience routine.
- private static void restore(IConfigStore store,
- String id, NameValuePairs saveParams) {
+ private static void restore(IConfigStore store, String id,
+ NameValuePairs saveParams) {
store.removeSubStore(id);
IConfigStore rstore = store.makeSubStore(id);
@@ -1695,7 +1599,7 @@ public class AuthAdminServlet extends AdminServlet {
String key = (String) keys.nextElement();
String value = saveParams.getValue(key);
- if (value != null)
+ if (value != null)
rstore.put(key, value);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
index bfa9cccd..cca86dce 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.util.Enumeration;
import java.util.Hashtable;
@@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
-
/**
* Authentication Credentials as input to the authMgr
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class AuthCredentials implements IAuthCredentials {
@@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials {
*/
private static final long serialVersionUID = -6938644716486895814L;
private Hashtable authCreds = null;
- // Inserted by bskim
+ // Inserted by bskim
private IArgBlock argblk = null;
+
// Insert end
-
+
public AuthCredentials() {
authCreds = new Hashtable();
}
/**
* sets a credential with credential name and the credential
+ *
* @param name credential name
* @param cred credential
* @exception com.netscape.certsrv.base.EBaseException NullPointerException
*/
- public void set(String name, Object cred)throws EBaseException {
+ public void set(String name, Object cred) throws EBaseException {
if (cred == null) {
throw new EBaseException("AuthCredentials.set()");
}
@@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials {
/**
* returns the credential to which the specified name is mapped in this
- * credential set
+ * credential set
+ *
* @param name credential name
* @return the named authentication credential
*/
@@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials {
}
/**
- * removes the name and its corresponding credential from this
- * credential set. This method does nothing if the named
- * credential is not in the credential set.
+ * removes the name and its corresponding credential from this credential
+ * set. This method does nothing if the named credential is not in the
+ * credential set.
+ *
* @param name credential name
*/
public void delete(String name) {
@@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials {
}
/**
- * returns an enumeration of the credentials in this credential
- * set. Use the Enumeration methods on the returned object to
- * fetch the elements sequentially.
+ * returns an enumeration of the credentials in this credential set. Use the
+ * Enumeration methods on the returned object to fetch the elements
+ * sequentially.
+ *
* @return an enumeration of the values in this credential set
* @see java.util.Enumeration
*/
public Enumeration getElements() {
return (authCreds.elements());
}
-
+
// Inserted by bskim
public void setArgBlock(IArgBlock blk) {
argblk = blk;
return;
- }
+ }
// Insert end
-
+
public IArgBlock getArgBlock() {
return argblk;
- }
+ }
// Insert end
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
index 1cd3240f..483ebdac 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.File;
import java.io.IOException;
import java.net.UnknownHostException;
@@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.request.IRequestListener;
import com.netscape.cmsutil.util.Utils;
-
/**
- * A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve CA
- * administrative operations such as configuration parameter
- * updates.
- *
+ * A class representings an administration servlet for Certificate Authority.
+ * This servlet is responsible to serve CA administrative operations such as
+ * configuration parameter updates.
+ *
* @version $Revision$, $Date$
*/
public class CAAdminServlet extends AdminServlet {
@@ -65,8 +62,7 @@ public class CAAdminServlet extends AdminServlet {
private final static String INFO = "CAAdminServlet";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE =
- "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
private ICertificateAuthority mCA = null;
protected static final String PROP_ENABLED = "enabled";
@@ -94,22 +90,22 @@ public class CAAdminServlet extends AdminServlet {
}
/**
- * Serves HTTP request. Each request is authenticated to
- * the authenticate manager.
+ * Serves HTTP request. Each request is authenticated to the authenticate
+ * manager.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
-
- //get all operational flags
+
+ // get all operational flags
String op = req.getParameter(Constants.OP_TYPE);
String scope = req.getParameter(Constants.OP_SCOPE);
- //check operational flags
+ // check operational flags
if ((op == null) || (scope == null)) {
sendResponse(1, "Invalid Protocol", null, resp);
return;
- }
+ }
super.authenticate(req);
@@ -119,9 +115,8 @@ public class CAAdminServlet extends AdminServlet {
try {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
getExtendedPluginInfo(req, resp);
@@ -134,9 +129,8 @@ public class CAAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL))
@@ -158,9 +152,8 @@ public class CAAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL))
@@ -171,9 +164,9 @@ public class CAAdminServlet extends AdminServlet {
setCRLIPsConfig(req, resp);
else if (scope.equals(ScopeDef.SC_CRL))
setCRLConfig(req, resp);
- else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
setNotificationReqCompConfig(req, resp);
- else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
+ else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
setNotificationRevCompConfig(req, resp);
else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ))
setNotificationRIQConfig(req, resp);
@@ -182,9 +175,8 @@ public class CAAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
@@ -194,9 +186,8 @@ public class CAAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_CRLIPS))
@@ -204,9 +195,8 @@ public class CAAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_CRLIPS))
@@ -220,23 +210,24 @@ public class CAAdminServlet extends AdminServlet {
}
}
- /*==========================================================
- * private methods
- *==========================================================*/
-
+ /*
+ * ========================================================== private
+ * methods==========================================================
+ */
+
/*
* handle request completion (cert issued) notification config requests
*/
private void getNotificationCompConfig(HttpServletRequest req,
- HttpServletResponse resp, IConfigStore rc) throws ServletException,
+ HttpServletResponse resp, IConfigStore rc) throws ServletException,
IOException, EBaseException {
-
+
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
-
+
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
-
+
if (name.equals(Constants.OP_TYPE))
continue;
if (name.equals(Constants.RS_ID))
@@ -247,33 +238,35 @@ public class CAAdminServlet extends AdminServlet {
continue;
params.add(name, rc.getString(name, ""));
}
-
+
params.add(Constants.PR_ENABLE,
- rc.getString(PROP_ENABLED, Constants.FALSE));
+ rc.getString(PROP_ENABLED, Constants.FALSE));
sendResponse(SUCCESS, null, params, resp);
}
-
+
private void getNotificationRevCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
-
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
+
IConfigStore config = mCA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
-
+ IConfigStore nc = config
+ .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore rc = nc
+ .getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
+
getNotificationCompConfig(req, resp, rc);
}
-
+
private void getNotificationReqCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
-
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
+
IConfigStore config = mCA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
-
+ IConfigStore nc = config
+ .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore rc = nc
+ .getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
+
getNotificationCompConfig(req, resp, rc);
}
@@ -281,16 +274,17 @@ public class CAAdminServlet extends AdminServlet {
* handle getting request in queue notification config info
*/
private void getNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mCA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
+ IConfigStore riq = nc
+ .getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
Enumeration e = req.getParameterNames();
@@ -308,8 +302,8 @@ public class CAAdminServlet extends AdminServlet {
params.add(name, riq.getString(name, ""));
}
- params.add(Constants.PR_ENABLE,
- riq.getString(PROP_ENABLED, Constants.FALSE));
+ params.add(Constants.PR_ENABLE,
+ riq.getString(PROP_ENABLED, Constants.FALSE));
sendResponse(SUCCESS, null, params, resp);
}
@@ -317,15 +311,16 @@ public class CAAdminServlet extends AdminServlet {
* handle setting request in queue notification config info
*/
private void setNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore config = mCA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
+ IConfigStore riq = nc
+ .getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
- //set rest of the parameters
+ // set rest of the parameters
Enumeration e = req.getParameterNames();
while (e.hasMoreElements()) {
@@ -346,15 +341,15 @@ public class CAAdminServlet extends AdminServlet {
File template = new File(val);
if ((!template.exists()) || (!template.canRead())
- || (template.isDirectory())) {
- String error =
- "Template: " + val + " does not exist or invalid";
+ || (template.isDirectory())) {
+ String error = "Template: " + val
+ + " does not exist or invalid";
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PATH"), null, resp);
return;
}
}
@@ -377,10 +372,11 @@ public class CAAdminServlet extends AdminServlet {
* handle setting request complete notification config info
*/
private void setNotificationCompConfig(HttpServletRequest req,
- HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
+ HttpServletResponse resp, IConfigStore rc,
+ IRequestListener thisListener) throws ServletException,
IOException, EBaseException {
-
- //set rest of the parameters
+
+ // set rest of the parameters
Enumeration e = req.getParameterNames();
while (e.hasMoreElements()) {
@@ -401,15 +397,15 @@ public class CAAdminServlet extends AdminServlet {
File template = new File(val);
if ((!template.exists()) || (!template.canRead())
- || (template.isDirectory())) {
- String error =
- "Template: " + val + " does not exist or invalid";
+ || (template.isDirectory())) {
+ String error = "Template: " + val
+ + " does not exist or invalid";
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PATH"), null, resp);
return;
}
}
@@ -429,33 +425,35 @@ public class CAAdminServlet extends AdminServlet {
}
private void setNotificationRevCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore config = mCA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
+ IConfigStore rc = nc
+ .getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener());
- }
+ }
private void setNotificationReqCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore config = mCA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
+ IConfigStore rc = nc
+ .getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
setNotificationCompConfig(req, resp, rc, mCA.getCertIssuedListener());
}
private void listCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration ips = mCA.getCRLIssuingPoints();
@@ -468,17 +466,17 @@ public class CAAdminServlet extends AdminServlet {
if (ipId != null && ipId.length() > 0)
params.add(ipId, ip.getDescription());
- params.add(ipId + "." + Constants.PR_ENABLED,
- (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString());
+ params.add(ipId + "." + Constants.PR_ENABLED, (Boolean
+ .valueOf(ip.isCRLIssuingPointEnabled())).toString());
}
}
-
+
sendResponse(SUCCESS, null, params, resp);
}
private void getCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
@@ -518,11 +516,12 @@ public class CAAdminServlet extends AdminServlet {
/**
* Add CRL issuing points configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
* configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -530,8 +529,8 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void addCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -545,10 +544,8 @@ public class CAAdminServlet extends AdminServlet {
if (ipId == null || ipId.length() == 0) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -562,10 +559,8 @@ public class CAAdminServlet extends AdminServlet {
if (desc == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -577,16 +572,16 @@ public class CAAdminServlet extends AdminServlet {
String sEnable = req.getParameter(Constants.PR_ENABLED);
boolean enable = true;
- if (sEnable != null && sEnable.length() > 0 &&
- sEnable.equalsIgnoreCase(Constants.FALSE)) {
+ if (sEnable != null && sEnable.length() > 0
+ && sEnable.equalsIgnoreCase(Constants.FALSE)) {
enable = false;
params.add(Constants.PR_ENABLED, Constants.FALSE);
} else {
params.add(Constants.PR_ENABLED, Constants.TRUE);
}
- IConfigStore crlSubStore =
- mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ IConfigStore crlSubStore = mCA.getConfigStore().getSubStore(
+ ICertificateAuthority.PROP_CRL_SUBSTORE);
Enumeration crlNames = crlSubStore.getSubStoreNames();
while (crlNames.hasMoreElements()) {
@@ -595,24 +590,21 @@ public class CAAdminServlet extends AdminServlet {
if (ipId.equals(name)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR, ipId + " CRL IP already exists", null, resp);
+ sendResponse(ERROR, ipId + " CRL IP already exists", null,
+ resp);
return;
}
}
if (!mCA.addCRLIssuingPoint(crlSubStore, ipId, enable, desc)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -623,10 +615,8 @@ public class CAAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -634,10 +624,8 @@ public class CAAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -646,38 +634,37 @@ public class CAAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* Set CRL issuing points configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
* configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -685,8 +672,8 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -700,10 +687,8 @@ public class CAAdminServlet extends AdminServlet {
if (ipId == null || ipId.length() == 0) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -717,10 +702,8 @@ public class CAAdminServlet extends AdminServlet {
if (desc == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -732,16 +715,16 @@ public class CAAdminServlet extends AdminServlet {
String sEnable = req.getParameter(Constants.PR_ENABLED);
boolean enable = true;
- if (sEnable != null && sEnable.length() > 0 &&
- sEnable.equalsIgnoreCase(Constants.FALSE)) {
+ if (sEnable != null && sEnable.length() > 0
+ && sEnable.equalsIgnoreCase(Constants.FALSE)) {
enable = false;
params.add(Constants.PR_ENABLED, Constants.FALSE);
} else {
params.add(Constants.PR_ENABLED, Constants.TRUE);
}
- IConfigStore crlSubStore =
- mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ IConfigStore crlSubStore = mCA.getConfigStore().getSubStore(
+ ICertificateAuthority.PROP_CRL_SUBSTORE);
boolean done = false;
Enumeration crlNames = crlSubStore.getSubStoreNames();
@@ -759,8 +742,8 @@ public class CAAdminServlet extends AdminServlet {
if (c != null) {
c.putString(Constants.PR_DESCRIPTION, desc);
- c.putString(Constants.PR_ENABLED,
- (enable) ? Constants.TRUE : Constants.FALSE);
+ c.putString(Constants.PR_ENABLED,
+ (enable) ? Constants.TRUE : Constants.FALSE);
}
done = true;
break;
@@ -769,10 +752,8 @@ public class CAAdminServlet extends AdminServlet {
if (!done) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -783,10 +764,8 @@ public class CAAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -794,10 +773,8 @@ public class CAAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -806,38 +783,37 @@ public class CAAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* Delete CRL issuing points configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
* configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -845,8 +821,8 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void deleteCRLIPsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -858,8 +834,8 @@ public class CAAdminServlet extends AdminServlet {
String id = req.getParameter(Constants.RS_ID);
if (id != null && id.length() > 0) {
- IConfigStore crlSubStore =
- mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ IConfigStore crlSubStore = mCA.getConfigStore().getSubStore(
+ ICertificateAuthority.PROP_CRL_SUBSTORE);
boolean done = false;
Enumeration crlNames = crlSubStore.getSubStoreNames();
@@ -875,10 +851,8 @@ public class CAAdminServlet extends AdminServlet {
if (!done) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -890,10 +864,8 @@ public class CAAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -901,10 +873,8 @@ public class CAAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -913,33 +883,31 @@ public class CAAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
private void getCRLExtsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
String ipId = null;
@@ -974,11 +942,12 @@ public class CAAdminServlet extends AdminServlet {
/**
* Delete CRL extensions configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
* configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -986,8 +955,8 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setCRLExtsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1006,11 +975,11 @@ public class CAAdminServlet extends AdminServlet {
ICMSCRLExtensions crlExts = ip.getCRLExtensions();
IConfigStore config = mCA.getConfigStore();
- IConfigStore crlsSubStore =
- config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ IConfigStore crlsSubStore = config
+ .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId);
- IConfigStore crlExtsSubStore =
- crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
+ IConfigStore crlExtsSubStore = crlSubStore
+ .getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
String id = req.getParameter(Constants.RS_ID);
@@ -1044,10 +1013,8 @@ public class CAAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1055,10 +1022,8 @@ public class CAAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1067,33 +1032,31 @@ public class CAAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
private void listCRLExtsConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.PR_ID);
@@ -1103,9 +1066,11 @@ public class CAAdminServlet extends AdminServlet {
}
IConfigStore config = mCA.getConfigStore();
- IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ IConfigStore crlsSubStore = config
+ .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
- IConfigStore crlExtsSubStore = crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
+ IConfigStore crlExtsSubStore = crlSubStore
+ .getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
if (crlExtsSubStore != null) {
Enumeration enumExts = crlExtsSubStore.getSubStoreNames();
@@ -1113,7 +1078,8 @@ public class CAAdminServlet extends AdminServlet {
while (enumExts.hasMoreElements()) {
String extName = (String) enumExts.nextElement();
boolean crlExtEnabled = false;
- IConfigStore crlExtSubStore = crlExtsSubStore.getSubStore(extName);
+ IConfigStore crlExtSubStore = crlExtsSubStore
+ .getSubStore(extName);
Enumeration properties = crlExtSubStore.getPropertyNames();
while (properties.hasMoreElements()) {
@@ -1123,33 +1089,35 @@ public class CAAdminServlet extends AdminServlet {
crlExtEnabled = crlExtSubStore.getBoolean(name, false);
}
}
- params.add(extName, extName + ";visible;" + ((crlExtEnabled) ? "enabled" : "disabled"));
+ params.add(extName, extName + ";visible;"
+ + ((crlExtEnabled) ? "enabled" : "disabled"));
}
}
sendResponse(SUCCESS, null, params, resp);
}
- /**
- * retrieve extended plugin info such as brief description,
- * type info from CRL extensions
+ /**
+ * retrieve extended plugin info such as brief description, type info from
+ * CRL extensions
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
int colon = id.indexOf(':');
String implType = id.substring(0, colon);
String implName = id.substring(colon + 1);
- NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType,
+ implName);
sendResponse(SUCCESS, null, params, resp);
}
- private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+ private NameValuePairs getExtendedPluginInfo(Locale locale,
+ String implType, String implName) {
IExtendedPluginInfo ext_info = null;
Object impl = null;
@@ -1182,7 +1150,8 @@ public class CAAdminServlet extends AdminServlet {
if (ext_info == null) {
nvps = new NameValuePairs();
} else {
- nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
+ nvps = convertStringArrayToNVPairs(ext_info
+ .getExtendedPluginInfo(locale));
}
return nvps;
@@ -1191,11 +1160,12 @@ public class CAAdminServlet extends AdminServlet {
/**
* Set CRL configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
* configuring CRL profile (extensions, frequency, CRL format)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -1203,7 +1173,7 @@ public class CAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1214,18 +1184,19 @@ public class CAAdminServlet extends AdminServlet {
String id = req.getParameter(Constants.RS_ID);
- if (id == null || id.length() <= 0 ||
- id.equals(Constants.RS_ID_CONFIG)) {
+ if (id == null || id.length() <= 0
+ || id.equals(Constants.RS_ID_CONFIG)) {
id = ICertificateAuthority.PROP_MASTER_CRL;
}
ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id);
- //Save New Settings to the config file
+ // Save New Settings to the config file
IConfigStore config = mCA.getConfigStore();
- IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ IConfigStore crlsSubStore = config
+ .getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
- //set reset of the parameters
+ // set reset of the parameters
Enumeration e = req.getParameterNames();
while (e.hasMoreElements()) {
@@ -1250,10 +1221,8 @@ public class CAAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1264,10 +1233,8 @@ public class CAAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1276,44 +1243,40 @@ public class CAAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
- private void getCRLConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getCRLConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
- if (id == null || id.length() <= 0 ||
- id.equals(Constants.RS_ID_CONFIG)) {
+ if (id == null || id.length() <= 0 || id.equals(Constants.RS_ID_CONFIG)) {
id = ICertificateAuthority.PROP_MASTER_CRL;
}
- IConfigStore crlsSubStore =
- mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+ IConfigStore crlsSubStore = mCA.getConfigStore().getSubStore(
+ ICertificateAuthority.PROP_CRL_SUBSTORE);
IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
Enumeration e = req.getParameterNames();
@@ -1335,10 +1298,10 @@ public class CAAdminServlet extends AdminServlet {
getSigningAlgConfig(params);
sendResponse(SUCCESS, null, params, resp);
}
-
+
private void getConnectorConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore caConfig = mCA.getConfigStore();
IConfigStore connectorConfig = caConfig.getSubStore("connector");
IConfigStore caConnectorConfig = null;
@@ -1370,14 +1333,14 @@ public class CAAdminServlet extends AdminServlet {
}
private void setConnectorConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore caConfig = mCA.getConfigStore();
IConfigStore connectorConfig = caConfig.getSubStore("connector");
IConfigStore caConnectorConfig = null;
-// String nickname = CMS.getServerCertNickname();
+ // String nickname = CMS.getServerCertNickname();
if (isKRAConnector(req)) {
caConnectorConfig = connectorConfig.getSubStore("KRA");
@@ -1397,17 +1360,17 @@ public class CAAdminServlet extends AdminServlet {
continue;
if (name.equals(Constants.OP_SCOPE))
continue;
-/*
- if (name.equals("nickName")) {
- caConnectorConfig.putString(name, nickname);
- continue;
- }
-*/
+ /*
+ * if (name.equals("nickName")) {
+ * caConnectorConfig.putString(name, nickname); continue; }
+ */
if (name.equals("host")) {
try {
Utils.checkHost(req.getParameter("host"));
} catch (UnknownHostException e) {
- sendResponse(ERROR, "Unknown Host " + req.getParameter("host"), null, resp);
+ sendResponse(ERROR,
+ "Unknown Host " + req.getParameter("host"),
+ null, resp);
return;
}
}
@@ -1456,47 +1419,43 @@ public class CAAdminServlet extends AdminServlet {
}
private void getGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
String value = "false";
/*
- ISubsystem eeGateway =
- SubsystemRegistry.getInstance().get("eeGateway");
- if (eeGateway != null) {
- IConfigStore eeConfig = eeGateway.getConfigStore();
- if (eeConfig != null)
- value = eeConfig.getString("enabled", "true");
- String ocspValue = "true";
- ocspValue = eeConfig.getString("enableOCSP", "true");
- params.add(Constants.PR_OCSP_ENABLED, ocspValue);
- }
- params.add(Constants.PR_EE_ENABLED, value);
+ * ISubsystem eeGateway =
+ * SubsystemRegistry.getInstance().get("eeGateway"); if (eeGateway !=
+ * null) { IConfigStore eeConfig = eeGateway.getConfigStore(); if
+ * (eeConfig != null) value = eeConfig.getString("enabled", "true");
+ * String ocspValue = "true"; ocspValue =
+ * eeConfig.getString("enableOCSP", "true");
+ * params.add(Constants.PR_OCSP_ENABLED, ocspValue); }
+ * params.add(Constants.PR_EE_ENABLED, value);
*/
-
IConfigStore caConfig = mCA.getConfigStore();
- value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false");
+ value = caConfig.getString(
+ ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false");
params.add(Constants.PR_VALIDITY, value);
getSigningAlgConfig(params);
getSerialConfig(params);
getMaxSerialConfig(params);
-
+
sendResponse(SUCCESS, null, params, resp);
}
private void getSigningAlgConfig(NameValuePairs params) {
- params.add(Constants.PR_DEFAULT_ALGORITHM,
- mCA.getDefaultAlgorithm());
+ params.add(Constants.PR_DEFAULT_ALGORITHM, mCA.getDefaultAlgorithm());
String[] algorithms = mCA.getCASigningAlgorithms();
StringBuffer algorStr = new StringBuffer();
for (int i = 0; i < algorithms.length; i++) {
- if (i == 0)
+ if (i == 0)
algorStr.append(algorithms[i]);
else {
algorStr.append(":");
@@ -1507,24 +1466,22 @@ public class CAAdminServlet extends AdminServlet {
}
private void getSerialConfig(NameValuePairs params) {
- params.add(Constants.PR_SERIAL,
- mCA.getStartSerial());
+ params.add(Constants.PR_SERIAL, mCA.getStartSerial());
}
private void getMaxSerialConfig(NameValuePairs params) {
- params.add(Constants.PR_MAXSERIAL,
- mCA.getMaxSerial());
+ params.add(Constants.PR_MAXSERIAL, mCA.getMaxSerial());
}
private void setGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
ISubsystem eeGateway = null;
/*
- ISubsystem eeGateway =
- SubsystemRegistry.getInstance().get("eeGateway");
+ * ISubsystem eeGateway =
+ * SubsystemRegistry.getInstance().get("eeGateway");
*/
IConfigStore eeConfig = null;
@@ -1533,7 +1490,7 @@ public class CAAdminServlet extends AdminServlet {
Enumeration enum1 = req.getParameterNames();
boolean restart = false;
- //mCA.setMaxSerial("");
+ // mCA.setMaxSerial("");
while (enum1.hasMoreElements()) {
String key = (String) enum1.nextElement();
String value = req.getParameter(key);
@@ -1541,15 +1498,11 @@ public class CAAdminServlet extends AdminServlet {
if (key.equals(Constants.PR_EE_ENABLED)) {
/*
- if (eeConfig != null) {
- if (((EEGateway)eeGateway).isEnabled() &&
- value.equals("false") ||
- !((EEGateway)eeGateway).isEnabled() &&
- value.equals("true")) {
- restart=true;;
- }
- eeConfig.putString("enabled", value);
- }
+ * if (eeConfig != null) { if
+ * (((EEGateway)eeGateway).isEnabled() && value.equals("false")
+ * || !((EEGateway)eeGateway).isEnabled() &&
+ * value.equals("true")) { restart=true;; }
+ * eeConfig.putString("enabled", value); }
*/
} else if (key.equals(Constants.PR_VALIDITY)) {
mCA.setValidity(value);
@@ -1570,23 +1523,21 @@ public class CAAdminServlet extends AdminServlet {
}
/**
- * Retrieves configuration parameters of certificate
- * authority.
+ * Retrieves configuration parameters of certificate authority.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
// validate
super.getConfig(mCA.getConfigStore(), req, resp);
}
/**
- * Sets configuration parameters of certificate
- * authority.
+ * Sets configuration parameters of certificate authority.
*/
- private synchronized void setConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void setConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
super.setConfig(mCA.getConfigStore(), req, resp);
// XXX - commit changes
}
@@ -1594,19 +1545,18 @@ public class CAAdminServlet extends AdminServlet {
/**
* Lists configuration store parameters.
*/
- private synchronized void listConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
super.listConfig(mCA.getConfigStore(), req, resp);
}
/**
- * Locks a request so that no one can modify it except
- * owner.
+ * Locks a request so that no one can modify it except owner.
*/
- private synchronized void lockRequest(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void lockRequest(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
// XXX
@@ -1614,12 +1564,11 @@ public class CAAdminServlet extends AdminServlet {
}
/**
- * Locks certificate record so that no one can
- * modify it except owner.
+ * Locks certificate record so that no one can modify it except owner.
*/
- private synchronized void lockCertRecord(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void lockCertRecord(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
sendResponse(SUCCESS, null, params, resp);
@@ -1628,9 +1577,9 @@ public class CAAdminServlet extends AdminServlet {
/**
* Modifies a cert record.
*/
- private synchronized void modifyCertRecord(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void modifyCertRecord(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
// XXX
@@ -1640,7 +1589,7 @@ public class CAAdminServlet extends AdminServlet {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, "CAAdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level,
+ "CAAdminServlet: " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index f57d12e2..ba8aa448 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
@@ -83,11 +82,10 @@ import com.netscape.cmsutil.util.Cert;
import com.netscape.symkey.SessionKey;
/**
- * A class representings an administration servlet. This
- * servlet is responsible to serve Certificate Server
- * level administrative operations such as configuration
- * parameter updates.
- *
+ * A class representings an administration servlet. This servlet is responsible
+ * to serve Certificate Server level administrative operations such as
+ * configuration parameter updates.
+ *
* @version $Revision$, $Date$
*/
public final class CMSAdminServlet extends AdminServlet {
@@ -108,16 +106,11 @@ public final class CMSAdminServlet extends AdminServlet {
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
private final static byte EOL[] = { Character.LINE_SEPARATOR };
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION =
- "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY =
- "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
- private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC =
- "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
- private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION =
- "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
- private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION =
- "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
+ private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
+ private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
+ private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
// CMS must be instantiated before this admin servlet.
@@ -146,13 +139,13 @@ public final class CMSAdminServlet extends AdminServlet {
* Serves HTTP request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
try {
super.authenticate(req);
} catch (IOException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp);
return;
}
@@ -164,9 +157,8 @@ public final class CMSAdminServlet extends AdminServlet {
if (scope.equals(ScopeDef.SC_PLATFORM)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
getEnv(req, resp);
@@ -175,9 +167,8 @@ public final class CMSAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP))
@@ -199,14 +190,13 @@ public final class CMSAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP))
setDBConfig(req, resp);
- else if (scope.equals(ScopeDef.SC_SMTP))
+ else if (scope.equals(ScopeDef.SC_SMTP))
modifySMTPConfig(req, resp);
else if (scope.equals(ScopeDef.SC_TASKS))
performTasks(req, resp);
@@ -214,9 +204,9 @@ public final class CMSAdminServlet extends AdminServlet {
modifyEncryption(req, resp);
else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT))
issueImportCert(req, resp);
- else if (scope.equals(ScopeDef.SC_INSTALL_CERT))
+ else if (scope.equals(ScopeDef.SC_INSTALL_CERT))
installCert(req, resp);
- else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT))
+ else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT))
importXCert(req, resp);
else if (scope.equals(ScopeDef.SC_DELETE_CERTS))
deleteCerts(req, resp);
@@ -229,9 +219,8 @@ public final class CMSAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_SUBSYSTEM))
@@ -240,33 +229,31 @@ public final class CMSAdminServlet extends AdminServlet {
getCACerts(req, resp);
else if (scope.equals(ScopeDef.SC_ALL_CERTLIST))
getAllCertsManage(req, resp);
- else if (scope.equals(ScopeDef.SC_USERCERTSLIST))
+ else if (scope.equals(ScopeDef.SC_USERCERTSLIST))
getUserCerts(req, resp);
- else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
+ else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
getTKSKeys(req, resp);
- else if (scope.equals(ScopeDef.SC_TOKEN))
+ else if (scope.equals(ScopeDef.SC_TOKEN))
getAllTokenNames(req, resp);
else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST))
getRootCerts(req, resp);
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "delete";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) {
deleteRootCert(req, resp);
} else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) {
- deleteUserCert(req,resp);
+ deleteUserCert(req, resp);
}
} else if (op.equals(OpDef.OP_PROCESS)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_CERT_REQUEST))
@@ -283,14 +270,13 @@ public final class CMSAdminServlet extends AdminServlet {
checkTokenStatus(req, resp);
else if (scope.equals(ScopeDef.SC_SELFTESTS))
runSelfTestsOnDemand(req, resp);
- else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
+ else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
createMasterKey(req, resp);
} else if (op.equals(OpDef.OP_VALIDATE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_SUBJECT_NAME))
@@ -303,8 +289,7 @@ public final class CMSAdminServlet extends AdminServlet {
validateCurveName(req, resp);
}
} catch (EBaseException e) {
- sendResponse(ERROR, e.toString(getLocale(req)),
- null, resp);
+ sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
} catch (Exception e) {
StringWriter sw = new StringWriter();
@@ -316,25 +301,24 @@ public final class CMSAdminServlet extends AdminServlet {
}
}
- private void getEnv(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getEnv(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
if (File.separator.equals("\\"))
params.add(Constants.PR_NT, Constants.TRUE);
else
params.add(Constants.PR_NT, Constants.FALSE);
-
+
sendResponse(SUCCESS, null, params, resp);
}
private void getAllTokenNames(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList());
@@ -343,15 +327,15 @@ public final class CMSAdminServlet extends AdminServlet {
}
private void getAllNicknames(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts());
-
+
sendResponse(SUCCESS, null, params, resp);
}
@@ -362,27 +346,26 @@ public final class CMSAdminServlet extends AdminServlet {
String type = "";
ISubsystem sys = (ISubsystem) e.nextElement();
- //get subsystem type
- if ((sys instanceof IKeyRecoveryAuthority) &&
- subsystem.equals("kra"))
+ // get subsystem type
+ if ((sys instanceof IKeyRecoveryAuthority)
+ && subsystem.equals("kra"))
return true;
- else if ((sys instanceof IRegistrationAuthority) &&
- subsystem.equals("ra"))
+ else if ((sys instanceof IRegistrationAuthority)
+ && subsystem.equals("ra"))
return true;
- else if ((sys instanceof ICertificateAuthority) &&
- subsystem.equals("ca"))
+ else if ((sys instanceof ICertificateAuthority)
+ && subsystem.equals("ca"))
return true;
- else if ((sys instanceof IOCSPAuthority) &&
- subsystem.equals("ocsp"))
+ else if ((sys instanceof IOCSPAuthority)
+ && subsystem.equals("ocsp"))
return true;
}
return false;
}
- private void readEncryption(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void readEncryption(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
Enumeration e = CMS.getSubsystems();
boolean isCAInstalled = false;
@@ -395,7 +378,7 @@ public final class CMSAdminServlet extends AdminServlet {
String type = "";
ISubsystem sys = (ISubsystem) e.nextElement();
- //get subsystem type
+ // get subsystem type
if (sys instanceof IKeyRecoveryAuthority)
isKRAInstalled = true;
else if (sys instanceof IRegistrationAuthority)
@@ -406,19 +389,20 @@ public final class CMSAdminServlet extends AdminServlet {
isOCSPInstalled = true;
else if (sys instanceof ITKSAuthority)
isTKSInstalled = true;
-
- }
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ }
+
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String caTokenName = "";
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_CIPHER_VERSION,
- jssSubSystem.getCipherVersion());
- params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza());
- params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences());
+ params.add(Constants.PR_CIPHER_VERSION, jssSubSystem.getCipherVersion());
+ params.add(Constants.PR_CIPHER_FORTEZZA,
+ jssSubSystem.isCipherFortezza());
+ params.add(Constants.PR_CIPHER_PREF,
+ jssSubSystem.getCipherPreferences());
String tokenList = jssSubSystem.getTokenList();
@@ -428,7 +412,7 @@ public final class CMSAdminServlet extends AdminServlet {
while (tokenizer.hasMoreElements()) {
String tokenName = (String) tokenizer.nextElement();
String certs = jssSubSystem.getCertListWithoutTokenName(tokenName);
-
+
if (certs.equals(""))
continue;
if (tokenNewList.equals(""))
@@ -442,7 +426,8 @@ public final class CMSAdminServlet extends AdminServlet {
params.add(Constants.PR_TOKEN_LIST, tokenNewList);
if (isCAInstalled) {
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
caTokenName = signingUnit.getTokenName();
@@ -452,31 +437,31 @@ public final class CMSAdminServlet extends AdminServlet {
String caNickName = signingUnit.getNickname();
- //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName);
+ // params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName);
params.add(Constants.PR_CERT_CA, getCertNickname(caNickName));
}
if (isRAInstalled) {
- IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
String raNickname = ra.getNickname();
params.add(Constants.PR_CERT_RA, getCertNickname(raNickname));
}
if (isKRAInstalled) {
- IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
String kraNickname = kra.getNickname();
params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname));
}
if (isTKSInstalled) {
- ITKSAuthority tks = (ITKSAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
+ ITKSAuthority tks = (ITKSAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_TKS);
}
String nickName = CMS.getServerCertNickname();
-
+
params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName));
sendResponse(SUCCESS, null, params, resp);
@@ -518,18 +503,19 @@ public final class CMSAdminServlet extends AdminServlet {
/**
* Modify encryption configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when
* configuring encryption (cert settings and SSL cipher preferences)
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to modify encryption configuration
*/
private void modifyEncryption(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -539,8 +525,8 @@ public final class CMSAdminServlet extends AdminServlet {
try {
Enumeration enum1 = req.getParameterNames();
NameValuePairs params = new NameValuePairs();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.getInternalTokenName();
Enumeration e = CMS.getSubsystems();
@@ -554,7 +540,7 @@ public final class CMSAdminServlet extends AdminServlet {
String type = "";
ISubsystem sys = (ISubsystem) e.nextElement();
- //get subsystem type
+ // get subsystem type
if (sys instanceof IKeyRecoveryAuthority)
isKRAInstalled = true;
else if (sys instanceof IRegistrationAuthority)
@@ -563,21 +549,23 @@ public final class CMSAdminServlet extends AdminServlet {
isCAInstalled = true;
else if (sys instanceof IOCSPAuthority)
isOCSPInstalled = true;
- else if (sys instanceof ITKSAuthority)
+ else if (sys instanceof ITKSAuthority)
isTKSInstalled = true;
}
- ICertificateAuthority ca = null;
+ ICertificateAuthority ca = null;
IRegistrationAuthority ra = null;
IKeyRecoveryAuthority kra = null;
- ITKSAuthority tks = null;
+ ITKSAuthority tks = null;
if (isCAInstalled)
ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
if (isRAInstalled)
- ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
if (isKRAInstalled)
- kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
if (isTKSInstalled)
tks = (ITKSAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
@@ -593,19 +581,20 @@ public final class CMSAdminServlet extends AdminServlet {
ISigningUnit signingUnit = ca.getSigningUnit();
if ((val != null) && (!val.equals(""))) {
- StringTokenizer tokenizer = new StringTokenizer(val, ",");
+ StringTokenizer tokenizer = new StringTokenizer(val,
+ ",");
if (tokenizer.countTokens() != 2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- throw new EBaseException(CMS.getLogMessage("BASE_INVALID_UI_INFO"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_UI_INFO"));
}
String tokenName = (String) tokenizer.nextElement();
@@ -623,14 +612,14 @@ public final class CMSAdminServlet extends AdminServlet {
} else
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- throw new EBaseException(CMS.getLogMessage("BASE_NOT_CA_CERT"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_NOT_CA_CERT"));
}
} else if (name.equals(Constants.PR_CERT_RA)) {
if ((val != null) && (!val.equals(""))) {
@@ -660,10 +649,8 @@ public final class CMSAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -672,10 +659,8 @@ public final class CMSAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -684,28 +669,26 @@ public final class CMSAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
private String getCertConfigNickname(String val) throws EBaseException {
@@ -727,9 +710,9 @@ public final class CMSAdminServlet extends AdminServlet {
CMS.setServerCertNickname(nickName);
/*
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- HTTPService httpsService = raAdmin.getHttpsService();
- httpsService.setNickName(nickName);
+ * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+ * HTTPService httpsService = raAdmin.getHttpsService();
+ * httpsService.setNickName(nickName);
*/
}
@@ -737,9 +720,9 @@ public final class CMSAdminServlet extends AdminServlet {
CMS.setServerCertNickname(nickName);
/*
- AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
- HTTPService httpsService = gateway.getHttpsService();
- httpsService.setNickName(nickName);
+ * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
+ * HTTPService httpsService = gateway.getHttpsService();
+ * httpsService.setNickName(nickName);
*/
}
@@ -747,9 +730,9 @@ public final class CMSAdminServlet extends AdminServlet {
CMS.setServerCertNickname(nickName);
/*
- HTTPSubsystem eeGateway = ra.getHTTPSubsystem();
- HTTPService httpsService = eeGateway.getHttpsService();
- httpsService.setNickName(nickName);
+ * HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); HTTPService
+ * httpsService = eeGateway.getHttpsService();
+ * httpsService.setNickName(nickName);
*/
}
@@ -757,31 +740,30 @@ public final class CMSAdminServlet extends AdminServlet {
CMS.setServerCertNickname(nickName);
/*
- HTTPSubsystem caGateway = ca.getHTTPSubsystem();
- HTTPService httpsService = caGateway.getHttpsService();
- httpsService.setNickName(nickName);
+ * HTTPSubsystem caGateway = ca.getHTTPSubsystem(); HTTPService
+ * httpsService = caGateway.getHttpsService();
+ * httpsService.setNickName(nickName);
*/
}
/**
* Performs Server Tasks: RESTART/STOP operation
*/
- private void performTasks(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void performTasks(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String restart = req.getParameter(Constants.PR_SERVER_RESTART);
String stop = req.getParameter(Constants.PR_SERVER_STOP);
NameValuePairs params = new NameValuePairs();
if (restart != null) {
- //XXX Uncommented afetr watchdog is implemented
+ // XXX Uncommented afetr watchdog is implemented
sendResponse(SUCCESS, null, params, resp);
- //mServer.restart();
+ // mServer.restart();
return;
}
if (stop != null) {
- //XXX Send response first then shutdown
+ // XXX Send response first then shutdown
sendResponse(SUCCESS, null, params, resp);
CMS.shutdown();
return;
@@ -794,9 +776,8 @@ public final class CMSAdminServlet extends AdminServlet {
/**
* Reads subsystems that server has loaded with.
*/
- private void readSubsystem(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void readSubsystem(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = CMS.getSubsystems();
StringBuffer buff = new StringBuffer();
@@ -805,7 +786,7 @@ public final class CMSAdminServlet extends AdminServlet {
String type = "";
ISubsystem sys = (ISubsystem) e.nextElement();
- //get subsystem type
+ // get subsystem type
if (sys instanceof IKeyRecoveryAuthority)
type = Constants.PR_KRA_INSTANCE;
if (sys instanceof IRegistrationAuthority)
@@ -814,7 +795,7 @@ public final class CMSAdminServlet extends AdminServlet {
type = Constants.PR_CA_INSTANCE;
if (sys instanceof IOCSPAuthority)
type = Constants.PR_OCSP_INSTANCE;
- if (sys instanceof ITKSAuthority)
+ if (sys instanceof ITKSAuthority)
type = Constants.PR_TKS_INSTANCE;
if (!type.trim().equals(""))
params.add(sys.getId(), type);
@@ -826,13 +807,13 @@ public final class CMSAdminServlet extends AdminServlet {
/**
* Reads server statistics.
*/
- private void readStat(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void readStat(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore cs = CMS.getConfigStore();
try {
- String installdate = cs.getString(Constants.PR_STAT_INSTALLDATE, "");
+ String installdate = cs
+ .getString(Constants.PR_STAT_INSTALLDATE, "");
params.add(Constants.PR_STAT_INSTALLDATE, installdate);
} catch (Exception e) {
}
@@ -850,9 +831,9 @@ public final class CMSAdminServlet extends AdminServlet {
}
params.add(Constants.PR_STAT_STARTUP,
- (new Date(CMS.getStartupTime())).toString());
+ (new Date(CMS.getStartupTime())).toString());
params.add(Constants.PR_STAT_TIME,
- (new Date(System.currentTimeMillis())).toString());
+ (new Date(System.currentTimeMillis())).toString());
sendResponse(SUCCESS, null, params, resp);
}
@@ -860,127 +841,105 @@ public final class CMSAdminServlet extends AdminServlet {
* Modifies network information.
*/
private void modifyNetworkConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
/*
- HTTPSubsystem eeGateway = (HTTPSubsystem)
- SubsystemRegistry.getInstance().get("eeGateway");
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID);
-
- Enumeration enum1 = req.getParameterNames();
-
- String eeHTTPportString = null;
- String eeHTTPSportString = null;
- String agentHTTPSportString = null;
- String radminHTTPSportString = null;
-
- String gatewayBacklog = "15";
-
- // eeHTTPEnabled corresponds to the checkbox which enables the
- // HTTP EE port
- String eeHTTPEnabled = Constants.FALSE;
-
- while (enum1.hasMoreElements()) {
- String key = (String)enum1.nextElement();
- String value = (String)req.getParameter(key);
-
- if (key.equals(Constants.PR_AGENT_S_BACKLOG)) {
- agent.setHTTPSBacklog(value);
- } else if (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) {
- eeGateway.setHTTPSBacklog(value);
- } else if (key.equals(Constants.PR_ADMIN_S_BACKLOG)) {
- raAdmin.setHTTPSBacklog(value);
- } else if (key.equals(Constants.PR_GATEWAY_BACKLOG)) {
- gatewayBacklog = value;
- } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) {
- eeHTTPEnabled = value;
- }
- }
-
-
- eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT);
- eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT);
- agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT);
- radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT);
-
-
- int eeHTTPport=0;
- int eeHTTPSport=0;
- int agentHTTPSport=0;
- int radminHTTPSport=0;
- if (eeHTTPportString != null) eeHTTPport = Integer.parseInt(eeHTTPportString);
- if (eeHTTPSportString != null) eeHTTPSport = Integer.parseInt(eeHTTPSportString);
- if (agentHTTPSportString != null) agentHTTPSport = Integer.parseInt(agentHTTPSportString);
- if (radminHTTPSportString != null) radminHTTPSport = Integer.parseInt(radminHTTPSportString);
-
-
- String portName="";
- int portnum;
- try {
-
- // EE HTTP is special, since it has it's own checkbox for enabling/disabling
- if (eeHTTPEnabled.equals(Constants.TRUE) &&
- eeHTTPport != 0 &&
- eeHTTPport != eeGateway.getHTTPPort())
- {
- portName = "End-entity";
- checkPortAvailable(eeHTTPport);
- }
-
- if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) {
- portName = "SSL End-entity";
- checkPortAvailable(eeHTTPSport);
- }
- if (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) {
- portName = "Agent";
- checkPortAvailable(agentHTTPSport);
- }
- if (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) {
- portName = "Remote Admin";
- checkPortAvailable(radminHTTPSport);
- }
-
- // If any of the above ports are not available, an exception
- // will be thrown and these methods below will not be called
-
- if (eeHTTPEnabled.equals(Constants.TRUE)) {
- eeGateway.setHTTPPort(eeHTTPport);
- }
- eeGateway.setHTTPSPort(eeHTTPSport);
- agent.setHTTPSPort(agentHTTPSport);
- raAdmin.setHTTPSPort(radminHTTPSport);
-
- } catch (IOException e) {
- // send 'port in use' error
- sendResponse(ERROR, portName+" "+e.getMessage(), null, resp);
- // we do not want to save the config in this case
- return;
- }
-
- eeGateway.setHTTPBacklog(gatewayBacklog);
- eeGateway.setHTTPPortEnable(eeHTTPEnabled);
-
- mConfig.commit(true);
- sendResponse(RESTART, null, null, resp);
- */
+ * HTTPSubsystem eeGateway = (HTTPSubsystem)
+ * SubsystemRegistry.getInstance().get("eeGateway"); RemoteAdmin raAdmin
+ * = (RemoteAdmin)RemoteAdmin.getInstance(); AgentGateway agent =
+ * (AgentGateway)mReg.get(AgentGateway.ID);
+ *
+ * Enumeration enum1 = req.getParameterNames();
+ *
+ * String eeHTTPportString = null; String eeHTTPSportString = null;
+ * String agentHTTPSportString = null; String radminHTTPSportString =
+ * null;
+ *
+ * String gatewayBacklog = "15";
+ *
+ * // eeHTTPEnabled corresponds to the checkbox which enables the //
+ * HTTP EE port String eeHTTPEnabled = Constants.FALSE;
+ *
+ * while (enum1.hasMoreElements()) { String key =
+ * (String)enum1.nextElement(); String value =
+ * (String)req.getParameter(key);
+ *
+ * if (key.equals(Constants.PR_AGENT_S_BACKLOG)) {
+ * agent.setHTTPSBacklog(value); } else if
+ * (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) {
+ * eeGateway.setHTTPSBacklog(value); } else if
+ * (key.equals(Constants.PR_ADMIN_S_BACKLOG)) {
+ * raAdmin.setHTTPSBacklog(value); } else if
+ * (key.equals(Constants.PR_GATEWAY_BACKLOG)) { gatewayBacklog = value;
+ * } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) {
+ * eeHTTPEnabled = value; } }
+ *
+ *
+ * eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT);
+ * eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT);
+ * agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT);
+ * radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT);
+ *
+ *
+ * int eeHTTPport=0; int eeHTTPSport=0; int agentHTTPSport=0; int
+ * radminHTTPSport=0; if (eeHTTPportString != null) eeHTTPport =
+ * Integer.parseInt(eeHTTPportString); if (eeHTTPSportString != null)
+ * eeHTTPSport = Integer.parseInt(eeHTTPSportString); if
+ * (agentHTTPSportString != null) agentHTTPSport =
+ * Integer.parseInt(agentHTTPSportString); if (radminHTTPSportString !=
+ * null) radminHTTPSport = Integer.parseInt(radminHTTPSportString);
+ *
+ *
+ * String portName=""; int portnum; try {
+ *
+ * // EE HTTP is special, since it has it's own checkbox for
+ * enabling/disabling if (eeHTTPEnabled.equals(Constants.TRUE) &&
+ * eeHTTPport != 0 && eeHTTPport != eeGateway.getHTTPPort()) { portName
+ * = "End-entity"; checkPortAvailable(eeHTTPport); }
+ *
+ * if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) {
+ * portName = "SSL End-entity"; checkPortAvailable(eeHTTPSport); } if
+ * (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) {
+ * portName = "Agent"; checkPortAvailable(agentHTTPSport); } if
+ * (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) {
+ * portName = "Remote Admin"; checkPortAvailable(radminHTTPSport); }
+ *
+ * // If any of the above ports are not available, an exception // will
+ * be thrown and these methods below will not be called
+ *
+ * if (eeHTTPEnabled.equals(Constants.TRUE)) {
+ * eeGateway.setHTTPPort(eeHTTPport); }
+ * eeGateway.setHTTPSPort(eeHTTPSport);
+ * agent.setHTTPSPort(agentHTTPSport);
+ * raAdmin.setHTTPSPort(radminHTTPSport);
+ *
+ * } catch (IOException e) { // send 'port in use' error
+ * sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); // we
+ * do not want to save the config in this case return; }
+ *
+ * eeGateway.setHTTPBacklog(gatewayBacklog);
+ * eeGateway.setHTTPPortEnable(eeHTTPEnabled);
+ *
+ * mConfig.commit(true); sendResponse(RESTART, null, null, resp);
+ */
}
/**
* Check if the port is available for binding.
+ *
* @throws IOException if not available
*/
- private void checkPortAvailable(int port)
- throws IOException {
+ private void checkPortAvailable(int port) throws IOException {
try {
// see if the port is being used by somebody else
ServerSocket ss = new ServerSocket(port);
ss.close();
} catch (Exception e) {
- throw new IOException("port " + port + " is in use. Please select another port");
+ throw new IOException("port " + port
+ + " is in use. Please select another port");
}
}
@@ -988,8 +947,8 @@ public final class CMSAdminServlet extends AdminServlet {
* Reads network information.
*/
private void readNetworkConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -1000,58 +959,52 @@ public final class CMSAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, params, resp);
}
- private void getEENetworkConfig(NameValuePairs params)
- throws EBaseException {
+ private void getEENetworkConfig(NameValuePairs params)
+ throws EBaseException {
/*
- HTTPSubsystem eeGateway =
- (HTTPSubsystem)mReg.get("eeGateway");
- if (eeGateway == null) {
- // i.e. standalone DRM
- params.add(Constants.PR_GATEWAY_S_PORT, "-1");
- params.add(Constants.PR_GATEWAY_PORT, "-1");
- params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1");
- params.add(Constants.PR_GATEWAY_BACKLOG,"-1");
- params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false");
- } else {
- params.add(Constants.PR_GATEWAY_S_PORT,
- ""+eeGateway.getHTTPSPort());
- params.add(Constants.PR_GATEWAY_PORT,
- ""+eeGateway.getHTTPPort());
- params.add(Constants.PR_GATEWAY_S_BACKLOG,
- ""+eeGateway.getHTTPBacklog());
- params.add(Constants.PR_GATEWAY_BACKLOG,
- ""+eeGateway.getHTTPSBacklog());
- params.add(Constants.PR_GATEWAY_PORT_ENABLED,
- eeGateway.getHTTPPortEnable());
- }
- */
+ * HTTPSubsystem eeGateway = (HTTPSubsystem)mReg.get("eeGateway"); if
+ * (eeGateway == null) { // i.e. standalone DRM
+ * params.add(Constants.PR_GATEWAY_S_PORT, "-1");
+ * params.add(Constants.PR_GATEWAY_PORT, "-1");
+ * params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1");
+ * params.add(Constants.PR_GATEWAY_BACKLOG,"-1");
+ * params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); } else {
+ * params.add(Constants.PR_GATEWAY_S_PORT, ""+eeGateway.getHTTPSPort());
+ * params.add(Constants.PR_GATEWAY_PORT, ""+eeGateway.getHTTPPort());
+ * params.add(Constants.PR_GATEWAY_S_BACKLOG,
+ * ""+eeGateway.getHTTPBacklog());
+ * params.add(Constants.PR_GATEWAY_BACKLOG,
+ * ""+eeGateway.getHTTPSBacklog());
+ * params.add(Constants.PR_GATEWAY_PORT_ENABLED,
+ * eeGateway.getHTTPPortEnable()); }
+ */
}
private void getAdminConfig(NameValuePairs params) throws EBaseException {
/*
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort());
- params.add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog());
+ * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+ * params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort());
+ * params
+ * .add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog());
*/
}
private void getAgentConfig(NameValuePairs params) throws EBaseException {
/*
- AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID);
- params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort());
- params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog());
+ * AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID);
+ * params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort());
+ * params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog());
*/
}
/**
* Modifies database information.
*/
- private void setDBConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void setDBConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB);
Enumeration enum1 = req.getParameterNames();
@@ -1065,56 +1018,53 @@ public final class CMSAdminServlet extends AdminServlet {
continue;
if (key.equals(Constants.OP_SCOPE))
continue;
-
- dbConfig.putString(key, req.getParameter(key));
+
+ dbConfig.putString(key, req.getParameter(key));
}
sendResponse(RESTART, null, null, resp);
mConfig.commit(true);
}
- /**
+
+ /**
* Create Master Key
*/
-private void createMasterKey(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void createMasterKey(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
- String newKeyName = null, selectedToken = null;
+ String newKeyName = null, selectedToken = null;
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- if (name.equals(Constants.PR_KEY_LIST))
- {
- newKeyName = req.getParameter(name);
- }
- if (name.equals(Constants.PR_TOKEN_LIST))
- {
- selectedToken = req.getParameter(name);
- }
-
+ if (name.equals(Constants.PR_KEY_LIST)) {
+ newKeyName = req.getParameter(name);
+ }
+ if (name.equals(Constants.PR_TOKEN_LIST)) {
+ selectedToken = req.getParameter(name);
+ }
}
- if(selectedToken!=null && newKeyName!=null)
- {
- String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName);
- CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
- String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
-
- SessionKey.SetDefaultPrefix(masterKeyPrefix);
- params.add(Constants.PR_KEY_LIST, newKeyName);
- params.add(Constants.PR_TOKEN_LIST, selectedToken);
- }
- sendResponse(SUCCESS, null, params, resp);
-}
+ if (selectedToken != null && newKeyName != null) {
+ String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName);
+ CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
+ String masterKeyPrefix = CMS.getConfigStore().getString(
+ "tks.master_key_prefix", null);
+
+ SessionKey.SetDefaultPrefix(masterKeyPrefix);
+ params.add(Constants.PR_KEY_LIST, newKeyName);
+ params.add(Constants.PR_TOKEN_LIST, selectedToken);
+ }
+ sendResponse(SUCCESS, null, params, resp);
+ }
- /**
+ /**
* Reads secmod.db
*/
- private void getTKSKeys(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getTKSKeys(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
@@ -1122,57 +1072,56 @@ private void createMasterKey(HttpServletRequest req,
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- if (name.equals(Constants.PR_TOKEN_LIST))
- {
- String selectedToken = req.getParameter(name);
-
- int count = 0;
- int keys_found = 0;
-
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
- CryptoToken token = null;
- CryptoManager mCryptoManager = null;
- try {
- mCryptoManager = CryptoManager.getInstance();
- } catch (Exception e2) {
- }
-
- if(!jssSubSystem.isTokenLoggedIn(selectedToken))
- {
- PasswordCallback cpcb = new ConsolePasswordCallback();
- while (true) {
+ if (name.equals(Constants.PR_TOKEN_LIST)) {
+ String selectedToken = req.getParameter(name);
+
+ int count = 0;
+ int keys_found = 0;
+
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+
+ CryptoToken token = null;
+ CryptoManager mCryptoManager = null;
+ try {
+ mCryptoManager = CryptoManager.getInstance();
+ } catch (Exception e2) {
+ }
+
+ if (!jssSubSystem.isTokenLoggedIn(selectedToken)) {
+ PasswordCallback cpcb = new ConsolePasswordCallback();
+ while (true) {
try {
- token = mCryptoManager.getTokenByName(selectedToken);
- token.login(cpcb);
+ token = mCryptoManager
+ .getTokenByName(selectedToken);
+ token.login(cpcb);
break;
} catch (Exception e3) {
- //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD"));
+ // log(ILogger.LL_FAILURE,
+ // CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD"));
continue;
}
- }
- }
- // String symKeys = new String("key1,key2");
- String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
- params.add(Constants.PR_TOKEN_LIST, symKeys);
+ }
+ }
+ // String symKeys = new String("key1,key2");
+ String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
+ params.add(Constants.PR_TOKEN_LIST, symKeys);
- }
+ }
}
sendResponse(SUCCESS, null, params, resp);
}
-
-
+
/**
* Reads database information.
*/
- private void getDBConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getDBConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
IConfigStore dbConfig = mConfig.getSubStore(PROP_DB);
IConfigStore ldapConfig = dbConfig.getSubStore("ldap");
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
-
+
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
@@ -1184,7 +1133,7 @@ private void createMasterKey(HttpServletRequest req,
continue;
if (name.equals(Constants.PR_SECURE_PORT_ENABLED))
params.add(name, ldapConfig.getString(name, "Constants.FALSE"));
- else
+ else
params.add(name, ldapConfig.getString(name, ""));
}
sendResponse(SUCCESS, null, params, resp);
@@ -1194,8 +1143,8 @@ private void createMasterKey(HttpServletRequest req,
* Modifies SMTP configuration.
*/
private void modifySMTPConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
// XXX
IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP);
@@ -1208,7 +1157,7 @@ private void createMasterKey(HttpServletRequest req,
if (port != null)
sConfig.putString("port", port);
-
+
commit(true);
sendResponse(SUCCESS, null, null, resp);
@@ -1217,22 +1166,18 @@ private void createMasterKey(HttpServletRequest req,
/**
* Reads SMTP configuration.
*/
- private void readSMTPConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void readSMTPConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP);
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_SERVER_NAME,
- dbConfig.getString("host"));
- params.add(Constants.PR_PORT,
- dbConfig.getString("port"));
+ params.add(Constants.PR_SERVER_NAME, dbConfig.getString("host"));
+ params.add(Constants.PR_PORT, dbConfig.getString("port"));
sendResponse(SUCCESS, null, params, resp);
}
- private void loggedInToken(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void loggedInToken(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
Enumeration enum1 = req.getParameterNames();
String tokenName = "";
String pwd = "";
@@ -1248,8 +1193,8 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.loggedInToken(tokenName, pwd);
@@ -1259,8 +1204,8 @@ private void createMasterKey(HttpServletRequest req,
}
private void checkTokenStatus(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
String key = "";
String value = "";
@@ -1273,8 +1218,8 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
boolean status = jssSubSystem.isTokenLoggedIn(value);
NameValuePairs params = new NameValuePairs();
@@ -1287,18 +1232,18 @@ private void createMasterKey(HttpServletRequest req,
/**
* Retrieve a certificate request
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when
* asymmetric keys are generated
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to retrieve certificate request
*/
- private void getCertRequest(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getCertRequest(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditPublicKey = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -1346,11 +1291,11 @@ private void createMasterKey(HttpServletRequest req,
}
}
- pathname = mConfig.getString("instanceRoot", "")
- + File.separator + "conf" + File.separator;
+ pathname = mConfig.getString("instanceRoot", "") + File.separator
+ + "conf" + File.separator;
dir = pathname;
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
KeyPair keypair = null;
PQGParams pqgParams = null;
@@ -1376,10 +1321,8 @@ private void createMasterKey(HttpServletRequest req,
if (nickname.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- auditSubjectID,
- ILogger.FAILURE,
- auditPublicKey);
+ LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
+ auditSubjectID, ILogger.FAILURE, auditPublicKey);
audit(auditMessage);
@@ -1390,11 +1333,13 @@ private void createMasterKey(HttpServletRequest req,
} else {
if (keyType.equals("ECC")) {
// get ECC keypair
- keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType);
- } else { //DSA or RSA
+ keypair = jssSubSystem.getECCKeyPair(tokenName,
+ keyCurveName, certType);
+ } else { // DSA or RSA
if (keyType.equals("DSA"))
- pqgParams = jssSubSystem.getPQG(keyLength);
- keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams);
+ pqgParams = jssSubSystem.getPQG(keyLength);
+ keypair = jssSubSystem.getKeyPair(tokenName, keyType,
+ keyLength, pqgParams);
}
}
@@ -1439,10 +1384,8 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- auditSubjectID,
- ILogger.SUCCESS,
- auditPublicKey);
+ LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID,
+ ILogger.SUCCESS, auditPublicKey);
audit(auditMessage);
@@ -1451,10 +1394,8 @@ private void createMasterKey(HttpServletRequest req,
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- auditSubjectID,
- ILogger.FAILURE,
- auditPublicKey);
+ LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID,
+ ILogger.FAILURE, auditPublicKey);
audit(auditMessage);
@@ -1463,34 +1404,32 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- auditSubjectID,
- ILogger.FAILURE,
- auditPublicKey);
+ LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID,
+ ILogger.FAILURE, auditPublicKey);
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditPublicKey );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
- }
-
- private void setCANewnickname(String tokenName, String nickname)
- throws EBaseException {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditPublicKey );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
+ }
+
+ private void setCANewnickname(String tokenName, String nickname)
+ throws EBaseException {
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1504,17 +1443,17 @@ private void createMasterKey(HttpServletRequest req,
}
private String getCANewnickname() throws EBaseException {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
- return signingUnit.getNewNickName();
+ return signingUnit.getNewNickName();
}
private void setRANewnickname(String tokenName, String nickname)
- throws EBaseException {
- IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ throws EBaseException {
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
ra.setNewNickName(nickname);
@@ -1527,15 +1466,16 @@ private void createMasterKey(HttpServletRequest req,
}
private String getRANewnickname() throws EBaseException {
- IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
return ra.getNewNickName();
}
private void setOCSPNewnickname(String tokenName, String nickname)
- throws EBaseException {
- IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ throws EBaseException {
+ IOCSPAuthority ocsp = (IOCSPAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp != null) {
ISigningUnit signingUnit = ocsp.getSigningUnit();
@@ -1549,8 +1489,8 @@ private void createMasterKey(HttpServletRequest req,
signingUnit.setNewNickName(tokenName + ":" + nickname);
}
} else {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1565,25 +1505,26 @@ private void createMasterKey(HttpServletRequest req,
}
private String getOCSPNewnickname() throws EBaseException {
- IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ IOCSPAuthority ocsp = (IOCSPAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp != null) {
ISigningUnit signingUnit = ocsp.getSigningUnit();
- return signingUnit.getNewNickName();
+ return signingUnit.getNewNickName();
} else {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
- return signingUnit.getNewNickName();
+ return signingUnit.getNewNickName();
}
}
- private void setKRANewnickname(String tokenName, String nickname)
- throws EBaseException {
- IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ private void setKRANewnickname(String tokenName, String nickname)
+ throws EBaseException {
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
kra.setNewNickName(nickname);
@@ -1596,87 +1537,81 @@ private void createMasterKey(HttpServletRequest req,
}
private String getKRANewnickname() throws EBaseException {
- IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
return kra.getNewNickName();
}
- private void setRADMNewnickname(String tokenName, String nickName)
- throws EBaseException {
+ private void setRADMNewnickname(String tokenName, String nickName)
+ throws EBaseException {
CMS.setServerCertNickname(tokenName, nickName);
/*
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- HTTPService httpsService = raAdmin.getHttpsService();
- if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
- httpsService.setNewNickName(nickName);
- else {
- if (tokenName.equals("") && nickName.equals(""))
- httpsService.setNewNickName("");
- else
- httpsService.setNewNickName(tokenName+":"+nickName);
- }
+ * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+ * HTTPService httpsService = raAdmin.getHttpsService(); if
+ * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
+ * httpsService.setNewNickName(nickName); else { if
+ * (tokenName.equals("") && nickName.equals(""))
+ * httpsService.setNewNickName(""); else
+ * httpsService.setNewNickName(tokenName+":"+nickName); }
*/
}
- private String getRADMNewnickname()
- throws EBaseException {
+ private String getRADMNewnickname() throws EBaseException {
// assuming the nickname does not change.
return CMS.getServerCertNickname();
/*
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- HTTPService httpsService = raAdmin.getHttpsService();
- return httpsService.getNewNickName();
+ * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+ * HTTPService httpsService = raAdmin.getHttpsService(); return
+ * httpsService.getNewNickName();
*/
}
private void setAgentNewnickname(String tokenName, String nickName)
- throws EBaseException {
+ throws EBaseException {
CMS.setServerCertNickname(tokenName, nickName);
/*
- AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
- HTTPService httpsService = gateway.getHttpsService();
- if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
- httpsService.setNewNickName(nickName);
- else {
- if (tokenName.equals("") && nickName.equals(""))
- httpsService.setNewNickName("");
- else
- httpsService.setNewNickName(tokenName+":"+nickName);
- }
+ * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
+ * HTTPService httpsService = gateway.getHttpsService(); if
+ * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
+ * httpsService.setNewNickName(nickName); else { if
+ * (tokenName.equals("") && nickName.equals(""))
+ * httpsService.setNewNickName(""); else
+ * httpsService.setNewNickName(tokenName+":"+nickName); }
*/
}
- private String getAgentNewnickname()
- throws EBaseException {
+ private String getAgentNewnickname() throws EBaseException {
// assuming the nickname does not change.
return CMS.getServerCertNickname();
/*
- AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
- HTTPService httpsService = gateway.getHttpsService();
- return httpsService.getNewNickName();
+ * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
+ * HTTPService httpsService = gateway.getHttpsService(); return
+ * httpsService.getNewNickName();
*/
}
/**
* Issue import certificate
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Certificate Setup Wizard" is used to import CA certs into the
+ * "Certificate Setup Wizard" is used to import CA certs into the
* certificate database
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to issue an import certificate
*/
private void issueImportCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1700,9 +1635,9 @@ private void createMasterKey(HttpServletRequest req,
String key = (String) enum1.nextElement();
String value = req.getParameter(key);
- if (key.equals("pathname")) {
+ if (key.equals("pathname")) {
configPath = mConfig.getString("instanceRoot", "")
- + File.separator + "conf" + File.separator;
+ + File.separator + "conf" + File.separator;
pathname = configPath + value;
} else {
if (key.equals(Constants.PR_TOKEN_NAME))
@@ -1713,17 +1648,17 @@ private void createMasterKey(HttpServletRequest req,
String certType = (String) properties.get(Constants.RS_ID);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
- IDBSubsystem dbs = (IDBSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_DBS);
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
- ICertificateRepository repository =
- (ICertificateRepository) ca.getCertificateRepository();
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ IDBSubsystem dbs = (IDBSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_DBS);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateRepository repository = (ICertificateRepository) ca
+ .getCertificateRepository();
ISigningUnit signingUnit = ca.getSigningUnit();
String oldtokenname = null;
- //this is the old nick name
+ // this is the old nick name
String nickname = getNickname(certType);
String nicknameWithoutTokenName = "";
String oldcatokenname = signingUnit.getTokenName();
@@ -1741,15 +1676,13 @@ private void createMasterKey(HttpServletRequest req,
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new
- EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
if (newtokenname == null)
@@ -1762,39 +1695,34 @@ private void createMasterKey(HttpServletRequest req,
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new
- EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
- //xxx renew ca ,use old issuer?
- properties.setIssuerName(
- jssSubSystem.getCertSubjectName(oldcatokenname,
- canicknameWithoutTokenName));
+ // xxx renew ca ,use old issuer?
+ properties.setIssuerName(jssSubSystem.getCertSubjectName(
+ oldcatokenname, canicknameWithoutTokenName));
KeyPair pair = null;
if (nickname.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new
- EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
- //xxx set to old nickname?
+ // xxx set to old nickname?
properties.setCertNickname(nickname);
if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) {
CertificateExtensions exts = jssSubSystem.getExtensions(
@@ -1815,25 +1743,25 @@ private void createMasterKey(HttpServletRequest req,
defaultOCSPSigningAlg = properties.getHashType();
}
}
-
+
// create a new CA certificate or ssl server cert
- if (properties.getKeyCurveName() != null) { //new ECC
+ if (properties.getKeyCurveName() != null) { // new ECC
CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys");
pair = jssSubSystem.getECCKeyPair(properties);
- if (certType.equals(Constants.PR_CA_SIGNING_CERT))
+ if (certType.equals(Constants.PR_CA_SIGNING_CERT))
caKeyPair = pair;
- } else if (properties.getKeyLength() != null) { //new RSA or DSA
+ } else if (properties.getKeyLength() != null) { // new RSA or DSA
keyType = properties.getKeyType();
String keyLen = properties.getKeyLength();
PQGParams pqgParams = null;
if (keyType.equals("DSA")) {
pqgParams = jssSubSystem.getCAPQG(Integer.parseInt(keyLen),
- mConfig);
- //properties.put(Constants.PR_PQGPARAMS, pqgParams);
+ mConfig);
+ // properties.put(Constants.PR_PQGPARAMS, pqgParams);
}
pair = jssSubSystem.getKeyPair(properties);
- if (certType.equals(Constants.PR_CA_SIGNING_CERT))
+ if (certType.equals(Constants.PR_CA_SIGNING_CERT))
caKeyPair = pair;
// renew the CA certificate or ssl server cert
} else {
@@ -1846,11 +1774,12 @@ private void createMasterKey(HttpServletRequest req,
}
/*
- String alg = jssSubSystem.getSignatureAlgorithm(nickname);
- SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg);
- properties.setSignatureAlgorithm(sigAlg);
- properties.setAlgorithmId(
- jssSubSystem.getAlgorithmId(alg, mConfig));
+ * String alg = jssSubSystem.getSignatureAlgorithm(nickname);
+ * SignatureAlgorithm sigAlg =
+ * SigningUnit.mapAlgorithmToJss(alg);
+ * properties.setSignatureAlgorithm(sigAlg);
+ * properties.setAlgorithmId( jssSubSystem.getAlgorithmId(alg,
+ * mConfig));
*/
}
@@ -1863,10 +1792,11 @@ private void createMasterKey(HttpServletRequest req,
// value provided for signedBy
SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg);
properties.setSignatureAlgorithm(sigAlg);
- properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig));
+ properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg,
+ mConfig));
}
- if (pair == null)
+ if (pair == null)
CMS.debug("CMSAdminServlet: issueImportCert: key pair is null");
BigInteger nextSerialNo = repository.getNextSerialNumber();
@@ -1874,42 +1804,40 @@ private void createMasterKey(HttpServletRequest req,
properties.setSerialNumber(nextSerialNo);
properties.setKeyPair(pair);
properties.setConfigFile(mConfig);
- // properties.put(Constants.PR_CA_KEYPAIR, pair);
+ // properties.put(Constants.PR_CA_KEYPAIR, pair);
properties.put(Constants.PR_CA_KEYPAIR, caKeyPair);
- X509CertImpl signedCert =
- jssSubSystem.getSignedCert(properties, certType,
- caKeyPair.getPrivate());
+ X509CertImpl signedCert = jssSubSystem.getSignedCert(properties,
+ certType, caKeyPair.getPrivate());
- if (signedCert == null)
- CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null");
+ if (signedCert == null)
+ CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null");
- /* bug 600124
- try {
- jssSubSystem.deleteTokenCertificate(nickname, pathname);
- } catch (Throwable e) {
- //skip it
- }
+ /*
+ * bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname,
+ * pathname); } catch (Throwable e) { //skip it }
*/
boolean nicknameChanged = false;
- //xxx import cert with nickname without token name?
- //jss adds the token prefix!!!
- //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName);
+ // xxx import cert with nickname without token name?
+ // jss adds the token prefix!!!
+ // log(ILogger.LL_DEBUG,"import as alias"+
+ // nicknameWithoutTokenName);
try {
- CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName);
+ CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: "
+ + nicknameWithoutTokenName);
jssSubSystem.importCert(signedCert, nicknameWithoutTokenName,
- certType);
+ certType);
} catch (EBaseException e) {
// if it fails, let use a different nickname to try
- Date now = new Date();
- String newNickname = nicknameWithoutTokenName
- + "-" + now.getTime();
+ Date now = new Date();
+ String newNickname = nicknameWithoutTokenName + "-"
+ + now.getTime();
- CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + newNickname);
- jssSubSystem.importCert(signedCert, newNickname,
- certType);
+ CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: "
+ + newNickname);
+ jssSubSystem.importCert(signedCert, newNickname, certType);
nicknameWithoutTokenName = newNickname;
nicknameChanged = true;
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
@@ -1920,28 +1848,26 @@ private void createMasterKey(HttpServletRequest req,
}
ICertRecord certRecord = repository.createCertRecord(
- signedCert.getSerialNumber(),
- signedCert, null);
+ signedCert.getSerialNumber(), signedCert, null);
repository.addCertificateRecord(certRecord);
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
try {
- X509CertInfo certInfo = (X509CertInfo) signedCert.get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ X509CertInfo certInfo = (X509CertInfo) signedCert
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
if (extensions != null) {
- BasicConstraintsExtension basic =
- (BasicConstraintsExtension)
- extensions.get(BasicConstraintsExtension.NAME);
+ BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions
+ .get(BasicConstraintsExtension.NAME);
if (basic == null)
log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
else {
- Integer pathlen = (Integer)
- basic.get(BasicConstraintsExtension.PATH_LEN);
+ Integer pathlen = (Integer) basic
+ .get(BasicConstraintsExtension.PATH_LEN);
int num = pathlen.intValue();
if (num == 0)
@@ -1958,34 +1884,32 @@ private void createMasterKey(HttpServletRequest req,
}
}
- CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
+ CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
+ " newtoken:" + newtokenname + " nickname:" + nickname);
- if ((newtokenname != null &&
- !newtokenname.equals(oldtokenname)) || nicknameChanged) {
+ if ((newtokenname != null && !newtokenname.equals(oldtokenname))
+ || nicknameChanged) {
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
signingUnit.updateConfig(nicknameWithoutTokenName,
- newtokenname);
+ newtokenname);
} else {
- signingUnit.updateConfig(newtokenname + ":" +
- nicknameWithoutTokenName,
- newtokenname);
+ signingUnit.updateConfig(newtokenname + ":"
+ + nicknameWithoutTokenName, newtokenname);
}
- } else if (certType.equals(Constants.PR_SERVER_CERT)) {
+ } else if (certType.equals(Constants.PR_SERVER_CERT)) {
if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
nickname = nicknameWithoutTokenName;
} else {
nickname = newtokenname + ":"
- + nicknameWithoutTokenName;
+ + nicknameWithoutTokenName;
}
- //setRADMNewnickname("","");
- //modifyRADMCert(nickname);
+ // setRADMNewnickname("","");
+ // modifyRADMCert(nickname);
modifyAgentGatewayCert(nickname);
if (isSubsystemInstalled("ra")) {
- IRegistrationAuthority ra =
- (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
modifyEEGatewayCert(ra, nickname);
}
@@ -1997,28 +1921,28 @@ private void createMasterKey(HttpServletRequest req,
nickname = nicknameWithoutTokenName;
} else {
nickname = newtokenname + ":"
- + nicknameWithoutTokenName;
+ + nicknameWithoutTokenName;
}
modifyRADMCert(nickname);
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
- if (ca != null) {
+ if (ca != null) {
ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit();
- if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
+ if (newtokenname
+ .equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
ocspSigningUnit.updateConfig(
- nicknameWithoutTokenName, newtokenname);
+ nicknameWithoutTokenName, newtokenname);
} else {
- ocspSigningUnit.updateConfig(newtokenname + ":" +
- nicknameWithoutTokenName,
- newtokenname);
+ ocspSigningUnit.updateConfig(newtokenname + ":"
+ + nicknameWithoutTokenName, newtokenname);
}
}
}
}
-
+
// set signing algorithms if needed
- if (certType.equals(Constants.PR_CA_SIGNING_CERT))
+ if (certType.equals(Constants.PR_CA_SIGNING_CERT))
signingUnit.setDefaultAlgorithm(defaultSigningAlg);
if (defaultOCSPSigningAlg != null) {
@@ -2031,54 +1955,50 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
mConfig.commit(true);
sendResponse(SUCCESS, null, null, resp);
} catch (EBaseException eAudit1) {
- CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + eAudit1.toString());
+ CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: "
+ + eAudit1.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
} catch (IOException eAudit2) {
- CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + eAudit2.toString());
+ CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: "
+ + eAudit2.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
private String getDefaultSigningAlg(String keyType, String messageDigest) {
@@ -2087,7 +2007,7 @@ private void createMasterKey(HttpServletRequest req,
return "MD2withRSA";
} else if (messageDigest.equals("MD5")) {
return "MD5withRSA";
- } else if (messageDigest.equals("SHA1")) {
+ } else if (messageDigest.equals("SHA1")) {
return "SHA1withRSA";
} else if (messageDigest.equals("SHA256")) {
return "SHA256withRSA";
@@ -2098,7 +2018,7 @@ private void createMasterKey(HttpServletRequest req,
if (messageDigest.equals("SHA1")) {
return "SHA1withDSA";
}
- } else /* EC */ {
+ } else /* EC */{
if (messageDigest.equals("SHA1")) {
return "SHA1withEC";
} else if (messageDigest.equals("SHA256")) {
@@ -2112,32 +2032,31 @@ private void createMasterKey(HttpServletRequest req,
return null;
}
- private void updateCASignature(String nickname, KeyCertData properties,
- ICryptoSubsystem jssSubSystem) throws EBaseException {
+ private void updateCASignature(String nickname, KeyCertData properties,
+ ICryptoSubsystem jssSubSystem) throws EBaseException {
String alg = jssSubSystem.getSignatureAlgorithm(nickname);
SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg);
properties.setSignatureAlgorithm(sigAlg);
- properties.setAlgorithmId(
- jssSubSystem.getAlgorithmId(alg, mConfig));
+ properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig));
}
/**
* Install certificates
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Certificate Setup Wizard" is used to import CA certs into the
+ * "Certificate Setup Wizard" is used to import CA certs into the
* certificate database
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to install a certificate
*/
- private void installCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void installCert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2158,31 +2077,30 @@ private void createMasterKey(HttpServletRequest req,
String key = (String) enum1.nextElement();
String value = req.getParameter(key);
- if (key.equals(Constants.PR_PKCS10))
+ if (key.equals(Constants.PR_PKCS10))
pkcs = value;
else if (key.equals(Constants.RS_ID))
certType = value;
else if (key.equals(Constants.PR_NICKNAME))
nickname = value;
- else if (key.equals("pathname"))
+ else if (key.equals("pathname"))
pathname = value;
else if (key.equals(Constants.PR_SERVER_ROOT))
serverRoot = value;
- else if (key.equals(Constants.PR_SERVER_ID))
+ else if (key.equals(Constants.PR_SERVER_ID))
serverID = value;
- else if (key.equals(Constants.PR_CERT_FILEPATH))
+ else if (key.equals(Constants.PR_CERT_FILEPATH))
certpath = value;
}
-
+
try {
if (pkcs == null || pkcs.equals("")) {
if (certpath == null || certpath.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
@@ -2192,8 +2110,8 @@ private void createMasterKey(HttpServletRequest req,
throw ex;
} else {
FileInputStream in = new FileInputStream(certpath);
- BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ BufferedReader d = new BufferedReader(
+ new InputStreamReader(in));
String content = "";
pkcs = "";
@@ -2213,24 +2131,22 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException ee) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
throw new EBaseException(
- CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+ CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
}
pkcs = pkcs.trim();
- pathname = serverRoot + File.separator + serverID
- + File.separator + "config" + File.separator + pathname;
+ pathname = serverRoot + File.separator + serverID + File.separator
+ + "config" + File.separator + pathname;
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
- //String nickname = getNickname(certType);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ // String nickname = getNickname(certType);
String nicknameWithoutTokenName = "";
int index = nickname.indexOf(":");
@@ -2243,98 +2159,93 @@ private void createMasterKey(HttpServletRequest req,
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
throw new EBaseException(
- CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
/*
- if (certType.equals(Constants.PR_CA_SIGNING_CERT) ||
- certType.equals(Constants.PR_RA_SIGNING_CERT) ||
- certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
- certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
- certType.equals(Constants.PR_SERVER_CERT) ||
- certType.equals(Constants.PR_SERVER_CERT_RADM)) {
- String oldnickname = getNickname(certType);
- try {
- jssSubsystem.deleteTokenCertificate(oldnickname,
- pathname);
- //jssSubsystem.deleteTokenCertificate(nickname,
- pathname);
- } catch (EBaseException e) {
- // skip it
- }
- } else {
- try {
- jssSubsystem.deleteTokenCertificate(nickname, pathname);
- } catch (EBaseException e) {
- // skip it
- }
- }
- */
+ * if (certType.equals(Constants.PR_CA_SIGNING_CERT) ||
+ * certType.equals(Constants.PR_RA_SIGNING_CERT) ||
+ * certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
+ * certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
+ * certType.equals(Constants.PR_SERVER_CERT) ||
+ * certType.equals(Constants.PR_SERVER_CERT_RADM)) { String
+ * oldnickname = getNickname(certType); try {
+ * jssSubsystem.deleteTokenCertificate(oldnickname, pathname);
+ * //jssSubsystem.deleteTokenCertificate(nickname, pathname); }
+ * catch (EBaseException e) { // skip it } } else { try {
+ * jssSubsystem.deleteTokenCertificate(nickname, pathname); } catch
+ * (EBaseException e) { // skip it } }
+ */
// 600124 - renewal of SSL crash the server
// we now do not delete previously installed certificates.
- // Same Subject | Same Nickname | Same Key | Legal
- // -----------------------------------------------------------
- // 1. Yes Yes No Yes
- // 2. Yes Yes Yes Yes
- // 3. No No Yes Yes
- // 4. No No No Yes
- // 5. No Yes Yes No
- // 6. No Yes No No
- // 7. Yes No Yes No
- // 8. Yes No No No
+ // Same Subject | Same Nickname | Same Key | Legal
+ // -----------------------------------------------------------
+ // 1. Yes Yes No Yes
+ // 2. Yes Yes Yes Yes
+ // 3. No No Yes Yes
+ // 4. No No No Yes
+ // 5. No Yes Yes No
+ // 6. No Yes No No
+ // 7. Yes No Yes No
+ // 8. Yes No No No
// Based on above table, the following cases are permitted:
// Existing Key:
- // (a) Same Subject & Same Nickname --- (2)
- // (b) Different Subject & Different Nickname --- (3)
- // (In order to support Case b., we need to use a different
- // nickname).
+ // (a) Same Subject & Same Nickname --- (2)
+ // (b) Different Subject & Different Nickname --- (3)
+ // (In order to support Case b., we need to use a different
+ // nickname).
// New Key:
- // (c) Same Subject & Same Nickname --- (1)
- // (d) Different Subject & Different Nickname --- (4)
- // (In order to support Case b., we need to use a different
- // nickname).
+ // (c) Same Subject & Same Nickname --- (1)
+ // (d) Different Subject & Different Nickname --- (4)
+ // (In order to support Case b., we need to use a different
+ // nickname).
//
- CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName);
+ CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "
+ + nicknameWithoutTokenName);
try {
- jssSubSystem.importCert(pkcs, nicknameWithoutTokenName,
- certType);
+ jssSubSystem.importCert(pkcs, nicknameWithoutTokenName,
+ certType);
} catch (EBaseException e) {
boolean certFound = false;
String eString = e.toString();
- if(eString.contains("Failed to find certificate that was just imported")) {
- CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString);
+ if (eString
+ .contains("Failed to find certificate that was just imported")) {
+ CMS.debug("CMSAdminServlet.installCert(): nickname="
+ + nicknameWithoutTokenName + " TokenException: "
+ + eString);
X509Certificate cert = null;
try {
- cert = CryptoManager.getInstance().findCertByNickname(nickname);
+ cert = CryptoManager.getInstance().findCertByNickname(
+ nickname);
if (cert != null) {
certFound = true;
}
- CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " + nickname);
+ CMS.debug("CMSAdminServlet.installCert() Found cert just imported: "
+ + nickname);
} catch (Exception ex) {
- CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString());
+ CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: "
+ + ex.toString());
}
- }
+ }
if (!certFound) {
// if it fails, let use a different nickname to try
- Date now = new Date();
- String newNickname = nicknameWithoutTokenName + "-" +
- now.getTime();
+ Date now = new Date();
+ String newNickname = nicknameWithoutTokenName + "-"
+ + now.getTime();
jssSubSystem.importCert(pkcs, newNickname, certType);
nicknameWithoutTokenName = newNickname;
@@ -2343,16 +2254,17 @@ private void createMasterKey(HttpServletRequest req,
} else {
nickname = tokenName + ":" + newNickname;
}
- CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname);
- }
+ CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="
+ + nickname);
+ }
}
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
- ICertificateAuthority ca =
- (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
- String signatureAlg =
- jssSubSystem.getSignatureAlgorithm(nickname);
+ String signatureAlg = jssSubSystem
+ .getSignatureAlgorithm(nickname);
signingUnit.setDefaultAlgorithm(signatureAlg);
setCANewnickname("", "");
@@ -2361,26 +2273,25 @@ private void createMasterKey(HttpServletRequest req,
if (nickname.equals(nicknameWithoutTokenName)) {
signingUnit.updateConfig(nickname,
- Constants.PR_INTERNAL_TOKEN_NAME);
+ Constants.PR_INTERNAL_TOKEN_NAME);
extensions = jssSubSystem.getExtensions(
- Constants.PR_INTERNAL_TOKEN_NAME, nickname);
+ Constants.PR_INTERNAL_TOKEN_NAME, nickname);
} else {
String tokenname1 = nickname.substring(0, index);
signingUnit.updateConfig(nickname, tokenname1);
extensions = jssSubSystem.getExtensions(tokenname1,
- nicknameWithoutTokenName);
+ nicknameWithoutTokenName);
}
if (extensions != null) {
- BasicConstraintsExtension basic =
- (BasicConstraintsExtension)
- extensions.get(BasicConstraintsExtension.NAME);
+ BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions
+ .get(BasicConstraintsExtension.NAME);
if (basic == null)
log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
else {
- Integer pathlen = (Integer)
- basic.get(BasicConstraintsExtension.PATH_LEN);
+ Integer pathlen = (Integer) basic
+ .get(BasicConstraintsExtension.PATH_LEN);
int num = pathlen.intValue();
if (num == 0)
@@ -2398,35 +2309,34 @@ private void createMasterKey(HttpServletRequest req,
}
} else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
setRANewnickname("", "");
- IRegistrationAuthority ra =
- (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
ra.setNickname(nickname);
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
setOCSPNewnickname("", "");
- IOCSPAuthority ocsp =
- (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ IOCSPAuthority ocsp = (IOCSPAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp != null) {
ISigningUnit signingUnit = ocsp.getSigningUnit();
if (nickname.equals(nicknameWithoutTokenName)) {
signingUnit.updateConfig(nickname,
- Constants.PR_INTERNAL_TOKEN_NAME);
+ Constants.PR_INTERNAL_TOKEN_NAME);
} else {
String tokenname1 = nickname.substring(0, index);
signingUnit.updateConfig(nickname, tokenname1);
}
- } else {
- ICertificateAuthority ca =
- (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ } else {
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
if (nickname.equals(nicknameWithoutTokenName)) {
signingUnit.updateConfig(nickname,
- Constants.PR_INTERNAL_TOKEN_NAME);
+ Constants.PR_INTERNAL_TOKEN_NAME);
} else {
String tokenname1 = nickname.substring(0, index);
@@ -2435,25 +2345,23 @@ private void createMasterKey(HttpServletRequest req,
}
} else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
setKRANewnickname("", "");
- IKeyRecoveryAuthority kra =
- (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
kra.setNickname(nickname);
} else if (certType.equals(Constants.PR_SERVER_CERT)) {
setAgentNewnickname("", "");
- //modifyRADMCert(nickname);
+ // modifyRADMCert(nickname);
modifyAgentGatewayCert(nickname);
if (isSubsystemInstalled("ra")) {
- IRegistrationAuthority ra =
- (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
modifyEEGatewayCert(ra, nickname);
}
if (isSubsystemInstalled("ca")) {
- ICertificateAuthority ca =
- (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
modifyCAGatewayCert(ca, nickname);
}
@@ -2464,47 +2372,41 @@ private void createMasterKey(HttpServletRequest req,
boolean verified = CMS.verifySystemCertByNickname(nickname, null);
if (verified == true) {
- CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname);
+ CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"
+ + nickname);
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- auditSubjectID,
- ILogger.SUCCESS,
- nickname);
+ auditSubjectID, ILogger.SUCCESS, nickname);
audit(auditMessage);
} else {
- CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname);
+ CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"
+ + nickname);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- auditSubjectID,
- ILogger.FAILURE,
- nickname);
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ auditSubjectID, ILogger.FAILURE, nickname);
audit(auditMessage);
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
mConfig.commit(true);
- if(verified == true) {
+ if (verified == true) {
sendResponse(SUCCESS, null, null, resp);
} else {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), null, resp);
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2513,47 +2415,45 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
/**
- * For "importing" cross-signed cert into internal db for further
- * cross pair matching and publishing
+ * For "importing" cross-signed cert into internal db for further cross pair
+ * matching and publishing
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
* "Certificate Setup Wizard" is used to import a CA cross-signed
* certificate into the database
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to import a cross-certificate pair
*/
- private void importXCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void importXCert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2574,29 +2474,28 @@ private void createMasterKey(HttpServletRequest req,
String value = req.getParameter(key);
// really should be PR_CERT_CONTENT
- if (key.equals(Constants.PR_PKCS10))
+ if (key.equals(Constants.PR_PKCS10))
b64Cert = value;
else if (key.equals(Constants.RS_ID))
certType = value;
- else if (key.equals("pathname"))
+ else if (key.equals("pathname"))
pathname = value;
else if (key.equals(Constants.PR_SERVER_ROOT))
serverRoot = value;
- else if (key.equals(Constants.PR_SERVER_ID))
+ else if (key.equals(Constants.PR_SERVER_ID))
serverID = value;
- else if (key.equals(Constants.PR_CERT_FILEPATH))
+ else if (key.equals(Constants.PR_CERT_FILEPATH))
certpath = value;
}
-
+
try {
if (b64Cert == null || b64Cert.equals("")) {
if (certpath == null || certpath.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
@@ -2606,8 +2505,8 @@ private void createMasterKey(HttpServletRequest req,
throw ex;
} else {
FileInputStream in = new FileInputStream(certpath);
- BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ BufferedReader d = new BufferedReader(
+ new InputStreamReader(in));
String content = "";
b64Cert = "";
@@ -2626,15 +2525,13 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException ee) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
throw new EBaseException(
- CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+ CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
}
CMS.debug("CMSAdminServlet: got b64Cert");
b64Cert = Cert.stripBrackets(b64Cert.trim());
@@ -2648,27 +2545,25 @@ private void createMasterKey(HttpServletRequest req,
CMS.debug("CMSAdminServlet: exception: " + e.toString());
}
- pathname = serverRoot + File.separator + serverID
- + File.separator + "config" + File.separator + pathname;
+ pathname = serverRoot + File.separator + serverID + File.separator
+ + "config" + File.separator + pathname;
- ICrossCertPairSubsystem ccps =
- (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
+ ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS
+ .getSubsystem("CrossCertPair");
try {
- //this will import into internal ldap crossCerts entry
+ // this will import into internal ldap crossCerts entry
ccps.importCert(bCert);
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
sendResponse(1, "xcert importing failure:" + e.toString(),
- null, resp);
+ null, resp);
return;
}
@@ -2679,20 +2574,19 @@ private void createMasterKey(HttpServletRequest req,
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(1, "xcerts publishing failure:" + e.toString(), null, resp);
+ sendResponse(1, "xcerts publishing failure:" + e.toString(),
+ null, resp);
return;
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
- String content = jssSubSystem.getCertPrettyPrint(b64Cert,
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ String content = jssSubSystem.getCertPrettyPrint(b64Cert,
super.getLocale(req));
results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert");
@@ -2700,10 +2594,8 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -2711,10 +2603,8 @@ private void createMasterKey(HttpServletRequest req,
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2723,46 +2613,45 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
private String getNickname(String certType) throws EBaseException {
String nickname = "";
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
- ICertificateAuthority ca =
- (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
nickname = signingUnit.getNickname();
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
- IOCSPAuthority ocsp =
- (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ IOCSPAuthority ocsp = (IOCSPAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp == null) {
// this is a local CA service
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
nickname = signingUnit.getNickname();
@@ -2772,27 +2661,26 @@ private void createMasterKey(HttpServletRequest req,
nickname = signingUnit.getNickname();
}
} else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
- IRegistrationAuthority ra =
- (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
nickname = ra.getNickname();
} else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
- IKeyRecoveryAuthority kra =
- (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
nickname = kra.getNickname();
} else if (certType.equals(Constants.PR_SERVER_CERT)) {
nickname = CMS.getServerCertNickname();
} else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
nickname = CMS.getServerCertNickname();
- }
+ }
return nickname;
}
- private void getCertInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getCertInfo(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
Enumeration enum1 = req.getParameterNames();
NameValuePairs results = new NameValuePairs();
String pkcs = "";
@@ -2825,8 +2713,8 @@ private void createMasterKey(HttpServletRequest req,
throw ex;
} else {
FileInputStream in = new FileInputStream(path);
- BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ BufferedReader d = new BufferedReader(
+ new InputStreamReader(in));
String content = "";
pkcs = "";
@@ -2849,9 +2737,10 @@ private void createMasterKey(HttpServletRequest req,
pkcs = pkcs.trim();
int totalLen = pkcs.length();
- if (pkcs.indexOf(BEGIN_HEADER) != 0 ||
- pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
- throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")));
+ if (pkcs.indexOf(BEGIN_HEADER) != 0
+ || pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
+ throw (new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")));
}
String nickname = "";
@@ -2874,25 +2763,25 @@ private void createMasterKey(HttpServletRequest req,
if (nickname.equals(""))
nickname = getNickname(certType);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String content = jssSubSystem.getCertPrettyPrint(pkcs,
super.getLocale(req));
if (nickname != null && !nickname.equals(""))
results.add(Constants.PR_NICKNAME, nickname);
results.add(Constants.PR_CERT_CONTENT, content);
- //results = jssSubSystem.getCertInfo(value);
+ // results = jssSubSystem.getCertInfo(value);
sendResponse(SUCCESS, null, results, resp);
}
private void getCertPrettyPrint(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String nickname = "";
String serialno = "";
String issuername = "";
@@ -2912,7 +2801,7 @@ private void createMasterKey(HttpServletRequest req,
if (key.equals(Constants.PR_NICK_NAME)) {
nickname = value;
continue;
- }
+ }
if (key.equals(Constants.PR_SERIAL_NUMBER)) {
serialno = value;
continue;
@@ -2923,19 +2812,19 @@ private void createMasterKey(HttpServletRequest req,
}
}
- String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname,
- serialno, issuername, locale);
+ String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname,
+ serialno, issuername, locale);
pairs.add(nickname, print);
sendResponse(SUCCESS, null, pairs, resp);
}
private void getRootCertTrustBit(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String nickname = "";
String serialno = "";
String issuername = "";
@@ -2966,92 +2855,86 @@ private void createMasterKey(HttpServletRequest req,
}
}
- String trustbit = jssSubSystem.getRootCertTrustBit(nickname,
- serialno, issuername);
+ String trustbit = jssSubSystem.getRootCertTrustBit(nickname, serialno,
+ issuername);
pairs.add(nickname, trustbit);
sendResponse(SUCCESS, null, pairs, resp);
}
- private void getCACerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ private void getCACerts(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getCACerts();
sendResponse(SUCCESS, null, pairs, resp);
}
- private void deleteRootCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void deleteRootCert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
int mindex = id.indexOf(":SERIAL#<");
String nickname = id.substring(0, mindex);
String sstr1 = id.substring(mindex);
int lindex = sstr1.indexOf(">");
String serialno = sstr1.substring(9, lindex);
- String issuername = sstr1.substring(lindex+1);
+ String issuername = sstr1.substring(lindex + 1);
jssSubSystem.deleteRootCert(nickname, serialno, issuername);
sendResponse(SUCCESS, null, null, resp);
}
- private void deleteUserCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void deleteUserCert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
int mindex = id.indexOf(":SERIAL#<");
String nickname = id.substring(0, mindex);
String sstr1 = id.substring(mindex);
int lindex = sstr1.indexOf(">");
String serialno = sstr1.substring(9, lindex);
- String issuername = sstr1.substring(lindex+1);
+ String issuername = sstr1.substring(lindex + 1);
jssSubSystem.deleteUserCert(nickname, serialno, issuername);
sendResponse(SUCCESS, null, null, resp);
}
- private void getRootCerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ private void getRootCerts(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getRootCerts();
sendResponse(SUCCESS, null, pairs, resp);
}
private void getAllCertsManage(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getAllCertsManage();
sendResponse(SUCCESS, null, pairs, resp);
}
- private void getUserCerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ private void getUserCerts(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getUserCerts();
sendResponse(SUCCESS, null, pairs, resp);
}
- private void deleteCerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void deleteCerts(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
Enumeration enum1 = req.getParameterNames();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String nickname = "";
String date = "";
@@ -3069,18 +2952,18 @@ private void createMasterKey(HttpServletRequest req,
nickname = value.substring(0, index);
date = value.substring(index + 1);
- // cant use this one now since jss doesnt have the interface to
+ // cant use this one now since jss doesnt have the interface to
// do it.
jssSubSystem.deleteCert(nickname, date);
- // jssSubsystem.deleteCACert(nickname, date);
+ // jssSubsystem.deleteCACert(nickname, date);
}
sendResponse(SUCCESS, null, null, resp);
}
private void validateSubjectName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
@@ -3089,19 +2972,19 @@ private void createMasterKey(HttpServletRequest req,
String value = req.getParameter(key);
if (key.equals(Constants.PR_SUBJECT_NAME)) {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.isX500DN(value);
}
}
sendResponse(SUCCESS, null, null, resp);
- }
+ }
private void validateKeyLength(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
String keyType = "RSA";
String keyLen = "512";
@@ -3120,18 +3003,18 @@ private void createMasterKey(HttpServletRequest req,
}
}
int keyLength = Integer.parseInt(keyLen);
- int minKey = mConfig.getInteger(
- ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ int minKey = mConfig.getInteger(ConfigConstants.PR_RSA_MIN_KEYLENGTH,
+ 512);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
// jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey);
sendResponse(SUCCESS, null, null, resp);
}
private void validateCurveName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
String curveName = null;
@@ -3147,21 +3030,22 @@ private void createMasterKey(HttpServletRequest req,
String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521");
String[] curves = curveList.split(",");
boolean match = false;
- for (int i=0; i<curves.length; i++) {
+ for (int i = 0; i < curves.length; i++) {
if (curves[i].equals(curveName)) {
match = true;
}
}
if (!match) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME"));
}
sendResponse(SUCCESS, null, null, resp);
}
private void validateCertExtension(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
String certExt = "";
@@ -3175,19 +3059,18 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.checkCertificateExt(certExt);
sendResponse(SUCCESS, null, null, resp);
}
- private void getSubjectName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getSubjectName(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration enum1 = req.getParameterNames();
-
+
String nickname = "";
String keyType = "RSA";
String keyLen = "512";
@@ -3205,8 +3088,8 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String subjectName = jssSubSystem.getSubjectDN(nickname);
params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3214,8 +3097,8 @@ private void createMasterKey(HttpServletRequest req,
}
private void processSubjectName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration enum1 = req.getParameterNames();
@@ -3234,8 +3117,8 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String subjectName = jssSubSystem.getSubjectDN(nickname);
params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3243,8 +3126,8 @@ private void createMasterKey(HttpServletRequest req,
}
public void setRootCertTrust(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String nickname = req.getParameter(Constants.PR_NICK_NAME);
@@ -3254,16 +3137,15 @@ private void createMasterKey(HttpServletRequest req,
CMS.debug("CMSAdminServlet: setRootCertTrust()");
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
try {
- jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust);
- } catch (EBaseException e) {
+ jssSubSystem
+ .setRootCertTrust(nickname, serialno, issuername, trust);
+ } catch (EBaseException e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
@@ -3272,10 +3154,8 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -3285,19 +3165,19 @@ private void createMasterKey(HttpServletRequest req,
/**
* Establish trust of a CA certificate
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Manage Certificate" is used to edit the trustness of certs and
- * deletion of certs
+ * "Manage Certificate" is used to edit the trustness of certs and deletion
+ * of certs
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to establish CA certificate trust
*/
- private void trustCACert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void trustCACert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -3307,8 +3187,8 @@ private void createMasterKey(HttpServletRequest req,
// to the signed audit log and stored as failures
try {
Enumeration enum1 = req.getParameterNames();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String trust = "";
while (enum1.hasMoreElements()) {
@@ -3328,22 +3208,18 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
- //sendResponse(SUCCESS, null, null, resp);
+ // sendResponse(SUCCESS, null, null, resp);
sendResponse(RESTART, null, null, resp);
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -3352,50 +3228,46 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
/**
* Execute all self tests specified to be run on demand.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self
* tests are run on demand
* </ul>
- * @exception EMissingSelfTestException a self test plugin instance
- * property name was missing
+ *
+ * @exception EMissingSelfTestException a self test plugin instance property
+ * name was missing
* @exception ESelfTestException a self test is missing a required
- * configuration parameter
+ * configuration parameter
* @exception IOException an input/output error has occurred
*/
- private synchronized void
- runSelfTestsOnDemand(HttpServletRequest req,
- HttpServletResponse resp)
- throws EMissingSelfTestException,
- ESelfTestException,
- IOException {
+ private synchronized void runSelfTestsOnDemand(HttpServletRequest req,
+ HttpServletResponse resp) throws EMissingSelfTestException,
+ ESelfTestException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -3404,7 +3276,7 @@ private void createMasterKey(HttpServletRequest req,
try {
if (CMS.debugOn()) {
CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
- + " ENTERING . . .");
+ + " ENTERING . . .");
}
Enumeration enum1 = req.getParameterNames();
@@ -3424,32 +3296,28 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
+ ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
- if ((request == null) ||
- (request.equals(""))) {
+ if ((request == null) || (request.equals(""))) {
// self test plugin run on demand request parameter was missing
// log the error
- logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST",
- getServletInfo(),
- Constants.PR_RUN_SELFTESTS_ON_DEMAND
- );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_RUN_ON_DEMAND_REQUEST", getServletInfo(),
+ Constants.PR_RUN_SELFTESTS_ON_DEMAND);
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+ auditSubjectID, ILogger.FAILURE);
audit(auditMessage);
// notify console of FAILURE
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
sendResponse(ERROR, content, null, resp);
// raise an exception
@@ -3457,83 +3325,77 @@ private void createMasterKey(HttpServletRequest req,
}
// run all self test plugin instances (designated on-demand)
- String[] selftests = mSelfTestSubsystem.listSelfTestsEnabledOnDemand();
+ String[] selftests = mSelfTestSubsystem
+ .listSelfTestsEnabledOnDemand();
if (selftests != null && selftests.length > 0) {
// log that execution of on-demand self tests has begun
logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND",
- getServletInfo());
+ getServletInfo());
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store this information for console notification
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
for (int i = 0; i < selftests.length; i++) {
if (selftests[i] != null) {
instanceName = selftests[i].trim();
- instanceFullName = ISelfTestSubsystem.ID
- + "."
- + ISelfTestSubsystem.PROP_CONTAINER
- + "."
- + ISelfTestSubsystem.PROP_INSTANCE
- + "."
+ instanceFullName = ISelfTestSubsystem.ID + "."
+ + ISelfTestSubsystem.PROP_CONTAINER + "."
+ + ISelfTestSubsystem.PROP_INSTANCE + "."
+ instanceName;
} else {
// self test plugin instance property name was missing
// log the error
logMessage = CMS.getLogMessage(
- "SELFTESTS_PARAMETER_WAS_NULL",
- getServletInfo());
+ "SELFTESTS_PARAMETER_WAS_NULL",
+ getServletInfo());
mSelfTestSubsystem.log(
- mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ mSelfTestSubsystem.getSelfTestLogger(),
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+ auditSubjectID, ILogger.FAILURE);
audit(auditMessage);
// notify console of FAILURE
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
sendResponse(ERROR, content, null, resp);
// raise an exception
throw new EMissingSelfTestException();
}
- ISelfTest test = (ISelfTest)
- mSelfTestSubsystem.getSelfTest(instanceName);
+ ISelfTest test = (ISelfTest) mSelfTestSubsystem
+ .getSelfTest(instanceName);
if (test == null) {
- // self test plugin instance property name is not present
+ // self test plugin instance property name is not
+ // present
// log the error
- logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME",
- getServletInfo(),
- instanceFullName);
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_MISSING_NAME", getServletInfo(),
+ instanceFullName);
mSelfTestSubsystem.log(
- mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ mSelfTestSubsystem.getSelfTestLogger(),
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+ auditSubjectID, ILogger.FAILURE);
audit(auditMessage);
// notify console of FAILURE
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
sendResponse(ERROR, content, null, resp);
// raise an exception
@@ -3543,15 +3405,14 @@ private void createMasterKey(HttpServletRequest req,
try {
if (CMS.debugOn()) {
CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
- + " running \""
- + test.getSelfTestName()
- + "\"");
+ + " running \""
+ + test.getSelfTestName()
+ + "\"");
}
// store this information for console notification
content += "CMSAdminServlet::runSelfTestsOnDemand():"
- + " running \""
- + test.getSelfTestName()
+ + " running \"" + test.getSelfTestName()
+ "\" . . .\n";
test.runSelfTest(mSelfTestSubsystem.getSelfTestLogger());
@@ -3560,30 +3421,27 @@ private void createMasterKey(HttpServletRequest req,
content += "COMPLETED SUCCESSFULLY\n";
} catch (ESelfTestException e) {
// Check to see if the self test was critical:
- if (mSelfTestSubsystem.isSelfTestCriticalOnDemand(
- instanceName)) {
+ if (mSelfTestSubsystem
+ .isSelfTestCriticalOnDemand(instanceName)) {
// log the error
logMessage = CMS.getLogMessage(
- "SELFTESTS_RUN_ON_DEMAND_FAILED",
- getServletInfo(),
- instanceFullName);
+ "SELFTESTS_RUN_ON_DEMAND_FAILED",
+ getServletInfo(), instanceFullName);
mSelfTestSubsystem.log(
- mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ mSelfTestSubsystem.getSelfTestLogger(),
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+ auditSubjectID, ILogger.FAILURE);
audit(auditMessage);
// notify console of FAILURE
content += "FAILED WITH CRITICAL ERROR\n";
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
sendResponse(ERROR, content, null, resp);
// shutdown the system gracefully
@@ -3599,52 +3457,47 @@ private void createMasterKey(HttpServletRequest req,
// log that execution of all "critical" on-demand self tests
// has completed "successfully"
- logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED",
- getServletInfo());
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", getServletInfo());
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store this information for console notification
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
} else {
// log this fact
logMessage = CMS.getLogMessage("SELFTESTS_NOT_RUN_ON_DEMAND",
- getServletInfo());
+ getServletInfo());
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store this information for console notification
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.SUCCESS);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID,
+ ILogger.SUCCESS);
audit(auditMessage);
// notify console of SUCCESS
results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS,
- CMSAdminServlet.class.getName());
- results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT,
- content);
+ CMSAdminServlet.class.getName());
+ results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, content);
sendResponse(SUCCESS, null, results, resp);
if (CMS.debugOn()) {
CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
- + " EXITING.");
+ + " EXITING.");
}
} catch (EMissingSelfTestException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID,
+ ILogger.FAILURE);
audit(auditMessage);
@@ -3653,9 +3506,8 @@ private void createMasterKey(HttpServletRequest req,
} catch (ESelfTestException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID,
+ ILogger.FAILURE);
audit(auditMessage);
@@ -3664,9 +3516,8 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit3) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID,
+ ILogger.FAILURE);
audit(auditMessage);
@@ -3676,16 +3527,17 @@ private void createMasterKey(HttpServletRequest req,
}
public void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
+ "CMSAdminServlet: " + msg);
}
/**
* Signed Audit Log Public Key
- *
+ *
* This method is called to obtain the public key from the passed in
* "KeyPair" object for a signed audit log message.
* <P>
- *
+ *
* @param object a Key Pair Object
* @return key string containing the public key
*/
@@ -3734,4 +3586,3 @@ private void createMasterKey(HttpServletRequest req,
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
index 7f18d94e..a4b82b13 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -42,10 +41,9 @@ import com.netscape.certsrv.jobs.IJobsScheduler;
import com.netscape.certsrv.jobs.JobPlugin;
import com.netscape.certsrv.logging.ILogger;
-
/**
- * A class representing an administration servlet for the
- * Jobs Scheduler and it's scheduled jobs.
+ * A class representing an administration servlet for the Jobs Scheduler and
+ * it's scheduled jobs.
*
* @version $Revision$, $Date$
*/
@@ -75,24 +73,23 @@ public class JobsAdminServlet extends AdminServlet {
*/
public void init(ServletConfig config) throws ServletException {
super.init(config);
- mJobsSched = (IJobsScheduler)
- CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
+ mJobsSched = (IJobsScheduler) CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
}
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
- /**
- * retrieve extended plugin info such as brief description, type info
- * from jobs
+ /**
+ * retrieve extended plugin info such as brief description, type info from
+ * jobs
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
int colon = id.indexOf(':');
@@ -100,18 +97,18 @@ public class JobsAdminServlet extends AdminServlet {
String implType = id.substring(0, colon);
String implName = id.substring(colon + 1);
- NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType,
+ implName);
sendResponse(SUCCESS, null, params, resp);
}
- private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+ private NameValuePairs getExtendedPluginInfo(Locale locale,
+ String implType, String implName) {
IExtendedPluginInfo ext_info = null;
Object impl = null;
- JobPlugin jp =
- (JobPlugin) mJobsSched.getPlugins().get(implName);
+ JobPlugin jp = (JobPlugin) mJobsSched.getPlugins().get(implName);
if (jp != null)
impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath());
@@ -126,7 +123,8 @@ public class JobsAdminServlet extends AdminServlet {
if (ext_info == null) {
nvps = new NameValuePairs();
} else {
- nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
+ nvps = convertStringArrayToNVPairs(ext_info
+ .getExtendedPluginInfo(locale));
}
return nvps;
@@ -137,25 +135,24 @@ public class JobsAdminServlet extends AdminServlet {
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
if (op == null) {
- //System.out.println("SRVLT_INVALID_PROTOCOL");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ // System.out.println("SRVLT_INVALID_PROTOCOL");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp);
return;
}
try {
super.authenticate(req);
} catch (IOException e) {
- sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp);
return;
}
@@ -164,9 +161,8 @@ public class JobsAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS))
@@ -174,27 +170,26 @@ public class JobsAdminServlet extends AdminServlet {
else if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
getConfig(req, resp);
else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
- getInstConfig(req, resp);
+ getInstConfig(req, resp);
else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
- try {
- getExtendedPluginInfo(req, resp);
- } catch (EBaseException e) {
- sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
- return;
+ try {
+ getExtendedPluginInfo(req, resp);
+ } catch (EBaseException e) {
+ sendResponse(ERROR, e.toString(getLocale(req)), null,
+ resp);
+ return;
}
} else {
- //System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ // System.out.println("SRVLT_INVALID_OP_SCOPE");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS)) {
@@ -202,17 +197,15 @@ public class JobsAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) {
modJobsInst(req, resp, scope);
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -220,18 +213,16 @@ public class JobsAdminServlet extends AdminServlet {
else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
listJobsInsts(req, resp);
else {
- //System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ // System.out.println("SRVLT_INVALID_OP_SCOPE");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -239,18 +230,16 @@ public class JobsAdminServlet extends AdminServlet {
else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
addJobsInst(req, resp, scope);
else {
- //System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ // System.out.println("SRVLT_INVALID_OP_SCOPE");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -258,58 +247,54 @@ public class JobsAdminServlet extends AdminServlet {
else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
delJobsInst(req, resp, scope);
else {
- //System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ // System.out.println("SRVLT_INVALID_OP_SCOPE");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp);
return;
}
} catch (EBaseException e) {
sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
- }
+ }
}
- private synchronized void addJobPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addJobPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// is the job plugin id unique?
if (mJobsSched.getPlugins().containsKey((Object) id)) {
- sendResponse(ERROR,
- new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
String classPath = req.getParameter(Constants.PR_JOBS_CLASS);
if (classPath == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NULL_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_NULL_CLASS"), null, resp);
return;
}
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
// Does the class exist?
Class newImpl = null;
@@ -317,29 +302,25 @@ public class JobsAdminServlet extends AdminServlet {
try {
newImpl = Class.forName(classPath);
} catch (ClassNotFoundException e) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_NO_CLASS"), null, resp);
return;
} catch (IllegalArgumentException e) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_NO_CLASS"), null, resp);
return;
}
// is the class an IJob?
try {
if (IJob.class.isAssignableFrom(newImpl) == false) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_ILL_CLASS"), null, resp);
return;
}
} catch (NullPointerException e) { // unlikely, only if newImpl null.
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_ILL_CLASS"), null, resp);
return;
}
@@ -351,10 +332,9 @@ public class JobsAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -362,8 +342,8 @@ public class JobsAdminServlet extends AdminServlet {
JobPlugin plugin = new JobPlugin(id, classPath);
mJobsSched.getPlugins().put(id, plugin);
- mJobsSched.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id));
+ mJobsSched.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id));
NameValuePairs params = new NameValuePairs();
@@ -371,24 +351,22 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private synchronized void addJobsInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addJobsInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// is the job instance id unique?
if (mJobsSched.getInstances().containsKey((Object) id)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), null, resp);
return;
}
@@ -398,22 +376,20 @@ public class JobsAdminServlet extends AdminServlet {
String implname = req.getParameter(Constants.PR_JOBS_IMPL_NAME);
if (implname == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), null, resp);
return;
}
// check if implementation exists.
- JobPlugin plugin =
- (JobPlugin) mJobsSched.getPlugins().get(implname);
+ JobPlugin plugin = (JobPlugin) mJobsSched.getPlugins().get(implname);
if (plugin == null) {
- sendResponse(ERROR,
- new
- EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
- id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", id))
+ .toString(), null, resp);
return;
}
@@ -422,10 +398,8 @@ public class JobsAdminServlet extends AdminServlet {
// are there, but not checking the values are valid
String[] configParams = mJobsSched.getConfigParams(implname);
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
IConfigStore substore = instancesConfig.makeSubStore(id);
if (configParams != null) {
@@ -436,11 +410,13 @@ public class JobsAdminServlet extends AdminServlet {
if (val != null && !val.equals("")) {
substore.put(key, val);
} else if (!key.equals("profileId")) {
- sendResponse(ERROR,
- new
- EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
- key)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(
+ CMS.getUserMessage(
+ getLocale(req),
+ "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
+ key)).toString(), null, resp);
return;
}
}
@@ -457,29 +433,32 @@ public class JobsAdminServlet extends AdminServlet {
} catch (ClassNotFoundException e) {
// cleanup
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
}
-
- IJobsScheduler scheduler = (IJobsScheduler)
- CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
+
+ IJobsScheduler scheduler = (IJobsScheduler) CMS
+ .getSubsystem(CMS.SUBSYSTEM_JOBS);
// initialize the job plugin
try {
@@ -497,17 +476,16 @@ public class JobsAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// clean up.
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// inited and commited ok. now add manager instance to list.
mJobsSched.getInstances().put(id, jobsInst);
- mJobsSched.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id));
+ mJobsSched.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id));
NameValuePairs params = new NameValuePairs();
@@ -516,101 +494,93 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private synchronized void listJobPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listJobPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = mJobsSched.getPlugins().keys();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- JobPlugin value = (JobPlugin)
- mJobsSched.getPlugins().get(name);
+ JobPlugin value = (JobPlugin) mJobsSched.getPlugins().get(name);
params.add(name, value.getClassPath());
- // params.add(name, value.getClassPath()+EDIT);
+ // params.add(name, value.getClassPath()+EDIT);
}
sendResponse(SUCCESS, null, params, resp);
return;
}
- private synchronized void listJobsInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listJobsInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
- for (Enumeration e = mJobsSched.getInstances().keys();
- e.hasMoreElements();) {
+ for (Enumeration e = mJobsSched.getInstances().keys(); e
+ .hasMoreElements();) {
String name = (String) e.nextElement();
- IJob value = (IJob)
- mJobsSched.getInstances().get((Object) name);
+ IJob value = (IJob) mJobsSched.getInstances().get((Object) name);
- // params.add(name, value.getImplName());
- params.add(name, value.getImplName() + VISIBLE +
- (value.isEnabled() ? ENABLED : DISABLED)
- );
+ // params.add(name, value.getImplName());
+ params.add(name, value.getImplName() + VISIBLE
+ + (value.isEnabled() ? ENABLED : DISABLED));
}
sendResponse(SUCCESS, null, params, resp);
return;
}
- private synchronized void delJobPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delJobPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does this job plugin exist?
if (mJobsSched.getPlugins().containsKey(id) == false) {
- sendResponse(ERROR,
- new
- EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
- id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", id))
+ .toString(), null, resp);
return;
}
// first check if any instances from this job plugin
// DON'T remove job plugin if any instance
- for (Enumeration e = mJobsSched.getInstances().elements();
- e.hasMoreElements();) {
+ for (Enumeration e = mJobsSched.getInstances().elements(); e
+ .hasMoreElements();) {
IJob jobs = (IJob) e.nextElement();
if ((jobs.getImplName()).equals(id)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_IN_USE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_JOB_IN_USE"), null, resp);
return;
}
}
-
+
// then delete this job plugin
mJobsSched.getPlugins().remove((Object) id);
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
// commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -618,52 +588,49 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private synchronized void delJobsInst(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delJobsInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does job plugin instance exist?
if (mJobsSched.getInstances().containsKey(id) == false) {
- sendResponse(ERROR,
- new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND",
- id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_JOB_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
// only remove from memory
// cannot shutdown because we don't keep track of whether it's
- // being used.
+ // being used.
IJob jobInst = (IJob) mJobsSched.getInstances().get(id);
mJobsSched.getInstances().remove((Object) id);
// remove the configuration.
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
// commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -672,25 +639,23 @@ public class JobsAdminServlet extends AdminServlet {
}
/**
- * used for getting the required configuration parameters (with
- * possible default values) for a particular job plugin
- * implementation name specified in the RS_ID. Actually, there is
- * no logic in here to set any default value here...there's no
- * default value for any parameter in this job scheduler subsystem
- * at this point. Later, if we do have one (or some), it can be
- * added. The interface remains the same.
+ * used for getting the required configuration parameters (with possible
+ * default values) for a particular job plugin implementation name specified
+ * in the RS_ID. Actually, there is no logic in here to set any default
+ * value here...there's no default value for any parameter in this job
+ * scheduler subsystem at this point. Later, if we do have one (or some), it
+ * can be added. The interface remains the same.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -708,25 +673,25 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private synchronized void getInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void getInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does job plugin instance exist?
if (mJobsSched.getInstances().containsKey(id) == false) {
- sendResponse(ERROR,
- new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND",
- id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_JOB_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
@@ -757,34 +722,30 @@ public class JobsAdminServlet extends AdminServlet {
}
/**
- * Modify job plugin instance.
- * This will actually create a new instance with new configuration
- * parameters and replace the old instance, if the new instance
- * created and initialized successfully.
- * The old instance is left running. so this is very expensive.
- * Restart of server recommended.
+ * Modify job plugin instance. This will actually create a new instance with
+ * new configuration parameters and replace the old instance, if the new
+ * instance created and initialized successfully. The old instance is left
+ * running. so this is very expensive. Restart of server recommended.
*/
- private synchronized void modJobsInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modJobsInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
// expensive operation.
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// Does the job instance exist?
if (!mJobsSched.getInstances().containsKey((Object) id)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_ILL_JOB_INST_ID"), null, resp);
return;
}
@@ -792,28 +753,26 @@ public class JobsAdminServlet extends AdminServlet {
String implname = req.getParameter(Constants.PR_JOBS_IMPL_NAME);
if (implname == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"), null, resp);
return;
}
- // get plugin for implementation
- JobPlugin plugin =
- (JobPlugin) mJobsSched.getPlugins().get(implname);
+ // get plugin for implementation
+ JobPlugin plugin = (JobPlugin) mJobsSched.getPlugins().get(implname);
if (plugin == null) {
- sendResponse(ERROR,
- new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
- id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND", id))
+ .toString(), null, resp);
return;
}
- // save old instance substore params in case new one fails.
+ // save old instance substore params in case new one fails.
- IJob oldinst =
- (IJob) mJobsSched.getInstances().get((Object) id);
+ IJob oldinst = (IJob) mJobsSched.getInstances().get((Object) id);
IConfigStore oldConfig = oldinst.getConfigStore();
String[] oldConfigParms = oldinst.getConfigParams();
@@ -821,7 +780,7 @@ public class JobsAdminServlet extends AdminServlet {
// implName is always required so always include it it.
saveParams.add(IJobsScheduler.PROP_PLUGIN,
- (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN));
+ (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN));
if (oldConfigParms != null) {
for (int i = 0; i < oldConfigParms.length; i++) {
String key = oldConfigParms[i];
@@ -837,10 +796,8 @@ public class JobsAdminServlet extends AdminServlet {
// remove old substore.
- IConfigStore destStore =
- mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
- IConfigStore instancesConfig =
- destStore.getSubStore(scope);
+ IConfigStore destStore = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+ IConfigStore instancesConfig = destStore.getSubStore(scope);
instancesConfig.removeSubStore(id);
@@ -860,11 +817,13 @@ public class JobsAdminServlet extends AdminServlet {
substore.put(key, val);
} else if (!key.equals("profileId")) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new
- EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
- key)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(
+ CMS.getUserMessage(
+ getLocale(req),
+ "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
+ key)).toString(), null, resp);
return;
}
}
@@ -879,31 +838,34 @@ public class JobsAdminServlet extends AdminServlet {
} catch (ClassNotFoundException e) {
// cleanup
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new EJobsException(
- CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EJobsException(CMS.getUserMessage(getLocale(req),
+ "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+ null, resp);
return;
}
// initialize the job plugin
- IJobsScheduler scheduler = (IJobsScheduler)
- CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
+ IJobsScheduler scheduler = (IJobsScheduler) CMS
+ .getSubsystem(CMS.SUBSYSTEM_JOBS);
try {
newJobInst.init(scheduler, id, implname, substore);
@@ -919,17 +881,16 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- // initialized ok. commiting
+ // initialized ok. commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
// clean up.
restore(instancesConfig, id, saveParams);
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -937,8 +898,8 @@ public class JobsAdminServlet extends AdminServlet {
mJobsSched.getInstances().put(id, newJobInst);
- mJobsSched.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id));
+ mJobsSched.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id));
NameValuePairs params = new NameValuePairs();
@@ -946,26 +907,24 @@ public class JobsAdminServlet extends AdminServlet {
return;
}
- private void getSettings(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getSettings(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
- params.add(Constants.PR_ENABLE,
- config.getString(IJobsScheduler.PROP_ENABLED,
- Constants.FALSE));
+ params.add(Constants.PR_ENABLE,
+ config.getString(IJobsScheduler.PROP_ENABLED, Constants.FALSE));
// default 1 minute
- params.add(Constants.PR_JOBS_FREQUENCY,
- config.getString(IJobsScheduler.PROP_INTERVAL, "1"));
+ params.add(Constants.PR_JOBS_FREQUENCY,
+ config.getString(IJobsScheduler.PROP_INTERVAL, "1"));
- //System.out.println("Send: "+params.toString());
+ // System.out.println("Send: "+params.toString());
sendResponse(SUCCESS, null, params, resp);
}
private void setSettings(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
- //Save New Settings to the config file
+ throws ServletException, IOException, EBaseException {
+ // Save New Settings to the config file
IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
String enabled = config.getString(IJobsScheduler.PROP_ENABLED);
@@ -978,14 +937,13 @@ public class JobsAdminServlet extends AdminServlet {
config.putString(IJobsScheduler.PROP_ENABLED, enabledSetTo);
}
- //set frequency
- String interval =
- req.getParameter(Constants.PR_JOBS_FREQUENCY);
+ // set frequency
+ String interval = req.getParameter(Constants.PR_JOBS_FREQUENCY);
if (interval != null) {
config.putString(IJobsScheduler.PROP_INTERVAL, interval);
- mJobsSched.setInterval(
- config.getInteger(IJobsScheduler.PROP_INTERVAL));
+ mJobsSched.setInterval(config
+ .getInteger(IJobsScheduler.PROP_INTERVAL));
}
if (enabledChanged == true) {
@@ -999,8 +957,8 @@ public class JobsAdminServlet extends AdminServlet {
}
// convenience routine.
- private static void restore(IConfigStore store,
- String id, NameValuePairs saveParams) {
+ private static void restore(IConfigStore store, String id,
+ NameValuePairs saveParams) {
store.removeSubStore(id);
IConfigStore rstore = store.makeSubStore(id);
@@ -1010,7 +968,7 @@ public class JobsAdminServlet extends AdminServlet {
String key = (String) keys.nextElement();
String value = saveParams.getValue(key);
- if (!value.equals(""))
+ if (!value.equals(""))
rstore.put(key, value);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
index 2c780bb2..9efe2b73 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -43,13 +42,11 @@ import com.netscape.certsrv.password.IPasswordCheck;
import com.netscape.certsrv.security.Credential;
import com.netscape.certsrv.security.IStorageKeyUnit;
-
/**
- * A class representings an administration servlet for Key
- * Recovery Authority. This servlet is responsible to serve
- * KRA administrative operation such as configuration
- * parameter updates.
- *
+ * A class representings an administration servlet for Key Recovery Authority.
+ * This servlet is responsible to serve KRA administrative operation such as
+ * configuration parameter updates.
+ *
* @version $Revision$, $Date$
*/
public class KRAAdminServlet extends AdminServlet {
@@ -64,8 +61,7 @@ public class KRAAdminServlet extends AdminServlet {
private IKeyRecoveryAuthority mKRA = null;
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
- "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
/**
* Constructs KRA servlet.
@@ -81,63 +77,57 @@ public class KRAAdminServlet extends AdminServlet {
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
super.authenticate(req);
String scope = req.getParameter(Constants.OP_SCOPE);
if (scope == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
String op = req.getParameter(Constants.OP_TYPE);
if (op == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp);
return;
}
-
+
try {
AUTHZ_RES_NAME = "certServer.kra.configuration";
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
- /* Functions not implemented in console
- if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
- readAutoRecoveryConfig(req, resp);
- return;
- } else if (scope.equals(ScopeDef.SC_RECOVERY)) {
- readRecoveryConfig(req, resp);
- return;
- } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
- getNotificationRIQConfig(req, resp);
- return;
- } else
- */
+ /*
+ * Functions not implemented in console if
+ * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
+ * readAutoRecoveryConfig(req, resp); return; } else if
+ * (scope.equals(ScopeDef.SC_RECOVERY)) {
+ * readRecoveryConfig(req, resp); return; } else if
+ * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
+ * getNotificationRIQConfig(req, resp); return; } else
+ */
if (scope.equals(ScopeDef.SC_GENERAL)) {
getGeneralConfig(req, resp);
return;
@@ -145,59 +135,52 @@ public class KRAAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
- /* Functions not implemented in console
- if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
- modifyAutoRecoveryConfig(req, resp);
- return;
- } else if (scope.equals(ScopeDef.SC_AGENT_PWD)) {
- changeAgentPwd(req, resp);
- return;
- } else if (scope.equals(ScopeDef.SC_MNSCHEME)) {
- changeMNScheme(req, resp);
- return;
- } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
- setNotificationRIQConfig(req, resp);
- return;
- } else
- */
+ /*
+ * Functions not implemented in console if
+ * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
+ * modifyAutoRecoveryConfig(req, resp); return; } else if
+ * (scope.equals(ScopeDef.SC_AGENT_PWD)) { changeAgentPwd(req,
+ * resp); return; } else if (scope.equals(ScopeDef.SC_MNSCHEME))
+ * { changeMNScheme(req, resp); return; } else if
+ * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
+ * setNotificationRIQConfig(req, resp); return; } else
+ */
if (scope.equals(ScopeDef.SC_GENERAL)) {
- setGeneralConfig(req,resp);
+ setGeneralConfig(req, resp);
}
- }
+ }
} catch (EBaseException e) {
// convert exception into locale-specific message
- sendResponse(ERROR, e.toString(getLocale(req)),
- null, resp);
+ sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
} catch (Exception e) {
e.printStackTrace();
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp);
}
private void getGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
int value = 1;
value = mKRA.getNoOfRequiredAgents();
- params.add(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS, Integer.toString(value));
+ params.add(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS,
+ Integer.toString(value));
sendResponse(SUCCESS, null, params, resp);
}
private void setGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
boolean restart = false;
@@ -210,28 +193,24 @@ public class KRAAdminServlet extends AdminServlet {
if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) {
try {
- int number = Integer.parseInt(value);
+ int number = Integer.parseInt(value);
mKRA.setNoOfRequiredAgents(number);
} catch (NumberFormatException e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new EBaseException("Number of agents must be an integer");
+ throw new EBaseException(
+ "Number of agents must be an integer");
}
}
}
commit(true);
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -244,17 +223,18 @@ public class KRAAdminServlet extends AdminServlet {
/**
* Changes M-N scheme.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring
* DRM (Key recovery scheme, change of any secret component)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception EBaseException an error has occurred
*/
- private synchronized void changeMNScheme(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
+ private synchronized void changeMNScheme(HttpServletRequest req,
+ HttpServletResponse resp) throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -263,80 +243,67 @@ public class KRAAdminServlet extends AdminServlet {
try {
try {
NameValuePairs params = new NameValuePairs();
- String recN = getParameter(req,
- Constants.PR_RECOVERY_N);
- String recM = getParameter(req,
- Constants.PR_RECOVERY_M);
- String oldAgents = getParameter(req,
+ String recN = getParameter(req, Constants.PR_RECOVERY_N);
+ String recM = getParameter(req, Constants.PR_RECOVERY_M);
+ String oldAgents = getParameter(req,
Constants.PR_OLD_RECOVERY_AGENT);
- String agents = getParameter(req,
- Constants.PR_RECOVERY_AGENT);
+ String agents = getParameter(req, Constants.PR_RECOVERY_AGENT);
if (recN == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new EKRAException(
- CMS.getLogMessage("KRA_INVALID_N"));
+ throw new EKRAException(CMS.getLogMessage("KRA_INVALID_N"));
}
if (recM == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new EKRAException(
- CMS.getLogMessage("KRA_INVALID_M"));
+ throw new EKRAException(CMS.getLogMessage("KRA_INVALID_M"));
}
- if (recN != null && recM != null && oldAgents != null
- && agents != null) {
+ if (recN != null && recM != null && oldAgents != null
+ && agents != null) {
int nVal = Integer.parseInt(recN);
int mVal = Integer.parseInt(recM);
- Credential oldcreds[] =
- parseCredentialStr(oldAgents);
+ Credential oldcreds[] = parseCredentialStr(oldAgents);
if (oldcreds == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- throw new EKRAException(
+ throw new EKRAException(
CMS.getLogMessage("KRA_INVALID_PASSWORD"));
}
- Credential creds[] =
- parseCredentialStr(agents);
+ Credential creds[] = parseCredentialStr(agents);
if (creds == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- throw new EKRAException(
+ throw new EKRAException(
CMS.getLogMessage("KRA_INVALID_PASSWORD"));
} else {
for (int i = 0; i < creds.length; i++) {
@@ -347,31 +314,29 @@ public class KRAAdminServlet extends AdminServlet {
if (!checker.isGoodPassword(pass)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- throw new EBaseException(checker.getReason(pass));
+ throw new EBaseException(
+ checker.getReason(pass));
}
}
}
- if (mKRA.getStorageKeyUnit().changeAgentMN(
- nVal, mVal, oldcreds, creds)) {
+ if (mKRA.getStorageKeyUnit().changeAgentMN(nVal, mVal,
+ oldcreds, creds)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.SUCCESS,
+ auditParams(req));
audit(auditMessage);
// successful operation
- sendResponse(SUCCESS, null, params,
- resp);
+ sendResponse(SUCCESS, null, params, resp);
return;
}
}
@@ -379,22 +344,17 @@ public class KRAAdminServlet extends AdminServlet {
}
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_OPERATION"));
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -406,17 +366,18 @@ public class KRAAdminServlet extends AdminServlet {
/**
* Changes recovery agent password.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring
* DRM (Key recovery scheme, change of any secret component)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception EBaseException an error has occurred
*/
- private synchronized void changeAgentPwd(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
+ private synchronized void changeAgentPwd(HttpServletRequest req,
+ HttpServletResponse resp) throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -425,35 +386,29 @@ public class KRAAdminServlet extends AdminServlet {
try {
try {
String id = getParameter(req, Constants.RS_ID);
- String oldpwd = getParameter(req,
- Constants.PR_OLD_AGENT_PWD);
- String newpwd = getParameter(req,
- Constants.PR_AGENT_PWD);
+ String oldpwd = getParameter(req, Constants.PR_OLD_AGENT_PWD);
+ String newpwd = getParameter(req, Constants.PR_AGENT_PWD);
IPasswordCheck checker = CMS.getPasswordChecker();
if (!checker.isGoodPassword(newpwd)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
throw new EBaseException(checker.getReason(newpwd));
}
-
- if (mKRA.getStorageKeyUnit().changeAgentPassword(id,
- oldpwd, newpwd)) {
+
+ if (mKRA.getStorageKeyUnit().changeAgentPassword(id, oldpwd,
+ newpwd)) {
NameValuePairs params = new NameValuePairs();
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -462,36 +417,29 @@ public class KRAAdminServlet extends AdminServlet {
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new EKRAException(
+ throw new EKRAException(
CMS.getLogMessage("KRA_INVALID_PASSWORD"));
}
} catch (IOException e) {
}
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_OPERATION"));
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -503,18 +451,18 @@ public class KRAAdminServlet extends AdminServlet {
/**
* Modifies auto recovery configuration.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring
* DRM (Key recovery scheme, change of any secret component)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception EBaseException an error has occurred
*/
- private synchronized void modifyAutoRecoveryConfig(
- HttpServletRequest req, HttpServletResponse resp)
- throws EBaseException {
+ private synchronized void modifyAutoRecoveryConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -523,42 +471,35 @@ public class KRAAdminServlet extends AdminServlet {
try {
try {
NameValuePairs params = new NameValuePairs();
- String autoOn = getParameter(req,
- Constants.PR_AUTO_RECOVERY_ON);
- String agents = getParameter(req,
- Constants.PR_RECOVERY_AGENT);
+ String autoOn = getParameter(req, Constants.PR_AUTO_RECOVERY_ON);
+ String agents = getParameter(req, Constants.PR_RECOVERY_AGENT);
if (autoOn.equals(Constants.TRUE)) {
- Credential creds[] = parseCredentialStr(
- agents);
+ Credential creds[] = parseCredentialStr(agents);
if (mKRA.setAutoRecoveryState(creds, true)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.SUCCESS,
+ auditParams(req));
audit(auditMessage);
- sendResponse(SUCCESS, null, params,
- resp);
+ sendResponse(SUCCESS, null, params, resp);
return;
}
} else if (autoOn.equals(Constants.FALSE)) {
if (mKRA.setAutoRecoveryState(null, false)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.SUCCESS,
+ auditParams(req));
audit(auditMessage);
- sendResponse(SUCCESS, null, params,
- resp);
+ sendResponse(SUCCESS, null, params, resp);
return;
}
}
@@ -566,22 +507,17 @@ public class KRAAdminServlet extends AdminServlet {
}
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new EBaseException(CMS.getLogMessage("BASE_INVALID_OPERATION"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_OPERATION"));
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -592,19 +528,17 @@ public class KRAAdminServlet extends AdminServlet {
/**
* Reads auto recovery status.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
- private synchronized void readAutoRecoveryConfig(
- HttpServletRequest req, HttpServletResponse resp)
- throws EBaseException {
+ private synchronized void readAutoRecoveryConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws EBaseException {
try {
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_AUTO_RECOVERY_ON,
- mKRA.getAutoRecoveryState() ?
- Constants.TRUE : Constants.FALSE);
+ params.add(Constants.PR_AUTO_RECOVERY_ON, mKRA
+ .getAutoRecoveryState() ? Constants.TRUE : Constants.FALSE);
sendResponse(SUCCESS, null, params, resp);
} catch (IOException e) {
throw new EBaseException(
@@ -614,26 +548,25 @@ public class KRAAdminServlet extends AdminServlet {
/**
* Reads recovery configuration.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
- private synchronized void readRecoveryConfig(
- HttpServletRequest req, HttpServletResponse resp)
- throws EBaseException {
+ private synchronized void readRecoveryConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws EBaseException {
try {
IStorageKeyUnit sku = mKRA.getStorageKeyUnit();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_RECOVERY_N,
- Integer.toString(sku.getNoOfAgents()));
- params.add(Constants.PR_RECOVERY_M,
- Integer.toString(sku.getNoOfRequiredAgents()));
+ params.add(Constants.PR_RECOVERY_N,
+ Integer.toString(sku.getNoOfAgents()));
+ params.add(Constants.PR_RECOVERY_M,
+ Integer.toString(sku.getNoOfRequiredAgents()));
Enumeration e = sku.getAgentIdentifiers();
StringBuffer as = new StringBuffer();
while (e.hasMoreElements()) {
- as.append((String)e.nextElement());
+ as.append((String) e.nextElement());
if (e.hasMoreElements()) {
as.append(",");
}
@@ -648,13 +581,12 @@ public class KRAAdminServlet extends AdminServlet {
/**
* Reads information about auto recovery agents.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
- private synchronized void readAutoRecoveryAgents(
- HttpServletRequest req, HttpServletResponse resp)
- throws EBaseException {
+ private synchronized void readAutoRecoveryAgents(HttpServletRequest req,
+ HttpServletResponse resp) throws EBaseException {
try {
// send the entire list anyway
NameValuePairs params = new NameValuePairs();
@@ -668,8 +600,9 @@ public class KRAAdminServlet extends AdminServlet {
}
}
params.add(Constants.PR_GROUP_USER, users.toString());
- params.add(Constants.PR_GROUP_DESC,
- "Auto Recovery Agents"); // XXX - localized
+ params.add(Constants.PR_GROUP_DESC, "Auto Recovery Agents"); // XXX
+ // -
+ // localized
sendResponse(SUCCESS, null, params, resp);
} catch (IOException e) {
throw new EBaseException(
@@ -679,31 +612,26 @@ public class KRAAdminServlet extends AdminServlet {
/**
* Modifies information about auto recovery agents.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
- private synchronized void modifyAutoRecoveryAgents(
- HttpServletRequest req, HttpServletResponse resp)
- throws EBaseException {
+ private synchronized void modifyAutoRecoveryAgents(HttpServletRequest req,
+ HttpServletResponse resp) throws EBaseException {
Vector v = new Vector();
- String users = getParameter(req,
- Constants.PR_GROUP_USER);
+ String users = getParameter(req, Constants.PR_GROUP_USER);
StringTokenizer st = new StringTokenizer(users, ",");
while (st.hasMoreTokens()) {
v.addElement(st.nextToken());
}
- String desc = getParameter(req,
- Constants.PR_GROUP_DESC);
- String agents = getParameter(req,
- Constants.PR_RECOVERY_AGENT);
- Credential creds[] = parseCredentialStr(
- agents);
+ String desc = getParameter(req, Constants.PR_GROUP_DESC);
+ String agents = getParameter(req, Constants.PR_RECOVERY_AGENT);
+ Credential creds[] = parseCredentialStr(agents);
// XXX - check if the given password matched
// put ids into hashtable so that we can
// figure out what should be saved and deleted
- Enumeration e = mKRA.getAutoRecoveryIDs();
+ Enumeration e = mKRA.getAutoRecoveryIDs();
Hashtable h = new Hashtable();
while (e.hasMoreElements()) {
@@ -725,14 +653,13 @@ public class KRAAdminServlet extends AdminServlet {
Enumeration dels = h.keys();
while (dels.hasMoreElements()) {
- mKRA.removeAutoRecovery((String)
- dels.nextElement());
+ mKRA.removeAutoRecovery((String) dels.nextElement());
}
}
/**
* Parses uid0=pwd0,uid1=pwd1,... into AgentCredential.
- *
+ *
* @param s credential string
* @return a list of credentials
*/
@@ -744,8 +671,7 @@ public class KRAAdminServlet extends AdminServlet {
String a = st.nextToken();
StringTokenizer st0 = new StringTokenizer(a, "=");
- v.addElement(new Credential(st0.nextToken(),
- st0.nextToken()));
+ v.addElement(new Credential(st0.nextToken(), st0.nextToken()));
}
Credential ac[] = new Credential[v.size()];
@@ -757,14 +683,13 @@ public class KRAAdminServlet extends AdminServlet {
* handle getting request in queue notification config info
*/
private void getNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mKRA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE);
IConfigStore riq = nc.getSubStore(mKRA.PROP_REQ_IN_Q_SUBSTORE);
@@ -784,20 +709,21 @@ public class KRAAdminServlet extends AdminServlet {
params.add(name, riq.getString(name, ""));
}
- params.add(Constants.PR_ENABLE,
- riq.getString(PROP_ENABLED, Constants.FALSE));
- //System.out.println("Send: "+params.toString());
+ params.add(Constants.PR_ENABLE,
+ riq.getString(PROP_ENABLED, Constants.FALSE));
+ // System.out.println("Send: "+params.toString());
sendResponse(SUCCESS, null, params, resp);
}
/**
* Handle setting request in queue notification config info
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_DRM used when configuring
* DRM (Key recovery scheme, change of any secret component)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -805,8 +731,8 @@ public class KRAAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -814,12 +740,11 @@ public class KRAAdminServlet extends AdminServlet {
// to the signed audit log and stored as failures
try {
IConfigStore config = mKRA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config.getSubStore(mKRA.PROP_NOTIFY_SUBSTORE);
IConfigStore riq = nc.getSubStore(mKRA.PROP_REQ_IN_Q_SUBSTORE);
- //set rest of the parameters
+ // set rest of the parameters
Enumeration e = req.getParameterNames();
while (e.hasMoreElements()) {
@@ -848,22 +773,16 @@ public class KRAAdminServlet extends AdminServlet {
commit(true);
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
sendResponse(SUCCESS, null, null, resp);
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -871,28 +790,25 @@ public class KRAAdminServlet extends AdminServlet {
throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_DRM,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
index 58e4dbdf..45e63061 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogSubsystem;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.logging.LogPlugin;
-
/**
- * A class representings an administration servlet for logging
- * subsystem. This servlet is responsible to serve
- * logging administrative operation such as configuration
- * parameter updates and log retriever.
- *
+ * A class representings an administration servlet for logging subsystem. This
+ * servlet is responsible to serve logging administrative operation such as
+ * configuration parameter updates and log retriever.
+ *
* @version $Revision$, $Date$
*/
public class LogAdminServlet extends AdminServlet {
@@ -69,12 +66,9 @@ public class LogAdminServlet extends AdminServlet {
private final static String EDIT = ";" + Constants.EDIT;
private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT =
- "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
- private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE =
- "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
- private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE =
- "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT = "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
+ private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE = "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
+ private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE = "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4";
/**
* Constructs Log servlet.
@@ -114,15 +108,14 @@ public class LogAdminServlet extends AdminServlet {
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
String op = req.getParameter(Constants.OP_TYPE);
if (op == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp);
return;
}
@@ -137,16 +130,16 @@ public class LogAdminServlet extends AdminServlet {
if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
try {
getExtendedPluginInfo(req, resp);
return;
} catch (EBaseException e) {
- sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
+ sendResponse(ERROR, e.toString(getLocale(req)), null,
+ resp);
return;
}
}
@@ -154,9 +147,8 @@ public class LogAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
@@ -169,17 +161,15 @@ public class LogAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_GENERAL)) {
getGeneralConfig(req, resp);
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
@@ -190,17 +180,15 @@ public class LogAdminServlet extends AdminServlet {
delLogInst(req, resp, scope);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
@@ -211,18 +199,16 @@ public class LogAdminServlet extends AdminServlet {
addLogInst(req, resp, scope);
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_MODIFY)) {
AUTHZ_RES_NAME = "certServer.log.configuration";
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
@@ -232,17 +218,15 @@ public class LogAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_GENERAL)) {
setGeneralConfig(req, resp);
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LOG_IMPLS)) {
@@ -255,70 +239,74 @@ public class LogAdminServlet extends AdminServlet {
listLogInsts(req, resp, false);
return;
} else if (scope.equals(ScopeDef.SC_LOG_CONTENT)) {
- String instName = req.getParameter(Constants.PR_LOG_INSTANCE);
+ String instName = req
+ .getParameter(Constants.PR_LOG_INSTANCE);
if (instName.equals("System")) {
AUTHZ_RES_NAME = "certServer.log.content.system";
} else if (instName.equals("Transactions")) {
AUTHZ_RES_NAME = "certServer.log.content.transactions";
- } else if (instName.equals(Constants.PR_LOG_SIGNED_AUDIT)) {
+ } else if (instName
+ .equals(Constants.PR_LOG_SIGNED_AUDIT)) {
AUTHZ_RES_NAME = "certServer.log.content.signedAudit";
}
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(
+ getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
- ILogEventListener loginst =
- mSys.getLogInstance(instName);
+ ILogEventListener loginst = mSys
+ .getLogInstance(instName);
if (loginst != null) {
- NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req));
+ NameValuePairs nvps = loginst
+ .retrieveLogContent(toHashtable(req));
sendResponse(SUCCESS, null, nvps, resp);
}
return;
} else if (scope.equals(ScopeDef.SC_LOG_ARCH)) {
- String instName = req.getParameter(Constants.PR_LOG_INSTANCE);
+ String instName = req
+ .getParameter(Constants.PR_LOG_INSTANCE);
if (instName.equals("System")) {
AUTHZ_RES_NAME = "certServer.log.content.system";
} else if (instName.equals("Transactions")) {
AUTHZ_RES_NAME = "certServer.log.content.transactions";
- } else if (instName.equals(Constants.PR_LOG_SIGNED_AUDIT)) {
+ } else if (instName
+ .equals(Constants.PR_LOG_SIGNED_AUDIT)) {
AUTHZ_RES_NAME = "certServer.log.content.signedAudit";
}
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(
+ getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
- ILogEventListener loginst =
- mSys.getLogInstance(instName);
+ ILogEventListener loginst = mSys
+ .getLogInstance(instName);
if (loginst != null) {
- NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req));
+ NameValuePairs nvps = loginst
+ .retrieveLogList(toHashtable(req));
sendResponse(SUCCESS, null, nvps, resp);
}
return;
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp);
return;
}
}
@@ -328,16 +316,15 @@ public class LogAdminServlet extends AdminServlet {
} catch (Exception e) {
System.out.println("XXX >>>" + e.toString() + "<<<");
e.printStackTrace();
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp);
}
return;
}
- private synchronized void listLogInsts(HttpServletRequest req,
- HttpServletResponse resp, boolean all) throws ServletException,
+ private synchronized void listLogInsts(HttpServletRequest req,
+ HttpServletResponse resp, boolean all) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -346,14 +333,14 @@ public class LogAdminServlet extends AdminServlet {
for (; e.hasMoreElements();) {
String name = (String) e.nextElement();
- ILogEventListener value = ((ILogSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_LOG)).getLogInstance(name);
+ ILogEventListener value = ((ILogSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_LOG)).getLogInstance(name);
if (value == null)
continue;
String pName = mSys.getLogPluginName(value);
- LogPlugin pClass = (LogPlugin)
- mSys.getLogPlugins().get(pName);
- String c = pClass.getClassPath();
+ LogPlugin pClass = (LogPlugin) mSys.getLogPlugins().get(pName);
+ String c = pClass.getClassPath();
// not show ntEventlog here
if (all || (!all && !c.endsWith("NTEventLog")))
@@ -363,28 +350,30 @@ public class LogAdminServlet extends AdminServlet {
return;
}
- /**
- * retrieve extended plugin info such as brief description, type info
- * from logging
+ /**
+ * retrieve extended plugin info such as brief description, type info from
+ * logging
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
int colon = id.indexOf(':');
String implType = id.substring(0, colon);
String implName = id.substring(colon + 1);
- NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType, implName);
+ NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType,
+ implName);
sendResponse(SUCCESS, null, params, resp);
}
- private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
- IExtendedPluginInfo ext_info = null;
+ private NameValuePairs getExtendedPluginInfo(Locale locale,
+ String implType, String implName) {
+ IExtendedPluginInfo ext_info = null;
Object impl = null;
- LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName);
+ LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName);
if (lp != null) {
impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath());
@@ -400,7 +389,8 @@ public class LogAdminServlet extends AdminServlet {
if (ext_info == null) {
nvps = new NameValuePairs();
} else {
- nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
+ nvps = convertStringArrayToNVPairs(ext_info
+ .getExtendedPluginInfo(locale));
}
return nvps;
@@ -410,11 +400,12 @@ public class LogAdminServlet extends AdminServlet {
/**
* Add log plug-in
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
* configuring signedAudit
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -422,9 +413,9 @@ public class LogAdminServlet extends AdminServlet {
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addLogPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addLogPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -442,22 +433,19 @@ public class LogAdminServlet extends AdminServlet {
}
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
+ // System.out.println("SRVLT_NULL_RS_ID");
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -466,17 +454,17 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogException(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
@@ -486,25 +474,21 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NULL_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_NULL_CLASS"), null, resp);
return;
}
IConfigStore destStore = null;
destStore = mConfig.getSubStore("log");
- IConfigStore instancesConfig =
- destStore.getSubStore("impl");
+ IConfigStore instancesConfig = destStore.getSubStore("impl");
// Does the class exist?
Class newImpl = null;
@@ -515,33 +499,27 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_NO_CLASS"), null, resp);
return;
} catch (IllegalArgumentException e) {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_NO_CLASS"), null, resp);
return;
}
@@ -551,34 +529,30 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_ILL_CLASS"), null, resp);
return;
}
- } catch (NullPointerException e) { // unlikely, only if newImpl null.
+ } catch (NullPointerException e) { // unlikely, only if newImpl
+ // null.
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_ILL_CLASS"), null, resp);
return;
}
@@ -590,22 +564,19 @@ public class LogAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
+ // System.out.println("SRVLT_FAIL_COMMIT");
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -619,10 +590,8 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
}
@@ -630,41 +599,39 @@ public class LogAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, params, resp);
return;
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
@@ -681,11 +648,12 @@ public class LogAdminServlet extends AdminServlet {
/**
* Add log instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
* configuring signedAudit
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -693,9 +661,9 @@ public class LogAdminServlet extends AdminServlet {
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addLogInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addLogInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -716,17 +684,14 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -734,16 +699,13 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR, "Invalid ID '" + id + "'",
- null, resp);
+ sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp);
return;
}
@@ -751,71 +713,60 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_ILL_INST_ID"), null, resp);
return;
}
// get required parameters
- String implname = req.getParameter(
- Constants.PR_LOG_IMPL_NAME);
+ String implname = req.getParameter(Constants.PR_LOG_IMPL_NAME);
if (implname == null) {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"), null, resp);
return;
}
// check if implementation exists.
- LogPlugin plugin =
- (LogPlugin) mSys.getLogPlugins().get(
- implname);
+ LogPlugin plugin = (LogPlugin) mSys.getLogPlugins().get(implname);
if (plugin == null) {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogPluginNotFound(CMS.getUserMessage(
+ getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",
+ implname)).toString(), null, resp);
return;
}
Vector configParams = mSys.getLogDefaultParams(implname);
- IConfigStore destStore =
- mConfig.getSubStore("log");
- IConfigStore instancesConfig =
- destStore.getSubStore("instance");
+ IConfigStore destStore = mConfig.getSubStore("log");
+ IConfigStore instancesConfig = destStore.getSubStore("instance");
IConfigStore substore = instancesConfig.makeSubStore(id);
if (configParams != null) {
@@ -825,17 +776,16 @@ public class LogAdminServlet extends AdminServlet {
String val = req.getParameter(kv.substring(0, index));
if (val == null) {
- substore.put(kv.substring(0, index),
- kv.substring(index + 1));
+ substore.put(kv.substring(0, index),
+ kv.substring(index + 1));
} else {
- substore.put(kv.substring(0, index),
- val);
+ substore.put(kv.substring(0, index), val);
}
}
}
substore.put("pluginName", implname);
- // Fix Blackflag Bug #615603: Currently, although expiring log
+ // Fix Blackflag Bug #615603: Currently, although expiring log
// files is no longer supported, it is still a required parameter
// that must be present during the creation and modification of
// custom log plugins.
@@ -846,7 +796,8 @@ public class LogAdminServlet extends AdminServlet {
ILogEventListener logInst = null;
try {
- logInst = (ILogEventListener) Class.forName(className).newInstance();
+ logInst = (ILogEventListener) Class.forName(className)
+ .newInstance();
} catch (ClassNotFoundException e) {
// cleanup
instancesConfig.removeSubStore(id);
@@ -854,17 +805,17 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogException(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_LOAD_CLASS_FAIL", className))
+ .toString(), null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
@@ -872,17 +823,17 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogException(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_LOAD_CLASS_FAIL", className))
+ .toString(), null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
@@ -890,17 +841,17 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogException(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_LOAD_CLASS_FAIL", className))
+ .toString(), null, resp);
return;
}
@@ -914,10 +865,8 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
@@ -930,10 +879,8 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
@@ -952,17 +899,14 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -976,10 +920,8 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
}
@@ -987,66 +929,62 @@ public class LogAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, params, resp);
return;
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
- private synchronized void listLogPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listLogPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = mSys.getLogPlugins().keys();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- LogPlugin value = (LogPlugin)
- mSys.getLogPlugins().get(name);
+ LogPlugin value = (LogPlugin) mSys.getLogPlugins().get(name);
// get Description
- String c = value.getClassPath();
+ String c = value.getClassPath();
String desc = "unknown";
try {
- ILogEventListener lp = (ILogEventListener)
- Class.forName(c).newInstance();
+ ILogEventListener lp = (ILogEventListener) Class.forName(c)
+ .newInstance();
desc = lp.getDescription();
} catch (Exception exp) {
- sendResponse(ERROR, exp.toString(), null,
- resp);
+ sendResponse(ERROR, exp.toString(), null, resp);
return;
}
params.add(name, value.getClassPath() + "," + desc);
@@ -1068,11 +1006,12 @@ public class LogAdminServlet extends AdminServlet {
/**
* Delete log instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
* configuring signedAudit
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -1080,9 +1019,9 @@ public class LogAdminServlet extends AdminServlet {
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void delLogInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delLogInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1101,22 +1040,19 @@ public class LogAdminServlet extends AdminServlet {
}
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
+ // System.out.println("SRVLT_NULL_RS_ID");
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1125,65 +1061,58 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
// only remove from memory
// cannot shutdown because we don't keep track of whether it's
- // being used.
- ILogEventListener logInst = (ILogEventListener)
- mSys.getLogInstance(id);
+ // being used.
+ ILogEventListener logInst = (ILogEventListener) mSys
+ .getLogInstance(id);
mSys.getLogInsts().remove((Object) id);
// remove the configuration.
- IConfigStore destStore =
- mConfig.getSubStore("log");
- IConfigStore instancesConfig =
- destStore.getSubStore("instance");
+ IConfigStore destStore = mConfig.getSubStore("log");
+ IConfigStore instancesConfig = destStore.getSubStore("instance");
instancesConfig.removeSubStore(id);
// commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
+ // System.out.println("SRVLT_FAIL_COMMIT");
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
}
@@ -1191,52 +1120,51 @@ public class LogAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, params, resp);
return;
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* Delete log plug-in
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
* configuring signedAudit
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -1244,9 +1172,9 @@ public class LogAdminServlet extends AdminServlet {
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void delLogPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delLogPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1265,22 +1193,19 @@ public class LogAdminServlet extends AdminServlet {
}
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
+ // System.out.println("SRVLT_NULL_RS_ID");
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1288,24 +1213,23 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogPluginNotFound(CMS.getUserMessage(
+ getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id))
+ .toString(), null, resp);
return;
}
// first check if any instances from this log
// DON'T remove log if any instance
- for (Enumeration e = mSys.getLogInsts().keys();
- e.hasMoreElements();) {
+ for (Enumeration e = mSys.getLogInsts().keys(); e.hasMoreElements();) {
String name = (String) e.nextElement();
ILogEventListener log = mSys.getLogInstance(name);
@@ -1313,28 +1237,24 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_IN_USE"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_IN_USE"), null, resp);
return;
}
}
-
+
// then delete this log
mSys.getLogPlugins().remove((Object) id);
- IConfigStore destStore =
- mConfig.getSubStore("log");
- IConfigStore instancesConfig =
- destStore.getSubStore("impl");
+ IConfigStore destStore = mConfig.getSubStore("log");
+ IConfigStore instancesConfig = destStore.getSubStore("impl");
instancesConfig.removeSubStore(id);
// commiting
@@ -1344,27 +1264,22 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
}
@@ -1372,55 +1287,52 @@ public class LogAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, params, resp);
return;
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
- private synchronized void getLogConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getLogConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1434,50 +1346,47 @@ public class LogAdminServlet extends AdminServlet {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
sendResponse(0, null, params, resp);
return;
}
- private synchronized void getLogInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void getLogInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does log instance exist?
if (mSys.getLogInsts().containsKey(id) == false) {
- sendResponse(ERROR,
- new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
- ILogEventListener logInst = (ILogEventListener)
- mSys.getLogInstance(id);
+ ILogEventListener logInst = (ILogEventListener) mSys.getLogInstance(id);
Vector configParams = logInst.getInstanceParams();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_LOG_IMPL_NAME,
- getLogPluginName(logInst));
+ params.add(Constants.PR_LOG_IMPL_NAME, getLogPluginName(logInst));
// implName is always required so always send it.
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
@@ -1488,18 +1397,19 @@ public class LogAdminServlet extends AdminServlet {
/**
* Modify log instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
* configuring signedAudit
* <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file
- * name (including any path changes) for any of audit, system, transaction,
+ * name (including any path changes) for any of audit, system, transaction,
* or other customized log file change is attempted (authorization should
* not allow, but make sure it's written after the attempt)
* <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log
* expiration time change is attempted (authorization should not allow, but
* make sure it's written after the attempt)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param scope string used to obtain the contents of the log's substore
@@ -1507,17 +1417,17 @@ public class LogAdminServlet extends AdminServlet {
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modLogInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modLogInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String logType = null;
String origLogPath = req.getParameter(Constants.PR_LOG_FILENAME);
String newLogPath = origLogPath;
- String origExpirationTime = req.getParameter(
- Constants.PR_LOG_EXPIRED_TIME);
+ String origExpirationTime = req
+ .getParameter(Constants.PR_LOG_EXPIRED_TIME);
String newExpirationTime = origExpirationTime;
// ensure that any low-level exceptions are reported
@@ -1550,22 +1460,19 @@ public class LogAdminServlet extends AdminServlet {
}
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
+ // System.out.println("SRVLT_NULL_RS_ID");
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1574,17 +1481,14 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_ILL_INST_ID"), null, resp);
return;
}
@@ -1595,45 +1499,43 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
- null, resp);
+ null, resp);
return;
}
// get plugin for implementation
- LogPlugin plugin =
- (LogPlugin) mSys.getLogPlugins().get(implname);
+ LogPlugin plugin = (LogPlugin) mSys.getLogPlugins().get(implname);
if (plugin == null) {
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), null, resp);
+ sendResponse(
+ ERROR,
+ new ELogPluginNotFound(CMS.getUserMessage(
+ getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",
+ implname)).toString(), null, resp);
return;
}
// save old instance substore params in case new one fails.
- ILogEventListener oldinst =
- (ILogEventListener) mSys.getLogInstance(id);
+ ILogEventListener oldinst = (ILogEventListener) mSys
+ .getLogInstance(id);
Vector oldConfigParms = oldinst.getInstanceParams();
NameValuePairs saveParams = new NameValuePairs();
@@ -1645,7 +1547,7 @@ public class LogAdminServlet extends AdminServlet {
int index = kv.indexOf('=');
saveParams.add(kv.substring(0, index),
- kv.substring(index + 1));
+ kv.substring(index + 1));
}
}
@@ -1653,28 +1555,26 @@ public class LogAdminServlet extends AdminServlet {
// remove old substore.
- IConfigStore destStore =
- mConfig.getSubStore("log");
- IConfigStore instancesConfig =
- destStore.getSubStore("instance");
+ IConfigStore destStore = mConfig.getSubStore("log");
+ IConfigStore instancesConfig = destStore.getSubStore("instance");
// create new substore.
Vector configParams = mSys.getLogInstanceParams(id);
- //instancesConfig.removeSubStore(id);
+ // instancesConfig.removeSubStore(id);
IConfigStore substore = instancesConfig.makeSubStore(id);
substore.put("pluginName", implname);
- // Fix Blackflag Bug #615603: Currently, although expiring log
+ // Fix Blackflag Bug #615603: Currently, although expiring log
// files is no longer supported, it is still a required parameter
// that must be present during the creation and modification of
// custom log plugins.
substore.put("expirationTime", "0");
- // IMPORTANT: save a copy of the original log file path
+ // IMPORTANT: save a copy of the original log file path
origLogPath = substore.getString(Constants.PR_LOG_FILENAME);
newLogPath = origLogPath;
@@ -1686,9 +1586,9 @@ public class LogAdminServlet extends AdminServlet {
newLogPath = "";
}
- // IMPORTANT: save a copy of the original log expiration time
- origExpirationTime = substore.getString(
- Constants.PR_LOG_EXPIRED_TIME);
+ // IMPORTANT: save a copy of the original log expiration time
+ origExpirationTime = substore
+ .getString(Constants.PR_LOG_EXPIRED_TIME);
newExpirationTime = origExpirationTime;
if (origExpirationTime != null) {
@@ -1701,16 +1601,14 @@ public class LogAdminServlet extends AdminServlet {
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
- AUTHZ_RES_NAME =
- "certServer.log.configuration";
+ AUTHZ_RES_NAME = "certServer.log.configuration";
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
String key = kv.substring(0, index);
String val = req.getParameter(key);
- if
- (key.equals("level")) {
- if (val.equals(ILogger.LL_DEBUG_STRING))
+ if (key.equals("level")) {
+ if (val.equals(ILogger.LL_DEBUG_STRING))
val = "0";
else if (val.equals(ILogger.LL_INFO_STRING))
val = "1";
@@ -1727,9 +1625,8 @@ public class LogAdminServlet extends AdminServlet {
}
- if
- (key.equals("rolloverInterval")) {
- if (val.equals("Hourly"))
+ if (key.equals("rolloverInterval")) {
+ if (val.equals("Hourly"))
val = Integer.toString(60 * 60);
else if (val.equals("Daily"))
val = Integer.toString(60 * 60 * 24);
@@ -1741,8 +1638,7 @@ public class LogAdminServlet extends AdminServlet {
val = Integer.toString(60 * 60 * 24 * 365);
}
- if
- (key.equals(Constants.PR_LOG_TYPE)) {
+ if (key.equals(Constants.PR_LOG_TYPE)) {
type = val;
}
@@ -1753,19 +1649,18 @@ public class LogAdminServlet extends AdminServlet {
val = val.trim();
newLogPath = val;
if (!val.equals(origVal.trim())) {
- AUTHZ_RES_NAME =
- "certServer.log.configuration.fileName";
+ AUTHZ_RES_NAME = "certServer.log.configuration.fileName";
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
// store a message in the signed audit log
// file (regardless of logType)
if (!(newLogPath.equals(origLogPath))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newLogPath);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
+ auditSubjectID,
+ ILogger.FAILURE,
+ logType, newLogPath);
audit(auditMessage);
}
@@ -1773,68 +1668,57 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log
// file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID,
+ ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(
+ getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+ null, resp);
return;
}
}
}
-/*
- if (key.equals("expirationTime")) {
- String origVal = substore.getString(key);
-
- val = val.trim();
- newExpirationTime = val;
- if (!val.equals(origVal.trim())) {
- if (id.equals(SIGNED_AUDIT_LOG_TYPE)) {
- AUTHZ_RES_NAME =
- "certServer.log.configuration.signedAudit.expirationTime";
- }
- mOp = "modify";
- if ((mToken = super.authorize(req)) == null) {
- // store a message in the signed audit log
- // file (regardless of logType)
- if (!(newExpirationTime.equals(origExpirationTime))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newExpirationTime);
-
- audit(auditMessage);
- }
-
- // store a message in the signed audit log
- // file
- if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
-
- audit(auditMessage);
- }
-
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
- return;
- }
- }
- }
-*/
+ /*
+ * if (key.equals("expirationTime")) { String origVal =
+ * substore.getString(key);
+ *
+ * val = val.trim(); newExpirationTime = val; if
+ * (!val.equals(origVal.trim())) { if
+ * (id.equals(SIGNED_AUDIT_LOG_TYPE)) { AUTHZ_RES_NAME =
+ * "certServer.log.configuration.signedAudit.expirationTime"
+ * ; } mOp = "modify"; if ((mToken =
+ * super.authorize(req)) == null) { // store a message
+ * in the signed audit log // file (regardless of
+ * logType) if
+ * (!(newExpirationTime.equals(origExpirationTime))) {
+ * auditMessage = CMS.getLogMessage(
+ * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
+ * auditSubjectID, ILogger.FAILURE, logType,
+ * newExpirationTime);
+ *
+ * audit(auditMessage); }
+ *
+ * // store a message in the signed audit log // file if
+ * (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
+ * auditMessage = CMS.getLogMessage(
+ * LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ * auditSubjectID, ILogger.FAILURE, auditParams(req));
+ *
+ * audit(auditMessage); }
+ *
+ * sendResponse(ERROR,
+ * CMS.getUserMessage(getLocale(req),
+ * "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return;
+ * } } }
+ */
substore.put(key, val);
}
}
@@ -1846,8 +1730,8 @@ public class LogAdminServlet extends AdminServlet {
ILogEventListener newMgrInst = null;
try {
- newMgrInst = (ILogEventListener)
- Class.forName(className).newInstance();
+ newMgrInst = (ILogEventListener) Class.forName(className)
+ .newInstance();
} catch (ClassNotFoundException e) {
// check to see if the log file path parameter was changed
newLogPath = auditCheckLogPath(req);
@@ -1862,11 +1746,9 @@ public class LogAdminServlet extends AdminServlet {
// (regardless of logType)
if (!(newLogPath.equals(origLogPath))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newLogPath);
+ LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
+ auditSubjectID, ILogger.FAILURE, logType,
+ newLogPath);
audit(auditMessage);
}
@@ -1874,38 +1756,35 @@ public class LogAdminServlet extends AdminServlet {
// store a message in the signed audit log file
// (regardless of logType)
/*
- if (!(newExpirationTime.equals(origExpirationTime))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newExpirationTime);
-
- audit(auditMessage);
- }*/
+ * if (!(newExpirationTime.equals(origExpirationTime))) {
+ * auditMessage = CMS.getLogMessage(
+ * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+ * ILogger.FAILURE, logType, newExpirationTime);
+ *
+ * audit(auditMessage); }
+ */
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogException(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_LOAD_CLASS_FAIL", className))
+ .toString(), null, resp);
return;
} catch (InstantiationException e) {
// check to see if the log file path parameter was changed
newLogPath = auditCheckLogPath(req);
// check to see if the log expiration time parameter was changed
- //newExpirationTime = auditCheckLogExpirationTime(req);
+ // newExpirationTime = auditCheckLogExpirationTime(req);
restore(instancesConfig, id, saveParams);
@@ -1913,49 +1792,45 @@ public class LogAdminServlet extends AdminServlet {
// (regardless of logType)
if (!(newLogPath.equals(origLogPath))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newLogPath);
+ LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
+ auditSubjectID, ILogger.FAILURE, logType,
+ newLogPath);
audit(auditMessage);
}
// store a message in the signed audit log file
// (regardless of logType)
- /*if (!(newExpirationTime.equals(origExpirationTime))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newExpirationTime);
-
- audit(auditMessage);
- }*/
+ /*
+ * if (!(newExpirationTime.equals(origExpirationTime))) {
+ * auditMessage = CMS.getLogMessage(
+ * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+ * ILogger.FAILURE, logType, newExpirationTime);
+ *
+ * audit(auditMessage); }
+ */
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogException(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_LOAD_CLASS_FAIL", className))
+ .toString(), null, resp);
return;
} catch (IllegalAccessException e) {
// check to see if the log file path parameter was changed
newLogPath = auditCheckLogPath(req);
// check to see if the log expiration time parameter was changed
- //newExpirationTime = auditCheckLogExpirationTime(req);
+ // newExpirationTime = auditCheckLogExpirationTime(req);
restore(instancesConfig, id, saveParams);
@@ -1963,47 +1838,43 @@ public class LogAdminServlet extends AdminServlet {
// (regardless of logType)
if (!(newLogPath.equals(origLogPath))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newLogPath);
+ LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
+ auditSubjectID, ILogger.FAILURE, logType,
+ newLogPath);
audit(auditMessage);
}
// store a message in the signed audit log file
// (regardless of logType)
- /* if (!(newExpirationTime.equals(origExpirationTime))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newExpirationTime);
-
- audit(auditMessage);
- } */
+ /*
+ * if (!(newExpirationTime.equals(origExpirationTime))) {
+ * auditMessage = CMS.getLogMessage(
+ * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+ * ILogger.FAILURE, logType, newExpirationTime);
+ *
+ * audit(auditMessage); }
+ */
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogException(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_LOAD_CLASS_FAIL", className))
+ .toString(), null, resp);
return;
}
// initialize the log
- // initialized ok. commiting
+ // initialized ok. commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
@@ -2015,58 +1886,52 @@ public class LogAdminServlet extends AdminServlet {
// clean up.
restore(instancesConfig, id, saveParams);
- //System.out.println("SRVLT_FAIL_COMMIT");
+ // System.out.println("SRVLT_FAIL_COMMIT");
// store a message in the signed audit log file
// (regardless of logType)
if (!(newLogPath.equals(origLogPath))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newLogPath);
+ LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
+ auditSubjectID, ILogger.FAILURE, logType,
+ newLogPath);
audit(auditMessage);
}
// store a message in the signed audit log file
// (regardless of logType)
- /* if (!(newExpirationTime.equals(origExpirationTime))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newExpirationTime);
-
- audit(auditMessage);
- }*/
+ /*
+ * if (!(newExpirationTime.equals(origExpirationTime))) {
+ * auditMessage = CMS.getLogMessage(
+ * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+ * ILogger.FAILURE, logType, newExpirationTime);
+ *
+ * audit(auditMessage); }
+ */
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// commited ok. replace instance.
- // REMOVED - we didn't do anything to shut off the old instance
- // so, it will still be running at this point. You'd have two
- // log isntances writing to the same file - this would be a big PROBLEM!!!
+ // REMOVED - we didn't do anything to shut off the old instance
+ // so, it will still be running at this point. You'd have two
+ // log isntances writing to the same file - this would be a big
+ // PROBLEM!!!
- //mSys.getLogInsts().put(id, newMgrInst);
+ // mSys.getLogInsts().put(id, newMgrInst);
NameValuePairs params = new NameValuePairs();
@@ -2074,41 +1939,34 @@ public class LogAdminServlet extends AdminServlet {
newLogPath = auditCheckLogPath(req);
// check to see if the log expiration time parameter was changed
- //newExpirationTime = auditCheckLogExpirationTime(req);
+ // newExpirationTime = auditCheckLogExpirationTime(req);
// store a message in the signed audit log file
// (regardless of logType)
if (!(newLogPath.equals(origLogPath))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
- auditSubjectID,
- ILogger.SUCCESS,
- logType,
- newLogPath);
+ LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, auditSubjectID,
+ ILogger.SUCCESS, logType, newLogPath);
audit(auditMessage);
}
// store a message in the signed audit log file
// (regardless of logType)
- /*if (!(newExpirationTime.equals(origExpirationTime))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- auditSubjectID,
- ILogger.SUCCESS,
- logType,
- newExpirationTime);
-
- audit(auditMessage);
- }*/
+ /*
+ * if (!(newExpirationTime.equals(origExpirationTime))) {
+ * auditMessage = CMS.getLogMessage(
+ * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+ * ILogger.SUCCESS, logType, newExpirationTime);
+ *
+ * audit(auditMessage); }
+ */
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
}
@@ -2126,35 +1984,28 @@ public class LogAdminServlet extends AdminServlet {
// (regardless of logType)
if (!(newLogPath.equals(origLogPath))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newLogPath);
+ LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, auditSubjectID,
+ ILogger.FAILURE, logType, newLogPath);
audit(auditMessage);
}
// store a message in the signed audit log file
// (regardless of logType)
- /* if (!(newExpirationTime.equals(origExpirationTime))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newExpirationTime);
-
- audit(auditMessage);
- } */
+ /*
+ * if (!(newExpirationTime.equals(origExpirationTime))) {
+ * auditMessage = CMS.getLogMessage(
+ * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+ * ILogger.FAILURE, logType, newExpirationTime);
+ *
+ * audit(auditMessage); }
+ */
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
@@ -2172,35 +2023,28 @@ public class LogAdminServlet extends AdminServlet {
// (regardless of logType)
if (!(newLogPath.equals(origLogPath))) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newLogPath);
+ LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE, auditSubjectID,
+ ILogger.FAILURE, logType, newLogPath);
audit(auditMessage);
}
// store a message in the signed audit log file
// (regardless of logType)
- /*if (!(newExpirationTime.equals(origExpirationTime))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- auditSubjectID,
- ILogger.FAILURE,
- logType,
- newExpirationTime);
-
- audit(auditMessage);
- }*/
+ /*
+ * if (!(newExpirationTime.equals(origExpirationTime))) {
+ * auditMessage = CMS.getLogMessage(
+ * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+ * ILogger.FAILURE, logType, newExpirationTime);
+ *
+ * audit(auditMessage); }
+ */
// store a message in the signed audit log file
if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
}
@@ -2208,74 +2052,72 @@ public class LogAdminServlet extends AdminServlet {
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // check to see if the log file path parameter was changed
- // newLogPath = auditCheckLogPath( req );
+ // // check to see if the log file path parameter was changed
+ // newLogPath = auditCheckLogPath( req );
//
- // // check to see if the log expiration time parameter was changed
- // newExpirationTime = auditCheckLogExpirationTime( req );
+ // // check to see if the log expiration time parameter was changed
+ // newExpirationTime = auditCheckLogExpirationTime( req );
//
- // // store a message in the signed audit log file
- // // (regardless of logType)
- // if( !( newLogPath.equals( origLogPath ) ) ) {
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // logType,
- // newLogPath );
+ // // store a message in the signed audit log file
+ // // (regardless of logType)
+ // if( !( newLogPath.equals( origLogPath ) ) ) {
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // logType,
+ // newLogPath );
//
- // audit( auditMessage );
- // }
+ // audit( auditMessage );
+ // }
//
- // // store a message in the signed audit log file
- // // (regardless of logType)
- // if( !( newExpirationTime.equals( origExpirationTime ) ) ) {
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // logType,
- // newExpirationTime );
+ // // store a message in the signed audit log file
+ // // (regardless of logType)
+ // if( !( newExpirationTime.equals( origExpirationTime ) ) ) {
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // logType,
+ // newExpirationTime );
//
- // audit( auditMessage );
- // }
+ // audit( auditMessage );
+ // }
//
- // // store a message in the signed audit log file
- // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) {
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) {
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
- // }
+ // audit( auditMessage );
+ // }
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
- * used for getting the required configuration parameters (with
- * possible default values) for a particular plugin
- * implementation name specified in the RS_ID. Actually, there is
- * no logic in here to set any default value here...there's no
- * default value for any parameter in this log subsystem
- * at this point. Later, if we do have one (or some), it can be
- * added. The interface remains the same.
+ * used for getting the required configuration parameters (with possible
+ * default values) for a particular plugin implementation name specified in
+ * the RS_ID. Actually, there is no logic in here to set any default value
+ * here...there's no default value for any parameter in this log subsystem
+ * at this point. Later, if we do have one (or some), it can be added. The
+ * interface remains the same.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -2292,8 +2134,7 @@ public class LogAdminServlet extends AdminServlet {
if (index == -1) {
params.add(kv, "");
} else {
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
}
@@ -2301,43 +2142,41 @@ public class LogAdminServlet extends AdminServlet {
return;
}
- private synchronized void getInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void getInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does log instance exist?
if (mSys.getLogInsts().containsKey(id) == false) {
- sendResponse(ERROR,
- new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELogNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
- ILogEventListener logInst = (ILogEventListener)
- mSys.getLogInstance(id);
+ ILogEventListener logInst = (ILogEventListener) mSys.getLogInstance(id);
Vector configParams = logInst.getInstanceParams();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_LOG_IMPL_NAME,
- getLogPluginName(logInst));
+ params.add(Constants.PR_LOG_IMPL_NAME, getLogPluginName(logInst));
// implName is always required so always send it.
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
@@ -2346,8 +2185,8 @@ public class LogAdminServlet extends AdminServlet {
}
// convenience routine.
- private static void restore(IConfigStore store,
- String id, NameValuePairs saveParams) {
+ private static void restore(IConfigStore store, String id,
+ NameValuePairs saveParams) {
store.removeSubStore(id);
IConfigStore rstore = store.makeSubStore(id);
@@ -2357,17 +2196,17 @@ public class LogAdminServlet extends AdminServlet {
String key = (String) keys.nextElement();
String value = saveParams.getValue(key);
- if (value != null)
+ if (value != null)
rstore.put(key, value);
}
}
/**
* Signed Audit Check Log Path
- *
+ *
* This method is called to extract the log file path.
* <P>
- *
+ *
* @param req http servlet request
* @return a string containing the log file path
*/
@@ -2386,17 +2225,16 @@ public class LogAdminServlet extends AdminServlet {
/**
* Signed Audit Check Log Expiration Time
- *
+ *
* This method is called to extract the log expiration time.
* <P>
- *
+ *
* @param req http servlet request
* @return a string containing the log expiration time
*/
private String auditCheckLogExpirationTime(HttpServletRequest req) {
// check to see if the log expiration time parameter was changed
- String expirationTime = req.getParameter(
- Constants.PR_LOG_EXPIRED_TIME);
+ String expirationTime = req.getParameter(Constants.PR_LOG_EXPIRED_TIME);
if (expirationTime == null) {
expirationTime = "";
@@ -2408,8 +2246,8 @@ public class LogAdminServlet extends AdminServlet {
}
private void getGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
String value = "false";
@@ -2424,8 +2262,8 @@ public class LogAdminServlet extends AdminServlet {
}
private void setGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
boolean restart = false;
@@ -2438,18 +2276,22 @@ public class LogAdminServlet extends AdminServlet {
if (value.equals("true") || value.equals("false")) {
mConfig.putString(Constants.PR_DEBUG_LOG_ENABLE, value);
} else {
- CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_ENABLE + ": " + value);
- throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_ENABLE);
+ CMS.debug("setGeneralConfig: Invalid value for "
+ + Constants.PR_DEBUG_LOG_ENABLE + ": " + value);
+ throw new EBaseException("Invalid value for "
+ + Constants.PR_DEBUG_LOG_ENABLE);
}
} else if (key.equals(Constants.PR_DEBUG_LOG_LEVEL)) {
try {
int number = Integer.parseInt(value);
mConfig.putString(Constants.PR_DEBUG_LOG_LEVEL, value);
} catch (NumberFormatException e) {
- CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value);
- throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL);
+ CMS.debug("setGeneralConfig: Invalid value for "
+ + Constants.PR_DEBUG_LOG_LEVEL + ": " + value);
+ throw new EBaseException("Invalid value for "
+ + Constants.PR_DEBUG_LOG_LEVEL);
}
- }
+ }
}
mConfig.commit(true);
@@ -2461,4 +2303,3 @@ public class LogAdminServlet extends AdminServlet {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
index 9464f48f..01b1edd0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -39,13 +38,11 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.ocsp.IOCSPAuthority;
import com.netscape.certsrv.ocsp.IOCSPStore;
-
/**
- * A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve OCSP
- * administrative operations such as configuration parameter
- * updates.
- *
+ * A class representings an administration servlet for Certificate Authority.
+ * This servlet is responsible to serve OCSP administrative operations such as
+ * configuration parameter updates.
+ *
* @version $Revision$, $Date$
*/
public class OCSPAdminServlet extends AdminServlet {
@@ -59,8 +56,7 @@ public class OCSPAdminServlet extends AdminServlet {
private final static String INFO = "OCSPAdminServlet";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE =
- "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3";
private IOCSPAuthority mOCSP = null;
@@ -84,33 +80,32 @@ public class OCSPAdminServlet extends AdminServlet {
}
/**
- * Serves HTTP request. Each request is authenticated to
- * the authenticate manager.
+ * Serves HTTP request. Each request is authenticated to the authenticate
+ * manager.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
-
- //get all operational flags
+
+ // get all operational flags
String op = req.getParameter(Constants.OP_TYPE);
String scope = req.getParameter(Constants.OP_SCOPE);
- //check operational flags
+ // check operational flags
if ((op == null) || (scope == null)) {
sendResponse(1, "Invalid Protocol", null, resp);
return;
- }
+ }
super.authenticate(req);
-
+
try {
AUTHZ_RES_NAME = "certServer.ocsp.configuration";
if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
try {
@@ -125,9 +120,8 @@ public class OCSPAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
setDefaultStore(req, resp);
@@ -138,9 +132,8 @@ public class OCSPAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -153,9 +146,8 @@ public class OCSPAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -168,9 +160,8 @@ public class OCSPAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) {
@@ -185,25 +176,26 @@ public class OCSPAdminServlet extends AdminServlet {
}
/**
- * retrieve extended plugin info such as brief description,
- * type info from CRL extensions
+ * retrieve extended plugin info such as brief description, type info from
+ * CRL extensions
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
int colon = id.indexOf(':');
String implType = id.substring(0, colon);
String implName = id.substring(colon + 1);
- NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType,
+ implName);
sendResponse(SUCCESS, null, params, resp);
}
- private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+ private NameValuePairs getExtendedPluginInfo(Locale locale,
+ String implType, String implName) {
IExtendedPluginInfo ext_info = null;
Object impl = null;
@@ -219,7 +211,8 @@ public class OCSPAdminServlet extends AdminServlet {
if (ext_info == null) {
nvps = new NameValuePairs();
} else {
- nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
+ nvps = convertStringArrayToNVPairs(ext_info
+ .getExtendedPluginInfo(locale));
}
return nvps;
@@ -229,12 +222,13 @@ public class OCSPAdminServlet extends AdminServlet {
/**
* Set default OCSP store
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
* configuring OCSP profile (everything under Online Certificate Status
* Manager)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -242,8 +236,8 @@ public class OCSPAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setDefaultStore(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -253,15 +247,13 @@ public class OCSPAdminServlet extends AdminServlet {
String id = req.getParameter(Constants.RS_ID);
mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID,
- id);
+ id);
commit(true);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -269,10 +261,8 @@ public class OCSPAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -281,33 +271,31 @@ public class OCSPAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
private void getOCSPStoresConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
IOCSPStore store = mOCSP.getOCSPStore(id);
@@ -319,12 +307,13 @@ public class OCSPAdminServlet extends AdminServlet {
/**
* Set OCSP store configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
* configuring OCSP profile (everything under Online Certificate Status
* Manager)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -332,8 +321,8 @@ public class OCSPAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setOCSPStoresConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -370,10 +359,8 @@ public class OCSPAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -381,10 +368,8 @@ public class OCSPAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -393,33 +378,31 @@ public class OCSPAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
private void listOCSPStoresConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mOCSP.getConfigStore();
String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID);
@@ -433,14 +416,15 @@ public class OCSPAdminServlet extends AdminServlet {
if (storeName.equals(defStore)) {
storeEnabled = true;
}
- params.add(storeName, storeName + ";visible;" + ((storeEnabled) ? "enabled" : "disabled"));
+ params.add(storeName, storeName + ";visible;"
+ + ((storeEnabled) ? "enabled" : "disabled"));
}
sendResponse(SUCCESS, null, params, resp);
}
private void getGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -450,8 +434,7 @@ public class OCSPAdminServlet extends AdminServlet {
}
private void getSigningAlgConfig(NameValuePairs params) {
- params.add(Constants.PR_DEFAULT_ALGORITHM,
- mOCSP.getDefaultAlgorithm());
+ params.add(Constants.PR_DEFAULT_ALGORITHM, mOCSP.getDefaultAlgorithm());
String[] algorithms = mOCSP.getOCSPSigningAlgorithms();
StringBuffer algorStr = new StringBuffer();
@@ -460,7 +443,7 @@ public class OCSPAdminServlet extends AdminServlet {
algorStr.append(algorithms[i]);
else
algorStr.append(":");
- algorStr.append(algorithms[i]);
+ algorStr.append(algorithms[i]);
}
params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString());
}
@@ -468,12 +451,13 @@ public class OCSPAdminServlet extends AdminServlet {
/**
* Set general OCSP configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
* configuring OCSP profile (everything under Online Certificate Status
* Manager)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
@@ -481,8 +465,8 @@ public class OCSPAdminServlet extends AdminServlet {
* @exception EBaseException an error has occurred
*/
private void setGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -506,10 +490,8 @@ public class OCSPAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -517,10 +499,8 @@ public class OCSPAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -529,34 +509,32 @@ public class OCSPAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
- level, "CAAdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER, level,
+ "CAAdminServlet: " + msg);
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
index 10a768a2..961d706c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -44,14 +43,12 @@ import com.netscape.certsrv.policy.IPolicyProcessor;
import com.netscape.certsrv.policy.IPolicyRule;
import com.netscape.certsrv.ra.IRegistrationAuthority;
-
/**
* This class is an administration servlet for policy management.
- *
- * Each service (CA, KRA, RA) should be responsible
- * for registering an instance of this with the remote
- * administration subsystem.
- *
+ *
+ * Each service (CA, KRA, RA) should be responsible for registering an instance
+ * of this with the remote administration subsystem.
+ *
* @version $Revision$, $Date$
*/
public class PolicyAdminServlet extends AdminServlet {
@@ -63,8 +60,7 @@ public class PolicyAdminServlet extends AdminServlet {
public final static String PROP_AUTHORITY = "authority";
private final static String INFO = "PolicyAdminServlet";
- private final static String PW_PASSWORD_CACHE_ADD =
- "PASSWORD_CACHE_ADD";
+ private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD";
public final static String PROP_PREDICATE = "predicate";
private IPolicyProcessor mProcessor = null;
@@ -84,8 +80,7 @@ public class PolicyAdminServlet extends AdminServlet {
public static String COMMA = ",";
public static String MISSING_POLICY_ORDERING = "Missing policy ordering";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY =
- "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY = "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3";
/**
* Constructs administration servlet.
@@ -102,7 +97,7 @@ public class PolicyAdminServlet extends AdminServlet {
String authority = config.getInitParameter(PROP_AUTHORITY);
String policyStatus = null;
- CMS.debug( "PolicyAdminServlet: In Policy Admin Servlet init!" );
+ CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!");
// CMS 6.1 began utilizing the "Certificate Profiles" framework
// instead of the legacy "Certificate Policies" framework.
@@ -112,89 +107,89 @@ public class PolicyAdminServlet extends AdminServlet {
// that this legacy "Certificate Policies" framework would be
// deprecated and disabled by default (see Bugzilla Bug #472597).
//
- // NOTE: The "Certificate Policies" framework ONLY applied to
- // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
+ // NOTE: The "Certificate Policies" framework ONLY applied to
+ // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
//
- // Further, the "PolicyAdminServlet.java" servlet is ONLY used
- // by the CA Console for the following:
+ // Further, the "PolicyAdminServlet.java" servlet is ONLY used
+ // by the CA Console for the following:
//
- // SERVLET-NAME URL-PATTERN
- // ====================================================
- // capolicy ca/capolicy
+ // SERVLET-NAME URL-PATTERN
+ // ====================================================
+ // capolicy ca/capolicy
//
- // Finally, the "PolicyAdminServlet.java" servlet is ONLY used
- // by the KRA Console for the following:
+ // Finally, the "PolicyAdminServlet.java" servlet is ONLY used
+ // by the KRA Console for the following:
//
- // SERVLET-NAME URL-PATTERN
- // ====================================================
- // krapolicy kra/krapolicy
+ // SERVLET-NAME URL-PATTERN
+ // ====================================================
+ // krapolicy kra/krapolicy
//
if (authority != null)
mAuthority = (IAuthority) CMS.getSubsystem(authority);
if (mAuthority != null)
if (mAuthority instanceof ICertificateAuthority) {
- mProcessor = ((ICertificateAuthority) mAuthority).getPolicyProcessor();
+ mProcessor = ((ICertificateAuthority) mAuthority)
+ .getPolicyProcessor();
try {
- policyStatus = ICertificateAuthority.ID
- + "." + "Policy"
- + "." + IPolicyProcessor.PROP_ENABLE;
- if( mConfig.getBoolean( policyStatus, true ) == true ) {
- // NOTE: If "ca.Policy.enable=<boolean>" is missing,
- // then the referenced instance existed prior
- // to this name=value pair existing in its
- // 'CS.cfg' file, and thus we err on the
- // side that the user may still need to
- // use the policy framework.
- CMS.debug( "PolicyAdminServlet::init "
- + "Certificate Policy Framework (deprecated) "
- + "is ENABLED" );
+ policyStatus = ICertificateAuthority.ID + "." + "Policy"
+ + "." + IPolicyProcessor.PROP_ENABLE;
+ if (mConfig.getBoolean(policyStatus, true) == true) {
+ // NOTE: If "ca.Policy.enable=<boolean>" is missing,
+ // then the referenced instance existed prior
+ // to this name=value pair existing in its
+ // 'CS.cfg' file, and thus we err on the
+ // side that the user may still need to
+ // use the policy framework.
+ CMS.debug("PolicyAdminServlet::init "
+ + "Certificate Policy Framework (deprecated) "
+ + "is ENABLED");
} else {
- // CS 8.1 Default: ca.Policy.enable=false
- CMS.debug( "PolicyAdminServlet::init "
- + "Certificate Policy Framework (deprecated) "
- + "is DISABLED" );
- return;
+ // CS 8.1 Default: ca.Policy.enable=false
+ CMS.debug("PolicyAdminServlet::init "
+ + "Certificate Policy Framework (deprecated) "
+ + "is DISABLED");
+ return;
}
- } catch( EBaseException e ) {
- throw new ServletException( authority
- + " does not have a "
- + "master policy switch called '"
- + policyStatus + "'" );
+ } catch (EBaseException e) {
+ throw new ServletException(authority + " does not have a "
+ + "master policy switch called '" + policyStatus
+ + "'");
}
} else if (mAuthority instanceof IRegistrationAuthority) {
// this refers to the legacy RA (pre-CMS 7.0)
- mProcessor = ((IRegistrationAuthority) mAuthority).getPolicyProcessor();
+ mProcessor = ((IRegistrationAuthority) mAuthority)
+ .getPolicyProcessor();
} else if (mAuthority instanceof IKeyRecoveryAuthority) {
- mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor();
+ mProcessor = ((IKeyRecoveryAuthority) mAuthority)
+ .getPolicyProcessor();
try {
- policyStatus = IKeyRecoveryAuthority.ID
- + "." + "Policy"
- + "." + IPolicyProcessor.PROP_ENABLE;
- if( mConfig.getBoolean( policyStatus, true ) == true ) {
- // NOTE: If "kra.Policy.enable=<boolean>" is missing,
- // then the referenced instance existed prior
- // to this name=value pair existing in its
- // 'CS.cfg' file, and thus we err on the
- // side that the user may still need to
- // use the policy framework.
- CMS.debug( "PolicyAdminServlet::init "
- + "Certificate Policy Framework (deprecated) "
- + "is ENABLED" );
+ policyStatus = IKeyRecoveryAuthority.ID + "." + "Policy"
+ + "." + IPolicyProcessor.PROP_ENABLE;
+ if (mConfig.getBoolean(policyStatus, true) == true) {
+ // NOTE: If "kra.Policy.enable=<boolean>" is missing,
+ // then the referenced instance existed prior
+ // to this name=value pair existing in its
+ // 'CS.cfg' file, and thus we err on the
+ // side that the user may still need to
+ // use the policy framework.
+ CMS.debug("PolicyAdminServlet::init "
+ + "Certificate Policy Framework (deprecated) "
+ + "is ENABLED");
} else {
- // CS 8.1 Default: kra.Policy.enable=false
- CMS.debug( "PolicyAdminServlet::init "
- + "Certificate Policy Framework (deprecated) "
- + "is DISABLED" );
- return;
+ // CS 8.1 Default: kra.Policy.enable=false
+ CMS.debug("PolicyAdminServlet::init "
+ + "Certificate Policy Framework (deprecated) "
+ + "is DISABLED");
+ return;
}
- } catch( EBaseException e ) {
- throw new ServletException( authority
- + " does not have a "
- + "master policy switch called '"
- + policyStatus + "'" );
+ } catch (EBaseException e) {
+ throw new ServletException(authority + " does not have a "
+ + "master policy switch called '" + policyStatus
+ + "'");
}
- } else
- throw new ServletException(authority + " does not have policy processor!");
+ } else
+ throw new ServletException(authority
+ + " does not have policy processor!");
}
/**
@@ -204,15 +199,15 @@ public class PolicyAdminServlet extends AdminServlet {
return INFO;
}
- /**
- * retrieve extended plugin info such as brief description, type info
- * from policy, authentication,
- * need to add: listener, mapper and publishing plugins
+ /**
+ * retrieve extended plugin info such as brief description, type info from
+ * policy, authentication, need to add: listener, mapper and publishing
+ * plugins
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
-
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
+
if (!readAuthorize(req, resp))
return;
String id = req.getParameter(Constants.RS_ID);
@@ -229,14 +224,16 @@ public class PolicyAdminServlet extends AdminServlet {
if (colon > -1) {
implName = implName1.substring(0, colon);
instName = implName1.substring(colon + 1);
- params = getExtendedPluginInfo(getLocale(req), implType, implName, instName);
+ params = getExtendedPluginInfo(getLocale(req), implType, implName,
+ instName);
} else {
params = getExtendedPluginInfo(getLocale(req), implType, implName);
}
sendResponse(SUCCESS, null, params, resp);
}
- private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+ private NameValuePairs getExtendedPluginInfo(Locale locale,
+ String implType, String implName) {
IExtendedPluginInfo ext_info = null;
Object impl = null;
IPolicyRule policy = mProcessor.getPolicyImpl(implName);
@@ -248,27 +245,27 @@ public class PolicyAdminServlet extends AdminServlet {
ext_info = (IExtendedPluginInfo) impl;
}
}
-
+
NameValuePairs nvps = null;
-
+
if (ext_info == null) {
nvps = new NameValuePairs();
} else {
- nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
+ nvps = convertStringArrayToNVPairs(ext_info
+ .getExtendedPluginInfo(locale));
}
-
+
return nvps;
}
- public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType,
- String implName,
- String instName) {
+ public NameValuePairs getExtendedPluginInfo(Locale locale,
+ String pluginType, String implName, String instName) {
IExtendedPluginInfo ext_info = null;
Object impl = null;
IPolicyRule policy = mProcessor.getPolicyInstance(instName);
-
+
impl = policy;
if (impl == null) {
impl = mProcessor.getPolicyImpl(implName);
@@ -284,7 +281,8 @@ public class PolicyAdminServlet extends AdminServlet {
if (ext_info == null) {
nvps = new NameValuePairs();
} else {
- nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
+ nvps = convertStringArrayToNVPairs(ext_info
+ .getExtendedPluginInfo(locale));
}
@@ -301,10 +299,12 @@ public class PolicyAdminServlet extends AdminServlet {
if (ext_info instanceof IPolicyRule) {
if (nvps.getPair(IPolicyRule.PROP_ENABLE) == null) {
- nvps.add(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule");
+ nvps.add(IPolicyRule.PROP_ENABLE,
+ "boolean;Enable this policy rule");
}
if (nvps.getPair(PROP_PREDICATE) == null) {
- nvps.add(PROP_PREDICATE, "string;Rules describing when this policy should run.");
+ nvps.add(PROP_PREDICATE,
+ "string;Rules describing when this policy should run.");
}
}
}
@@ -312,9 +312,8 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Serves HTTP admin request.
*/
- public void service(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void service(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
super.service(req, resp);
super.authenticate(req);
@@ -332,30 +331,28 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (EBaseException e) {
sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
- }
+ }
} else
sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
}
- private boolean readAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean readAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return false;
}
return true;
}
- private boolean modifyAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean modifyAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return false;
}
return true;
@@ -365,8 +362,7 @@ public class PolicyAdminServlet extends AdminServlet {
* Process Policy Implementation Management.
*/
public void processPolicyImplMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -387,13 +383,11 @@ public class PolicyAdminServlet extends AdminServlet {
return;
addPolicyImpl(req, resp);
} else
- sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp);
}
public void processPolicyRuleMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -423,18 +417,15 @@ public class PolicyAdminServlet extends AdminServlet {
else
modifyPolicyInstance(req, resp);
} else
- sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp);
}
- public void listPolicyImpls(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void listPolicyImpls(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
Enumeration policyImplNames = mProcessor.getPolicyImplsInfo();
Enumeration policyImpls = mProcessor.getPolicyImpls();
- if (policyImplNames == null ||
- policyImpls == null) {
+ if (policyImplNames == null || policyImpls == null) {
sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp);
return;
}
@@ -442,13 +433,11 @@ public class PolicyAdminServlet extends AdminServlet {
// Assemble a name value pair;
NameValuePairs nvp = new NameValuePairs();
- while (policyImplNames.hasMoreElements() &&
- policyImpls.hasMoreElements()) {
+ while (policyImplNames.hasMoreElements()
+ && policyImpls.hasMoreElements()) {
String id = (String) policyImplNames.nextElement();
- IPolicyRule impl = (IPolicyRule)
- policyImpls.nextElement();
- String className =
- impl.getClass().getName();
+ IPolicyRule impl = (IPolicyRule) policyImpls.nextElement();
+ String className = impl.getClass().getName();
String desc = impl.getDescription();
nvp.add(id, className + "," + desc);
@@ -457,8 +446,7 @@ public class PolicyAdminServlet extends AdminServlet {
}
public void listPolicyInstances(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo();
if (instancesInfo == null) {
@@ -475,7 +463,7 @@ public class PolicyAdminServlet extends AdminServlet {
int i = info.indexOf(";");
nvp.add(info.substring(0, i), info.substring(i + 1));
-
+
}
sendResponse(SUCCESS, null, nvp, resp);
}
@@ -483,19 +471,19 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Delete policy implementation
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
* configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deletePolicyImpl(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -508,10 +496,8 @@ public class PolicyAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -524,23 +510,19 @@ public class PolicyAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
sendResponse(SUCCESS, null, null, resp);
} catch (Exception e) {
- //e.printStackTrace();
+ // e.printStackTrace();
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -549,33 +531,30 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
public void getPolicyImplConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get the policy impl id.
String id = req.getParameter(Constants.RS_ID);
@@ -604,19 +583,19 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Add policy implementation
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
* configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
- public void addPolicyImpl(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void addPolicyImpl(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -629,10 +608,8 @@ public class PolicyAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -645,10 +622,8 @@ public class PolicyAdminServlet extends AdminServlet {
if (classPath == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -660,10 +635,8 @@ public class PolicyAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -671,10 +644,8 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -683,46 +654,44 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Delete policy instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
* configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deletePolicyInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -735,10 +704,8 @@ public class PolicyAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -751,23 +718,19 @@ public class PolicyAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
sendResponse(SUCCESS, null, null, resp);
} catch (Exception e) {
- //e.printStackTrace();
+ // e.printStackTrace();
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -776,33 +739,30 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
public void getPolicyInstanceConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get the policy rule id.
String id = req.getParameter(Constants.RS_ID).trim();
@@ -835,8 +795,7 @@ public class PolicyAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, nvp, resp);
}
- public void
- putUserPWPair(String combo) {
+ public void putUserPWPair(String combo) {
int semicolon;
semicolon = combo.indexOf(";");
@@ -849,19 +808,19 @@ public class PolicyAdminServlet extends AdminServlet {
/**
* Add policy instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
* configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addPolicyInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -874,10 +833,8 @@ public class PolicyAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -891,10 +848,8 @@ public class PolicyAdminServlet extends AdminServlet {
if (implName == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -924,10 +879,8 @@ public class PolicyAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -955,10 +908,8 @@ public class PolicyAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -966,10 +917,8 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -978,62 +927,57 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Change ordering of policy instances
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
* configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void changePolicyInstanceOrdering(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
try {
- String policyOrder =
- req.getParameter(Constants.PR_POLICY_ORDER);
+ String policyOrder = req.getParameter(Constants.PR_POLICY_ORDER);
if (policyOrder == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1045,10 +989,8 @@ public class PolicyAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1056,10 +998,8 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1068,46 +1008,44 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Modify policy instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
* configuring cert policy constraints and extensions
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyPolicyInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1120,10 +1058,8 @@ public class PolicyAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1132,15 +1068,14 @@ public class PolicyAdminServlet extends AdminServlet {
}
// Get the default config params for the implementation.
- String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME).trim();
+ String implName = req.getParameter(IPolicyRule.PROP_IMPLNAME)
+ .trim();
if (implName == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1169,17 +1104,15 @@ public class PolicyAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp);
return;
}
- // XXX
+ // XXX
for (Enumeration n = req.getParameterNames(); n.hasMoreElements();) {
String p = (String) n.nextElement();
String l = (String) req.getParameter(p);
@@ -1189,15 +1122,10 @@ public class PolicyAdminServlet extends AdminServlet {
}
/*
- for(Enumeration e = v.elements(); e.hasMoreElements(); )
- {
- String nv = (String)e.nextElement();
- int index = nv.indexOf("=");
- String key = nv.substring(0, index);
- val = req.getParameter(key);
- if (val != null)
- ht.put(key, val);
- }
+ * for(Enumeration e = v.elements(); e.hasMoreElements(); ) { String
+ * nv = (String)e.nextElement(); int index = nv.indexOf("="); String
+ * key = nv.substring(0, index); val = req.getParameter(key); if
+ * (val != null) ht.put(key, val); }
*/
try {
@@ -1205,10 +1133,8 @@ public class PolicyAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1216,10 +1142,8 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1228,28 +1152,25 @@ public class PolicyAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
index 1cfab0b6..1ae8def1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
@@ -53,14 +52,12 @@ import com.netscape.certsrv.property.IDescriptor;
import com.netscape.certsrv.registry.IPluginInfo;
import com.netscape.certsrv.registry.IPluginRegistry;
-
/**
* This class is an administration servlet for policy management.
- *
- * Each service (CA, KRA, RA) should be responsible
- * for registering an instance of this with the remote
- * administration subsystem.
- *
+ *
+ * Each service (CA, KRA, RA) should be responsible for registering an instance
+ * of this with the remote administration subsystem.
+ *
* @version $Revision$, $Date$
*/
public class ProfileAdminServlet extends AdminServlet {
@@ -72,8 +69,7 @@ public class ProfileAdminServlet extends AdminServlet {
public final static String PROP_AUTHORITY = "authority";
private final static String INFO = "ProfileAdminServlet";
- private final static String PW_PASSWORD_CACHE_ADD =
- "PASSWORD_CACHE_ADD";
+ private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD";
public final static String PROP_PREDICATE = "predicate";
private IAuthority mAuthority = null;
@@ -96,8 +92,7 @@ public class ProfileAdminServlet extends AdminServlet {
public static String MISSING_POLICY_ORDERING = "Missing policy ordering";
public static String BAD_CONFIGURATION_VAL = "Invalid configuration value.";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE =
- "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE = "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
/**
* Constructs administration servlet.
@@ -116,7 +111,8 @@ public class ProfileAdminServlet extends AdminServlet {
if (authority != null)
mAuthority = (IAuthority) CMS.getSubsystem(authority);
mRegistry = (IPluginRegistry) CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
- mProfileSub = (IProfileSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_PROFILE);
+ mProfileSub = (IProfileSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_PROFILE);
}
/**
@@ -132,10 +128,12 @@ public class ProfileAdminServlet extends AdminServlet {
if (ext_info instanceof IPolicyRule) {
if (nvps.getPair(IPolicyRule.PROP_ENABLE) == null) {
- nvps.add(IPolicyRule.PROP_ENABLE, "boolean;Enable this policy rule");
+ nvps.add(IPolicyRule.PROP_ENABLE,
+ "boolean;Enable this policy rule");
}
if (nvps.getPair(PROP_PREDICATE) == null) {
- nvps.add(PROP_PREDICATE, "string;Rules describing when this policy should run.");
+ nvps.add(PROP_PREDICATE,
+ "string;Rules describing when this policy should run.");
}
}
}
@@ -143,9 +141,8 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Serves HTTP admin request.
*/
- public void service(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void service(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
super.service(req, resp);
super.authenticate(req);
@@ -153,7 +150,7 @@ public class ProfileAdminServlet extends AdminServlet {
AUTHZ_RES_NAME = "certServer.profile.configuration";
String scope = req.getParameter(Constants.OP_SCOPE);
- CMS.debug("ProfileAdminServlet: service scope: " + scope);
+ CMS.debug("ProfileAdminServlet: service scope: " + scope);
if (scope.equals(ScopeDef.SC_PROFILE_RULES)) {
processProfileRuleMgmt(req, resp);
} else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) {
@@ -176,33 +173,30 @@ public class ProfileAdminServlet extends AdminServlet {
sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
}
- private boolean readAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean readAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return false;
}
return true;
}
- private boolean modifyAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean modifyAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return false;
}
return true;
}
public void processProfilePolicy(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -222,8 +216,7 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processProfileInput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -244,8 +237,7 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processProfileOutput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -266,8 +258,7 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processProfileInputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -283,8 +274,7 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processProfileOutputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -300,8 +290,7 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processPolicyDefaultConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -321,8 +310,7 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void processPolicyConstraintConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -346,8 +334,7 @@ public class ProfileAdminServlet extends AdminServlet {
* Process Policy Implementation Management.
*/
public void processPolicyImplMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -356,13 +343,11 @@ public class ProfileAdminServlet extends AdminServlet {
return;
listProfileImpls(req, resp);
} else
- sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp);
}
public void processProfileRuleMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
@@ -387,16 +372,14 @@ public class ProfileAdminServlet extends AdminServlet {
return;
modifyProfileInstance(req, resp);
} else
- sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp);
}
/**
* Lists all registered profile impementations
*/
public void listProfileImpls(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
Enumeration impls = mRegistry.getIds("profile");
NameValuePairs nvp = new NameValuePairs();
@@ -405,29 +388,30 @@ public class ProfileAdminServlet extends AdminServlet {
String id = (String) impls.nextElement();
IPluginInfo info = mRegistry.getPluginInfo("profile", id);
- nvp.add(id, info.getClassName() + "," +
- info.getDescription(getLocale(req)));
- }
+ nvp.add(id,
+ info.getClassName() + ","
+ + info.getDescription(getLocale(req)));
+ }
sendResponse(SUCCESS, null, nvp, resp);
}
/**
* Add policy profile
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addProfilePolicy(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -452,10 +436,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -464,11 +446,9 @@ public class ProfileAdminServlet extends AdminServlet {
}
if (mProfileSub.isProfileEnable(profileId)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),
- "CMS_PROFILE_CREATE_POLICY_FAILED",
- "Profile is currently enabled"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED",
+ "Profile is currently enabled"), null, resp);
return;
}
@@ -480,51 +460,42 @@ public class ProfileAdminServlet extends AdminServlet {
try {
if (!isValidId(setId)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),
- "CMS_PROFILE_CREATE_POLICY_FAILED",
- "Invalid set id " + setId),
- null, resp);
- return;
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED",
+ "Invalid set id " + setId), null, resp);
+ return;
}
if (!isValidId(pId)) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req),
- "CMS_PROFILE_CREATE_POLICY_FAILED",
- "Invalid policy id " + pId),
- null, resp);
- return;
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED",
+ "Invalid policy id " + pId), null, resp);
+ return;
}
- policy = profile.createProfilePolicy(setId, pId,
- defImpl, conImpl);
+ policy = profile.createProfilePolicy(setId, pId, defImpl,
+ conImpl);
} catch (EBaseException e1) {
// error
- CMS.debug("ProfileAdminServlet: addProfilePolicy " +
- e1.toString());
+ CMS.debug("ProfileAdminServlet: addProfilePolicy "
+ + e1.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED",
- e1.toString()),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_POLICY_FAILED", e1.toString()),
+ null, resp);
return;
}
NameValuePairs nvp = new NameValuePairs();
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -532,47 +503,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Add profile input
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
- public void addProfileInput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void addProfileInput(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -595,10 +564,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -629,16 +596,13 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED",
- e1.toString()),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_INPUT_FAILED", e1.toString()),
+ null, resp);
return;
}
@@ -647,10 +611,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -658,47 +620,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Add profile output
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addProfileOutput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -721,10 +681,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -749,23 +707,20 @@ public class ProfileAdminServlet extends AdminServlet {
}
try {
- output = profile.createProfileOutput(outputId, outputImpl,
- nvps);
+ output = profile
+ .createProfileOutput(outputId, outputImpl, nvps);
} catch (EBaseException e1) {
// error
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED",
- e1.toString()),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_PROFILE_CREATE_OUTPUT_FAILED", e1.toString()),
+ null, resp);
return;
}
@@ -774,10 +729,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -785,47 +738,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Delete policy profile
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deleteProfilePolicy(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -857,10 +808,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -879,10 +828,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -894,10 +841,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -905,47 +850,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Delete profile input
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deleteProfileInput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -968,8 +911,10 @@ public class ProfileAdminServlet extends AdminServlet {
if (name.equals("INPUTID"))
inputId = req.getParameter(name);
}
- CMS.debug("ProfileAdminServlet: deleteProfileInput profileId -> " + profileId);
- CMS.debug("ProfileAdminServlet: deleteProfileInput inputId -> " + inputId);
+ CMS.debug("ProfileAdminServlet: deleteProfileInput profileId -> "
+ + profileId);
+ CMS.debug("ProfileAdminServlet: deleteProfileInput inputId -> "
+ + inputId);
IProfile profile = null;
try {
@@ -979,10 +924,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -996,10 +939,8 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (EBaseException e1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1011,10 +952,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1022,47 +961,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Delete profile output
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deleteProfileOutput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1085,8 +1022,10 @@ public class ProfileAdminServlet extends AdminServlet {
if (name.equals("OUTPUTID"))
outputId = req.getParameter(name);
}
- CMS.debug("ProfileAdminServlet: deleteProfileOutput profileId -> " + profileId);
- CMS.debug("ProfileAdminServlet: deleteProfileOutput outputId -> " + outputId);
+ CMS.debug("ProfileAdminServlet: deleteProfileOutput profileId -> "
+ + profileId);
+ CMS.debug("ProfileAdminServlet: deleteProfileOutput outputId -> "
+ + outputId);
IProfile profile = null;
try {
@@ -1096,10 +1035,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1107,16 +1044,15 @@ public class ProfileAdminServlet extends AdminServlet {
return;
}
- CMS.debug("ProfileAdminServlet: deleteProfileOutput profile -> " + profile);
+ CMS.debug("ProfileAdminServlet: deleteProfileOutput profile -> "
+ + profile);
try {
profile.deleteProfileOutput(outputId);
} catch (EBaseException e1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1128,10 +1064,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1139,47 +1073,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Add default policy profile configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addPolicyDefaultConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1201,16 +1133,14 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
sendResponse(ERROR, null, null, resp);
return;
- }
+ }
StringTokenizer ss = new StringTokenizer(policyId, ":");
String setId = ss.nextToken();
@@ -1219,7 +1149,7 @@ public class ProfileAdminServlet extends AdminServlet {
IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
IPolicyDefault def = policy.getDefault();
IConfigStore defConfig = def.getConfigStore();
-
+
Enumeration names = req.getParameterNames();
while (names.hasMoreElements()) {
@@ -1232,28 +1162,28 @@ public class ProfileAdminServlet extends AdminServlet {
if (name.equals("RS_ID"))
continue;
try {
- def.setConfig(name,req.getParameter(name));
+ def.setConfig(name, req.getParameter(name));
} catch (EPropertyException e) {
- CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
- try {
- profile.deleteProfilePolicy(setId, pId);
- } catch (Exception e11) {}
- sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
- return;
+ CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+ try {
+ profile.deleteProfilePolicy(setId, pId);
+ } catch (Exception e11) {
+ }
+ sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+ return;
}
- // defConfig.putString("params." + name, req.getParameter(name));
+ // defConfig.putString("params." + name,
+ // req.getParameter(name));
}
try {
profile.getConfigStore().commit(false);
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1264,10 +1194,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1275,47 +1203,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Add policy constraints profile configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addPolicyConstraintConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1337,16 +1263,14 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
sendResponse(ERROR, null, null, resp);
return;
- }
+ }
StringTokenizer ss = new StringTokenizer(policyId, ":");
String setId = ss.nextToken();
@@ -1369,28 +1293,28 @@ public class ProfileAdminServlet extends AdminServlet {
continue;
try {
- con.setConfig(name,req.getParameter(name));
+ con.setConfig(name, req.getParameter(name));
} catch (EPropertyException e) {
- CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
- try {
- profile.deleteProfilePolicy(setId, pId);
- } catch (Exception e11) {}
- sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
- return;
+ CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
+ try {
+ profile.deleteProfilePolicy(setId, pId);
+ } catch (Exception e11) {
+ }
+ sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+ return;
}
- // conConfig.putString("params." + name, req.getParameter(name));
+ // conConfig.putString("params." + name,
+ // req.getParameter(name));
}
try {
profile.getConfigStore().commit(false);
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1402,10 +1326,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1413,47 +1335,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Modify default policy profile configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyPolicyDefaultConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1475,16 +1395,14 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
sendResponse(ERROR, null, null, resp);
return;
- }
+ }
StringTokenizer ss = new StringTokenizer(policyId, ":");
String setId = ss.nextToken();
@@ -1492,7 +1410,7 @@ public class ProfileAdminServlet extends AdminServlet {
IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
IPolicyDefault def = policy.getDefault();
IConfigStore defConfig = def.getConfigStore();
-
+
Enumeration names = req.getParameterNames();
while (names.hasMoreElements()) {
@@ -1505,25 +1423,24 @@ public class ProfileAdminServlet extends AdminServlet {
if (name.equals("RS_ID"))
continue;
try {
- def.setConfig(name,req.getParameter(name));
+ def.setConfig(name, req.getParameter(name));
} catch (EPropertyException e) {
- CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
- sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
- return;
+ CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+ sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+ return;
}
- // defConfig.putString("params." + name, req.getParameter(name));
+ // defConfig.putString("params." + name,
+ // req.getParameter(name));
}
try {
profile.getConfigStore().commit(false);
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1534,10 +1451,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1545,47 +1460,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Modify profile input configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyInputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1607,10 +1520,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1639,10 +1550,8 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1653,10 +1562,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1664,47 +1571,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Modify profile output configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyOutputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1726,10 +1631,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1751,18 +1654,16 @@ public class ProfileAdminServlet extends AdminServlet {
continue;
if (name.equals("RS_ID"))
continue;
- outputConfig.putString("params." + name,
- req.getParameter(name));
+ outputConfig
+ .putString("params." + name, req.getParameter(name));
}
try {
profile.getConfigStore().commit(false);
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1773,10 +1674,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1784,47 +1683,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Modify policy constraints profile configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyPolicyConstraintConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1846,16 +1743,14 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
sendResponse(ERROR, null, null, resp);
return;
- }
+ }
StringTokenizer ss = new StringTokenizer(policyId, ":");
String setId = ss.nextToken();
@@ -1866,7 +1761,8 @@ public class ProfileAdminServlet extends AdminServlet {
Enumeration names = req.getParameterNames();
- CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con);
+ CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy "
+ + policy + " con " + con);
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
@@ -1877,27 +1773,27 @@ public class ProfileAdminServlet extends AdminServlet {
if (name.equals("RS_ID"))
continue;
- // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name + " val " + req.getParameter(name));
+ // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name"
+ // + name + " val " + req.getParameter(name));
try {
- con.setConfig(name,req.getParameter(name));
+ con.setConfig(name, req.getParameter(name));
} catch (EPropertyException e) {
- CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
- sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
- return;
+ CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
+ sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+ return;
}
- //conConfig.putString("params." + name, req.getParameter(name));
+ // conConfig.putString("params." + name,
+ // req.getParameter(name));
}
try {
profile.getConfigStore().commit(false);
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1909,10 +1805,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1920,33 +1814,30 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
public void getPolicyDefaultConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
StringTokenizer st = new StringTokenizer(id, ";");
@@ -1958,9 +1849,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(profileId);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - "
+ + "profile is null!");
+ throw new ServletException(e1.toString());
}
IProfilePolicy policy = null;
@@ -1983,22 +1874,26 @@ public class ProfileAdminServlet extends AdminServlet {
if (desc == null) {
nvp.add(name, ";" + ";" + rule.getConfig(name));
} else {
- nvp.add(name, desc.getSyntax() + ";" + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name));
+ nvp.add(name,
+ desc.getSyntax() + ";" + ";"
+ + getNonNull(desc.getConstraint()) + ";"
+ + desc.getDescription(getLocale(req)) + ";"
+ + rule.getConfig(name));
}
}
sendResponse(SUCCESS, null, nvp, resp);
}
public void getPolicyConstraintConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
- String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST);
+ String constraintsList = req
+ .getParameter(Constants.PR_CONSTRAINTS_LIST);
// this one gets called when one of the elements in the default list get
// selected, then it returns the list of supported constraintsPolicy
if (constraintsList != null) {
-
+
}
StringTokenizer st = new StringTokenizer(id, ";");
@@ -2010,9 +1905,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(profileId);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - "
+ + "profile is null!");
+ throw new ServletException(e1.toString());
}
StringTokenizer ss = new StringTokenizer(policyId, ":");
@@ -2031,15 +1926,18 @@ public class ProfileAdminServlet extends AdminServlet {
if (desc == null) {
nvp.add(name, ";" + rule.getConfig(name));
} else {
- nvp.add(name, desc.getSyntax() + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + rule.getConfig(name));
+ nvp.add(name,
+ desc.getSyntax() + ";"
+ + getNonNull(desc.getConstraint()) + ";"
+ + desc.getDescription(getLocale(req)) + ";"
+ + rule.getConfig(name));
}
}
sendResponse(SUCCESS, null, nvp, resp);
}
public void getProfilePolicy(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
// only allow profile retrival if it is disabled
@@ -2049,9 +1947,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(id);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getProfilePolicy() - "
+ + "profile is null!");
+ throw new ServletException(e1.toString());
}
NameValuePairs nvp = new NameValuePairs();
@@ -2073,9 +1971,9 @@ public class ProfileAdminServlet extends AdminServlet {
IPolicyConstraint con = policy.getConstraint();
IConfigStore conConfig = con.getConfigStore();
- nvp.add(setId + ":" + policy.getId(),
- def.getName(getLocale(req)) + ";" +
- con.getName(getLocale(req)));
+ nvp.add(setId + ":" + policy.getId(),
+ def.getName(getLocale(req)) + ";"
+ + con.getName(getLocale(req)));
}
}
@@ -2083,17 +1981,16 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getProfileOutput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
IProfile profile = null;
try {
profile = mProfileSub.getProfile(id);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getProfileOutput() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getProfileOutput() - "
+ + "profile is null!");
+ throw new ServletException(e1.toString());
}
NameValuePairs nvp = new NameValuePairs();
@@ -2109,18 +2006,17 @@ public class ProfileAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, nvp, resp);
}
- public void getProfileInput(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void getProfileInput(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
IProfile profile = null;
try {
profile = mProfileSub.getProfile(id);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getProfileInput() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getProfileInput() - "
+ + "profile is null!");
+ throw new ServletException(e1.toString());
}
NameValuePairs nvp = new NameValuePairs();
@@ -2136,10 +2032,9 @@ public class ProfileAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, nvp, resp);
}
- public void getInputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
-
+ public void getInputConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
String id = req.getParameter(Constants.RS_ID);
StringTokenizer st = new StringTokenizer(id, ";");
String profileId = st.nextToken();
@@ -2149,9 +2044,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(profileId);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getInputConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getInputConfig() - "
+ + "profile is null!");
+ throw new ServletException(e1.toString());
}
IProfileInput profileInput = null;
@@ -2162,24 +2057,24 @@ public class ProfileAdminServlet extends AdminServlet {
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
- IDescriptor desc = profileInput.getConfigDescriptor(
- getLocale(req), name);
+ IDescriptor desc = profileInput.getConfigDescriptor(getLocale(req),
+ name);
if (desc == null) {
nvp.add(name, ";" + ";" + profileInput.getConfig(name));
} else {
- nvp.add(name, desc.getSyntax() + ";" +
- getNonNull(desc.getConstraint()) + ";" +
- desc.getDescription(getLocale(req)) + ";" +
- profileInput.getConfig(name));
+ nvp.add(name,
+ desc.getSyntax() + ";"
+ + getNonNull(desc.getConstraint()) + ";"
+ + desc.getDescription(getLocale(req)) + ";"
+ + profileInput.getConfig(name));
}
}
sendResponse(SUCCESS, null, nvp, resp);
}
- public void getOutputConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void getOutputConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
StringTokenizer st = new StringTokenizer(id, ";");
@@ -2190,9 +2085,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(profileId);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getOutputConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getOutputConfig() - "
+ + "profile is null!");
+ throw new ServletException(e1.toString());
}
IProfileOutput profileOutput = null;
@@ -2204,14 +2099,15 @@ public class ProfileAdminServlet extends AdminServlet {
while (names.hasMoreElements()) {
String name = (String) names.nextElement();
IDescriptor desc = profileOutput.getConfigDescriptor(
- getLocale(req), name);
+ getLocale(req), name);
if (desc == null) {
nvp.add(name, ";" + ";" + profileOutput.getConfig(name));
} else {
- nvp.add(name, desc.getSyntax() + ";" +
- getNonNull(desc.getConstraint()) + ";" +
- desc.getDescription(getLocale(req)) + ";" +
- profileOutput.getConfig(name));
+ nvp.add(name,
+ desc.getSyntax() + ";"
+ + getNonNull(desc.getConstraint()) + ";"
+ + desc.getDescription(getLocale(req)) + ";"
+ + profileOutput.getConfig(name));
}
}
@@ -2219,8 +2115,7 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void listProfileInstances(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
NameValuePairs nvp = new NameValuePairs();
Enumeration e = mProfileSub.getProfileIds();
@@ -2234,7 +2129,7 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (EBaseException e1) {
// error
}
-
+
String status = null;
if (mProfileSub.isProfileEnable(profileId)) {
@@ -2250,8 +2145,7 @@ public class ProfileAdminServlet extends AdminServlet {
}
public void getProfileInstanceConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
IProfile profile = null;
@@ -2259,9 +2153,9 @@ public class ProfileAdminServlet extends AdminServlet {
try {
profile = mProfileSub.getProfile(id);
} catch (EBaseException e1) {
- CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " +
- "profile is null!" );
- throw new ServletException( e1.toString() );
+ CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - "
+ + "profile is null!");
+ throw new ServletException(e1.toString());
}
NameValuePairs nvp = new NameValuePairs();
@@ -2269,8 +2163,7 @@ public class ProfileAdminServlet extends AdminServlet {
nvp.add("name", profile.getName(getLocale(req)));
nvp.add("desc", profile.getDescription(getLocale(req)));
nvp.add("visible", Boolean.toString(profile.isVisible()));
- nvp.add("enable", Boolean.toString(
- mProfileSub.isProfileEnable(id)));
+ nvp.add("enable", Boolean.toString(mProfileSub.isProfileEnable(id)));
String authid = profile.getAuthenticatorId();
@@ -2288,20 +2181,20 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Delete profile instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void deleteProfileInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2314,10 +2207,8 @@ public class ProfileAdminServlet extends AdminServlet {
if (id == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2327,51 +2218,47 @@ public class ProfileAdminServlet extends AdminServlet {
String config = null;
- ISubsystem subsystem = CMS.getSubsystem("ca");
+ ISubsystem subsystem = CMS.getSubsystem("ca");
String subname = "ca";
- if (subsystem == null)
- subname = "ra";
+ if (subsystem == null)
+ subname = "ra";
try {
- config = CMS.getConfigStore().getString("instanceRoot") +
- "/profiles/" + subname + "/" + id + ".cfg";
+ config = CMS.getConfigStore().getString("instanceRoot")
+ + "/profiles/" + subname + "/" + id + ".cfg";
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
sendResponse(ERROR, null, null, resp);
return;
}
-
+
try {
mProfileSub.deleteProfile(id, config);
} catch (EProfileException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), e.toString(), id), null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), e.toString(), id),
+ null, resp);
return;
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -2379,32 +2266,29 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
- public void
- putUserPWPair(String combo) {
+ public void putUserPWPair(String combo) {
int semicolon;
semicolon = combo.indexOf(";");
@@ -2414,12 +2298,11 @@ public class ProfileAdminServlet extends AdminServlet {
CMS.putPasswordCache(user, pw);
}
- public boolean isValidId(String id)
- {
+ public boolean isValidId(String id) {
for (int i = 0; i < id.length(); i++) {
- char c = id.charAt(i);
- if (!Character.isLetterOrDigit(c))
- return false;
+ char c = id.charAt(i);
+ if (!Character.isLetterOrDigit(c))
+ return false;
}
return true;
}
@@ -2427,20 +2310,20 @@ public class ProfileAdminServlet extends AdminServlet {
/**
* Add profile instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void addProfileInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2453,10 +2336,8 @@ public class ProfileAdminServlet extends AdminServlet {
if (id == null || id.trim().equals("") || !isValidId(id)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2468,14 +2349,14 @@ public class ProfileAdminServlet extends AdminServlet {
IProfile p = null;
try {
- p = mProfileSub.getProfile(id);
+ p = mProfileSub.getProfile(id);
} catch (EProfileException e1) {
}
if (p != null) {
sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp);
return;
}
-
+
String impl = req.getParameter("impl");
String name = req.getParameter("name");
String desc = req.getParameter("desc");
@@ -2490,14 +2371,13 @@ public class ProfileAdminServlet extends AdminServlet {
subname = "ra";
try {
- config = CMS.getConfigStore().getString("instanceRoot") + "/profiles/" + subname + "/" + id + ".cfg";
+ config = CMS.getConfigStore().getString("instanceRoot")
+ + "/profiles/" + subname + "/" + id + ".cfg";
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2517,10 +2397,9 @@ public class ProfileAdminServlet extends AdminServlet {
// create profile
try {
profile = mProfileSub.createProfile(id, impl,
- info.getClassName(),
- config);
- profile.setName(getLocale(req), name);
- profile.setDescription(getLocale(req), name);
+ info.getClassName(), config);
+ profile.setName(getLocale(req), name);
+ profile.setDescription(getLocale(req), name);
if (visible != null && visible.equals("true")) {
profile.setVisible(true);
} else {
@@ -2531,19 +2410,17 @@ public class ProfileAdminServlet extends AdminServlet {
mProfileSub.createProfileConfig(id, impl, config);
if (profile instanceof IProfileEx) {
- // populates profile specific plugins such as
- // policies, inputs and outputs
- ((IProfileEx)profile).populate();
- }
+ // populates profile specific plugins such as
+ // policies, inputs and outputs
+ ((IProfileEx) profile).populate();
+ }
} catch (Exception e) {
CMS.debug("ProfileAdminServlet: " + e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2553,10 +2430,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -2564,47 +2439,45 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
/**
* Modify profile instance
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
* configuring cert profile (general settings and cert profile; obsoletes
* extensions and constraints policies)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
*/
public void modifyProfileInstance(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2623,10 +2496,8 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2651,15 +2522,13 @@ public class ProfileAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
try {
- profile.getConfigStore().commit(false);
+ profile.getConfigStore().commit(false);
} catch (Exception e) {
}
@@ -2667,35 +2536,32 @@ public class ProfileAdminServlet extends AdminServlet {
} catch (IOException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
}
- protected String getNonNull(String s) {
- if (s == null)
- return "";
- return s;
- }
+ protected String getNonNull(String s) {
+ if (s == null)
+ return "";
+ return s;
+ }
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
index 2842542e..32e610fa 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -68,12 +67,11 @@ import com.netscape.certsrv.publish.RulePlugin;
import com.netscape.certsrv.security.ICryptoSubsystem;
import com.netscape.cmsutil.password.IPasswordStore;
-
/**
- * A class representing an publishing servlet for the
- * Publishing subsystem. This servlet is responsible
- * to serve configuration requests for the Publishing subsystem.
- *
+ * A class representing an publishing servlet for the Publishing subsystem. This
+ * servlet is responsible to serve configuration requests for the Publishing
+ * subsystem.
+ *
* @version $Revision$, $Date$
*/
public class PublisherAdminServlet extends AdminServlet {
@@ -85,8 +83,7 @@ public class PublisherAdminServlet extends AdminServlet {
public final static String PROP_AUTHORITY = "authority";
private final static String INFO = "PublisherAdminServlet";
- private final static String PW_TAG_CA_LDAP_PUBLISHING =
- "CA LDAP Publishing";
+ private final static String PW_TAG_CA_LDAP_PUBLISHING = "CA LDAP Publishing";
public final static String NOMAPPER = "<NONE>";
private IPublisherProcessor mProcessor = null;
private IAuthority mAuth = null;
@@ -109,23 +106,25 @@ public class PublisherAdminServlet extends AdminServlet {
mAuth = (IAuthority) CMS.getSubsystem(authority);
if (mAuth != null)
if (mAuth instanceof ICertificateAuthority) {
- mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor();
- } else
- throw new ServletException(authority + " does not have publishing processor!");
+ mProcessor = ((ICertificateAuthority) mAuth)
+ .getPublisherProcessor();
+ } else
+ throw new ServletException(authority
+ + " does not have publishing processor!");
}
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Serves HTTP admin request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
CMS.debug("PublisherAdminServlet: in service");
@@ -133,14 +132,13 @@ public class PublisherAdminServlet extends AdminServlet {
String op = req.getParameter(Constants.OP_TYPE);
if (op == null) {
- //System.out.println("SRVLT_INVALID_PROTOCOL");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ // System.out.println("SRVLT_INVALID_PROTOCOL");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp);
return;
}
- // for the rest
+ // for the rest
try {
super.authenticate(req);
@@ -149,8 +147,8 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
} catch (IOException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp);
return;
}
try {
@@ -159,9 +157,8 @@ public class PublisherAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP)) {
@@ -188,13 +185,12 @@ public class PublisherAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
getRuleInstConfig(req, resp);
return;
- }
+ }
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP)) {
@@ -213,21 +209,19 @@ public class PublisherAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_PROCESS)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP)) {
testSetLDAPDest(req, resp);
return;
- }
+ }
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -242,7 +236,7 @@ public class PublisherAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) {
listMapperInsts(req, resp);
return;
- } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
+ } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
listRulePlugins(req, resp);
return;
} else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
@@ -252,9 +246,8 @@ public class PublisherAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -275,13 +268,12 @@ public class PublisherAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
addRuleInst(req, resp, scope);
return;
- }
+ }
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -304,31 +296,27 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op), null, resp);
return;
}
} else {
- //System.out.println("SRVLT_INVALID_OP_SCOPE");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ // System.out.println("SRVLT_INVALID_OP_SCOPE");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
} catch (EBaseException e) {
sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
- }
- //System.out.println("SRVLT_FAIL_PERFORM 2");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ }
+ // System.out.println("SRVLT_FAIL_PERFORM 2");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp);
return;
}
- private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor
- p) {
+ private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor p) {
Enumeration mappers = p.getMapperInsts().keys();
Enumeration publishers = p.getPublisherInsts().keys();
@@ -337,11 +325,11 @@ public class PublisherAdminServlet extends AdminServlet {
for (; mappers.hasMoreElements();) {
String name = (String) mappers.nextElement();
- if (map.length()== 0) {
- map.append(name);
+ if (map.length() == 0) {
+ map.append(name);
} else {
- map.append(",");
- map.append(name);
+ map.append(",");
+ map.append(name);
}
}
StringBuffer publish = new StringBuffer();
@@ -355,16 +343,19 @@ public class PublisherAdminServlet extends AdminServlet {
String epi[] = new String[] {
"type;choice(cacert,crl,certs,xcert);The certType of the request",
- "mapper;choice(" + map.toString() + ");Use the mapper to find the ldap dn to publish the certificate or crl",
- "publisher;choice(" + publish.toString() + ");Use the publisher to publish the certificate or crl a directory etc",
- "enable;boolean;",
- "predicate;string;"
- };
+ "mapper;choice("
+ + map.toString()
+ + ");Use the mapper to find the ldap dn to publish the certificate or crl",
+ "publisher;choice("
+ + publish.toString()
+ + ");Use the publisher to publish the certificate or crl a directory etc",
+ "enable;boolean;", "predicate;string;" };
return new ExtendedPluginInfo(epi);
}
- private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+ private NameValuePairs getExtendedPluginInfo(Locale locale,
+ String implType, String implName) {
IExtendedPluginInfo ext_info = null;
Object impl = null;
@@ -374,19 +365,20 @@ public class PublisherAdminServlet extends AdminServlet {
// Should get the registered rules from processor
// instead of plugin
- // OLD: impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
+ // OLD: impl =
+ // getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
impl = getExtendedPluginInfo(p_processor);
} else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) {
IPublisherProcessor p_processor = mProcessor;
- Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(implName
- );
+ Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(
+ implName);
impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
- } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)
- ) {
+ } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) {
IPublisherProcessor p_processor = mProcessor;
- Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(implName);
+ Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(
+ implName);
impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
}
@@ -401,21 +393,22 @@ public class PublisherAdminServlet extends AdminServlet {
if (ext_info == null) {
nvps = new NameValuePairs();
} else {
- nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
+ nvps = convertStringArrayToNVPairs(ext_info
+ .getExtendedPluginInfo(locale));
}
return nvps;
}
- /**
- * retrieve extended plugin info such as brief description, type info
- * from policy, authentication,
- * need to add: listener, mapper and publishing plugins
+ /**
+ * retrieve extended plugin info such as brief description, type info from
+ * policy, authentication, need to add: listener, mapper and publishing
+ * plugins
*/
private void getExtendedPluginInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
int colon = id.indexOf(':');
@@ -423,19 +416,20 @@ public class PublisherAdminServlet extends AdminServlet {
String implType = id.substring(0, colon);
String implName = id.substring(colon + 1);
- NameValuePairs params =
- getExtendedPluginInfo(getLocale(req), implType, implName);
+ NameValuePairs params = getExtendedPluginInfo(getLocale(req), implType,
+ implName);
sendResponse(SUCCESS, null, params, resp);
}
-
- private void getLDAPDest(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+
+ private void getLDAPDest(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mAuth.getConfigStore();
- IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
- IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
+ IConfigStore publishcfg = config
+ .getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
+ IConfigStore ldapcfg = publishcfg
+ .getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
Enumeration e = req.getParameterNames();
@@ -464,53 +458,63 @@ public class PublisherAdminServlet extends AdminServlet {
if (name.equals(Constants.PR_PUBLISHING_QUEUE_STATUS))
continue;
if (name.equals(Constants.PR_CERT_NAMES)) {
- ICryptoSubsystem jss = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jss = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
params.add(name, jss.getAllCerts());
} else {
String value = ldap.getString(name, "");
if (value == null || value.equals("")) {
- if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + "." + ILdapConnInfo.PROP_HOST)) {
- value = mConfig.getString(ConfigConstants.PR_MACHINE_NAME, null);
- } else if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO + "." + ILdapConnInfo.PROP_PORT)) {
+ if (name.equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO
+ + "." + ILdapConnInfo.PROP_HOST)) {
+ value = mConfig.getString(
+ ConfigConstants.PR_MACHINE_NAME, null);
+ } else if (name
+ .equals(ILdapBoundConnFactory.PROP_LDAPCONNINFO
+ + "." + ILdapConnInfo.PROP_PORT)) {
value = ILdapConnInfo.PROP_PORT_DEFAULT;
- } else if (name.equals(ILdapBoundConnFactory.PROP_LDAPAUTHINFO + "." + ILdapAuthInfo.PROP_BINDDN)) {
+ } else if (name
+ .equals(ILdapBoundConnFactory.PROP_LDAPAUTHINFO
+ + "." + ILdapAuthInfo.PROP_BINDDN)) {
value = ILdapAuthInfo.PROP_BINDDN_DEFAULT;
}
}
params.add(name, value);
}
}
- params.add(Constants.PR_PUBLISHING_ENABLE,
- publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
- params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE));
- params.add(Constants.PR_PUBLISHING_QUEUE_THREADS,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3"));
- params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40"));
- params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0"));
- params.add(Constants.PR_PUBLISHING_QUEUE_STATUS,
- publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200"));
- params.add(Constants.PR_ENABLE,
- ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
+ params.add(Constants.PR_PUBLISHING_ENABLE, publishcfg.getString(
+ IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
+ params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE, publishcfg.getString(
+ Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE));
+ params.add(Constants.PR_PUBLISHING_QUEUE_THREADS, publishcfg.getString(
+ Constants.PR_PUBLISHING_QUEUE_THREADS, "3"));
+ params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, publishcfg
+ .getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40"));
+ params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY, publishcfg
+ .getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0"));
+ params.add(Constants.PR_PUBLISHING_QUEUE_STATUS, publishcfg.getString(
+ Constants.PR_PUBLISHING_QUEUE_STATUS, "200"));
+ params.add(Constants.PR_ENABLE, ldapcfg.getString(
+ IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
sendResponse(SUCCESS, null, params, resp);
}
private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
- //Save New Settings to the config file
+ // Save New Settings to the config file
IConfigStore config = mAuth.getConfigStore();
- IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
- IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
+ IConfigStore publishcfg = config
+ .getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
+ IConfigStore ldapcfg = publishcfg
+ .getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
- //set enable flag
- publishcfg.putString(IPublisherProcessor.PROP_ENABLE, req.getParameter(Constants.PR_PUBLISHING_ENABLE));
+ // set enable flag
+ publishcfg.putString(IPublisherProcessor.PROP_ENABLE,
+ req.getParameter(Constants.PR_PUBLISHING_ENABLE));
String enable = req.getParameter(Constants.PR_ENABLE);
ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, enable);
@@ -518,8 +522,8 @@ public class PublisherAdminServlet extends AdminServlet {
// need to disable the ldap module here
mProcessor.setLdapConnModule(null);
}
-
- //set reset of the parameters
+
+ // set reset of the parameters
Enumeration e = req.getParameterNames();
String pwd = null;
@@ -536,9 +540,9 @@ public class PublisherAdminServlet extends AdminServlet {
continue;
if (name.equals(Constants.PR_PUBLISHING_ENABLE))
continue;
- // don't store password in the config file.
- if (name.equals(Constants.PR_BIND_PASSWD))
- continue; // old style password read from config.
+ // don't store password in the config file.
+ if (name.equals(Constants.PR_BIND_PASSWD))
+ continue; // old style password read from config.
if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
pwd = req.getParameter(name);
continue;
@@ -567,40 +571,37 @@ public class PublisherAdminServlet extends AdminServlet {
/* Don't enter the publishing pw into the config store */
ldap.putString(name, req.getParameter(name));
}
-
+
commit(true);
- /* Do a "PUT" of the new pw to the watchdog"
- ** do not remove - cfu
- if (pwd != null)
- CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
+ /*
+ * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu if
+ * (pwd != null) CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
*/
// support publishing dirsrv with different pwd than internaldb
// update passwordFile
String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
IPasswordStore pwdStore = CMS.getPasswordStore();
- CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+ prompt + " to password file");
+ CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "
+ + prompt + " to password file");
pwdStore.putPassword(prompt, pwd);
pwdStore.commit();
CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved");
-/* we'll shut down and restart the PublisherProcessor instead
- // what a hack to do this without require restart server
-// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
- ILdapConnModule connModule = mProcessor.getLdapConnModule();
- ILdapAuthInfo authInfo = null;
- if (connModule != null) {
- authInfo = connModule.getLdapAuthInfo();
- }
-
-// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
- if (authInfo != null) {
- CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache");
- authInfo.addPassword(prompt, pwd);
- } else
- CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null");
-*/
+ /*
+ * we'll shut down and restart the PublisherProcessor instead // what a
+ * hack to do this without require restart server // ILdapAuthInfo
+ * authInfo = CMS.getLdapAuthInfo(); ILdapConnModule connModule =
+ * mProcessor.getLdapConnModule(); ILdapAuthInfo authInfo = null; if
+ * (connModule != null) { authInfo = connModule.getLdapAuthInfo(); }
+ *
+ * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if (authInfo
+ * != null) { CMS.debug(
+ * "PublisherAdminServlet: setLDAPDest(): adding password to memory cache"
+ * ); authInfo.addPassword(prompt, pwd); } else
+ * CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null");
+ */
try {
CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor");
@@ -610,27 +611,32 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (Exception ex) {
// force to save the config even there is error
// ignore any exception
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP", ex.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP",
+ ex.toString()));
}
- //XXX See if we can dynamically in B2
+ // XXX See if we can dynamically in B2
sendResponse(SUCCESS, null, null, resp);
}
- private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private void testSetLDAPDest(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
CMS.debug("PublisherAdmineServlet: in testSetLDAPDest");
- //Save New Settings to the config file
+ // Save New Settings to the config file
IConfigStore config = mAuth.getConfigStore();
- IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
- IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
+ IConfigStore publishcfg = config
+ .getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
+ IConfigStore ldapcfg = publishcfg
+ .getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
- //set enable flag
- publishcfg.putString(IPublisherProcessor.PROP_ENABLE,
- req.getParameter(Constants.PR_PUBLISHING_ENABLE));
+ // set enable flag
+ publishcfg.putString(IPublisherProcessor.PROP_ENABLE,
+ req.getParameter(Constants.PR_PUBLISHING_ENABLE));
String ldapPublish = req.getParameter(Constants.PR_ENABLE);
ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish);
@@ -639,7 +645,7 @@ public class PublisherAdminServlet extends AdminServlet {
mProcessor.setLdapConnModule(null);
}
- //set reset of the parameters
+ // set reset of the parameters
Enumeration e = req.getParameterNames();
String pwd = null;
@@ -656,9 +662,9 @@ public class PublisherAdminServlet extends AdminServlet {
continue;
if (name.equals(Constants.PR_PUBLISHING_ENABLE))
continue;
- // don't store password in the config file.
- if (name.equals(Constants.PR_BIND_PASSWD))
- continue; // old style password read from config.
+ // don't store password in the config file.
+ if (name.equals(Constants.PR_BIND_PASSWD))
+ continue; // old style password read from config.
if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
pwd = req.getParameter(name);
continue;
@@ -687,84 +693,112 @@ public class PublisherAdminServlet extends AdminServlet {
/* Don't enter the publishing pw into the config store */
ldap.putString(name, req.getParameter(name));
}
-
+
// test before commit
- if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
- ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
- params.add("title",
- "You've attempted to configure CMS to connect" +
- " to a LDAP directory. The connection status is" +
- " as follows:\n \n");
+ if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)
+ && ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
+ params.add("title", "You've attempted to configure CMS to connect"
+ + " to a LDAP directory. The connection status is"
+ + " as follows:\n \n");
LDAPConnection conn = null;
- ILdapConnInfo connInfo =
- CMS.getLdapConnInfo(ldap.getSubStore(
- ILdapBoundConnFactory.PROP_LDAPCONNINFO));
- //LdapAuthInfo authInfo =
- //new LdapAuthInfo(ldap.getSubStore(
- // ILdapBoundConnFactory.PROP_LDAPAUTHINFO));
- String host = connInfo.getHost();
+ ILdapConnInfo connInfo = CMS.getLdapConnInfo(ldap
+ .getSubStore(ILdapBoundConnFactory.PROP_LDAPCONNINFO));
+ // LdapAuthInfo authInfo =
+ // new LdapAuthInfo(ldap.getSubStore(
+ // ILdapBoundConnFactory.PROP_LDAPAUTHINFO));
+ String host = connInfo.getHost();
int port = connInfo.getPort();
boolean secure = connInfo.getSecure();
- //int authType = authInfo.getAuthType();
+ // int authType = authInfo.getAuthType();
String authType = ldap.getSubStore(
- ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_LDAPAUTHTYPE);
+ ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(
+ ILdapAuthInfo.PROP_LDAPAUTHTYPE);
int version = connInfo.getVersion();
String bindAs = null;
String certNickName = null;
if (authType.equals(ILdapAuthInfo.LDAP_SSLCLIENTAUTH_STR)) {
try {
- //certNickName = authInfo.getParms()[0];
+ // certNickName = authInfo.getParms()[0];
certNickName = ldap.getSubStore(
- ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_CLIENTCERTNICKNAME);
- conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory(
- certNickName));
+ ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(
+ ILdapAuthInfo.PROP_CLIENTCERTNICKNAME);
+ conn = new LDAPConnection(
+ CMS.getLdapJssSSLSocketFactory(certNickName));
CMS.debug("Publishing Test certNickName=" + certNickName);
- params.add(Constants.PR_CONN_INITED,
- "Create ssl LDAPConnection with certificate: " +
- certNickName + dashes(70 - 44 - certNickName.length()) + " Success");
+ params.add(Constants.PR_CONN_INITED,
+ "Create ssl LDAPConnection with certificate: "
+ + certNickName
+ + dashes(70 - 44 - certNickName.length())
+ + " Success");
} catch (Exception ex) {
- params.add(Constants.PR_CONN_INIT_FAIL,
- "Create ssl LDAPConnection with certificate: " +
- certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex);
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(Constants.PR_CONN_INIT_FAIL,
+ "Create ssl LDAPConnection with certificate: "
+ + certNickName
+ + dashes(70 - 44 - certNickName.length())
+ + " failure\n" + " exception: " + ex);
+ params.add(
+ Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then LDAP publishing will fail.\n"
+ + "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
try {
conn.connect(host, port);
- params.add(Constants.PR_CONN_OK,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
- params.add(Constants.PR_AUTH_OK,
- "Authentication: SSL client authentication" +
- dashes(70 - 41) + " Success" +
- "\nBind to the directory as: " + certNickName +
- dashes(70 - 26 - certNickName.length()) + " Success");
+ params.add(
+ Constants.PR_CONN_OK,
+ "Connect to directory server "
+ + host
+ + " at port "
+ + port
+ + dashes(70
+ - 37
+ - host.length()
+ - (Integer.valueOf(port))
+ .toString().length())
+ + " Success");
+ params.add(Constants.PR_AUTH_OK,
+ "Authentication: SSL client authentication"
+ + dashes(70 - 41) + " Success"
+ + "\nBind to the directory as: "
+ + certNickName
+ + dashes(70 - 26 - certNickName.length())
+ + " Success");
} catch (LDAPException ex) {
if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
- params.add(Constants.PR_CONN_FAIL,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
- " Failure\n" +
- " error: server unavailable");
+ params.add(Constants.PR_CONN_FAIL,
+ "Connect to directory server "
+ + host
+ + " at port "
+ + port
+ + dashes(70
+ - 37
+ - host.length()
+ - (Integer.valueOf(port))
+ .toString().length())
+ + " Failure\n"
+ + " error: server unavailable");
} else {
- params.add(Constants.PR_CONN_FAIL,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
- " Failure");
+ params.add(Constants.PR_CONN_FAIL,
+ "Connect to directory server "
+ + host
+ + " at port "
+ + port
+ + dashes(70
+ - 37
+ - host.length()
+ - (Integer.valueOf(port))
+ .toString().length())
+ + " Failure");
}
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(
+ Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then "
+ + "LDAP publishing will fail.\n"
+ + "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
@@ -772,100 +806,133 @@ public class PublisherAdminServlet extends AdminServlet {
try {
if (secure) {
conn = new LDAPConnection(
- CMS.getLdapJssSSLSocketFactory());
- params.add(Constants.PR_CONN_INITED,
- "Create ssl LDAPConnection" +
- dashes(70 - 25) + " Success");
+ CMS.getLdapJssSSLSocketFactory());
+ params.add(Constants.PR_CONN_INITED,
+ "Create ssl LDAPConnection" + dashes(70 - 25)
+ + " Success");
} else {
conn = new LDAPConnection();
- params.add(Constants.PR_CONN_INITED,
- "Create LDAPConnection" +
- dashes(70 - 21) + " Success");
+ params.add(Constants.PR_CONN_INITED,
+ "Create LDAPConnection" + dashes(70 - 21)
+ + " Success");
}
} catch (Exception ex) {
- params.add(Constants.PR_CONN_INIT_FAIL,
- "Create LDAPConnection" +
- dashes(70 - 21) + " Failure\n" +
- "exception: " + ex);
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(Constants.PR_CONN_INIT_FAIL,
+ "Create LDAPConnection" + dashes(70 - 21)
+ + " Failure\n" + "exception: " + ex);
+ params.add(
+ Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then "
+ + "LDAP publishing will fail.\n"
+ + "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
try {
conn.connect(host, port);
- params.add(Constants.PR_CONN_OK,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
+ params.add(
+ Constants.PR_CONN_OK,
+ "Connect to directory server "
+ + host
+ + " at port "
+ + port
+ + dashes(70
+ - 37
+ - host.length()
+ - (Integer.valueOf(port))
+ .toString().length())
+ + " Success");
} catch (LDAPException ex) {
if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
// need to intercept this because message from LDAP is
// "DSA is unavailable" which confuses with DSA PKI.
- params.add(Constants.PR_CONN_FAIL,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
- "\nerror: server unavailable");
+ params.add(Constants.PR_CONN_FAIL,
+ "Connect to directory server "
+ + host
+ + " at port "
+ + port
+ + dashes(70
+ - 37
+ - host.length()
+ - (Integer.valueOf(port))
+ .toString().length())
+ + " Failure"
+ + "\nerror: server unavailable");
} else {
- params.add(Constants.PR_CONN_FAIL,
- "Connect to directory server " +
- host + " at port " + port +
- dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
- "\nexception: " + ex);
+ params.add(Constants.PR_CONN_FAIL,
+ "Connect to directory server "
+ + host
+ + " at port "
+ + port
+ + dashes(70
+ - 37
+ - host.length()
+ - (Integer.valueOf(port))
+ .toString().length())
+ + " Failure" + "\nexception: " + ex);
}
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(
+ Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then "
+ + "LDAP publishing will fail.\n"
+ + "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
try {
- //bindAs = authInfo.getParms()[0];
+ // bindAs = authInfo.getParms()[0];
bindAs = ldap.getSubStore(
- ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN);
+ ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(
+ ILdapAuthInfo.PROP_BINDDN);
conn.authenticate(version, bindAs, pwd);
- params.add(Constants.PR_AUTH_OK,
- "Authentication: Basic authentication" +
- dashes(70 - 36) + " Success" +
- "\nBind to the directory as: " + bindAs +
- dashes(70 - 26 - bindAs.length()) + " Success");
+ params.add(Constants.PR_AUTH_OK,
+ "Authentication: Basic authentication"
+ + dashes(70 - 36) + " Success"
+ + "\nBind to the directory as: " + bindAs
+ + dashes(70 - 26 - bindAs.length())
+ + " Success");
} catch (LDAPException ex) {
- if (ex.getLDAPResultCode() ==
- LDAPException.NO_SUCH_OBJECT) {
- params.add(Constants.PR_AUTH_FAIL,
- "Authentication: Basic authentication" +
- dashes(70 - 36) + "Failure" +
- "\nBind to the directory as: " + bindAs +
- dashes(70 - 26 - bindAs.length()) +
- "Failure" + "\nThe object doesn't exist. " +
- "Please correct the value assigned in the" +
- " \"Directory manager DN\" field.");
- } else if (ex.getLDAPResultCode() ==
- LDAPException.INVALID_CREDENTIALS) {
- params.add(Constants.PR_AUTH_FAIL,
- "Authentication: Basic authentication" +
- dashes(70 - 36) + " Failure" +
- "\nBind to the directory as: " + bindAs +
- dashes(70 - 26 - bindAs.length()) +
- " Failure" + "\nInvalid password. " +
- "Please correct the value assigned in the" +
- " \"Password\" field.");
+ if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) {
+ params.add(
+ Constants.PR_AUTH_FAIL,
+ "Authentication: Basic authentication"
+ + dashes(70 - 36)
+ + "Failure"
+ + "\nBind to the directory as: "
+ + bindAs
+ + dashes(70 - 26 - bindAs.length())
+ + "Failure"
+ + "\nThe object doesn't exist. "
+ + "Please correct the value assigned in the"
+ + " \"Directory manager DN\" field.");
+ } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) {
+ params.add(
+ Constants.PR_AUTH_FAIL,
+ "Authentication: Basic authentication"
+ + dashes(70 - 36)
+ + " Failure"
+ + "\nBind to the directory as: "
+ + bindAs
+ + dashes(70 - 26 - bindAs.length())
+ + " Failure"
+ + "\nInvalid password. "
+ + "Please correct the value assigned in the"
+ + " \"Password\" field.");
} else {
- params.add(Constants.PR_AUTH_FAIL,
- "Authentication: Basic authentication" +
- dashes(70 - 36) + " Failure" +
- "\nBind to the directory as: " + bindAs +
- dashes(70 - 26 - bindAs.length()) +
- " Failure");
+ params.add(
+ Constants.PR_AUTH_FAIL,
+ "Authentication: Basic authentication"
+ + dashes(70 - 36) + " Failure"
+ + "\nBind to the directory as: "
+ + bindAs
+ + dashes(70 - 26 - bindAs.length())
+ + " Failure");
}
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "LDAP publishing will fail.\n" +
- "Do you want to save the configuration anyway?");
+ params.add(
+ Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then "
+ + "LDAP publishing will fail.\n"
+ + "Do you want to save the configuration anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
@@ -873,82 +940,83 @@ public class PublisherAdminServlet extends AdminServlet {
}
- //commit(true);
- if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
- pwd != null) {
+ // commit(true);
+ if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) && pwd != null) {
- /* Do a "PUT" of the new pw to the watchdog"
- ** do not remove - cfu
- CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
+ /*
+ * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu
+ * CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
*/
// support publishing dirsrv with different pwd than internaldb
// update passwordFile
String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
IPasswordStore pwdStore = CMS.getPasswordStore();
- CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+
- prompt + " to password file");
+ CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "
+ + prompt + " to password file");
pwdStore.putPassword(prompt, pwd);
pwdStore.commit();
CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved");
-/* we'll shut down and restart the PublisherProcessor instead
- // what a hack to do this without require restart server
-// ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
- ILdapConnModule connModule = mProcessor.getLdapConnModule();
- ILdapAuthInfo authInfo = null;
- if (connModule != null) {
- authInfo = connModule.getLdapAuthInfo();
- } else
- CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null");
-
-// authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
- if (authInfo != null) {
- CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache");
- authInfo.addPassword(prompt, pwd);
- } else
- CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null");
-*/
+ /*
+ * we'll shut down and restart the PublisherProcessor instead //
+ * what a hack to do this without require restart server //
+ * ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); ILdapConnModule
+ * connModule = mProcessor.getLdapConnModule(); ILdapAuthInfo
+ * authInfo = null; if (connModule != null) { authInfo =
+ * connModule.getLdapAuthInfo(); } else
+ * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null"
+ * );
+ *
+ * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if
+ * (authInfo != null) { CMS.debug(
+ * "PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache"
+ * ); authInfo.addPassword(prompt, pwd); } else
+ * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null"
+ * );
+ */
}
- //params.add(Constants.PR_SAVE_OK,
- // "\n \nConfiguration changes are now committed.");
+ // params.add(Constants.PR_SAVE_OK,
+ // "\n \nConfiguration changes are now committed.");
mProcessor.shutdown();
if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
mProcessor.startup();
- //params.add("restarted", "Publishing is restarted.");
+ // params.add("restarted", "Publishing is restarted.");
if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
- ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority();
+ ICertAuthority authority = (ICertAuthority) mProcessor
+ .getAuthority();
- if (!(authority instanceof ICertificateAuthority))
+ if (!(authority instanceof ICertificateAuthority))
return;
ICertificateAuthority ca = (ICertificateAuthority) authority;
// publish ca cert
try {
mProcessor.publishCACert(ca.getCACert());
- CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT"));
- params.add("publishCA",
- "CA certificate is published.");
+ CMS.debug("PublisherAdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT"));
+ params.add("publishCA", "CA certificate is published.");
} catch (Exception ex) {
// exception not thrown - not seen as a fatal error.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString()));
- params.add("publishCA",
- "Failed to publish CA certificate.");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT",
+ ex.toString()));
+ params.add("publishCA", "Failed to publish CA certificate.");
int index = ex.toString().indexOf("Failed to create CA");
if (index > -1) {
- params.add("createError",
- ex.toString().substring(index));
+ params.add("createError", ex.toString()
+ .substring(index));
}
mProcessor.shutdown();
// Do you want to enable LDAP publishing anyway
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "the CA certificate won't be published.\n" +
- "Do you want to enable LDAP publishing anyway?");
+ params.add(
+ Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then "
+ + "the CA certificate won't be published.\n"
+ + "Do you want to enable LDAP publishing anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
@@ -958,65 +1026,65 @@ public class PublisherAdminServlet extends AdminServlet {
CMS.debug("PublisherAdminServlet: about to update CRL");
ca.publishCRLNow();
CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL"));
- params.add("publishCRL",
- "CRL is published.");
+ params.add("publishCRL", "CRL is published.");
} catch (Exception ex) {
// exception not thrown - not seen as a fatal error.
- log(ILogger.LL_FAILURE,
- "Could not publish crl " + ex.toString());
- params.add("publishCRL",
- "Failed to publish CRL.");
+ log(ILogger.LL_FAILURE,
+ "Could not publish crl " + ex.toString());
+ params.add("publishCRL", "Failed to publish CRL.");
mProcessor.shutdown();
// Do you want to enable LDAP publishing anyway
- params.add(Constants.PR_SAVE_NOT,
- "\n \nIf the problem is not fixed then " +
- "the CRL won't be published.\n" +
- "Do you want to enable LDAP publishing anyway?");
+ params.add(
+ Constants.PR_SAVE_NOT,
+ "\n \nIf the problem is not fixed then "
+ + "the CRL won't be published.\n"
+ + "Do you want to enable LDAP publishing anyway?");
sendResponse(SUCCESS, null, params, resp);
return;
}
}
commit(true);
- params.add(Constants.PR_SAVE_OK,
- "\n \nConfiguration changes are now committed.");
+ params.add(Constants.PR_SAVE_OK,
+ "\n \nConfiguration changes are now committed.");
params.add("restarted", "Publishing is restarted.");
} else {
commit(true);
- params.add(Constants.PR_SAVE_OK,
- "\n \nConfiguration changes are now committed.");
- params.add("stopped",
- "Publishing is stopped.");
+ params.add(Constants.PR_SAVE_OK,
+ "\n \nConfiguration changes are now committed.");
+ params.add("stopped", "Publishing is stopped.");
}
- //XXX See if we can dynamically in B2
+ // XXX See if we can dynamically in B2
sendResponse(SUCCESS, null, params, resp);
}
- private synchronized void addMapperPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addMapperPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// is the manager id unique?
if (mProcessor.getMapperPlugins().containsKey((Object) id)) {
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
String classPath = req.getParameter(Constants.PR_MAPPER_CLASS);
if (classPath == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
return;
}
@@ -1031,21 +1099,25 @@ public class PublisherAdminServlet extends AdminServlet {
try {
newImpl = Class.forName(classPath);
} catch (ClassNotFoundException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
return;
} catch (IllegalArgumentException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
return;
}
// is the class an ILdapMapper?
try {
if (ILdapMapper.class.isAssignableFrom(newImpl) == false) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
return;
}
} catch (NullPointerException e) { // unlikely, only if newImpl null.
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
return;
}
@@ -1057,10 +1129,9 @@ public class PublisherAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -1068,8 +1139,8 @@ public class PublisherAdminServlet extends AdminServlet {
MapperPlugin plugin = new MapperPlugin(id, classPath);
mProcessor.getMapperPlugins().put(id, plugin);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", ""));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", ""));
NameValuePairs params = new NameValuePairs();
@@ -1087,54 +1158,54 @@ public class PublisherAdminServlet extends AdminServlet {
return true;
}
- private synchronized void addMapperInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addMapperInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
if (!isValidID(id)) {
- sendResponse(ERROR, "Invalid ID '" + id + "'",
- null, resp);
+ sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp);
return;
}
if (mProcessor.getMapperInsts().containsKey((Object) id)) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp);
return;
}
// get required parameters
- String implname = req.getParameter(
- Constants.PR_MAPPER_IMPL_NAME);
+ String implname = req.getParameter(Constants.PR_MAPPER_IMPL_NAME);
if (implname == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
return;
}
// check if implementation exists.
- MapperPlugin plugin =
- (MapperPlugin) mProcessor.getMapperPlugins().get(
+ MapperPlugin plugin = (MapperPlugin) mProcessor.getMapperPlugins().get(
implname);
if (plugin == null) {
- sendResponse(ERROR,
- new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EMapperPluginNotFound(CMS.getUserMessage(
+ getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND",
+ implname)).toString(), null, resp);
return;
}
Vector configParams = mProcessor.getMapperDefaultParams(implname);
- IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + ".publish.mapper");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.mapper");
IConfigStore instancesConfig = destStore.getSubStore("instance");
IConfigStore substore = instancesConfig.makeSubStore(id);
@@ -1145,11 +1216,10 @@ public class PublisherAdminServlet extends AdminServlet {
String val = req.getParameter(kv.substring(0, index));
if (val == null) {
- substore.put(kv.substring(0, index),
- kv.substring(index + 1));
+ substore.put(kv.substring(0, index),
+ kv.substring(index + 1));
} else {
- substore.put(kv.substring(0, index),
- val);
+ substore.put(kv.substring(0, index), val);
}
}
}
@@ -1164,21 +1234,27 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (ClassNotFoundException e) {
// cleanup
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -1202,47 +1278,44 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// clean up.
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// inited and commited ok. now add mapper instance to list.
mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst));
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id));
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_MAPPER_IMPL_NAME, implname);
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void listMapperPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listMapperPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = mProcessor.getMapperPlugins().keys();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- MapperPlugin value = (MapperPlugin)
- mProcessor.getMapperPlugins().get(name);
+ MapperPlugin value = (MapperPlugin) mProcessor.getMapperPlugins()
+ .get(name);
// get Description
- String c = value.getClassPath();
+ String c = value.getClassPath();
String desc = "unknown";
try {
- ILdapMapper lp = (ILdapMapper)
- Class.forName(c).newInstance();
+ ILdapMapper lp = (ILdapMapper) Class.forName(c).newInstance();
desc = lp.getDescription();
} catch (Exception exp) {
- sendResponse(ERROR, exp.toString(), null,
- resp);
+ sendResponse(ERROR, exp.toString(), null, resp);
return;
}
params.add(name, value.getClassPath() + "," + desc);
@@ -1261,9 +1334,9 @@ public class PublisherAdminServlet extends AdminServlet {
}
}
- private synchronized void listMapperInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listMapperInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = mProcessor.getMapperInsts().keys();
@@ -1278,40 +1351,39 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void delMapperInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delMapperInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does a`mapper instance exist?
if (mProcessor.getMapperInsts().containsKey(id) == false) {
- sendResponse(ERROR,
- new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EMapperNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null,
+ resp);
return;
}
// only remove from memory
// cannot shutdown because we don't keep track of whether it's
- // being used.
- ILdapMapper mapperInst = (ILdapMapper)
- mProcessor.getMapperInstance(id);
+ // being used.
+ ILdapMapper mapperInst = (ILdapMapper) mProcessor.getMapperInstance(id);
mProcessor.getMapperInsts().remove((Object) id);
// remove the configuration.
- IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".publish.mapper");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.mapper");
IConfigStore instancesConfig = destStore.getSubStore("instance");
instancesConfig.removeSubStore(id);
@@ -1319,85 +1391,82 @@ public class PublisherAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void delMapperPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delMapperPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
if (mProcessor.getMapperPlugins().containsKey(id) == false) {
- sendResponse(ERROR,
- new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EMapperPluginNotFound(CMS.getUserMessage(
+ getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND",
+ id)).toString(), null, resp);
return;
}
// first check if any instances from this mapper
// DON'T remove mapper if any instance
- for (Enumeration e = mProcessor.getMapperInsts().keys();
- e.hasMoreElements();) {
+ for (Enumeration e = mProcessor.getMapperInsts().keys(); e
+ .hasMoreElements();) {
String name = (String) e.nextElement();
ILdapMapper mapper = mProcessor.getMapperInstance(name);
if (id.equals(getMapperPluginName(mapper))) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_IN_USE"), null, resp);
return;
}
}
-
+
// then delete this mapper
mProcessor.getMapperPlugins().remove((Object) id);
- IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".publish.mapper");
- IConfigStore instancesConfig =
- destStore.getSubStore("impl");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.mapper");
+ IConfigStore instancesConfig = destStore.getSubStore("impl");
instancesConfig.removeSubStore(id);
// commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void getMapperConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getMapperConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1411,50 +1480,48 @@ public class PublisherAdminServlet extends AdminServlet {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
sendResponse(0, null, params, resp);
return;
}
- private synchronized void getMapperInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void getMapperInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does mapper instance exist?
if (mProcessor.getMapperInsts().containsKey(id) == false) {
- sendResponse(ERROR,
- new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EMapperNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(), null,
+ resp);
return;
}
- ILdapMapper mapperInst = (ILdapMapper)
- mProcessor.getMapperInstance(id);
+ ILdapMapper mapperInst = (ILdapMapper) mProcessor.getMapperInstance(id);
Vector configParams = mapperInst.getInstanceParams();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_MAPPER_IMPL_NAME,
- getMapperPluginName(mapperInst));
+ params.add(Constants.PR_MAPPER_IMPL_NAME,
+ getMapperPluginName(mapperInst));
// implName is always required so always send it.
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
@@ -1462,24 +1529,23 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void modMapperInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modMapperInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// Does the manager instance exist?
if (!mProcessor.getMapperInsts().containsKey((Object) id)) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp);
return;
}
@@ -1487,24 +1553,26 @@ public class PublisherAdminServlet extends AdminServlet {
String implname = req.getParameter(Constants.PR_MAPPER_IMPL_NAME);
if (implname == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
return;
}
// get plugin for implementation
- MapperPlugin plugin =
- (MapperPlugin) mProcessor.getMapperPlugins().get(implname);
+ MapperPlugin plugin = (MapperPlugin) mProcessor.getMapperPlugins().get(
+ implname);
if (plugin == null) {
- sendResponse(ERROR,
- new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EMapperPluginNotFound(CMS.getUserMessage(
+ getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND",
+ implname)).toString(), null, resp);
return;
}
// save old instance substore params in case new one fails.
- ILdapMapper oldinst =
- (ILdapMapper) mProcessor.getMapperInstance(id);
+ ILdapMapper oldinst = (ILdapMapper) mProcessor.getMapperInstance(id);
Vector oldConfigParms = oldinst.getInstanceParams();
NameValuePairs saveParams = new NameValuePairs();
@@ -1515,8 +1583,7 @@ public class PublisherAdminServlet extends AdminServlet {
String kv = (String) oldConfigParms.elementAt(i);
int index = kv.indexOf('=');
- saveParams.add(kv.substring(0, index),
- kv.substring(index + 1));
+ saveParams.add(kv.substring(0, index), kv.substring(index + 1));
}
}
@@ -1524,9 +1591,8 @@ public class PublisherAdminServlet extends AdminServlet {
// remove old substore.
- IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() +
- ".publish.mapper");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.mapper");
IConfigStore instancesConfig = destStore.getSubStore("instance");
// create new substore.
@@ -1557,26 +1623,31 @@ public class PublisherAdminServlet extends AdminServlet {
ILdapMapper newMgrInst = null;
try {
- newMgrInst = (ILdapMapper)
- Class.forName(className).newInstance();
+ newMgrInst = (ILdapMapper) Class.forName(className).newInstance();
} catch (ClassNotFoundException e) {
// cleanup
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
// initialize the mapper
@@ -1586,26 +1657,23 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// don't commit in this case and cleanup the new substore.
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR, e.toString(getLocale(req)), null,
- resp);
+ sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
} catch (Throwable e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR, e.toString(), null,
- resp);
+ sendResponse(ERROR, e.toString(), null, resp);
return;
}
- // initialized ok. commiting
+ // initialized ok. commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
// clean up.
restore(instancesConfig, id, saveParams);
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -1614,45 +1682,46 @@ public class PublisherAdminServlet extends AdminServlet {
mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst));
mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id));
+ CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id));
NameValuePairs params = new NameValuePairs();
sendResponse(SUCCESS, null, params, resp);
return;
}
- private synchronized void addRulePlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addRulePlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// is the rule id unique?
if (mProcessor.getRulePlugins().containsKey((Object) id)) {
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(
+ "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id))
+ .toString(getLocale(req)), null, resp);
return;
}
String classPath = req.getParameter(Constants.PR_RULE_CLASS);
if (classPath == null) {
- sendResponse(ERROR, CMS.getUserMessage("CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage("CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
return;
}
IConfigStore destStore = null;
- destStore = mConfig.getSubStore(
- mAuth.getId() + ".publish.rule");
+ destStore = mConfig.getSubStore(mAuth.getId() + ".publish.rule");
IConfigStore instancesConfig = destStore.getSubStore("impl");
// Does the class exist?
@@ -1661,21 +1730,25 @@ public class PublisherAdminServlet extends AdminServlet {
try {
newImpl = Class.forName(classPath);
} catch (ClassNotFoundException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
return;
} catch (IllegalArgumentException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
return;
}
// is the class an ILdapRule?
try {
if (ILdapRule.class.isAssignableFrom(newImpl) == false) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
return;
}
} catch (NullPointerException e) { // unlikely, only if newImpl null.
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
return;
}
@@ -1687,10 +1760,9 @@ public class PublisherAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -1698,8 +1770,8 @@ public class PublisherAdminServlet extends AdminServlet {
RulePlugin plugin = new RulePlugin(id, classPath);
mProcessor.getRulePlugins().put(id, plugin);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id));
NameValuePairs params = new NameValuePairs();
@@ -1707,57 +1779,55 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void addRuleInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addRuleInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
if (!isValidID(id)) {
- sendResponse(ERROR, "Invalid ID '" + id + "'",
- null, resp);
+ sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp);
return;
}
if (mProcessor.getRuleInsts().containsKey((Object) id)) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp);
return;
}
// get required parameters
- String implname = req.getParameter(
- Constants.PR_RULE_IMPL_NAME);
+ String implname = req.getParameter(Constants.PR_RULE_IMPL_NAME);
if (implname == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
return;
}
// check if implementation exists.
- RulePlugin plugin =
- (RulePlugin) mProcessor.getRulePlugins().get(
+ RulePlugin plugin = (RulePlugin) mProcessor.getRulePlugins().get(
implname);
if (plugin == null) {
- sendResponse(ERROR,
- new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EPublisherPluginNotFound(CMS.getUserMessage(
+ getLocale(req),
+ "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname))
+ .toString(), null, resp);
return;
}
Vector configParams = mProcessor.getRuleDefaultParams(implname);
- IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId()
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ ".publish.rule");
- IConfigStore instancesConfig =
- destStore.getSubStore("instance");
+ IConfigStore instancesConfig = destStore.getSubStore("instance");
IConfigStore substore = instancesConfig.makeSubStore(id);
if (configParams != null) {
@@ -1767,13 +1837,12 @@ public class PublisherAdminServlet extends AdminServlet {
String val = req.getParameter(kv.substring(0, index));
if (val == null) {
- substore.put(kv.substring(0, index),
- kv.substring(index + 1));
+ substore.put(kv.substring(0, index),
+ kv.substring(index + 1));
} else {
if (val.equals(NOMAPPER))
val = "";
- substore.put(kv.substring(0, index),
- val);
+ substore.put(kv.substring(0, index), val);
}
}
}
@@ -1788,21 +1857,27 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (ClassNotFoundException e) {
// cleanup
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -1827,41 +1902,39 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// clean up.
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// inited and commited ok. now add manager instance to list.
mProcessor.getRuleInsts().put(id, ruleInst);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id));
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_RULE_IMPL_NAME, implname);
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void listRulePlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listRulePlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = mProcessor.getRulePlugins().keys();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- RulePlugin value = (RulePlugin)
- mProcessor.getRulePlugins().get(name);
+ RulePlugin value = (RulePlugin) mProcessor.getRulePlugins().get(
+ name);
// get Description
- String c = value.getClassPath();
+ String c = value.getClassPath();
String desc = "unknown";
try {
- ILdapRule lp = (ILdapRule)
- Class.forName(c).newInstance();
+ ILdapRule lp = (ILdapRule) Class.forName(c).newInstance();
desc = lp.getDescription();
} catch (Exception exp) {
@@ -1872,17 +1945,17 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void listRuleInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listRuleInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
String insts = null;
Enumeration e = mProcessor.getRuleInsts().keys();
for (; e.hasMoreElements();) {
String name = (String) e.nextElement();
- ILdapRule value = (ILdapRule)
- mProcessor.getRuleInsts().get((Object) name);
+ ILdapRule value = (ILdapRule) mProcessor.getRuleInsts().get(
+ (Object) name);
String enabled = value.enabled() ? "enabled" : "disabled";
params.add(name, value.getInstanceName() + ";visible;" + enabled);
@@ -1901,47 +1974,46 @@ public class PublisherAdminServlet extends AdminServlet {
}
}
- private synchronized void delRulePlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delRulePlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does rule exist?
if (mProcessor.getRulePlugins().containsKey(id) == false) {
- sendResponse(ERROR,
- new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ERulePluginNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
// first check if any instances from this rule
// DON'T remove rule if any instance
- for (Enumeration e = mProcessor.getRuleInsts().elements();
- e.hasMoreElements();) {
- ILdapRule rule = (ILdapRule)
- e.nextElement();
+ for (Enumeration e = mProcessor.getRuleInsts().elements(); e
+ .hasMoreElements();) {
+ ILdapRule rule = (ILdapRule) e.nextElement();
if (id.equals(getRulePluginName(rule))) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_IN_USE"), null, resp);
return;
}
}
-
+
// then delete this rule
mProcessor.getRulePlugins().remove((Object) id);
- IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".rule");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId() + ".rule");
IConfigStore instancesConfig = destStore.getSubStore("impl");
instancesConfig.removeSubStore(id);
@@ -1949,27 +2021,25 @@ public class PublisherAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void delRuleInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void delRuleInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1977,24 +2047,24 @@ public class PublisherAdminServlet extends AdminServlet {
// does rule instance exist?
if (mProcessor.getRuleInsts().containsKey(id) == false) {
- sendResponse(ERROR,
- new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ERuleNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), null,
+ resp);
return;
}
// only remove from memory
// cannot shutdown because we don't keep track of whether it's
- // being used.
- ILdapRule ruleInst = (ILdapRule)
- mProcessor.getRuleInsts().get(id);
+ // being used.
+ ILdapRule ruleInst = (ILdapRule) mProcessor.getRuleInsts().get(id);
mProcessor.getRuleInsts().remove((Object) id);
// remove the configuration.
- IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".publish.rule");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.rule");
IConfigStore instancesConfig = destStore.getSubStore("instance");
instancesConfig.removeSubStore(id);
@@ -2002,26 +2072,24 @@ public class PublisherAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
return;
- }
+ }
- private synchronized void getRuleConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getRuleConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -2035,50 +2103,47 @@ public class PublisherAdminServlet extends AdminServlet {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
sendResponse(0, null, params, resp);
return;
}
- private synchronized void getRuleInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void getRuleInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does rule instance exist?
if (mProcessor.getRuleInsts().containsKey(id) == false) {
- sendResponse(ERROR,
- new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ERuleNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_RULE_NOT_FOUND", id)).toString(), null,
+ resp);
return;
}
- ILdapRule ruleInst = (ILdapRule)
- mProcessor.getRuleInsts().get(id);
+ ILdapRule ruleInst = (ILdapRule) mProcessor.getRuleInsts().get(id);
Vector configParams = ruleInst.getInstanceParams();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_RULE_IMPL_NAME,
- getRulePluginName(ruleInst));
+ params.add(Constants.PR_RULE_IMPL_NAME, getRulePluginName(ruleInst));
// implName is always required so always send it.
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
@@ -2086,23 +2151,22 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void modRuleInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modRuleInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// Does the manager instance exist?
if (!mProcessor.getRuleInsts().containsKey((Object) id)) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp);
return;
}
@@ -2110,26 +2174,26 @@ public class PublisherAdminServlet extends AdminServlet {
String implname = req.getParameter(Constants.PR_RULE_IMPL_NAME);
if (implname == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
return;
}
- // get plugin for implementation
- RulePlugin plugin =
- (RulePlugin) mProcessor.getRulePlugins().get(implname);
+ // get plugin for implementation
+ RulePlugin plugin = (RulePlugin) mProcessor.getRulePlugins().get(
+ implname);
if (plugin == null) {
sendResponse(ERROR,
- //new ERulePluginNotFound(implname).toString(getLocale(req)),
- "",
- null, resp);
+ // new ERulePluginNotFound(implname).toString(getLocale(req)),
+ "", null, resp);
return;
}
- // save old instance substore params in case new one fails.
+ // save old instance substore params in case new one fails.
- ILdapRule oldinst =
- (ILdapRule) mProcessor.getRuleInsts().get((Object) id);
+ ILdapRule oldinst = (ILdapRule) mProcessor.getRuleInsts().get(
+ (Object) id);
Vector oldConfigParms = oldinst.getInstanceParams();
NameValuePairs saveParams = new NameValuePairs();
@@ -2140,8 +2204,7 @@ public class PublisherAdminServlet extends AdminServlet {
String kv = (String) oldConfigParms.elementAt(i);
int index = kv.indexOf('=');
- saveParams.add(kv.substring(0, index),
- kv.substring(index + 1));
+ saveParams.add(kv.substring(0, index), kv.substring(index + 1));
}
}
@@ -2149,9 +2212,8 @@ public class PublisherAdminServlet extends AdminServlet {
// remove old substore.
- IConfigStore destStore =
- mConfig.getSubStore(
- mAuth.getId() + ".publish.rule");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.rule");
IConfigStore instancesConfig = destStore.getSubStore("instance");
// create new substore.
@@ -2171,8 +2233,7 @@ public class PublisherAdminServlet extends AdminServlet {
String val = req.getParameter(key);
if (val == null) {
- substore.put(key,
- kv.substring(index + 1));
+ substore.put(key, kv.substring(index + 1));
} else {
if (val.equals(NOMAPPER))
val = "";
@@ -2191,21 +2252,27 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (ClassNotFoundException e) {
// cleanup
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -2224,16 +2291,15 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- // initialized ok. commiting
+ // initialized ok. commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
// clean up.
restore(instancesConfig, id, saveParams);
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -2241,47 +2307,48 @@ public class PublisherAdminServlet extends AdminServlet {
mProcessor.getRuleInsts().put(id, newRuleInst);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id));
NameValuePairs params = new NameValuePairs();
sendResponse(SUCCESS, null, params, resp);
return;
}
- private synchronized void addPublisherPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addPublisherPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// is the manager id unique?
if (mProcessor.getPublisherPlugins().containsKey((Object) id)) {
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+ null, resp);
return;
}
String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS);
if (classPath == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
return;
}
IConfigStore destStore = null;
- destStore = mConfig.getSubStore(
- mAuth.getId() + ".publish.publisher");
+ destStore = mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
IConfigStore instancesConfig = destStore.getSubStore("impl");
// Does the class exist?
@@ -2290,21 +2357,25 @@ public class PublisherAdminServlet extends AdminServlet {
try {
newImpl = Class.forName(classPath);
} catch (ClassNotFoundException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
return;
} catch (IllegalArgumentException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_NO_CLASS"), null, resp);
return;
}
// is the class an ILdapPublisher?
try {
if (ILdapPublisher.class.isAssignableFrom(newImpl) == false) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
return;
}
} catch (NullPointerException e) { // unlikely, only if newImpl null.
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_CLASS", classPath), null, resp);
return;
}
@@ -2316,10 +2387,9 @@ public class PublisherAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -2327,8 +2397,8 @@ public class PublisherAdminServlet extends AdminServlet {
PublisherPlugin plugin = new PublisherPlugin(id, classPath);
mProcessor.getPublisherPlugins().put(id, plugin);
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id));
NameValuePairs params = new NameValuePairs();
@@ -2336,56 +2406,56 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void addPublisherInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void addPublisherInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
if (!isValidID(id)) {
- sendResponse(ERROR, "Invalid ID '" + id + "'",
- null, resp);
+ sendResponse(ERROR, "Invalid ID '" + id + "'", null, resp);
return;
}
if (mProcessor.getPublisherInsts().containsKey((Object) id)) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp);
return;
}
// get required parameters
- String implname = req.getParameter(
- Constants.PR_PUBLISHER_IMPL_NAME);
+ String implname = req.getParameter(Constants.PR_PUBLISHER_IMPL_NAME);
if (implname == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
return;
}
// check if implementation exists.
- PublisherPlugin plugin =
- (PublisherPlugin) mProcessor.getPublisherPlugins().get(
- implname);
+ PublisherPlugin plugin = (PublisherPlugin) mProcessor
+ .getPublisherPlugins().get(implname);
if (plugin == null) {
- sendResponse(ERROR,
- new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EPublisherPluginNotFound(CMS.getUserMessage(
+ getLocale(req),
+ "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname))
+ .toString(), null, resp);
return;
}
Vector configParams = mProcessor.getPublisherDefaultParams(implname);
- IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.publisher");
IConfigStore instancesConfig = destStore.getSubStore("instance");
IConfigStore substore = instancesConfig.makeSubStore(id);
@@ -2404,15 +2474,14 @@ public class PublisherAdminServlet extends AdminServlet {
if (index == -1) {
substore.put(kv, "");
} else {
- substore.put(kv.substring(0, index),
- kv.substring(index + 1));
+ substore.put(kv.substring(0, index),
+ kv.substring(index + 1));
}
} else {
if (index == -1) {
substore.put(kv, val);
} else {
- substore.put(kv.substring(0, index),
- val);
+ substore.put(kv.substring(0, index), val);
}
}
}
@@ -2424,25 +2493,32 @@ public class PublisherAdminServlet extends AdminServlet {
ILdapPublisher publisherInst = null;
try {
- publisherInst = (ILdapPublisher) Class.forName(className).newInstance();
+ publisherInst = (ILdapPublisher) Class.forName(className)
+ .newInstance();
} catch (ClassNotFoundException e) {
// cleanup
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -2466,17 +2542,17 @@ public class PublisherAdminServlet extends AdminServlet {
} catch (EBaseException e) {
// clean up.
instancesConfig.removeSubStore(id);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// inited and commited ok. now add manager instance to list.
- mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst));
+ mProcessor.getPublisherInsts().put(id,
+ new PublisherProxy(true, publisherInst));
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id));
NameValuePairs params = new NameValuePairs();
@@ -2485,24 +2561,24 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void listPublisherPlugins(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listPublisherPlugins(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = mProcessor.getPublisherPlugins().keys();
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- PublisherPlugin value = (PublisherPlugin)
- mProcessor.getPublisherPlugins().get(name);
+ PublisherPlugin value = (PublisherPlugin) mProcessor
+ .getPublisherPlugins().get(name);
// get Description
- String c = value.getClassPath();
+ String c = value.getClassPath();
String desc = "unknown";
try {
- ILdapPublisher lp = (ILdapPublisher)
- Class.forName(c).newInstance();
+ ILdapPublisher lp = (ILdapPublisher) Class.forName(c)
+ .newInstance();
desc = lp.getDescription();
} catch (Exception exp) {
@@ -2523,9 +2599,9 @@ public class PublisherAdminServlet extends AdminServlet {
}
}
- private synchronized void listPublisherInsts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listPublisherInsts(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
String insts = null;
@@ -2543,48 +2619,50 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void delPublisherPlugin(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delPublisherPlugin(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does publisher exist?
if (mProcessor.getPublisherPlugins().containsKey(id) == false) {
- sendResponse(ERROR,
- new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EPublisherPluginNotFound(CMS.getUserMessage(
+ getLocale(req),
+ "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id))
+ .toString(), null, resp);
return;
}
// first check if any instances from this publisher
// DON'T remove publisher if any instance
- for (Enumeration e = mProcessor.getPublisherInsts().keys();
- e.hasMoreElements();) {
+ for (Enumeration e = mProcessor.getPublisherInsts().keys(); e
+ .hasMoreElements();) {
String name = (String) e.nextElement();
- ILdapPublisher publisher =
- mProcessor.getPublisherInstance(name);
+ ILdapPublisher publisher = mProcessor.getPublisherInstance(name);
if (id.equals(getPublisherPluginName(publisher))) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_IN_USE"), null, resp);
return;
}
}
-
+
// then delete this publisher
mProcessor.getPublisherPlugins().remove((Object) id);
- IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.publisher");
IConfigStore instancesConfig = destStore.getSubStore("impl");
instancesConfig.removeSubStore(id);
@@ -2592,9 +2670,8 @@ public class PublisherAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
@@ -2602,18 +2679,17 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void delPublisherInst(HttpServletRequest req,
- HttpServletResponse resp, String scope) throws ServletException,
+ private synchronized void delPublisherInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -2621,22 +2697,24 @@ public class PublisherAdminServlet extends AdminServlet {
// does publisher instance exist?
if (mProcessor.getPublisherInsts().containsKey(id) == false) {
- sendResponse(ERROR,
- new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EPublisherNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
// only remove from memory
// cannot shutdown because we don't keep track of whether it's
- // being used.
+ // being used.
ILdapPublisher publisherInst = mProcessor.getPublisherInstance(id);
mProcessor.getPublisherInsts().remove((Object) id);
// remove the configuration.
- IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.publisher");
IConfigStore instancesConfig = destStore.getSubStore("instance");
instancesConfig.removeSubStore(id);
@@ -2644,10 +2722,9 @@ public class PublisherAdminServlet extends AdminServlet {
try {
mConfig.commit(true);
} catch (EBaseException e) {
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
sendResponse(SUCCESS, null, params, resp);
@@ -2655,25 +2732,23 @@ public class PublisherAdminServlet extends AdminServlet {
}
/**
- * used for getting the required configuration parameters (with
- * possible default values) for a particular plugin
- * implementation name specified in the RS_ID. Actually, there is
- * no logic in here to set any default value here...there's no
- * default value for any parameter in this publishing subsystem
- * at this point. Later, if we do have one (or some), it can be
- * added. The interface remains the same.
+ * used for getting the required configuration parameters (with possible
+ * default values) for a particular plugin implementation name specified in
+ * the RS_ID. Actually, there is no logic in here to set any default value
+ * here...there's no default value for any parameter in this publishing
+ * subsystem at this point. Later, if we do have one (or some), it can be
+ * added. The interface remains the same.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String implname = req.getParameter(Constants.RS_ID);
if (implname == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -2690,8 +2765,7 @@ public class PublisherAdminServlet extends AdminServlet {
if (index == -1) {
params.add(kv, "");
} else {
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
}
@@ -2699,43 +2773,43 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- private synchronized void getInstConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void getInstConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// does publisher instance exist?
if (mProcessor.getPublisherInsts().containsKey(id) == false) {
- sendResponse(ERROR,
- new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EPublisherNotFound(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
+ null, resp);
return;
}
- ILdapPublisher publisherInst = (ILdapPublisher)
- mProcessor.getPublisherInstance(id);
+ ILdapPublisher publisherInst = (ILdapPublisher) mProcessor
+ .getPublisherInstance(id);
Vector configParams = publisherInst.getInstanceParams();
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_PUBLISHER_IMPL_NAME,
- getPublisherPluginName(publisherInst));
+ params.add(Constants.PR_PUBLISHER_IMPL_NAME,
+ getPublisherPluginName(publisherInst));
// implName is always required so always send it.
if (configParams != null) {
for (int i = 0; i < configParams.size(); i++) {
String kv = (String) configParams.elementAt(i);
int index = kv.indexOf('=');
- params.add(kv.substring(0, index),
- kv.substring(index + 1));
+ params.add(kv.substring(0, index), kv.substring(index + 1));
}
}
@@ -2744,33 +2818,30 @@ public class PublisherAdminServlet extends AdminServlet {
}
/**
- * Modify publisher instance.
- * This will actually create a new instance with new configuration
- * parameters and replace the old instance, if the new instance
- * created and initialized successfully.
- * The old instance is left running. so this is very expensive.
- * Restart of server recommended.
+ * Modify publisher instance. This will actually create a new instance with
+ * new configuration parameters and replace the old instance, if the new
+ * instance created and initialized successfully. The old instance is left
+ * running. so this is very expensive. Restart of server recommended.
*/
- private synchronized void modPublisherInst(HttpServletRequest req,
- HttpServletResponse resp, String scope)
- throws ServletException, IOException, EBaseException {
+ private synchronized void modPublisherInst(HttpServletRequest req,
+ HttpServletResponse resp, String scope) throws ServletException,
+ IOException, EBaseException {
// expensive operation.
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
- //System.out.println("SRVLT_NULL_RS_ID");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ // System.out.println("SRVLT_NULL_RS_ID");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// Does the manager instance exist?
if (!mProcessor.getPublisherInsts().containsKey((Object) id)) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ILL_INST_ID", id), null, resp);
return;
}
@@ -2778,22 +2849,26 @@ public class PublisherAdminServlet extends AdminServlet {
String implname = req.getParameter(Constants.PR_PUBLISHER_IMPL_NAME);
if (implname == null) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_SRVLT_ADD_MISSING_PARAMS"), null, resp);
return;
}
- // get plugin for implementation
- PublisherPlugin plugin =
- (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname);
+ // get plugin for implementation
+ PublisherPlugin plugin = (PublisherPlugin) mProcessor
+ .getPublisherPlugins().get(implname);
if (plugin == null) {
- sendResponse(ERROR,
- new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new EPublisherPluginNotFound(CMS.getUserMessage(
+ getLocale(req),
+ "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname))
+ .toString(), null, resp);
return;
}
- // save old instance substore params in case new one fails.
+ // save old instance substore params in case new one fails.
ILdapPublisher oldinst = mProcessor.getPublisherInstance(id);
Vector oldConfigParms = oldinst.getInstanceParams();
@@ -2807,14 +2882,16 @@ public class PublisherAdminServlet extends AdminServlet {
String kv = (String) oldConfigParms.elementAt(i);
int index = kv.indexOf('=');
if (index > -1) {
- if (kv.substring(0, index).equalsIgnoreCase("caObjectClass")) {
+ if (kv.substring(0, index)
+ .equalsIgnoreCase("caObjectClass")) {
pubType = "cacert";
- } else if (kv.substring(0, index).equalsIgnoreCase("crlObjectClass")) {
+ } else if (kv.substring(0, index).equalsIgnoreCase(
+ "crlObjectClass")) {
pubType = "crl";
}
- saveParams.add(kv.substring(0, index),
- kv.substring(index + 1));
+ saveParams.add(kv.substring(0, index),
+ kv.substring(index + 1));
}
}
}
@@ -2823,17 +2900,23 @@ public class PublisherAdminServlet extends AdminServlet {
// remove old substore.
- IConfigStore destStore =
- mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+ IConfigStore destStore = mConfig.getSubStore(mAuth.getId()
+ + ".publish.publisher");
IConfigStore instancesConfig = destStore.getSubStore("instance");
// get objects added and deleted
if (pubType.equals("cacert")) {
- saveParams.add("caObjectClassAdded", instancesConfig.getString(id + ".caObjectClassAdded", ""));
- saveParams.add("caObjectClassDeleted", instancesConfig.getString(id + ".caObjectClassDeleted", ""));
+ saveParams.add("caObjectClassAdded",
+ instancesConfig.getString(id + ".caObjectClassAdded", ""));
+ saveParams
+ .add("caObjectClassDeleted",
+ instancesConfig.getString(id
+ + ".caObjectClassDeleted", ""));
} else if (pubType.equals("crl")) {
- saveParams.add("crlObjectClassAdded", instancesConfig.getString(id + ".crlObjectClassAdded", ""));
- saveParams.add("crlObjectClassDeleted", instancesConfig.getString(id + ".crlObjectClassDeleted", ""));
+ saveParams.add("crlObjectClassAdded",
+ instancesConfig.getString(id + ".crlObjectClassAdded", ""));
+ saveParams.add("crlObjectClassDeleted", instancesConfig.getString(
+ id + ".crlObjectClassDeleted", ""));
}
// create new substore.
@@ -2859,9 +2942,9 @@ public class PublisherAdminServlet extends AdminServlet {
}
// process any changes to the ldap object class definitions
- if (pubType.equals("cacert")) {
+ if (pubType.equals("cacert")) {
processChangedOC(saveParams, substore, "caObjectClass");
- substore.put("pubtype", "cacert");
+ substore.put("pubtype", "cacert");
}
if (pubType.equals("crl")) {
@@ -2875,25 +2958,32 @@ public class PublisherAdminServlet extends AdminServlet {
ILdapPublisher newMgrInst = null;
try {
- newMgrInst = (ILdapPublisher) Class.forName(className).newInstance();
+ newMgrInst = (ILdapPublisher) Class.forName(className)
+ .newInstance();
} catch (ClassNotFoundException e) {
// cleanup
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (InstantiationException e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
} catch (IllegalAccessException e) {
restore(instancesConfig, id, saveParams);
- sendResponse(ERROR,
- new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
- null, resp);
+ sendResponse(
+ ERROR,
+ new ELdapException(CMS.getUserMessage(getLocale(req),
+ "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+ null, resp);
return;
}
@@ -2912,25 +3002,25 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- // initialized ok. commiting
+ // initialized ok. commiting
try {
mConfig.commit(true);
} catch (EBaseException e) {
// clean up.
restore(instancesConfig, id, saveParams);
- //System.out.println("SRVLT_FAIL_COMMIT");
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
- null, resp);
+ // System.out.println("SRVLT_FAIL_COMMIT");
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_COMMIT_FAILED"), null, resp);
return;
}
// commited ok. replace instance.
- mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst));
+ mProcessor.getPublisherInsts().put(id,
+ new PublisherProxy(true, newMgrInst));
- mProcessor.log(ILogger.LL_INFO,
- CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id));
+ mProcessor.log(ILogger.LL_INFO,
+ CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id));
NameValuePairs params = new NameValuePairs();
@@ -2938,61 +3028,65 @@ public class PublisherAdminServlet extends AdminServlet {
return;
}
- // convenience function - takes list1, list2. Returns what is in list1
+ // convenience function - takes list1, list2. Returns what is in list1
// but not in list2
private String[] getExtras(String[] list1, String[] list2) {
- Vector <String> extras = new Vector<String>();
- for (int i=0; i< list1.length; i++) {
- boolean match=false;
- for (int j=0; j < list2.length; j++) {
- if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) {
- match = true;
- break;
- }
- }
- if (!match) extras.add(list1[i].trim());
- }
-
- return (String[])extras.toArray(new String[extras.size()]);
+ Vector<String> extras = new Vector<String>();
+ for (int i = 0; i < list1.length; i++) {
+ boolean match = false;
+ for (int j = 0; j < list2.length; j++) {
+ if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) {
+ match = true;
+ break;
+ }
+ }
+ if (!match)
+ extras.add(list1[i].trim());
+ }
+
+ return (String[]) extras.toArray(new String[extras.size()]);
}
- // convenience function - takes list1, list2. Concatenates the two
+ // convenience function - takes list1, list2. Concatenates the two
// lists removing duplicates
private String[] joinLists(String[] list1, String[] list2) {
- Vector <String> sum = new Vector<String>();
- for (int i=0; i< list1.length; i++) {
- sum.add(list1[i]);
- }
-
- for (int i=0; i < list2.length; i++) {
- boolean match=false;
- for (int j=0; j < list1.length; j++) {
- if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) {
- match = true;
- break;
- }
- }
- if (!match) sum.add(list2[i].trim());
- }
-
- return (String[])sum.toArray(new String[sum.size()]);
+ Vector<String> sum = new Vector<String>();
+ for (int i = 0; i < list1.length; i++) {
+ sum.add(list1[i]);
+ }
+
+ for (int i = 0; i < list2.length; i++) {
+ boolean match = false;
+ for (int j = 0; j < list1.length; j++) {
+ if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) {
+ match = true;
+ break;
+ }
+ }
+ if (!match)
+ sum.add(list2[i].trim());
+ }
+
+ return (String[]) sum.toArray(new String[sum.size()]);
}
// convenience funtion. Takes a string array and delimiter
// and returns a String with the concatenation
private static String join(String[] s, String delimiter) {
- if (s.length == 0) return "";
+ if (s.length == 0)
+ return "";
StringBuffer buffer = new StringBuffer(s[0]);
if (s.length > 1) {
- for (int i=1; i< s.length; i++) {
+ for (int i = 1; i < s.length; i++) {
buffer.append(delimiter).append(s[i].trim());
}
}
return buffer.toString();
}
- private void processChangedOC(NameValuePairs saveParams, IConfigStore newstore, String objName) {
+ private void processChangedOC(NameValuePairs saveParams,
+ IConfigStore newstore, String objName) {
String newOC = null, oldOC = null;
String oldAdded = null, oldDeleted = null;
@@ -3005,36 +3099,38 @@ public class PublisherAdminServlet extends AdminServlet {
oldAdded = saveParams.getValue(objName + "Added");
oldDeleted = saveParams.getValue(objName + "Deleted");
- if ((oldOC == null) || (newOC == null)) return;
- if (oldOC.equalsIgnoreCase(newOC)) return;
+ if ((oldOC == null) || (newOC == null))
+ return;
+ if (oldOC.equalsIgnoreCase(newOC))
+ return;
- String [] oldList = oldOC.split(",");
- String [] newList = newOC.split(",");
- String [] deletedList = getExtras(oldList, newList);
- String [] addedList = getExtras(newList, oldList);
+ String[] oldList = oldOC.split(",");
+ String[] newList = newOC.split(",");
+ String[] deletedList = getExtras(oldList, newList);
+ String[] addedList = getExtras(newList, oldList);
// CMS.debug("addedList = " + join(addedList, ","));
// CMS.debug("deletedList = " + join(deletedList, ","));
- if ((addedList.length ==0) && (deletedList.length == 0))
- return; // no changes
+ if ((addedList.length == 0) && (deletedList.length == 0))
+ return; // no changes
if (oldAdded != null) {
// CMS.debug("oldAdded is " + oldAdded);
- String [] oldAddedList = oldAdded.split(",");
+ String[] oldAddedList = oldAdded.split(",");
addedList = joinLists(addedList, oldAddedList);
}
if (oldDeleted != null) {
// CMS.debug("oldDeleted is " + oldDeleted);
- String [] oldDeletedList = oldDeleted.split(",");
+ String[] oldDeletedList = oldDeleted.split(",");
deletedList = joinLists(deletedList, oldDeletedList);
}
String[] addedList1 = getExtras(addedList, deletedList);
String[] deletedList1 = getExtras(deletedList, addedList);
- //create the final strings and write to config
+ // create the final strings and write to config
String addedListStr = join(addedList1, ",");
String deletedListStr = join(deletedList1, ",");
@@ -3046,8 +3142,8 @@ public class PublisherAdminServlet extends AdminServlet {
}
// convenience routine.
- private static void restore(IConfigStore store,
- String id, NameValuePairs saveParams) {
+ private static void restore(IConfigStore store, String id,
+ NameValuePairs saveParams) {
store.removeSubStore(id);
IConfigStore rstore = store.makeSubStore(id);
@@ -3057,7 +3153,7 @@ public class PublisherAdminServlet extends AdminServlet {
String key = (String) keys.nextElement();
String value = saveParams.getValue(key);
- if (value != null)
+ if (value != null)
rstore.put(key, value);
}
}
@@ -3078,7 +3174,7 @@ public class PublisherAdminServlet extends AdminServlet {
public void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM,
- ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
+ "PublishingAdminServlet: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
index 35bbb91a..97590e0b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
@@ -36,13 +35,11 @@ import com.netscape.certsrv.common.ScopeDef;
import com.netscape.certsrv.ra.IRegistrationAuthority;
import com.netscape.certsrv.request.IRequestListener;
-
/**
- * A class representings an administration servlet for Registration
- * Authority. This servlet is responsible to serve RA
- * administrative operations such as configuration parameter
- * updates.
- *
+ * A class representings an administration servlet for Registration Authority.
+ * This servlet is responsible to serve RA administrative operations such as
+ * configuration parameter updates.
+ *
* @version $Revision$, $Date$
*/
public class RAAdminServlet extends AdminServlet {
@@ -53,15 +50,17 @@ public class RAAdminServlet extends AdminServlet {
protected static final String PROP_ENABLED = "enabled";
- /*==========================================================
- * variables
- *==========================================================*/
+ /*
+ * ========================================================== variables
+ * ==========================================================
+ */
private final static String INFO = "RAAdminServlet";
private IRegistrationAuthority mRA = null;
- /*==========================================================
- * constructors
- *==========================================================*/
+ /*
+ * ========================================================== constructors
+ * ==========================================================
+ */
/**
* Constructs RA servlet.
@@ -70,9 +69,10 @@ public class RAAdminServlet extends AdminServlet {
super();
}
- /*==========================================================
- * public methods
- *==========================================================*/
+ /*
+ * ========================================================== public methods
+ * ==========================================================
+ */
/**
* Initializes this servlet.
@@ -90,35 +90,34 @@ public class RAAdminServlet extends AdminServlet {
}
/**
- * Serves HTTP request. Each request is authenticated to
- * the authenticate manager.
+ * Serves HTTP request. Each request is authenticated to the authenticate
+ * manager.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
- //get all operational flags
+ // get all operational flags
String op = req.getParameter(Constants.OP_TYPE);
String scope = req.getParameter(Constants.OP_SCOPE);
- //check operational flags
+ // check operational flags
if ((op == null) || (scope == null)) {
sendResponse(1, "Invalid Protocol", null, resp);
return;
}
- //authenticate the user
+ // authenticate the user
super.authenticate(req);
- //perform services
+ // perform services
try {
AUTHZ_RES_NAME = "certServer.ra.configuration";
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -143,9 +142,8 @@ public class RAAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -157,7 +155,7 @@ public class RAAdminServlet extends AdminServlet {
} else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) {
setNotificationReqCompConfig(req, resp);
return;
- }else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
+ } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
setNotificationRevCompConfig(req, resp);
return;
} else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
@@ -169,22 +167,23 @@ public class RAAdminServlet extends AdminServlet {
}
}
} catch (Exception e) {
- //System.out.println("XXX >>>" + e.toString() + "<<<");
+ // System.out.println("XXX >>>" + e.toString() + "<<<");
sendResponse(1, "Unknown operation", null, resp);
}
return;
}
- /*==========================================================
- * private methods
- *==========================================================*/
-
+ /*
+ * ========================================================== private
+ * methods==========================================================
+ */
+
/*
* handle getting completion (cert issued) notification config info
*/
private void getNotificationCompConfig(HttpServletRequest req,
- HttpServletResponse resp, IConfigStore rc) throws ServletException,
+ HttpServletResponse resp, IConfigStore rc) throws ServletException,
IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
@@ -203,35 +202,37 @@ public class RAAdminServlet extends AdminServlet {
params.add(name, rc.getString(name, ""));
}
- params.add(Constants.PR_ENABLE,
- rc.getString(PROP_ENABLED, Constants.FALSE));
- //System.out.println("Send: "+params.toString());
+ params.add(Constants.PR_ENABLE,
+ rc.getString(PROP_ENABLED, Constants.FALSE));
+ // System.out.println("Send: "+params.toString());
sendResponse(SUCCESS, null, params, resp);
}
private void getNotificationReqCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore config = mRA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
+ IConfigStore rc = nc
+ .getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
getNotificationCompConfig(req, resp, rc);
}
private void getNotificationRevCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore config = mRA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
+ IConfigStore rc = nc
+ .getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
getNotificationCompConfig(req, resp, rc);
@@ -241,16 +242,17 @@ public class RAAdminServlet extends AdminServlet {
* handle getting request in queue notification config info
*/
private void getNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore config = mRA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
+ IConfigStore riq = nc
+ .getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
Enumeration e = req.getParameterNames();
@@ -268,9 +270,9 @@ public class RAAdminServlet extends AdminServlet {
params.add(name, riq.getString(name, ""));
}
- params.add(Constants.PR_ENABLE,
- riq.getString(PROP_ENABLED, Constants.FALSE));
- //System.out.println("Send: "+params.toString());
+ params.add(Constants.PR_ENABLE,
+ riq.getString(PROP_ENABLED, Constants.FALSE));
+ // System.out.println("Send: "+params.toString());
sendResponse(SUCCESS, null, params, resp);
}
@@ -278,15 +280,16 @@ public class RAAdminServlet extends AdminServlet {
* handle setting request in queue notification config info
*/
private void setNotificationRIQConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore config = mRA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
+ IConfigStore riq = nc
+ .getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
- //set rest of the parameters
+ // set rest of the parameters
Enumeration e = req.getParameterNames();
while (e.hasMoreElements()) {
@@ -321,9 +324,10 @@ public class RAAdminServlet extends AdminServlet {
* handle setting request complete notification config info
*/
private void setNotificationCompConfig(HttpServletRequest req,
- HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
+ HttpServletResponse resp, IConfigStore rc,
+ IRequestListener thisListener) throws ServletException,
IOException, EBaseException {
- //set rest of the parameters
+ // set rest of the parameters
Enumeration e = req.getParameterNames();
while (e.hasMoreElements()) {
@@ -355,33 +359,35 @@ public class RAAdminServlet extends AdminServlet {
}
private void setNotificationReqCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore config = mRA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
+ IConfigStore rc = nc
+ .getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener());
-
+
}
private void setNotificationRevCompConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore config = mRA.getConfigStore();
- IConfigStore nc =
- config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+ IConfigStore nc = config
+ .getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
- IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
+ IConfigStore rc = nc
+ .getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
setNotificationCompConfig(req, resp, rc, mRA.getCertRevokedListener());
}
private void getConnectorConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore raConfig = mRA.getConfigStore();
IConfigStore connectorConfig = raConfig.getSubStore("connector");
IConfigStore caConnectorConfig = null;
@@ -395,15 +401,10 @@ public class RAAdminServlet extends AdminServlet {
}
/*
- Enumeration enum = req.getParameterNames();
- NameValuePairs params = new NameValuePairs();
- while (enum.hasMoreElements()) {
- String key = (String)enum.nextElement();
- if (key.equals("RS_ID")) {
- String val = req.getParameter(key);
- if (val.equals("CA Connector"))
- }
- }
+ * Enumeration enum = req.getParameterNames(); NameValuePairs params =
+ * new NameValuePairs(); while (enum.hasMoreElements()) { String key =
+ * (String)enum.nextElement(); if (key.equals("RS_ID")) { String val =
+ * req.getParameter(key); if (val.equals("CA Connector")) } }
*/
Enumeration enum1 = req.getParameterNames();
@@ -427,13 +428,13 @@ public class RAAdminServlet extends AdminServlet {
}
private void setConnectorConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
IConfigStore raConfig = mRA.getConfigStore();
IConfigStore connectorConfig = raConfig.getSubStore("connector");
IConfigStore caConnectorConfig = null;
- // String nickname = raConfig.getString("certNickname", "");
+ // String nickname = raConfig.getString("certNickname", "");
if (isCAConnector(req)) {
caConnectorConfig = connectorConfig.getSubStore("CA");
@@ -455,12 +456,10 @@ public class RAAdminServlet extends AdminServlet {
continue;
if (name.equals(Constants.OP_SCOPE))
continue;
-/*
- if (name.equals("nickName")) {
- caConnectorConfig.putString(name, nickname);
- continue;
- }
-*/
+ /*
+ * if (name.equals("nickName")) {
+ * caConnectorConfig.putString(name, nickname); continue; }
+ */
caConnectorConfig.putString(name, req.getParameter(name));
}
}
@@ -526,50 +525,41 @@ public class RAAdminServlet extends AdminServlet {
return false;
}
- //reading the RA general information
+ // reading the RA general information
private void readGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
/*
- ISubsystem eeGateway =
- SubsystemRegistry.getInstance().get("eeGateway");
- String value = "false";
- if (eeGateway != null) {
- IConfigStore eeConfig = eeGateway.getConfigStore();
- if (eeConfig != null)
- value = eeConfig.getString("enabled", "true");
- }
- params.add(Constants.PR_EE_ENABLED, value);
+ * ISubsystem eeGateway =
+ * SubsystemRegistry.getInstance().get("eeGateway"); String value =
+ * "false"; if (eeGateway != null) { IConfigStore eeConfig =
+ * eeGateway.getConfigStore(); if (eeConfig != null) value =
+ * eeConfig.getString("enabled", "true"); }
+ * params.add(Constants.PR_EE_ENABLED, value);
*/
-
+
sendResponse(SUCCESS, null, params, resp);
}
- //mdify RA General Information
+ // mdify RA General Information
private void modifyGeneralConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
/*
- ISubsystem eeGateway =
- SubsystemRegistry.getInstance().get("eeGateway");
- IConfigStore eeConfig = null;
- if (eeGateway != null)
- eeConfig = eeGateway.getConfigStore();
-
- Enumeration enum = req.getParameterNames();
- while (enum.hasMoreElements()) {
- String key = (String)enum.nextElement();
- if (key.equals(Constants.PR_EE_ENABLED)) {
- if (eeConfig != null)
- eeConfig.putString("enabled",
- req.getParameter(Constants.PR_EE_ENABLED));
- }
- }
-
+ * ISubsystem eeGateway =
+ * SubsystemRegistry.getInstance().get("eeGateway"); IConfigStore
+ * eeConfig = null; if (eeGateway != null) eeConfig =
+ * eeGateway.getConfigStore();
+ *
+ * Enumeration enum = req.getParameterNames(); while
+ * (enum.hasMoreElements()) { String key = (String)enum.nextElement();
+ * if (key.equals(Constants.PR_EE_ENABLED)) { if (eeConfig != null)
+ * eeConfig.putString("enabled",
+ * req.getParameter(Constants.PR_EE_ENABLED)); } }
*/
sendResponse(RESTART, null, null, resp);
commit(true);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
index be9eb456..39f6b6f9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.util.Enumeration;
@@ -41,7 +40,7 @@ import com.netscape.certsrv.registry.IPluginRegistry;
/**
* This implements the administration servlet for registry subsystem.
- *
+ *
* @version $Revision$, $Date$
*/
public class RegistryAdminServlet extends AdminServlet {
@@ -53,8 +52,7 @@ public class RegistryAdminServlet extends AdminServlet {
public final static String PROP_AUTHORITY = "authority";
private final static String INFO = "RegistryAdminServlet";
- private final static String PW_PASSWORD_CACHE_ADD =
- "PASSWORD_CACHE_ADD";
+ private final static String PW_PASSWORD_CACHE_ADD = "PASSWORD_CACHE_ADD";
public final static String PROP_PREDICATE = "predicate";
private IAuthority mAuthority = null;
@@ -103,9 +101,8 @@ public class RegistryAdminServlet extends AdminServlet {
/**
* Serves HTTP admin request.
*/
- public void service(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void service(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
super.service(req, resp);
super.authenticate(req);
@@ -113,7 +110,7 @@ public class RegistryAdminServlet extends AdminServlet {
AUTHZ_RES_NAME = "certServer.registry.configuration";
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
-
+
if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) {
if (op.equals(OpDef.OP_READ))
if (!readAuthorize(req, resp))
@@ -124,25 +121,23 @@ public class RegistryAdminServlet extends AdminServlet {
}
}
- private boolean readAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean readAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return false;
}
return true;
}
- private boolean modifyAuthorize(HttpServletRequest req,
- HttpServletResponse resp) throws IOException {
+ private boolean modifyAuthorize(HttpServletRequest req,
+ HttpServletResponse resp) throws IOException {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return false;
}
return true;
@@ -151,9 +146,8 @@ public class RegistryAdminServlet extends AdminServlet {
/**
* Process Policy Implementation Management.
*/
- public void processImplMgmt(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void processImplMgmt(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
// Get operation type
String op = req.getParameter(Constants.OP_TYPE);
String scope = req.getParameter(Constants.OP_SCOPE);
@@ -175,17 +169,15 @@ public class RegistryAdminServlet extends AdminServlet {
return;
addImpl(req, resp);
} else
- sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
- null, resp);
+ sendResponse(ERROR, INVALID_POLICY_IMPL_OP, null, resp);
}
- public void addImpl(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void addImpl(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
// Get the policy impl id.
String id = req.getParameter(Constants.RS_ID);
- String scope = req.getParameter(Constants.OP_SCOPE);
+ String scope = req.getParameter(Constants.OP_SCOPE);
String classPath = req.getParameter(Constants.PR_POLICY_CLASS);
String desc = req.getParameter(Constants.PR_POLICY_DESC);
@@ -198,17 +190,16 @@ public class RegistryAdminServlet extends AdminServlet {
IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath);
try {
- mRegistry.addPluginInfo(scope, id, info);
+ mRegistry.addPluginInfo(scope, id, info);
} catch (Exception e) {
- CMS.debug(e.toString());
+ CMS.debug(e.toString());
}
sendResponse(SUCCESS, null, nvp, resp);
}
- public void deleteImpl(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void deleteImpl(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
// Get the policy impl id.
String id = req.getParameter(Constants.RS_ID);
@@ -225,13 +216,13 @@ public class RegistryAdminServlet extends AdminServlet {
sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
return;
}
-
+
NameValuePairs nvp = new NameValuePairs();
try {
- mRegistry.removePluginInfo(scope, id);
+ mRegistry.removePluginInfo(scope, id);
} catch (Exception e) {
- CMS.debug(e.toString());
+ CMS.debug(e.toString());
}
sendResponse(SUCCESS, null, nvp, resp);
@@ -240,9 +231,8 @@ public class RegistryAdminServlet extends AdminServlet {
/**
* Lists all registered profile impementations
*/
- public void listImpls(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ public void listImpls(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
Enumeration impls = mRegistry.getIds(scope);
@@ -252,15 +242,17 @@ public class RegistryAdminServlet extends AdminServlet {
String id = (String) impls.nextElement();
IPluginInfo info = mRegistry.getPluginInfo(scope, id);
- nvp.add(id, info.getClassName() + "," +
- info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req)));
- }
+ nvp.add(id,
+ info.getClassName() + ","
+ + info.getDescription(getLocale(req)) + ","
+ + info.getName(getLocale(req)));
+ }
sendResponse(SUCCESS, null, nvp, resp);
}
- public void getSupportedConstraintPolicies(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException {
+ public void getSupportedConstraintPolicies(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException {
String id = req.getParameter(Constants.RS_ID);
if (id == null) {
@@ -272,8 +264,8 @@ public class RegistryAdminServlet extends AdminServlet {
try {
IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id);
String className = info.getClassName();
- IPolicyDefault policyDefaultClass = (IPolicyDefault)
- Class.forName(className).newInstance();
+ IPolicyDefault policyDefaultClass = (IPolicyDefault) Class.forName(
+ className).newInstance();
if (policyDefaultClass != null) {
Enumeration impls = mRegistry.getIds("constraintPolicy");
@@ -282,28 +274,37 @@ public class RegistryAdminServlet extends AdminServlet {
String constraintID = (String) impls.nextElement();
IPluginInfo constraintInfo = mRegistry.getPluginInfo(
"constraintPolicy", constraintID);
- IPolicyConstraint policyConstraintClass = (IPolicyConstraint)
- Class.forName(constraintInfo.getClassName()).newInstance();
+ IPolicyConstraint policyConstraintClass = (IPolicyConstraint) Class
+ .forName(constraintInfo.getClassName())
+ .newInstance();
- CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName());
+ CMS.debug("RegistryAdminServlet: getSUpportedConstraint "
+ + constraintInfo.getClassName());
if (policyConstraintClass.isApplicable(policyDefaultClass)) {
- CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName());
- nvp.add(constraintID, constraintInfo.getClassName() + "," +
- constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req)));
+ CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable "
+ + constraintInfo.getClassName());
+ nvp.add(constraintID,
+ constraintInfo.getClassName()
+ + ","
+ + constraintInfo
+ .getDescription(getLocale(req))
+ + ","
+ + constraintInfo
+ .getName(getLocale(req)));
}
}
}
} catch (Exception ex) {
- CMS.debug("RegistyAdminServlet: getSupportConstraintPolicies: " + ex.toString());
+ CMS.debug("RegistyAdminServlet: getSupportConstraintPolicies: "
+ + ex.toString());
CMS.debug(ex);
}
sendResponse(SUCCESS, null, nvp, resp);
}
public void getProfileImplConfig(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
+ HttpServletResponse resp) throws ServletException, IOException {
// Get the policy impl id.
String id = req.getParameter(Constants.RS_ID);
@@ -320,15 +321,14 @@ public class RegistryAdminServlet extends AdminServlet {
sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
return;
}
-
+
NameValuePairs nvp = new NameValuePairs();
String className = info.getClassName();
IConfigTemplate template = null;
try {
- template = (IConfigTemplate)
- Class.forName(className).newInstance();
+ template = (IConfigTemplate) Class.forName(className).newInstance();
} catch (Exception e) {
}
if (template != null) {
@@ -336,22 +336,30 @@ public class RegistryAdminServlet extends AdminServlet {
if (names != null) {
while (names.hasMoreElements()) {
- String name = (String) names.nextElement();
- CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name);
- IDescriptor desc = template.getConfigDescriptor(getLocale(req), name);
+ String name = (String) names.nextElement();
+ CMS.debug("RegistryAdminServlet: getProfileImpl descriptor "
+ + name);
+ IDescriptor desc = template.getConfigDescriptor(
+ getLocale(req), name);
if (desc != null) {
- try {
- String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue());
-
- CMS.debug("RegistryAdminServlet: getProfileImpl " + value);
- nvp.add(name, value);
- } catch (Exception e) {
-
- CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name);
- }
+ try {
+ String value = getNonNull(desc.getSyntax()) + ";"
+ + getNonNull(desc.getConstraint()) + ";"
+ + desc.getDescription(getLocale(req)) + ";"
+ + getNonNull(desc.getDefaultValue());
+
+ CMS.debug("RegistryAdminServlet: getProfileImpl "
+ + value);
+ nvp.add(name, value);
+ } catch (Exception e) {
+
+ CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for "
+ + name);
+ }
} else {
- CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name);
+ CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for "
+ + name);
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
index bd96bbec..2ef01b24 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
@@ -58,16 +57,14 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Cert;
-
/**
- * A class representing an administration servlet for
- * User/Group Manager. It communicates with client
- * SDK to allow remote administration of User/Group
+ * A class representing an administration servlet for User/Group Manager. It
+ * communicates with client SDK to allow remote administration of User/Group
* manager.
- *
- * This servlet will be registered to remote
- * administration subsystem by usrgrp manager.
- *
+ *
+ * This servlet will be registered to remote administration subsystem by usrgrp
+ * manager.
+ *
* @version $Revision$, $Date$
*/
public class UsrGrpAdminServlet extends AdminServlet {
@@ -83,22 +80,20 @@ public class UsrGrpAdminServlet extends AdminServlet {
private final static String RES_OCSP_GROUP = "certServer.ocsp.group";
private final static String RES_TKS_GROUP = "certServer.tks.group";
private final static String SYSTEM_USER = "$System$";
- // private final static String RES_GROUP = "root.common.goldfish";
+ // private final static String RES_GROUP = "root.common.goldfish";
private final static String BACK_SLASH = "\\";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
- "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
private IUGSubsystem mMgr = null;
private IAuthzSubsystem mAuthz = null;
- private static String [] mMultiRoleGroupEnforceList = null;
- private final static String MULTI_ROLE_ENABLE= "multiroles.enable";
+ private static String[] mMultiRoleGroupEnforceList = null;
+ private final static String MULTI_ROLE_ENABLE = "multiroles.enable";
private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
-
/**
* Constructs User/Group manager servlet.
*/
@@ -126,17 +121,17 @@ public class UsrGrpAdminServlet extends AdminServlet {
* Serves incoming User/Group management request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
String scope = super.getParameter(req, Constants.OP_SCOPE);
String op = super.getParameter(req, Constants.OP_TYPE);
if (op == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
- null, resp);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"), null, resp);
return;
}
@@ -147,64 +142,57 @@ public class UsrGrpAdminServlet extends AdminServlet {
} catch (IOException e) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp);
return;
}
// authorization
// temporary test before servlets are exposed with authtoken
/*
- SessionContext sc = SessionContext.getContext();
- AuthToken authToken = (AuthToken) sc.get(SessionContext.AUTH_TOKEN);
-
- AuthzToken authzTok = null;
- CMS.debug("UserGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB"));
- // hardcoded for now .. just testing
- try {
- authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read");
- } catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString()));
- }
- if (AuthzToken.AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS))) {
- // audit would have been needed here if this weren't just a test...
-
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
-
- sendResponse(ERROR,
- MessageFormatter.getLocalizedString(
- getLocale(req),
- AdminResources.class.getName(),
- AdminResources.SRVLT_FAIL_AUTHS),
- null, resp);
- return;
- }
+ * SessionContext sc = SessionContext.getContext(); AuthToken authToken
+ * = (AuthToken) sc.get(SessionContext.AUTH_TOKEN);
+ *
+ * AuthzToken authzTok = null; CMS.debug("UserGrpAdminServlet: " +
+ * CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); // hardcoded for
+ * now .. just testing try { authzTok = mAuthz.authorize("DirAclAuthz",
+ * authToken, RES_GROUP, "read"); } catch (EBaseException e) {
+ * log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); } if
+ * (AuthzToken
+ * .AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS
+ * ))) { // audit would have been needed here if this weren't just a
+ * test...
+ *
+ * log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
+ *
+ * sendResponse(ERROR, MessageFormatter.getLocalizedString(
+ * getLocale(req), AdminResources.class.getName(),
+ * AdminResources.SRVLT_FAIL_AUTHS), null, resp); return; }
*/
-
try {
ISubsystem subsystem = CMS.getSubsystem("ca");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_CA_GROUP;
subsystem = CMS.getSubsystem("ra");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_RA_GROUP;
subsystem = CMS.getSubsystem("kra");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_KRA_GROUP;
subsystem = CMS.getSubsystem("ocsp");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_OCSP_GROUP;
subsystem = CMS.getSubsystem("tks");
- if (subsystem != null)
+ if (subsystem != null)
AUTHZ_RES_NAME = RES_TKS_GROUP;
if (scope != null) {
if (scope.equals(ScopeDef.SC_USER_TYPE)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
@@ -215,9 +203,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -233,9 +220,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -251,9 +237,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_ADD)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -269,9 +254,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -284,9 +268,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -296,33 +279,30 @@ public class UsrGrpAdminServlet extends AdminServlet {
findUsers(req, resp);
return;
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
- null, resp);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"), null, resp);
return;
}
}
} // if
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, e.toString());
- sendResponse(ERROR, e.toString(getLocale(req)),
- null, resp);
+ sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
- log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
- null, resp);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM"));
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_PERFORM_FAILED"), null, resp);
return;
}
}
- private void getUserType(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getUserType(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String id = super.getParameter(req, Constants.RS_ID);
IUser user = mMgr.getUser(id);
@@ -337,44 +317,42 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
/**
- * Retrieves configuration parameters of
- * authentication manager.
+ * Retrieves configuration parameters of authentication manager.
*/
- private synchronized void getConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void getConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
super.getConfig(mMgr.getConfigStore(), req, resp);
}
/**
- * Sets configuration parameters of
- * User/Group manager.
+ * Sets configuration parameters of User/Group manager.
*/
- private synchronized void setConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void setConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
super.setConfig(mMgr.getConfigStore(), req, resp);
}
/**
* Lists configuration parameters.
*/
- private synchronized void listConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void listConfig(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
super.listConfig(mMgr.getConfigStore(), req, resp);
}
/**
- * Searches for users in LDAP directory. List uids only
- *
+ * Searches for users in LDAP directory. List uids only
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
*/
- private synchronized void findUsers(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void findUsers(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -384,7 +362,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
e = mMgr.listUsers("*");
} catch (Exception ex) {
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"),
+ null, resp);
return;
}
@@ -412,27 +391,25 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
/**
- * List user information. Certificates covered in a separate
- * protocol for findUserCerts(). List of group memberships are
- * also provided.
- *
+ * List user information. Certificates covered in a separate protocol for
+ * findUserCerts(). List of group memberships are also provided.
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
*/
- private synchronized void findUser(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void findUser(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
- //get id first
+ // get id first
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -445,7 +422,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
} catch (Exception e) {
e.printStackTrace();
sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+ CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"),
+ null, resp);
return;
}
@@ -456,15 +434,15 @@ public class UsrGrpAdminServlet extends AdminServlet {
params.add(Constants.PR_USER_STATE, user.getState());
// get list of groups, and get a list of those that this
- // uid belongs to
+ // uid belongs to
Enumeration e = null;
try {
e = mMgr.findGroups("*");
} catch (Exception ex) {
ex.printStackTrace();
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_INTERNAL_ERROR"), null, resp);
return;
}
@@ -474,7 +452,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
IGroup group = (IGroup) e.nextElement();
if (group.isMember(id) == true) {
- if (grpString.length()!=0) {
+ if (grpString.length() != 0) {
grpString.append(",");
}
grpString.append(group.getGroupID());
@@ -487,34 +465,33 @@ public class UsrGrpAdminServlet extends AdminServlet {
return;
}
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
return;
}
/**
* List user certificate(s)
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
*/
- private synchronized void findUserCerts(HttpServletRequest req,
- HttpServletResponse resp, Locale clientLocale)
- throws ServletException,
- IOException, EBaseException {
+ private synchronized void findUserCerts(HttpServletRequest req,
+ HttpServletResponse resp, Locale clientLocale)
+ throws ServletException, IOException, EBaseException {
- //get id first
+ // get id first
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -526,32 +503,33 @@ public class UsrGrpAdminServlet extends AdminServlet {
user = mMgr.getUser(id);
} catch (Exception e) {
e.printStackTrace();
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
return;
}
if (user == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
return;
}
- X509Certificate[] certs =
- (X509Certificate[]) user.getX509Certificates();
+ X509Certificate[] certs = (X509Certificate[]) user
+ .getX509Certificates();
if (certs != null) {
for (int i = 0; i < certs.length; i++) {
ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]);
- // add base64 encoding
- String base64 = CMS.getEncodedCert(certs[i]);
-
+ // add base64 encoding
+ String base64 = CMS.getEncodedCert(certs[i]);
+
// pretty print certs
params.add(getCertificateString(certs[i]),
- print.toString(clientLocale) + "\n" + base64);
+ print.toString(clientLocale) + "\n" + base64);
}
sendResponse(SUCCESS, null, params, resp);
return;
@@ -570,20 +548,20 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
// note that it did not represent a certificate fully
- return cert.getVersion() + ";" + cert.getSerialNumber().toString() +
- ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+ return cert.getVersion() + ";" + cert.getSerialNumber().toString()
+ + ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
}
/**
* Searchess for groups in LDAP server
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#group
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#group
*/
- private synchronized void findGroups(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void findGroups(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = null;
@@ -592,7 +570,9 @@ public class UsrGrpAdminServlet extends AdminServlet {
e = mMgr.listGroups("*");
} catch (Exception ex) {
ex.printStackTrace();
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"),
+ null, resp);
return;
}
@@ -611,25 +591,23 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
/**
- * finds a group
- * Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * finds a group Request/Response Syntax:
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
*/
- private synchronized void findGroup(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void findGroup(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
- //get id first
+ // get id first
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -639,7 +617,9 @@ public class UsrGrpAdminServlet extends AdminServlet {
e = mMgr.findGroups(id);
} catch (Exception ex) {
ex.printStackTrace();
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+ sendResponse(ERROR,
+ CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"),
+ null, resp);
return;
}
@@ -647,15 +627,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
IGroup group = (IGroup) e.nextElement();
params.add(Constants.PR_GROUP_GROUP, group.getGroupID());
- params.add(Constants.PR_GROUP_DESC,
- group.getDescription());
+ params.add(Constants.PR_GROUP_DESC, group.getDescription());
Enumeration members = group.getMemberNames();
StringBuffer membersString = new StringBuffer();
if (members != null) {
while (members.hasMoreElements()) {
- if (membersString.length()!=0) {
+ if (membersString.length() != 0) {
membersString.append(", ");
}
@@ -670,10 +649,11 @@ public class UsrGrpAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, params, resp);
return;
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp);
return;
}
@@ -682,25 +662,26 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* Adds a new user to LDAP server
* <P>
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
* role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addUser(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void addUser(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -711,58 +692,52 @@ public class UsrGrpAdminServlet extends AdminServlet {
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
if (id.indexOf(BACK_SLASH) != -1) {
// backslashes (BS) are not allowed
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_RS_ID_BS"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_RS_ID_BS"), null, resp);
return;
}
if (id.equals(SYSTEM_USER)) {
// backslashes (BS) are not allowed
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", id));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_SPECIAL_ID", id));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_SPECIAL_ID", id), null, resp);
return;
}
@@ -770,22 +745,21 @@ public class UsrGrpAdminServlet extends AdminServlet {
String fname = super.getParameter(req, Constants.PR_USER_FULLNAME);
if ((fname == null) || (fname.length() == 0)) {
- String msg = CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "full name");
+ String msg = CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_ADD_FAILED_1", "full name");
log(ILogger.LL_FAILURE, msg);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
sendResponse(ERROR, msg, null, resp);
return;
- } else
+ } else
user.setFullName(fname);
String email = super.getParameter(req, Constants.PR_USER_EMAIL);
@@ -803,16 +777,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
if (!passwdCheck.isGoodPassword(pword)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
throw new EUsrGrpException(passwdCheck.getReason(pword));
- //UsrGrpResources.BAD_PASSWD);
+ // UsrGrpResources.BAD_PASSWD);
}
user.setPassword(pword);
@@ -856,18 +828,17 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
return;
}
-
+
if (e.hasMoreElements()) {
IGroup group = (IGroup) e.nextElement();
@@ -879,36 +850,34 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(
+ getLocale(req),
+ "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
return;
}
}
// for audit log
SessionContext sContext = SessionContext.getContext();
- String adminId = (String) sContext.get(SessionContext.USER_ID);
-
+ String adminId = (String) sContext
+ .get(SessionContext.USER_ID);
+
mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] {adminId, id, groupName}
- );
+ AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+ new Object[] { adminId, id, groupName });
}
NameValuePairs params = new NameValuePairs();
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -919,61 +888,54 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
if (user.getUserID() == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp);
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
}
return;
} catch (LDAPException e) {
String errMsg = "addUser()" + e.toString();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ADD_USER_FAIL",
+ e.toString()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE, e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
return;
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -981,53 +943,51 @@ public class UsrGrpAdminServlet extends AdminServlet {
throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* Adds a certificate to a user
* <P>
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
* role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addUserCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void addUserCert(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1038,20 +998,18 @@ public class UsrGrpAdminServlet extends AdminServlet {
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1065,10 +1023,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1082,7 +1038,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
// Base64 decode cert
try {
- byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
+ byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil
+ .AtoB(certsString));
X509Certificate cert = new X509CertImpl(bCert);
certs = new X509Certificate[1];
@@ -1092,12 +1049,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
boolean assending = true;
// could it be a pkcs7 blob?
- CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_IS_PK_BLOB"));
- byte p7Cert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
+ CMS.debug("UsrGrpAdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_IS_PK_BLOB"));
+ byte p7Cert[] = (byte[]) (com.netscape.osutil.OSUtil
+ .AtoB(certsString));
try {
CryptoManager manager = CryptoManager.getInstance();
-
+
PKCS7 pkcs7 = new PKCS7(p7Cert);
X509Certificate p7certs[] = pkcs7.getCertificates();
@@ -1105,15 +1064,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
if (p7certs.length == 0) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
return;
}
// fix for 370099 - cert ordering can not be assumed
@@ -1122,37 +1080,44 @@ public class UsrGrpAdminServlet extends AdminServlet {
// self-signed and alone? take it. otherwise test
// the ordering
- if (p7certs[0].getSubjectDN().toString().equals(
- p7certs[0].getIssuerDN().toString()) &&
- (p7certs.length == 1)) {
+ if (p7certs[0].getSubjectDN().toString()
+ .equals(p7certs[0].getIssuerDN().toString())
+ && (p7certs.length == 1)) {
certs[0] = p7certs[0];
- CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT"));
- } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) {
+ CMS.debug("UsrGrpAdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT"));
+ } else if (p7certs[0].getIssuerDN().toString()
+ .equals(p7certs[1].getSubjectDN().toString())) {
certs[0] = p7certs[0];
- CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_ACEND_ORD"));
- } else if (p7certs[1].getIssuerDN().toString().equals(p7certs[0].getSubjectDN().toString())) {
+ CMS.debug("UsrGrpAdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_ACEND_ORD"));
+ } else if (p7certs[1].getIssuerDN().toString()
+ .equals(p7certs[0].getSubjectDN().toString())) {
assending = false;
- CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_DESC_ORD"));
+ CMS.debug("UsrGrpAdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_CERT_CHAIN_DESC_ORD"));
certs[0] = p7certs[p7certs.length - 1];
} else {
// not a chain, or in random order
- CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN"));
+ CMS.debug("UsrGrpAdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_CERT_BAD_CHAIN"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
return;
}
- CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB", String.valueOf(p7certs.length)));
+ CMS.debug("UsrGrpAdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_CHAIN_STORED_DB",
+ String.valueOf(p7certs.length)));
int j = 0;
int jBegin = 0;
@@ -1167,72 +1132,82 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
// store the chain into cert db, except for the user cert
for (j = jBegin; j < jEnd; j++) {
- CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN())));
- org.mozilla.jss.crypto.X509Certificate leafCert =
- null;
-
- leafCert =
- manager.importCACertPackage(p7certs[j].getEncoded());
+ CMS.debug("UsrGrpAdminServlet: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_CERT_IN_CHAIN", String
+ .valueOf(j), String
+ .valueOf(p7certs[j]
+ .getSubjectDN())));
+ org.mozilla.jss.crypto.X509Certificate leafCert = null;
+
+ leafCert = manager.importCACertPackage(p7certs[j]
+ .getEncoded());
if (leafCert == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NULL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NULL"));
} else {
- CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL"));
+ CMS.debug("UsrGrpAdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_LEAF_CERT_NON_NULL"));
}
if (leafCert instanceof InternalCertificate) {
- ((InternalCertificate) leafCert).setSSLTrust(
- InternalCertificate.VALID_CA |
- InternalCertificate.TRUSTED_CA |
- InternalCertificate.TRUSTED_CLIENT_CA);
+ ((InternalCertificate) leafCert)
+ .setSSLTrust(InternalCertificate.VALID_CA
+ | InternalCertificate.TRUSTED_CA
+ | InternalCertificate.TRUSTED_CLIENT_CA);
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_NOT_INTERNAL_CERT",
String.valueOf(p7certs[j].getSubjectDN())));
}
}
/*
- } catch (CryptoManager.UserCertConflictException ex) {
- // got a "user cert" in the chain, most likely the CA
- // cert of this instance, which has a private key. Ignore
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", ex.toString()));
- */
+ * } catch (CryptoManager.UserCertConflictException ex) { //
+ * got a "user cert" in the chain, most likely the CA //
+ * cert of this instance, which has a private key. Ignore
+ * log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED",
+ * ex.toString()));
+ */
} catch (Exception ex) {
- //-----
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", ex.toString()));
+ // -----
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR",
+ ex.toString()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
return;
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_O_ERROR", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("USRGRP_SRVLT_CERT_O_ERROR",
+ e.toString()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp);
return;
}
try {
- CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_BEFORE_VALIDITY"));
+ CMS.debug("UsrGrpAdminServlet: "
+ + CMS.getLogMessage("ADMIN_SRVLT_BEFORE_VALIDITY"));
certs[0].checkValidity(); // throw exception if fails
user.setX509Certificates(certs);
@@ -1241,10 +1216,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1252,55 +1225,50 @@ public class UsrGrpAdminServlet extends AdminServlet {
return;
} catch (CertificateExpiredException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ADD_CERT_EXPIRED",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_ADD_CERT_EXPIRED",
String.valueOf(certs[0].getSubjectDN())));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp);
return;
} catch (CertificateNotYetValidException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "USRGRP_SRVLT_CERT_NOT_YET_VALID",
String.valueOf(certs[0].getSubjectDN())));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
return;
} catch (LDAPException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- if (e.getLDAPResultCode() ==
- LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
+ if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
} else {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
}
return;
} catch (Exception e) {
@@ -1308,82 +1276,78 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
return;
}
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* Removes a certificate for a user
* <P>
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
* <P>
- *
+ *
* In this method, "certDN" is actually a combination of version,
- * serialNumber, issuerDN, and SubjectDN.
+ * serialNumber, issuerDN, and SubjectDN.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
* role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modifyUserCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void modifyUserCert(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1394,20 +1358,18 @@ public class UsrGrpAdminServlet extends AdminServlet {
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1420,10 +1382,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1438,10 +1398,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1452,81 +1410,76 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
return;
}
// } catch( EBaseException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit1;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
- * removes a user. user not removed if belongs to any group
- * (Administrators should remove the user from "uniquemember" of
- * any group he/she belongs to before trying to remove the user
- * itself.
+ * removes a user. user not removed if belongs to any group (Administrators
+ * should remove the user from "uniquemember" of any group he/she belongs to
+ * before trying to remove the user itself.
* <P>
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
* role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void removeUser(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void removeUser(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1534,7 +1487,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
try {
- //get id first
+ // get id first
String id = super.getParameter(req, Constants.RS_ID);
boolean mustDelete = false;
int index = 0;
@@ -1545,20 +1498,18 @@ public class UsrGrpAdminServlet extends AdminServlet {
}
if (id == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
// get list of groups, and see if uid belongs to any
@@ -1571,14 +1522,13 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_INTERNAL_ERROR"), null, resp);
return;
}
@@ -1591,16 +1541,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"), null, resp);
return;
}
}
@@ -1613,10 +1561,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1625,24 +1571,19 @@ public class UsrGrpAdminServlet extends AdminServlet {
} catch (Exception ex) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp);
return;
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1650,53 +1591,51 @@ public class UsrGrpAdminServlet extends AdminServlet {
throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* Adds a new group in local scope.
* <P>
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#group
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#group
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
* role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void addGroup(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void addGroup(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1704,32 +1643,28 @@ public class UsrGrpAdminServlet extends AdminServlet {
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
try {
- //get id first
+ // get id first
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
IGroup group = mMgr.createGroup(id);
- String members = super.getParameter(req,
- Constants.PR_GROUP_USER);
- String desc = super.getParameter(req,
- Constants.PR_GROUP_DESC);
+ String members = super.getParameter(req, Constants.PR_GROUP_USER);
+ String desc = super.getParameter(req, Constants.PR_GROUP_DESC);
if (desc != null) {
group.set("description", (Object) desc);
@@ -1752,10 +1687,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -1764,25 +1697,19 @@ public class UsrGrpAdminServlet extends AdminServlet {
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_GROUP_ADD_FAILED"), null, resp);
return;
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1790,53 +1717,51 @@ public class UsrGrpAdminServlet extends AdminServlet {
throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* removes a group
* <P>
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#group
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#group
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
* role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void removeGroup(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void removeGroup(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1844,24 +1769,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
try {
- //get id first
+ // get id first
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -1870,22 +1793,16 @@ public class UsrGrpAdminServlet extends AdminServlet {
NameValuePairs params = new NameValuePairs();
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
sendResponse(SUCCESS, null, params, resp);
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -1893,56 +1810,54 @@ public class UsrGrpAdminServlet extends AdminServlet {
throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
/**
* modifies a group
* <P>
- *
- * last person of the super power group "Certificate
- * Server Administrators" can never be removed.
+ *
+ * last person of the super power group "Certificate Server Administrators"
+ * can never be removed.
* <P>
- *
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#group
+ *
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#group
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
* role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modifyGroup(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void modifyGroup(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1950,31 +1865,28 @@ public class UsrGrpAdminServlet extends AdminServlet {
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
try {
- //get id first
+ // get id first
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
IGroup group = mMgr.createGroup(id);
- String desc = super.getParameter(req,
- Constants.PR_GROUP_DESC);
+ String desc = super.getParameter(req, Constants.PR_GROUP_DESC);
if (desc != null) {
group.set("description", (Object) desc);
@@ -1997,20 +1909,20 @@ public class UsrGrpAdminServlet extends AdminServlet {
if (multiRole) {
group.addMemberName(memberName);
} else {
- if( isGroupInMultiRoleEnforceList(groupName)) {
+ if (isGroupInMultiRoleEnforceList(groupName)) {
if (!isDuplicate(groupName, memberName)) {
group.addMemberName(memberName);
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_DUPLICATE_ROLES", memberName));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_DUPLICATE_ROLES", memberName));
}
} else {
group.addMemberName(memberName);
@@ -2027,10 +1939,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -2040,25 +1950,19 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_GROUP_MODIFY_FAILED"), null, resp);
return;
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2066,61 +1970,58 @@ public class UsrGrpAdminServlet extends AdminServlet {
throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
- private boolean isGroupInMultiRoleEnforceList(String groupName)
- {
+ private boolean isGroupInMultiRoleEnforceList(String groupName) {
String groupList = null;
if (groupName == null || groupName.equals("")) {
return true;
}
if (mMultiRoleGroupEnforceList == null) {
- try {
- groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
- } catch (Exception e) {
- }
-
- if (groupList != null && !groupList.equals("")) {
- mMultiRoleGroupEnforceList = groupList.split(",");
- for (int j = 0 ; j < mMultiRoleGroupEnforceList.length; j++) {
- mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim();
- }
- }
- }
-
- if (mMultiRoleGroupEnforceList == null)
- return true;
-
- for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) {
- if (groupName.equals(mMultiRoleGroupEnforceList[i])) {
- return true;
- }
- }
- return false;
+ try {
+ groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
+ } catch (Exception e) {
+ }
+
+ if (groupList != null && !groupList.equals("")) {
+ mMultiRoleGroupEnforceList = groupList.split(",");
+ for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) {
+ mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j]
+ .trim();
+ }
+ }
+ }
+
+ if (mMultiRoleGroupEnforceList == null)
+ return true;
+
+ for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) {
+ if (groupName.equals(mMultiRoleGroupEnforceList[i])) {
+ return true;
+ }
+ }
+ return false;
}
private boolean isDuplicate(String groupName, String memberName) {
@@ -2129,7 +2030,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
// Let's not mess with users that are already a member of this group
boolean isMember = false;
try {
- isMember = mMgr.isMemberOf(memberName,groupName);
+ isMember = mMgr.isMemberOf(memberName, groupName);
} catch (Exception e) {
}
@@ -2163,25 +2064,26 @@ public class UsrGrpAdminServlet extends AdminServlet {
/**
* Modifies an existing user in local scope.
* <P>
- *
+ *
* Request/Response Syntax:
- * http://warp.mcom.com/server/certificate/columbo/design/
- * ui/admin-protocol-definition.html#user-admin
+ * http://warp.mcom.com/server/certificate/columbo/design/
+ * ui/admin-protocol-definition.html#user-admin
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
* role information (anything under users/groups)
* </ul>
+ *
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException an error has occurred
*/
- private synchronized void modifyUser(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private synchronized void modifyUser(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2189,24 +2091,22 @@ public class UsrGrpAdminServlet extends AdminServlet {
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
try {
- //get id first
+ // get id first
String id = super.getParameter(req, Constants.RS_ID);
if (id == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_NULL_RS_ID"), null, resp);
return;
}
@@ -2214,17 +2114,15 @@ public class UsrGrpAdminServlet extends AdminServlet {
String fname = super.getParameter(req, Constants.PR_USER_FULLNAME);
if ((fname == null) || (fname.length() == 0)) {
- String msg =
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name");
+ String msg = CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_MOD_FAILED", "full name");
log(ILogger.LL_FAILURE, msg);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2246,16 +2144,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
if (!passwdCheck.isGoodPassword(pword)) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
throw new EUsrGrpException(passwdCheck.getReason(pword));
- //UsrGrpResources.BAD_PASSWD);
+ // UsrGrpResources.BAD_PASSWD);
}
user.setPassword(pword);
@@ -2277,10 +2173,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -2291,24 +2185,19 @@ public class UsrGrpAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
return;
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2316,35 +2205,32 @@ public class UsrGrpAdminServlet extends AdminServlet {
throw eAudit1;
} catch (IOException eAudit2) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
// } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
}
}
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP,
- level, "UsrGrpAdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP, level,
+ "UsrGrpAdminServlet: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index f5f06bec..55b1449a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -99,10 +99,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cms.servlet.common.Utils;
import com.netscape.cmsutil.xml.XMLObject;
-
/**
* This is the base class of all CS servlet.
- *
+ *
* @version $Revision$, $Date$
*/
public abstract class CMSServlet extends HttpServlet {
@@ -127,76 +126,49 @@ public abstract class CMSServlet extends HttpServlet {
public final static String AUTHZ_CONFIG_STORE = "authz";
public final static String AUTHZ_SRC_XML = "web.xml";
public final static String PROP_AUTHZ_MGR = "AuthzMgr";
- public final static String PROP_ACL = "ACLinfo";
+ public final static String PROP_ACL = "ACLinfo";
public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
private final static String FAILED = "1";
private final static String HDR_LANG = "accept-language";
-
- // final error message - if error and exception templates don't work
+
+ // final error message - if error and exception templates don't work
// send out this text string directly to output.
public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg";
public final static String ERROR_MSG_TOKEN = "$ERROR_MSG";
- public final static String FINAL_ERROR_MSG =
- "<HTML>\n" +
- "<BODY BGCOLOR=white>\n" +
- "<P>\n" +
- "The Certificate System has encountered " +
- "an unrecoverable error.\n" +
- "<P>\n" +
- "Error Message:<BR>\n" +
- "<I>$ERROR_MSG</I>\n" +
- "<P>\n" +
- "Please contact your local administrator for assistance.\n" +
- "</BODY>\n" +
- "</HTML>\n";
+ public final static String FINAL_ERROR_MSG = "<HTML>\n"
+ + "<BODY BGCOLOR=white>\n" + "<P>\n"
+ + "The Certificate System has encountered "
+ + "an unrecoverable error.\n" + "<P>\n" + "Error Message:<BR>\n"
+ + "<I>$ERROR_MSG</I>\n" + "<P>\n"
+ + "Please contact your local administrator for assistance.\n"
+ + "</BODY>\n" + "</HTML>\n";
// properties from configuration.
- protected final static String
- PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate";
- protected final static String
- UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template";
- protected final static String
- PROP_SUCCESS_TEMPLATE = "successTemplate";
- protected final static String
- SUCCESS_TEMPLATE = "/GenSuccess.template";
- protected final static String
- PROP_PENDING_TEMPLATE = "pendingTemplate";
- protected final static String
- PENDING_TEMPLATE = "/GenPending.template";
- protected final static String
- PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate";
- protected final static String
- SVC_PENDING_TEMPLATE = "/GenSvcPending.template";
- protected final static String
- PROP_REJECTED_TEMPLATE = "rejectedTemplate";
- protected final static String
- REJECTED_TEMPLATE = "/GenRejected.template";
- protected final static String
- PROP_ERROR_TEMPLATE = "errorTemplate";
- protected final static String
- ERROR_TEMPLATE = "/GenError.template";
- protected final static String
- PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate";
- protected final static String
- EXCEPTION_TEMPLATE = "/GenUnexpectedError.template";
-
- private final static String
- PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller";
- protected final static String
- PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller";
- private final static String
- PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller";
- private final static String
- PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller";
- private final static String
- PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller";
- private final static String
- PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller";
- private final static String
- PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller";
+ protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate";
+ protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template";
+ protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate";
+ protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template";
+ protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate";
+ protected final static String PENDING_TEMPLATE = "/GenPending.template";
+ protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate";
+ protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template";
+ protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate";
+ protected final static String REJECTED_TEMPLATE = "/GenRejected.template";
+ protected final static String PROP_ERROR_TEMPLATE = "errorTemplate";
+ protected final static String ERROR_TEMPLATE = "/GenError.template";
+ protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate";
+ protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template";
+
+ private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller";
+ protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller";
+ private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller";
+ private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller";
+ private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller";
+ private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller";
+ private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller";
protected final static String RA_AGENT_GROUP = "Registration Manager Agents";
protected final static String CA_AGENT_GROUP = "Certificate Manager Agents";
@@ -206,25 +178,19 @@ public abstract class CMSServlet extends HttpServlet {
protected final static String ADMIN_GROUP = "Administrators";
// default http params NOT to save in request.(config values added to list )
- private static final String
- PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams";
- private static final String[]
- DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd",
- "challengePassword", "confirmChallengePassword" };
+ private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams";
+ private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password",
+ "passwd", "challengePassword", "confirmChallengePassword" };
// default http headers to save in request. (config values added to list)
- private static final String
- PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders";
- private static final String[]
- SAVE_HTTP_HEADERS = { "accept-language", "user-agent", };
+ private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders";
+ private static final String[] SAVE_HTTP_HEADERS = { "accept-language",
+ "user-agent", };
// request prefixes to distinguish from other request attributes.
- public static final String
- PFX_HTTP_HEADER = "HTTP_HEADER";
- public static final String
- PFX_HTTP_PARAM = "HTTP_PARAM";
- public static final String
- PFX_AUTH_TOKEN = "AUTH_TOKEN";
+ public static final String PFX_HTTP_HEADER = "HTTP_HEADER";
+ public static final String PFX_HTTP_PARAM = "HTTP_PARAM";
+ public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN";
/* input http params */
protected final static String AUTHMGR_PARAM = "authenticator";
@@ -232,10 +198,9 @@ public abstract class CMSServlet extends HttpServlet {
/* fixed credential passed to auth managers */
protected final static String CERT_AUTH_CRED = "sslClientCert";
- public static final String CERT_ATTR =
- "javax.servlet.request.X509Certificate";
+ public static final String CERT_ATTR = "javax.servlet.request.X509Certificate";
- // members.
+ // members.
protected boolean mRenderResult = true;
protected String mFinalErrorMsg = FINAL_ERROR_MSG;
@@ -243,7 +208,7 @@ public abstract class CMSServlet extends HttpServlet {
protected ServletConfig mServletConfig = null;
protected ServletContext mServletContext = null;
- private CMSFileLoader mFileLoader = null;
+ private CMSFileLoader mFileLoader = null;
protected Vector mDontSaveHttpParams = new Vector();
protected Vector mSaveHttpHeaders = new Vector();
@@ -251,14 +216,14 @@ public abstract class CMSServlet extends HttpServlet {
protected String mId = null;
protected IConfigStore mConfig = null;
- // the authority, RA, CA, KRA this servlet is serving.
+ // the authority, RA, CA, KRA this servlet is serving.
protected IAuthority mAuthority = null;
protected IRequestQueue mRequestQueue = null;
// system logger.
protected ILogger mLogger = CMS.getLogger();
protected int mLogCategory = ILogger.S_OTHER;
- private MessageDigest mSHADigest = null;
+ private MessageDigest mSHADigest = null;
protected String mGetClientCert = "false";
protected String mAuthMgr = null;
@@ -269,19 +234,14 @@ public abstract class CMSServlet extends HttpServlet {
protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
protected String mOutputTemplatePath = null;
- private IUGSubsystem mUG = (IUGSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_UG);
-
- private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
- private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
- private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
- private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
- private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
- "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+ private IUGSubsystem mUG = (IUGSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_UG);
+
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+ private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL = "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
+ private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
+ private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
public CMSServlet() {
}
@@ -323,38 +283,36 @@ public abstract class CMSServlet extends HttpServlet {
String authority = sc.getInitParameter(PROP_AUTHORITY);
if (authority != null)
- mAuthority = (IAuthority)
- CMS.getSubsystem(authority);
+ mAuthority = (IAuthority) CMS.getSubsystem(authority);
if (mAuthority != null)
mRequestQueue = mAuthority.getRequestQueue();
- // set default templates.
+ // set default templates.
setDefaultTemplates(sc);
// for logging to the right authority category.
if (mAuthority == null) {
mLogCategory = ILogger.S_OTHER;
} else {
- if (mAuthority instanceof ICertificateAuthority)
+ if (mAuthority instanceof ICertificateAuthority)
mLogCategory = ILogger.S_CA;
- else if (mAuthority instanceof IRegistrationAuthority)
+ else if (mAuthority instanceof IRegistrationAuthority)
mLogCategory = ILogger.S_RA;
- else if (mAuthority instanceof IKeyRecoveryAuthority)
+ else if (mAuthority instanceof IKeyRecoveryAuthority)
mLogCategory = ILogger.S_KRA;
- else
+ else
mLogCategory = ILogger.S_OTHER;
}
try {
- // get final error message.
+ // get final error message.
// used when templates can't even be loaded.
- String eMsg =
- sc.getInitParameter(PROP_FINAL_ERROR_MSG);
+ String eMsg = sc.getInitParameter(PROP_FINAL_ERROR_MSG);
if (eMsg != null)
mFinalErrorMsg = eMsg;
- // get any configured templates.
+ // get any configured templates.
Enumeration templs = mTemplates.elements();
while (templs.hasMoreElements()) {
@@ -363,13 +321,11 @@ public abstract class CMSServlet extends HttpServlet {
if (templ == null || templ.mPropName == null) {
continue;
}
- String tName =
- sc.getInitParameter(templ.mPropName);
+ String tName = sc.getInitParameter(templ.mPropName);
if (tName != null)
templ.mTemplateName = tName;
- String fillerName =
- sc.getInitParameter(templ.mFillerPropName);
+ String fillerName = sc.getInitParameter(templ.mFillerPropName);
if (fillerName != null) {
ICMSTemplateFiller filler = newFillerObject(fillerName);
@@ -379,32 +335,32 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- // get http params NOT to store in a IRequest and
- // get http headers TO store in a IRequest.
+ // get http params NOT to store in a IRequest and
+ // get http headers TO store in a IRequest.
getDontSaveHttpParams(sc);
getSaveHttpHeaders(sc);
} catch (Exception e) {
- // should never occur since we provide defaults above.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
- e.toString()));
+ // should never occur since we provide defaults above.
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
+ e.toString()));
throw new ServletException(e.toString());
}
try {
mSHADigest = MessageDigest.getInstance("SHA1");
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
+ e.toString()));
throw new ServletException(e.toString());
}
}
-
+
public String getId() {
return mId;
}
-
+
public String getAuthMgr() {
return mAuthMgr;
}
@@ -416,56 +372,51 @@ public abstract class CMSServlet extends HttpServlet {
return false;
}
- public void outputHttpParameters(HttpServletRequest httpReq)
- {
- CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI());
+ public void outputHttpParameters(HttpServletRequest httpReq) {
+ CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
- String pn = (String)paramNames.nextElement();
+ String pn = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
- // all sensitive parameters should be prefixed with
+ // all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.startsWith("p12Password") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("CMSServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") || pn.endsWith("password")
+ || pn.endsWith("passwd") || pn.endsWith("pwd")
+ || pn.equalsIgnoreCase("admin_password_again")
+ || pn.equalsIgnoreCase("directoryManagerPwd")
+ || pn.equalsIgnoreCase("bindpassword")
+ || pn.equalsIgnoreCase("bindpwd")
+ || pn.equalsIgnoreCase("passwd")
+ || pn.equalsIgnoreCase("password")
+ || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd")
+ || pn.equalsIgnoreCase("pwdagain")
+ || pn.startsWith("p12Password")
+ || pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("CMSServlet::service() param name='" + pn
+ + "' value='(sensitive)'");
} else {
- CMS.debug("CMSServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("CMSServlet::service() param name='" + pn
+ + "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
- public void service(HttpServletRequest httpReq,
- HttpServletResponse httpResp)
- throws ServletException, IOException {
+ public void service(HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
- throw new IOException(
- "CS server is not ready to serve.");
+ throw new IOException("CS server is not ready to serve.");
try {
if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) {
String currentName = Thread.currentThread().getName();
- Thread.currentThread().setName(currentName + "-" + httpReq.getServletPath());
+ Thread.currentThread().setName(
+ currentName + "-" + httpReq.getServletPath());
}
} catch (Exception e) {
}
@@ -473,16 +424,17 @@ public abstract class CMSServlet extends HttpServlet {
httpReq.setCharacterEncoding("UTF-8");
if (CMS.debugOn()) {
- outputHttpParameters(httpReq);
+ outputHttpParameters(httpReq);
}
CMS.debug("CMSServlet: " + mId + " start to service.");
String className = this.getClass().getName();
- // get a cms request
+ // get a cms request
CMSRequest cmsRequest = newCMSRequest();
- // set argblock
- cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",toHashtable(httpReq)));
+ // set argblock
+ cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",
+ toHashtable(httpReq)));
// set http request
cmsRequest.setHttpReq(httpReq);
@@ -511,30 +463,36 @@ public abstract class CMSServlet extends HttpServlet {
ICommandQueue iCommandQueue = CMS.getCommandQueue();
try {
- if (iCommandQueue.registerProcess((Object) cmsRequest, (Object) this) == false) {
+ if (iCommandQueue.registerProcess((Object) cmsRequest,
+ (Object) this) == false) {
cmsRequest.setStatus(CMSRequest.ERROR);
renderResult(cmsRequest);
SessionContext.releaseContext();
return;
- }
+ }
long startTime = CMS.getCurrentDate().getTime();
process(cmsRequest);
renderResult(cmsRequest);
Date endDate = CMS.getCurrentDate();
long endTime = endDate.getTime();
if (CMS.debugOn()) {
- CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime));
+ CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate
+ + " id=" + mId + " time=" + (endTime - startTime));
}
- iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this);
+ iCommandQueue
+ .unRegisterProccess((Object) cmsRequest, (Object) this);
} catch (EBaseException e) {
- iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this);
- // ByteArrayOutputStream os = new ByteArrayOutputStream(); for debugging only
+ iCommandQueue
+ .unRegisterProccess((Object) cmsRequest, (Object) this);
+ // ByteArrayOutputStream os = new ByteArrayOutputStream(); for
+ // debugging only
// PrintStream ps = new PrintStream(os);
- //e.printStackTrace(ps);
+ // e.printStackTrace(ps);
log(e.toString());
renderException(cmsRequest, e);
} catch (Exception ex) {
- iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this);
+ iCommandQueue
+ .unRegisterProccess((Object) cmsRequest, (Object) this);
ByteArrayOutputStream os = new ByteArrayOutputStream();
PrintStream ps = new PrintStream(os);
@@ -551,39 +509,36 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Create a new CMSRequest object. This should be overriden by servlets
- * implementing different types of request
- * @return a new CMSRequest object
+ * implementing different types of request
+ *
+ * @return a new CMSRequest object
*/
protected CMSRequest newCMSRequest() {
return new CMSRequest();
}
/**
- * process an HTTP request. Servlets must override this with their
- * own implementation
- * @throws EBaseException if the servlet was unable to satisfactorily
- * process the request
+ * process an HTTP request. Servlets must override this with their own
+ * implementation
+ *
+ * @throws EBaseException if the servlet was unable to satisfactorily
+ * process the request
*/
- protected void process(CMSRequest cmsRequest)
- throws EBaseException
- {
+ protected void process(CMSRequest cmsRequest) throws EBaseException {
}
-
/**
- * Output a template.
- * If an error occurs while outputing the template the exception template
- * is used to display the error.
+ * Output a template. If an error occurs while outputing the template the
+ * exception template is used to display the error.
*
* @param cmsReq the CS request
*/
- protected void renderResult(CMSRequest cmsReq)
- throws IOException {
+ protected void renderResult(CMSRequest cmsReq) throws IOException {
if (!mRenderResult)
return;
Integer status = cmsReq.getStatus();
-
+
CMSLoadTemplate ltempl = (CMSLoadTemplate) mTemplates.get(status);
if (ltempl == null || ltempl.mTemplateName == null) {
@@ -594,13 +549,12 @@ public abstract class CMSServlet extends HttpServlet {
renderTemplate(cmsReq, ltempl.mTemplateName, filler);
}
-
+
private static final String PRESERVED = "preserved";
public static final String TEMPLATE_NAME = "templateName";
-
+
protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent,
- String argBlockName, IArgBlock argBlock)
- {
+ String argBlockName, IArgBlock argBlock) {
Node argBlockContainer = xmlObj.createContainer(parent, argBlockName);
if (argBlock != null) {
@@ -614,15 +568,15 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params)
- {
+ protected void outputXML(HttpServletResponse httpResp,
+ CMSTemplateParams params) {
XMLObject xmlObj = null;
try {
xmlObj = new XMLObject();
Node root = xmlObj.createRoot("xml");
outputArgBlockAsXML(xmlObj, root, "header", params.getHeader());
- outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed());
+ outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed());
Enumeration records = params.queryRecords();
Node recordsNode = xmlObj.createContainer(root, "records");
@@ -644,20 +598,19 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {
try {
IArgBlock httpParams = cmsReq.getHttpParams();
Locale[] locale = new Locale[1];
- CMSTemplate template =
- getTemplate(templateName, cmsReq.getHttpReq(), locale);
+ CMSTemplate template = getTemplate(templateName,
+ cmsReq.getHttpReq(), locale);
CMSTemplateParams templateParams = null;
if (filler != null) {
- templateParams = filler.getTemplateParams(
- cmsReq, mAuthority, locale[0], null);
+ templateParams = filler.getTemplateParams(cmsReq, mAuthority,
+ locale[0], null);
}
// just output arg blocks as XML
@@ -670,8 +623,7 @@ public abstract class CMSServlet extends HttpServlet {
}
if (httpParams != null) {
- String httpTemplateName =
- httpParams.getValueAsString(
+ String httpTemplateName = httpParams.getValueAsString(
TEMPLATE_NAME, null);
if (httpTemplateName != null) {
@@ -679,14 +631,13 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- if (templateParams == null)
+ if (templateParams == null)
templateParams = new CMSTemplateParams(null, null);
- // #359630
- // inject preserved http parameter into the template
+ // #359630
+ // inject preserved http parameter into the template
if (httpParams != null) {
- String preserved = httpParams.getValueAsString(
- PRESERVED, null);
+ String preserved = httpParams.getValueAsString(PRESERVED, null);
if (preserved != null) {
IArgBlock fixed = templateParams.getFixed();
@@ -704,52 +655,56 @@ public abstract class CMSServlet extends HttpServlet {
cmsReq.getHttpResp().setContentLength(bos.size());
bos.writeTo(cmsReq.getHttpResp().getOutputStream());
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString()));
- renderException(cmsReq,
- new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName,
+ e.toString()));
+ renderException(
+ cmsReq,
+ new ECMSGWException(CMS
+ .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
return;
}
}
/**
- * Output exception (unexpected error) template
- * This is different from other templates in that if an exception occurs
- * while rendering the exception a message is printed out directly.
- * If the message gets an error an IOException is thrown.
- * In others if an exception occurs while rendering the template the
- * exception template (this) is called.
+ * Output exception (unexpected error) template This is different from other
+ * templates in that if an exception occurs while rendering the exception a
+ * message is printed out directly. If the message gets an error an
+ * IOException is thrown. In others if an exception occurs while rendering
+ * the template the exception template (this) is called.
* <p>
+ *
* @param cmsReq the CS request to pass to template filler if any.
* @param e the unexpected exception
*/
- protected void renderException(CMSRequest cmsReq, EBaseException e)
- throws IOException {
+ protected void renderException(CMSRequest cmsReq, EBaseException e)
+ throws IOException {
try {
Locale[] locale = new Locale[1];
- CMSLoadTemplate loadTempl =
- (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION);
- CMSTemplate template = getTemplate(loadTempl.mTemplateName,
+ CMSLoadTemplate loadTempl = (CMSLoadTemplate) mTemplates
+ .get(CMSRequest.EXCEPTION);
+ CMSTemplate template = getTemplate(loadTempl.mTemplateName,
cmsReq.getHttpReq(), locale);
ICMSTemplateFiller filler = loadTempl.mFiller;
CMSTemplateParams templateParams = null;
// When an exception occurs the exit is non-local which probably
// will leave the requestStatus value set to something other
- // than CMSRequest.EXCEPTION, so force the requestStatus to
- // EXCEPTION since it must be that if we're here.
+ // than CMSRequest.EXCEPTION, so force the requestStatus to
+ // EXCEPTION since it must be that if we're here.
cmsReq.setStatus(CMSRequest.EXCEPTION);
if (filler != null) {
- templateParams = filler.getTemplateParams(
- cmsReq, mAuthority, locale[0], e);
+ templateParams = filler.getTemplateParams(cmsReq, mAuthority,
+ locale[0], e);
}
if (templateParams == null) {
- templateParams = new CMSTemplateParams(null, CMS.createArgBlock());
+ templateParams = new CMSTemplateParams(null,
+ CMS.createArgBlock());
}
if (e != null) {
- templateParams.getFixed().set(
- ICMSTemplateFiller.EXCEPTION, e.toString(locale[0]));
+ templateParams.getFixed().set(ICMSTemplateFiller.EXCEPTION,
+ e.toString(locale[0]));
}
// just output arg blocks as XML
@@ -772,25 +727,24 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- public void renderFinalError(CMSRequest cmsReq, Exception ex)
- throws IOException {
- // this template is the last resort for all other unexpected
- // errors in other templates so we can only output text.
+ public void renderFinalError(CMSRequest cmsReq, Exception ex)
+ throws IOException {
+ // this template is the last resort for all other unexpected
+ // errors in other templates so we can only output text.
HttpServletResponse httpResp = cmsReq.getHttpResp();
httpResp.setContentType("text/html");
ServletOutputStream out = httpResp.getOutputStream();
-
- // replace $ERRORMSG with exception message if included.
+
+ // replace $ERRORMSG with exception message if included.
String finalErrMsg = mFinalErrorMsg;
int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN);
if (tokenIdx != -1) {
- finalErrMsg =
- mFinalErrorMsg.substring(0, tokenIdx) +
- ex.toString() +
- mFinalErrorMsg.substring(
- tokenIdx + ERROR_MSG_TOKEN.length());
+ finalErrMsg = mFinalErrorMsg.substring(0, tokenIdx)
+ + ex.toString()
+ + mFinalErrorMsg.substring(tokenIdx
+ + ERROR_MSG_TOKEN.length());
}
out.println(finalErrMsg);
return;
@@ -803,31 +757,23 @@ public abstract class CMSServlet extends HttpServlet {
SSLSocket s = null;
/*
- try {
- s = (SSLSocket) ((HTTPRequest) httpReq).getConnection().getSocket();
- } catch (ClassCastException e) {
- CMS.getLogger().log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE"));
- // ignore.
- return;
- }
- try {
- s.invalidateSession();
- s.resetHandshake();
- }catch (SocketException se) {
- }
+ * try { s = (SSLSocket) ((HTTPRequest)
+ * httpReq).getConnection().getSocket(); } catch (ClassCastException e)
+ * { CMS.getLogger().log( ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ * ILogger.LL_WARN, CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); //
+ * ignore. return; } try { s.invalidateSession(); s.resetHandshake();
+ * }catch (SocketException se) { }
*/
return;
}
/**
- * construct a authentication credentials to pass into authentication
+ * construct a authentication credentials to pass into authentication
* manager.
*/
- public static AuthCredentials getAuthCreds(
- IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
- throws EBaseException {
+ public static AuthCredentials getAuthCreds(IAuthManager authMgr,
+ IArgBlock argBlock, X509Certificate clientCert)
+ throws EBaseException {
// get credentials from http parameters.
String[] reqCreds = authMgr.getRequiredCreds();
AuthCredentials creds = new AuthCredentials();
@@ -837,8 +783,7 @@ public abstract class CMSServlet extends HttpServlet {
if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
// cert could be null;
- creds.set(reqCred, new X509Certificate[] { clientCert}
- );
+ creds.set(reqCred, new X509Certificate[] { clientCert });
} else {
String value = argBlock.getValueAsString(reqCred);
@@ -854,32 +799,33 @@ public abstract class CMSServlet extends HttpServlet {
/**
* get ssl client authenticated certificate
*/
- protected X509Certificate
- getSSLClientCertificate(HttpServletRequest httpReq)
- throws EBaseException {
+ protected X509Certificate getSSLClientCertificate(HttpServletRequest httpReq)
+ throws EBaseException {
X509Certificate cert = null;
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
- CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
+ CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
- // iws60 support Java Servlet Spec V2.2, attribute
+ // iws60 support Java Servlet Spec V2.2, attribute
// javax.servlet.request.X509Certificate now contains array
// of X509Certificates instead of one X509Certificate object
- X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR);
+ X509Certificate[] allCerts = (X509Certificate[]) httpReq
+ .getAttribute(CERT_ATTR);
if (allCerts == null || allCerts.length == 0) {
- throw new EBaseException("You did not provide a valid certificate for this operation");
+ throw new EBaseException(
+ "You did not provide a valid certificate for this operation");
}
cert = allCerts[0];
if (cert == null) {
// just don't have a cert.
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
return null;
- }
+ }
// convert to sun's x509 cert interface.
try {
@@ -888,53 +834,58 @@ public abstract class CMSServlet extends HttpServlet {
cert = new X509CertImpl(certEncoded);
} catch (CertificateEncodingException e) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage()));
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE",
+ e.getMessage()));
return null;
} catch (CertificateException e) {
mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage()));
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE",
+ e.getMessage()));
return null;
}
- return cert;
+ return cert;
}
/**
* get a template based on result status.
*/
- protected CMSTemplate getTemplate(
- String templateName, HttpServletRequest httpReq, Locale[] locale)
- throws EBaseException, IOException {
+ protected CMSTemplate getTemplate(String templateName,
+ HttpServletRequest httpReq, Locale[] locale) throws EBaseException,
+ IOException {
// this converts to system dependent file seperator char.
if (mServletConfig == null) {
- CMS.debug( "CMSServlet:getTemplate() - mServletConfig is null!" );
+ CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!");
return null;
}
if (mServletConfig.getServletContext() == null) {
}
if (templateName == null) {
}
- String realpath =
- mServletConfig.getServletContext().getRealPath("/" + templateName);
+ String realpath = mServletConfig.getServletContext().getRealPath(
+ "/" + templateName);
if (realpath == null) {
- mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
File realpathFile = new File(realpath);
- File templateFile =
- getLangFile(httpReq, realpathFile, locale);
+ File templateFile = getLangFile(httpReq, realpathFile, locale);
String charSet = httpReq.getCharacterEncoding();
if (charSet == null) {
charSet = "UTF8";
}
- CMSTemplate template =
- (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet);
+ CMSTemplate template = (CMSTemplate) mFileLoader.getCMSFile(
+ templateFile, charSet);
return template;
}
@@ -943,13 +894,12 @@ public abstract class CMSServlet extends HttpServlet {
* log according to authority category.
*/
protected void log(int event, int level, String msg) {
- mLogger.log(event, mLogCategory, level,
- "Servlet " + mId + ": " + msg);
+ mLogger.log(event, mLogCategory, level, "Servlet " + mId + ": " + msg);
}
protected void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
- "Servlet " + mId + ": " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, "Servlet " + mId
+ + ": " + msg);
}
/**
@@ -962,11 +912,10 @@ public abstract class CMSServlet extends HttpServlet {
for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) {
mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]);
}
- dontSaveParams = sc.getInitParameter(
- PROP_DONT_SAVE_HTTP_PARAMS);
+ dontSaveParams = sc.getInitParameter(PROP_DONT_SAVE_HTTP_PARAMS);
if (dontSaveParams != null) {
- StringTokenizer params =
- new StringTokenizer(dontSaveParams, ",");
+ StringTokenizer params = new StringTokenizer(dontSaveParams,
+ ",");
while (params.hasMoreTokens()) {
String param = params.nextToken();
@@ -976,8 +925,8 @@ public abstract class CMSServlet extends HttpServlet {
}
} catch (Exception e) {
// should never happen
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString()));
+ log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE",
+ PROP_DONT_SAVE_HTTP_PARAMS, e.toString()));
// default just in case.
for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) {
mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]);
@@ -997,12 +946,10 @@ public abstract class CMSServlet extends HttpServlet {
}
// now get from config file if there's more.
- String saveHeaders =
- sc.getInitParameter(PROP_SAVE_HTTP_HEADERS);
+ String saveHeaders = sc.getInitParameter(PROP_SAVE_HTTP_HEADERS);
- if (saveHeaders != null) {
- StringTokenizer headers =
- new StringTokenizer(saveHeaders, ",");
+ if (saveHeaders != null) {
+ StringTokenizer headers = new StringTokenizer(saveHeaders, ",");
while (headers.hasMoreTokens()) {
String hdr = headers.nextToken();
@@ -1012,7 +959,8 @@ public abstract class CMSServlet extends HttpServlet {
}
} catch (Exception e) {
// should never happen
- log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_SAVE_HTTP_HEADERS, e.toString()));
+ log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE",
+ PROP_SAVE_HTTP_HEADERS, e.toString()));
return;
}
}
@@ -1020,9 +968,8 @@ public abstract class CMSServlet extends HttpServlet {
/**
* save http headers in a IRequest.
*/
- protected void saveHttpHeaders(
- HttpServletRequest httpReq, IRequest req)
- throws EBaseException {
+ protected void saveHttpHeaders(HttpServletRequest httpReq, IRequest req)
+ throws EBaseException {
Hashtable headers = new Hashtable();
Enumeration hdrs = mSaveHttpHeaders.elements();
@@ -1040,8 +987,7 @@ public abstract class CMSServlet extends HttpServlet {
/**
* save http headers in a IRequest.
*/
- protected void saveHttpParams(
- IArgBlock httpParams, IRequest req) {
+ protected void saveHttpParams(IArgBlock httpParams, IRequest req) {
Hashtable saveParams = new Hashtable();
Enumeration names = httpParams.elements();
@@ -1075,17 +1021,18 @@ public abstract class CMSServlet extends HttpServlet {
* handy routine for getting a cert record given a serial number.
*/
protected ICertRecord getCertRecord(BigInteger serialNo) {
- if (mAuthority == null ||
- !(mAuthority instanceof ICertificateAuthority)) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_NON_CERT_AUTH"));
+ if (mAuthority == null
+ || !(mAuthority instanceof ICertificateAuthority)) {
+ log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_NON_CERT_AUTH"));
return null;
}
- ICertificateRepository certdb =
- (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
if (certdb == null) {
- log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_CERT_DB_NULL",
+ mAuthority.toString()));
return null;
}
ICertRecord certRecord = null;
@@ -1093,16 +1040,17 @@ public abstract class CMSServlet extends HttpServlet {
try {
certRecord = certdb.readCertificateRecord(serialNo);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_CERT_REC",
+ serialNo.toString(16), e.toString()));
return null;
}
return certRecord;
}
/**
- * handy routine for validating if a cert is from this CA.
- * mAuthority must be a CA.
+ * handy routine for validating if a cert is from this CA. mAuthority must
+ * be a CA.
*/
protected boolean isCertFromCA(X509Certificate cert) {
BigInteger serialno = cert.getSerialNumber();
@@ -1114,8 +1062,8 @@ public abstract class CMSServlet extends HttpServlet {
}
/**
- * handy routine for checking if a list of certs is from this CA.
- * mAuthortiy must be a CA.
+ * handy routine for checking if a list of certs is from this CA. mAuthortiy
+ * must be a CA.
*/
protected boolean areCertsFromCA(X509Certificate[] certs) {
for (int i = certs.length - 1; i >= 0; i--) {
@@ -1126,21 +1074,22 @@ public abstract class CMSServlet extends HttpServlet {
}
/**
- * handy routine for getting a certificate from the certificate
- * repository. mAuthority must be a CA.
+ * handy routine for getting a certificate from the certificate repository.
+ * mAuthority must be a CA.
*/
protected X509Certificate getX509Certificate(BigInteger serialNo) {
- if (mAuthority == null ||
- !(mAuthority instanceof ICertificateAuthority)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NOT_CERT_AUTH"));
+ if (mAuthority == null
+ || !(mAuthority instanceof ICertificateAuthority)) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_CERT_AUTH"));
return null;
}
- ICertificateRepository certdb =
- (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ ICertificateRepository certdb = (ICertificateRepository) ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
if (certdb == null) {
- log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_CERT_DB_NULL",
+ mAuthority.toString()));
return null;
}
X509Certificate cert = null;
@@ -1148,29 +1097,31 @@ public abstract class CMSServlet extends HttpServlet {
try {
cert = certdb.getX509Certificate(serialNo);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_CERT_REC",
+ serialNo.toString(16), e.toString()));
return null;
}
return cert;
}
/**
- * instantiate a new filler from a class name,
+ * instantiate a new filler from a class name,
+ *
* @return null if can't be instantiated, new instance otherwise.
*/
protected ICMSTemplateFiller newFillerObject(String fillerClass) {
ICMSTemplateFiller filler = null;
try {
- filler = (ICMSTemplateFiller)
- Class.forName(fillerClass).newInstance();
+ filler = (ICMSTemplateFiller) Class.forName(fillerClass)
+ .newInstance();
} catch (Exception e) {
if ((e instanceof RuntimeException)) {
throw (RuntimeException) e;
} else {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString()));
+ log(ILogger.LL_WARN, CMS.getLogMessage(
+ "CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString()));
return null;
}
}
@@ -1178,18 +1129,17 @@ public abstract class CMSServlet extends HttpServlet {
}
/**
- * set default templates.
- * subclasses can override, and should override at least the success
- * template
+ * set default templates. subclasses can override, and should override at
+ * least the success template
*/
protected void setDefaultTemplates(ServletConfig sc) {
// Subclasses should override these for diff templates and params in
- // their constructors.
- // Set a template name to null to not use these standard ones.
- // When template name is set to null nothing will be displayed.
+ // their constructors.
+ // Set a template name to null to not use these standard ones.
+ // When template name is set to null nothing will be displayed.
// Servlet is assumed to have rendered its own output.
- // The only exception is the unexpected error template where the
- // default one will always be used if template name is null.
+ // The only exception is the unexpected error template where the
+ // default one will always be used if template name is null.
String successTemplate = null;
String errorTemplate = null;
String unauthorizedTemplate = null;
@@ -1205,110 +1155,94 @@ public abstract class CMSServlet extends HttpServlet {
}
try {
- successTemplate = sc.getInitParameter(
- PROP_SUCCESS_TEMPLATE);
+ successTemplate = sc.getInitParameter(PROP_SUCCESS_TEMPLATE);
if (successTemplate == null) {
successTemplate = SUCCESS_TEMPLATE;
if (gateway != null)
- //successTemplate = "/"+gateway+successTemplate;
- successTemplate = "/"+gateway+successTemplate;
+ // successTemplate = "/"+gateway+successTemplate;
+ successTemplate = "/" + gateway + successTemplate;
}
- errorTemplate = sc.getInitParameter(
- PROP_ERROR_TEMPLATE);
+ errorTemplate = sc.getInitParameter(PROP_ERROR_TEMPLATE);
if (errorTemplate == null) {
errorTemplate = ERROR_TEMPLATE;
- if (gateway != null)
- //errorTemplate = "/"+gateway+errorTemplate;
- errorTemplate = "/"+gateway+errorTemplate;
+ if (gateway != null)
+ // errorTemplate = "/"+gateway+errorTemplate;
+ errorTemplate = "/" + gateway + errorTemplate;
}
- unauthorizedTemplate = sc.getInitParameter(
- PROP_UNAUTHORIZED_TEMPLATE);
+ unauthorizedTemplate = sc
+ .getInitParameter(PROP_UNAUTHORIZED_TEMPLATE);
if (unauthorizedTemplate == null) {
unauthorizedTemplate = UNAUTHORIZED_TEMPLATE;
if (gateway != null)
- //unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
- unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
+ // unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
+ unauthorizedTemplate = "/" + gateway + unauthorizedTemplate;
}
- pendingTemplate = sc.getInitParameter(
- PROP_PENDING_TEMPLATE);
+ pendingTemplate = sc.getInitParameter(PROP_PENDING_TEMPLATE);
if (pendingTemplate == null) {
pendingTemplate = PENDING_TEMPLATE;
if (gateway != null)
- //pendingTemplate = "/"+gateway+pendingTemplate;
- pendingTemplate = "/"+gateway+pendingTemplate;
+ // pendingTemplate = "/"+gateway+pendingTemplate;
+ pendingTemplate = "/" + gateway + pendingTemplate;
}
- svcpendingTemplate = sc.getInitParameter(
- PROP_SVC_PENDING_TEMPLATE);
+ svcpendingTemplate = sc.getInitParameter(PROP_SVC_PENDING_TEMPLATE);
if (svcpendingTemplate == null) {
svcpendingTemplate = SVC_PENDING_TEMPLATE;
if (gateway != null)
- //svcpendingTemplate = "/"+gateway+svcpendingTemplate;
- svcpendingTemplate = "/"+gateway+svcpendingTemplate;
+ // svcpendingTemplate = "/"+gateway+svcpendingTemplate;
+ svcpendingTemplate = "/" + gateway + svcpendingTemplate;
}
- rejectedTemplate = sc.getInitParameter(
- PROP_REJECTED_TEMPLATE);
+ rejectedTemplate = sc.getInitParameter(PROP_REJECTED_TEMPLATE);
if (rejectedTemplate == null) {
rejectedTemplate = REJECTED_TEMPLATE;
if (gateway != null)
- //rejectedTemplate = "/"+gateway+rejectedTemplate;
- rejectedTemplate = "/"+gateway+rejectedTemplate;
+ // rejectedTemplate = "/"+gateway+rejectedTemplate;
+ rejectedTemplate = "/" + gateway + rejectedTemplate;
}
- unexpectedErrorTemplate = sc.getInitParameter(
- PROP_EXCEPTION_TEMPLATE);
+ unexpectedErrorTemplate = sc
+ .getInitParameter(PROP_EXCEPTION_TEMPLATE);
if (unexpectedErrorTemplate == null) {
unexpectedErrorTemplate = EXCEPTION_TEMPLATE;
if (gateway != null)
- //unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate;
- unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate;
+ // unexpectedErrorTemplate =
+ // "/"+gateway+unexpectedErrorTemplate;
+ unexpectedErrorTemplate = "/" + gateway
+ + unexpectedErrorTemplate;
}
} catch (Exception e) {
- // this should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
- mId));
+ // this should never happen.
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
}
- mTemplates.put(
- CMSRequest.UNAUTHORIZED,
- new CMSLoadTemplate(
+ mTemplates.put(CMSRequest.UNAUTHORIZED, new CMSLoadTemplate(
PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER,
- unauthorizedTemplate, null));
- mTemplates.put(
- CMSRequest.SUCCESS,
- new CMSLoadTemplate(
+ unauthorizedTemplate, null));
+ mTemplates.put(CMSRequest.SUCCESS, new CMSLoadTemplate(
PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
- successTemplate, new GenSuccessTemplateFiller()));
- mTemplates.put(
- CMSRequest.PENDING,
- new CMSLoadTemplate(
+ successTemplate, new GenSuccessTemplateFiller()));
+ mTemplates.put(CMSRequest.PENDING, new CMSLoadTemplate(
PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER,
pendingTemplate, new GenPendingTemplateFiller()));
- mTemplates.put(
- CMSRequest.SVC_PENDING,
- new CMSLoadTemplate(
+ mTemplates.put(CMSRequest.SVC_PENDING, new CMSLoadTemplate(
PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER,
svcpendingTemplate, new GenSvcPendingTemplateFiller()));
- mTemplates.put(
- CMSRequest.REJECTED,
- new CMSLoadTemplate(
+ mTemplates.put(CMSRequest.REJECTED, new CMSLoadTemplate(
PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER,
rejectedTemplate, new GenRejectedTemplateFiller()));
- mTemplates.put(
- CMSRequest.ERROR,
- new CMSLoadTemplate(
- PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER,
- errorTemplate, new GenErrorTemplateFiller()));
- mTemplates.put(
- CMSRequest.EXCEPTION,
- new CMSLoadTemplate(
- PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER,
- unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller()));
+ mTemplates.put(CMSRequest.ERROR, new CMSLoadTemplate(
+ PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER, errorTemplate,
+ new GenErrorTemplateFiller()));
+ mTemplates.put(CMSRequest.EXCEPTION,
+ new CMSLoadTemplate(PROP_EXCEPTION_TEMPLATE,
+ PROP_EXCEPTION_TEMPLATE_FILLER,
+ unexpectedErrorTemplate,
+ new GenUnexpectedErrorTemplateFiller()));
}
/**
@@ -1317,8 +1251,7 @@ public abstract class CMSServlet extends HttpServlet {
public static boolean clientIsNav(HttpServletRequest httpReq) {
String useragent = httpReq.getHeader("user-agent");
- if (useragent.startsWith("Mozilla") &&
- useragent.indexOf("MSIE") == -1)
+ if (useragent.startsWith("Mozilla") && useragent.indexOf("MSIE") == -1)
return true;
return false;
}
@@ -1339,40 +1272,36 @@ public abstract class CMSServlet extends HttpServlet {
* set using cartman JS. (no other way to tell)
*/
private static String CMMF_RESPONSE = "cmmfResponse";
+
public static boolean doCMMFResponse(IArgBlock httpParams) {
if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false))
return true;
- else
+ else
return false;
}
private static final String IMPORT_CERT = "importCert";
private static final String IMPORT_CHAIN = "importCAChain";
private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType";
- // default mime type
- private static final String
- NS_X509_USER_CERT = "application/x-x509-user-cert";
- private static final String
- NS_X509_EMAIL_CERT = "application/x-x509-email-cert";
+ // default mime type
+ private static final String NS_X509_USER_CERT = "application/x-x509-user-cert";
+ private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert";
// CMC mime types
- public static final String
- SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10";
- public static final String
- SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
- public static final String
- FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime";
- public static final String
- FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
+ public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10";
+ public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
+ public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime";
+ public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
/**
* handy routine to check if client want full enrollment response
*/
public static String FULL_RESPONSE = "fullResponse";
+
public static boolean doFullResponse(IArgBlock httpParams) {
if (httpParams.getValueAsBoolean(FULL_RESPONSE, false))
return true;
- else
+ else
return false;
}
@@ -1380,24 +1309,22 @@ public abstract class CMSServlet extends HttpServlet {
* @return false if import cert directly set to false.
* @return true if import cert directly is true and import cert.
*/
- protected boolean checkImportCertToNav(
- HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert)
- throws EBaseException {
+ protected boolean checkImportCertToNav(HttpServletResponse httpResp,
+ IArgBlock httpParams, X509CertImpl cert) throws EBaseException {
if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) {
return false;
}
- boolean importCAChain =
- httpParams.getValueAsBoolean(IMPORT_CHAIN, true);
+ boolean importCAChain = httpParams
+ .getValueAsBoolean(IMPORT_CHAIN, true);
// XXX Temporary workaround because of problem with passing Mime type
- boolean emailCert =
- httpParams.getValueAsBoolean("emailCert", false);
- String importMimeType = (emailCert) ?
- httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) :
- httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
-
- // String importMimeType =
- // httpParams.getValueAsString(
- // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
+ boolean emailCert = httpParams.getValueAsBoolean("emailCert", false);
+ String importMimeType = (emailCert) ? httpParams.getValueAsString(
+ IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) : httpParams
+ .getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
+
+ // String importMimeType =
+ // httpParams.getValueAsString(
+ // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
importCertToNav(httpResp, cert, importMimeType, importCAChain);
return true;
}
@@ -1405,18 +1332,16 @@ public abstract class CMSServlet extends HttpServlet {
/**
* handy routine to import cert to old navigator in nav mime type.
*/
- public void importCertToNav(
- HttpServletResponse httpResp, X509CertImpl cert,
- String contentType, boolean importCAChain)
- throws EBaseException {
+ public void importCertToNav(HttpServletResponse httpResp,
+ X509CertImpl cert, String contentType, boolean importCAChain)
+ throws EBaseException {
ServletOutputStream out = null;
byte[] encoding = null;
- CMS.debug("CMSServlet: importCertToNav " +
- "contentType=" + contentType + " " +
- "importCAChain=" + importCAChain);
- try {
- out = httpResp.getOutputStream();
+ CMS.debug("CMSServlet: importCertToNav " + "contentType=" + contentType
+ + " " + "importCAChain=" + importCAChain);
+ try {
+ out = httpResp.getOutputStream();
// CA chain.
if (importCAChain) {
CertificateChain caChain = null;
@@ -1426,9 +1351,8 @@ public abstract class CMSServlet extends HttpServlet {
caChain = ((ICertAuthority) mAuthority).getCACertChain();
caCerts = caChain.getChain();
- // set user + CA cert chain in pkcs7
- X509CertImpl[] userChain =
- new X509CertImpl[caCerts.length + 1];
+ // set user + CA cert chain in pkcs7
+ X509CertImpl[] userChain = new X509CertImpl[caCerts.length + 1];
userChain[0] = cert;
int m = 1, n = 0;
@@ -1437,14 +1361,13 @@ public abstract class CMSServlet extends HttpServlet {
userChain[m] = (X509CertImpl) caCerts[n];
/*
- System.out.println(
- m+"th Cert "+userChain[m].toString());
+ * System.out.println(
+ * m+"th Cert "+userChain[m].toString());
*/
}
p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]),
- userChain,
- new SignerInfo[0]);
+ new ContentInfo(new byte[0]), userChain,
+ new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
p7.encodeSignedData(bos, false);
@@ -1456,16 +1379,20 @@ public abstract class CMSServlet extends HttpServlet {
}
httpResp.setContentType(contentType);
out.write(encoding);
- } catch (IOException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString()));
+ } catch (IOException e) {
+ mLogger.log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT"));
} catch (CertificateEncodingException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString()));
+ mLogger.log(
+ ILogger.EV_SYSTEM,
+ ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
@@ -1483,15 +1410,16 @@ public abstract class CMSServlet extends HttpServlet {
String[] x1 = token.getInStringArray(n);
if (x1 != null) {
for (int i = 0; i < x1.length; i++) {
- CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n +
- "(" + i + ")=" + x1[i]);
- req.setExtData(IRequest.AUTH_TOKEN + "-" + n + "(" + i + ")",
- x1[i]);
+ CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n
+ + "(" + i + ")=" + x1[i]);
+ req.setExtData(IRequest.AUTH_TOKEN + "-" + n + "(" + i
+ + ")", x1[i]);
}
} else {
String x = token.getInString(n);
if (x != null) {
- CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n + "=" + x);
+ CMS.debug("Setting " + IRequest.AUTH_TOKEN + "-" + n
+ + "=" + x);
req.setExtData(IRequest.AUTH_TOKEN + "-" + n, x);
}
}
@@ -1511,77 +1439,76 @@ public abstract class CMSServlet extends HttpServlet {
* handy routine for getting agent's relative path
*/
protected String getRelPath(IAuthority authority) {
- if (authority instanceof ICertificateAuthority)
+ if (authority instanceof ICertificateAuthority)
return "ca/";
- else if (authority instanceof IRegistrationAuthority)
+ else if (authority instanceof IRegistrationAuthority)
return "ra/";
- else if (authority instanceof IKeyRecoveryAuthority)
+ else if (authority instanceof IKeyRecoveryAuthority)
return "kra/";
- else
+ else
return "/";
}
/**
- * A system certificate such as the CA signing certificate
- * should not be allowed to delete.
- * The main purpose is to avoid revoking the self signed
+ * A system certificate such as the CA signing certificate should not be
+ * allowed to delete. The main purpose is to avoid revoking the self signed
* CA certificate accidentially.
*/
protected boolean isSystemCertificate(BigInteger serialNo) {
if (!(mAuthority instanceof ICertificateAuthority)) {
return false;
}
- X509Certificate caCert =
- ((ICertificateAuthority)mAuthority).getCACert();
+ X509Certificate caCert = ((ICertificateAuthority) mAuthority)
+ .getCACert();
if (caCert != null) {
- /* only check this if we are self-signed */
- if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) {
- if (caCert.getSerialNumber().equals(serialNo)) {
- return true;
+ /* only check this if we are self-signed */
+ if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) {
+ if (caCert.getSerialNumber().equals(serialNo)) {
+ return true;
+ }
}
- }
}
return false;
}
/**
* make a CRL entry from a serial number and revocation reason.
+ *
* @return a RevokedCertImpl that can be entered in a CRL.
*/
- protected RevokedCertImpl formCRLEntry(
- BigInteger serialNo, RevocationReason reason)
- throws EBaseException {
+ protected RevokedCertImpl formCRLEntry(BigInteger serialNo,
+ RevocationReason reason) throws EBaseException {
CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
CRLExtensions crlentryexts = new CRLExtensions();
try {
crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_CRL_REASON",
+ reason.toString(), e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
}
- RevokedCertImpl crlentry =
- new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts);
+ RevokedCertImpl crlentry = new RevokedCertImpl(serialNo,
+ CMS.getCurrentDate(), crlentryexts);
return crlentry;
}
/**
* check if a certificate (serial number) is revoked on a CA.
+ *
* @return true if cert is marked revoked in the CA's database.
- * @return false if cert is not marked revoked.
+ * @return false if cert is not marked revoked.
*/
- protected boolean certIsRevoked(BigInteger serialNum)
- throws EBaseException {
+ protected boolean certIsRevoked(BigInteger serialNum) throws EBaseException {
ICertRecord certRecord = getCertRecord(serialNum);
if (certRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum)));
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_INVALID_CERT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM",
+ String.valueOf(serialNum)));
+ throw new ECMSGWException(CMS.getLogMessage("CMSGW_INVALID_CERT"));
}
if (certRecord.getStatus().equals(ICertRecord.STATUS_REVOKED))
return true;
@@ -1590,7 +1517,7 @@ public abstract class CMSServlet extends HttpServlet {
public static String generateSalt() {
Random rnd = new Random();
- String salt = new Integer( rnd.nextInt() ).toString();
+ String salt = new Integer(rnd.nextInt()).toString();
return salt;
}
@@ -1607,9 +1534,8 @@ public abstract class CMSServlet extends HttpServlet {
* @param realpathFile the file to get.
* @param locale array of at least one to be filled with locale found.
*/
- public static File getLangFile(
- HttpServletRequest req, File realpathFile, Locale[] locale)
- throws IOException {
+ public static File getLangFile(HttpServletRequest req, File realpathFile,
+ Locale[] locale) throws IOException {
File file = null;
String acceptLang = req.getHeader("accept-language");
@@ -1626,7 +1552,7 @@ public abstract class CMSServlet extends HttpServlet {
}
String name = realpathFile.getName();
- if (name == null) { // filename should never be null.
+ if (name == null) { // filename should never be null.
throw new IOException("file has no name");
}
int i;
@@ -1654,9 +1580,8 @@ public abstract class CMSServlet extends HttpServlet {
break;
}
- String langfilepath =
- parent + File.separatorChar +
- lang + File.separatorChar + name;
+ String langfilepath = parent + File.separatorChar + lang
+ + File.separatorChar + name;
file = new File(langfilepath);
if (file.exists()) {
@@ -1687,20 +1612,18 @@ public abstract class CMSServlet extends HttpServlet {
return new Locale(lang.substring(0, dash), lang.substring(dash + 1));
}
- public IAuthToken authenticate(CMSRequest req)
- throws EBaseException {
+ public IAuthToken authenticate(CMSRequest req) throws EBaseException {
return authenticate(req, mAuthMgr);
}
public IAuthToken authenticate(HttpServletRequest httpReq)
- throws EBaseException {
+ throws EBaseException {
return authenticate(httpReq, mAuthMgr);
}
- public IAuthToken authenticate(CMSRequest req, String authMgrName)
- throws EBaseException {
- IAuthToken authToken = authenticate(req.getHttpReq(),
- authMgrName);
+ public IAuthToken authenticate(CMSRequest req, String authMgrName)
+ throws EBaseException {
+ IAuthToken authToken = authenticate(req.getHttpReq(), authMgrName);
saveAuthToken(authToken, req.getIRequest());
return authToken;
@@ -1709,19 +1632,19 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Authentication
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication
- * fails (in case of SSL-client auth, only webserver env can pick up the
- * SSL violation; CS authMgr can pick up cert mis-match, so this event
- * is used)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication
- * succeeded
+ * fails (in case of SSL-client auth, only webserver env can pick up the SSL
+ * violation; CS authMgr can pick up cert mis-match, so this event is used)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when
+ * authentication succeeded
* </ul>
+ *
* @exception EBaseException an error has occurred
*/
- public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName)
- throws EBaseException {
+ public IAuthToken authenticate(HttpServletRequest httpReq,
+ String authMgrName) throws EBaseException {
String auditMessage = null;
String auditSubjectID = ILogger.UNIDENTIFIED;
String auditAuthMgrID = ILogger.UNIDENTIFIED;
@@ -1750,19 +1673,19 @@ public abstract class CMSServlet extends HttpServlet {
//
// check ssl client authentication if specified.
//
- X509Certificate clientCert = null;
+ X509Certificate clientCert = null;
- if (getClientCert != null && getClientCert.equals("true")) {
+ if (getClientCert != null && getClientCert.equals("true")) {
CMS.debug("CMSServlet: retrieving SSL certificate");
clientCert = getSSLClientCertificate(httpReq);
}
//
// check authentication by auth manager if any.
- //
+ //
if (authMgrName == null) {
- // Fixed Blackflag Bug #613900: Since this code block does
+ // Fixed Blackflag Bug #613900: Since this code block does
// NOT actually constitute an authentication failure, but
// rather the case in which a given servlet has been correctly
// configured to NOT require an authentication manager, the
@@ -1794,11 +1717,9 @@ public abstract class CMSServlet extends HttpServlet {
auditAuthMgrID = authMgrName;
}
AuthToken authToken = CMSGateway.checkAuthManager(httpReq,
- httpArgs,
- clientCert,
- authMgrName);
+ httpArgs, clientCert, authMgrName);
if (authToken == null) {
- return null;
+ return null;
}
String userid = authToken.getInString(IAuthToken.USER_ID);
@@ -1807,28 +1728,21 @@ public abstract class CMSServlet extends HttpServlet {
if (userid != null) {
ctx.put(SessionContext.USER_ID, userid);
}
-
+
// reset the "auditSubjectID"
auditSubjectID = auditSubjectID();
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
- auditSubjectID,
- ILogger.SUCCESS,
- auditAuthMgrID);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
+ auditSubjectID, ILogger.SUCCESS, auditAuthMgrID);
audit(auditMessage);
return authToken;
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- auditSubjectID,
- ILogger.FAILURE,
- auditAuthMgrID,
- auditUID);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_FAIL,
+ auditSubjectID, ILogger.FAILURE, auditAuthMgrID, auditUID);
audit(auditMessage);
// rethrow the specific exception to be handled later
@@ -1836,8 +1750,8 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken,
- String exp) throws EBaseException {
+ public AuthzToken authorize(String authzMgrName, String resource,
+ IAuthToken authToken, String exp) throws EBaseException {
AuthzToken authzToken = null;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1852,56 +1766,40 @@ public abstract class CMSServlet extends HttpServlet {
authzToken = mAuthz.authorize(authzMgrName, authToken, exp);
if (authzToken != null) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
- auditSubjectID,
- ILogger.SUCCESS,
- auditACLResource,
- auditOperation);
+ LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, auditSubjectID,
+ ILogger.SUCCESS, auditACLResource, auditOperation);
audit(auditMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditSubjectID,
- ILogger.SUCCESS,
- auditGroupID);
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditSubjectID,
+ ILogger.SUCCESS, auditGroupID);
audit(auditMessage);
} else {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
- auditSubjectID,
- ILogger.FAILURE,
- auditACLResource,
- auditOperation);
+ LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, auditSubjectID,
+ ILogger.FAILURE, auditACLResource, auditOperation);
audit(auditMessage);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditSubjectID,
- ILogger.FAILURE,
- auditGroupID);
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditSubjectID,
+ ILogger.FAILURE, auditGroupID);
audit(auditMessage);
}
return authzToken;
} catch (Exception e) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
- auditSubjectID,
- ILogger.FAILURE,
- auditACLResource,
- auditOperation);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+ auditSubjectID, ILogger.FAILURE, auditACLResource,
+ auditOperation);
audit(auditMessage);
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditSubjectID,
- ILogger.FAILURE,
- auditGroupID);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditSubjectID, ILogger.FAILURE, auditGroupID);
audit(auditMessage);
throw new EBaseException(e.toString());
@@ -1911,29 +1809,29 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Authorize must occur after Authenticate
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization
* has failed
- * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization
- * is successful
- * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a
- * role (in current CS that's when one accesses a role port)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when
+ * authorization is successful
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes
+ * a role (in current CS that's when one accesses a role port)
* </ul>
+ *
* @param authzMgrName string representing the name of the authorization
- * manager
+ * manager
* @param authToken the authentication token
* @param resource a string representing the ACL resource id as defined in
- * the ACL resource list
+ * the ACL resource list
* @param operation a string representing one of the operations as defined
- * within the ACL statement (e. g. - "read" for an ACL statement containing
- * "(read,write)")
+ * within the ACL statement (e. g. - "read" for an ACL statement
+ * containing "(read,write)")
* @exception EBaseException an error has occurred
* @return the authorization token
*/
public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
- String resource, String operation)
- throws EBaseException {
+ String resource, String operation) throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditGroupID = auditGroupID();
@@ -1941,19 +1839,19 @@ public abstract class CMSServlet extends HttpServlet {
String auditACLResource = resource;
String auditOperation = operation;
-
SessionContext auditContext = SessionContext.getExistingContext();
String authManagerId = null;
- if(auditContext != null) {
- authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID);
-
- if(authManagerId != null && authManagerId.equals("TokenAuth")) {
- if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
- auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
- CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
- auditID = auditGroupID;
- }
+ if (auditContext != null) {
+ authManagerId = (String) auditContext
+ .get(SessionContext.AUTH_MANAGER_ID);
+
+ if (authManagerId != null && authManagerId.equals("TokenAuth")) {
+ if (auditSubjectID.equals(ILogger.NONROLEUSER)
+ || auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+ CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
+ auditID = auditGroupID;
+ }
}
}
@@ -1968,7 +1866,7 @@ public abstract class CMSServlet extends HttpServlet {
}
if (authzMgrName == null) {
- // Fixed Blackflag Bug #613900: Since this code block does
+ // Fixed Blackflag Bug #613900: Since this code block does
// NOT actually constitute an authorization failure, but
// rather the case in which a given servlet has been correctly
// configured to NOT require an authorization manager, the
@@ -1980,47 +1878,35 @@ public abstract class CMSServlet extends HttpServlet {
}
try {
- AuthzToken authzTok = mAuthz.authorize(authzMgrName,
- authToken,
- resource,
- operation);
+ AuthzToken authzTok = mAuthz.authorize(authzMgrName, authToken,
+ resource, operation);
if (authzTok != null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS,
- auditSubjectID,
- ILogger.SUCCESS,
- auditACLResource,
- auditOperation);
+ LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS, auditSubjectID,
+ ILogger.SUCCESS, auditACLResource, auditOperation);
audit(auditMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditID,
- ILogger.SUCCESS,
- auditGroups(auditSubjectID));
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditID,
+ ILogger.SUCCESS, auditGroups(auditSubjectID));
audit(auditMessage);
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
- auditSubjectID,
- ILogger.FAILURE,
- auditACLResource,
- auditOperation);
+ LOGGING_SIGNED_AUDIT_AUTHZ_FAIL, auditSubjectID,
+ ILogger.FAILURE, auditACLResource, auditOperation);
audit(auditMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditID,
- ILogger.FAILURE,
- auditGroups(auditSubjectID));
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME, auditID,
+ ILogger.FAILURE, auditGroups(auditSubjectID));
audit(auditMessage);
}
@@ -2028,42 +1914,31 @@ public abstract class CMSServlet extends HttpServlet {
return authzTok;
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
- auditSubjectID,
- ILogger.FAILURE,
- auditACLResource,
- auditOperation);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+ auditSubjectID, ILogger.FAILURE, auditACLResource,
+ auditOperation);
audit(auditMessage);
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditID,
- ILogger.FAILURE,
- auditGroups(auditSubjectID));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditID, ILogger.FAILURE, auditGroups(auditSubjectID));
audit(auditMessage);
return null;
} catch (Exception eAudit1) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
- auditSubjectID,
- ILogger.FAILURE,
- auditACLResource,
- auditOperation);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTHZ_FAIL,
+ auditSubjectID, ILogger.FAILURE, auditACLResource,
+ auditOperation);
audit(auditMessage);
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- auditSubjectID,
- ILogger.FAILURE,
- auditGroups(auditSubjectID));
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
+ auditSubjectID, ILogger.FAILURE,
+ auditGroups(auditSubjectID));
audit(auditMessage);
@@ -2073,11 +1948,11 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Signed Audit Log
- *
- * This method is inherited by all extended "CMSServlet"s,
- * and is called to store messages to the signed audit log.
+ *
+ * This method is inherited by all extended "CMSServlet"s, and is called to
+ * store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -2088,21 +1963,17 @@ public abstract class CMSServlet extends HttpServlet {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is inherited by all extended "CMSServlet"s,
- * and is called to obtain the "SubjectID" for
- * a signed audit log message.
+ *
+ * This method is inherited by all extended "CMSServlet"s, and is called to
+ * obtain the "SubjectID" for a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -2119,8 +1990,7 @@ public abstract class CMSServlet extends HttpServlet {
CMS.debug("CMSServlet: auditSubjectID auditContext " + auditContext);
if (auditContext != null) {
- subjectID = (String)
- auditContext.get(SessionContext.USER_ID);
+ subjectID = (String) auditContext.get(SessionContext.USER_ID);
CMS.debug("CMSServlet auditSubjectID: subjectID: " + subjectID);
if (subjectID != null) {
@@ -2137,12 +2007,11 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Signed Audit Log Group ID
- *
- * This method is inherited by all extended "CMSServlet"s,
- * and is called to obtain the "gid" for
- * a signed audit log message.
+ *
+ * This method is inherited by all extended "CMSServlet"s, and is called to
+ * obtain the "gid" for a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditGroupID() {
@@ -2159,8 +2028,7 @@ public abstract class CMSServlet extends HttpServlet {
CMS.debug("CMSServlet: auditGroupID auditContext " + auditContext);
if (auditContext != null) {
- groupID = (String)
- auditContext.get(SessionContext.GROUP_ID);
+ groupID = (String) auditContext.get(SessionContext.GROUP_ID);
CMS.debug("CMSServlet auditGroupID: groupID: " + groupID);
if (groupID != null) {
@@ -2177,14 +2045,14 @@ public abstract class CMSServlet extends HttpServlet {
/**
* Signed Audit Groups
- *
- * This method is called to extract all "groups" associated
- * with the "auditSubjectID()".
+ *
+ * This method is called to extract all "groups" associated with the
+ * "auditSubjectID()".
* <P>
- *
+ *
* @param id string containing the signed audit log message SubjectID
- * @return a delimited string of groups associated
- * with the "auditSubjectID()"
+ * @return a delimited string of groups associated with the
+ * "auditSubjectID()"
*/
private String auditGroups(String SubjectID) {
// if no signed audit object exists, bail
@@ -2192,8 +2060,7 @@ public abstract class CMSServlet extends HttpServlet {
return null;
}
- if ((SubjectID == null) ||
- (SubjectID.equals(ILogger.UNIDENTIFIED))) {
+ if ((SubjectID == null) || (SubjectID.equals(ILogger.UNIDENTIFIED))) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -2211,7 +2078,7 @@ public abstract class CMSServlet extends HttpServlet {
IGroup group = (IGroup) groups.nextElement();
if (group.isMember(SubjectID) == true) {
- if (membersString.length()!= 0) {
+ if (membersString.length() != 0) {
membersString.append(", ");
}
@@ -2219,7 +2086,7 @@ public abstract class CMSServlet extends HttpServlet {
}
}
- if (membersString.length()!=0) {
+ if (membersString.length() != 0) {
return membersString.toString();
} else {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -2238,23 +2105,24 @@ public abstract class CMSServlet extends HttpServlet {
locale = Locale.getDefault();
} else {
locale = new Locale(UserInfo.getUserLanguage(lang),
- UserInfo.getUserCountry(lang));
+ UserInfo.getUserCountry(lang));
}
return locale;
}
- protected void outputResult(HttpServletResponse httpResp,
- String contentType, byte[] content) {
+ protected void outputResult(HttpServletResponse httpResp,
+ String contentType, byte[] content) {
try {
OutputStream os = httpResp.getOutputStream();
-
+
httpResp.setContentType(contentType);
httpResp.setContentLength(content.length);
os.write(content);
os.flush();
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
+ e.toString()));
return;
}
}
@@ -2263,11 +2131,13 @@ public abstract class CMSServlet extends HttpServlet {
outputError(httpResp, FAILURE, errorString, null);
}
- protected void outputError(HttpServletResponse httpResp, String errorString, String requestId) {
+ protected void outputError(HttpServletResponse httpResp,
+ String errorString, String requestId) {
outputError(httpResp, FAILURE, errorString, null);
}
- protected void outputError(HttpServletResponse httpResp, String status, String errorString, String requestId) {
+ protected void outputError(HttpServletResponse httpResp, String status,
+ String errorString, String requestId) {
XMLObject xmlObj = null;
try {
xmlObj = new XMLObject();
@@ -2288,34 +2158,39 @@ public abstract class CMSServlet extends HttpServlet {
} catch (Exception ee) {
CMS.debug("Failed to send XML output to the server.");
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
+ ee.toString()));
}
}
- protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape)
- {
+ protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
StringBuffer result = new StringBuffer();
// Do we need to escape any characters
for (int i = 0; i < v.length(); i++) {
int c = v.charAt(i);
- if (c == ',' || c == '=' || c == '+' || c == '<' ||
- c == '>' || c == '#' || c == ';' || c == '\r' ||
- c == '\n' || c == '\\' || c == '"') {
- if ((c == 0x5c) && ((i+1) < v.length())) {
- int nextC = v.charAt(i+1);
- if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
- nextC == '<' || nextC == '>' || nextC == '#' ||
- nextC == ';' || nextC == '\r' || nextC == '\n' ||
- nextC == '\\' || nextC == '"')) {
- if (doubleEscape) result.append('\\');
+ if (c == ',' || c == '=' || c == '+' || c == '<' || c == '>'
+ || c == '#' || c == ';' || c == '\r' || c == '\n'
+ || c == '\\' || c == '"') {
+ if ((c == 0x5c) && ((i + 1) < v.length())) {
+ int nextC = v.charAt(i + 1);
+ if ((c == 0x5c)
+ && (nextC == ',' || nextC == '=' || nextC == '+'
+ || nextC == '<' || nextC == '>'
+ || nextC == '#' || nextC == ';'
+ || nextC == '\r' || nextC == '\n'
+ || nextC == '\\' || nextC == '"')) {
+ if (doubleEscape)
+ result.append('\\');
} else {
result.append('\\');
- if (doubleEscape) result.append('\\');
+ if (doubleEscape)
+ result.append('\\');
}
} else {
result.append('\\');
- if (doubleEscape) result.append('\\');
+ if (doubleEscape)
+ result.append('\\');
}
}
if (c == '\r') {
@@ -2323,11 +2198,10 @@ public abstract class CMSServlet extends HttpServlet {
} else if (c == '\n') {
result.append("0A");
} else {
- result.append((char)c);
+ result.append((char) c);
}
}
return result;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
index 64c59c5a..c68a1755 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
@@ -32,11 +31,10 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.cmsutil.util.Utils;
-
/**
- * This servlet is started by the web server at startup, and
- * it starts the CMS framework.
- *
+ * This servlet is started by the web server at startup, and it starts the CMS
+ * framework.
+ *
* @version $Revision$, $Date$
*/
public class CMSStartServlet extends HttpServlet {
@@ -55,34 +53,33 @@ public class CMSStartServlet extends HttpServlet {
if (!f.exists()) {
int index = path.lastIndexOf("CS.cfg");
if (index != -1) {
- old_path = path.substring(0, index)+"CMS.cfg";
+ old_path = path.substring(0, index) + "CMS.cfg";
}
File f1 = new File(old_path);
if (f1.exists()) {
// The following block of code moves "CMS.cfg" to "CS.cfg".
try {
- if( Utils.isNT() ) {
+ if (Utils.isNT()) {
// NT is very picky on the path
- Utils.exec( "copy " +
- f1.getAbsolutePath().replace( '/', '\\' ) +
- " " +
- f.getAbsolutePath().replace( '/', '\\' ) );
+ Utils.exec("copy "
+ + f1.getAbsolutePath().replace('/', '\\') + " "
+ + f.getAbsolutePath().replace('/', '\\'));
} else {
// Create a copy of the original file which
// preserves the original file permissions.
- Utils.exec( "cp -p " + f1.getAbsolutePath() + " " +
- f.getAbsolutePath() );
+ Utils.exec("cp -p " + f1.getAbsolutePath() + " "
+ + f.getAbsolutePath());
}
// Remove the original file if and only if
// the backup copy was successful.
- if( f.exists() ) {
+ if (f.exists()) {
f1.delete();
// Make certain that the new file has
// the correct permissions.
- if( !Utils.isNT() ) {
- Utils.exec( "chmod 00660 " + f.getAbsolutePath() );
+ if (!Utils.isNT()) {
+ Utils.exec("chmod 00660 " + f.getAbsolutePath());
}
}
} catch (Exception e) {
@@ -96,7 +93,7 @@ public class CMSStartServlet extends HttpServlet {
}
public void doGet(HttpServletRequest req, HttpServletResponse res)
- throws ServletException, IOException {
+ throws ServletException, IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
index 8d853f0b..c53d6c52 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
@@ -33,10 +32,10 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * This is the servlet that displays the html page for the corresponding input id.
- *
+ * This is the servlet that displays the html page for the corresponding input
+ * id.
+ *
* @version $Revision$, $Date$
*/
public class DisplayHtmlServlet extends CMSServlet {
@@ -55,7 +54,7 @@ public class DisplayHtmlServlet extends CMSServlet {
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
- mHTMLPath = sc.getInitParameter(PROP_HTML_PATH);
+ mHTMLPath = sc.getInitParameter(PROP_HTML_PATH);
mTemplates.remove(CMSRequest.SUCCESS);
}
@@ -68,18 +67,19 @@ public class DisplayHtmlServlet extends CMSServlet {
IAuthToken authToken = authenticate(cmsReq);
try {
- String realpath =
- mServletConfig.getServletContext().getRealPath("/" + mHTMLPath);
+ String realpath = mServletConfig.getServletContext().getRealPath(
+ "/" + mHTMLPath);
if (realpath == null) {
- mLogger.log(
- ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")) ;
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
File file = new File(realpath);
long flen = file.length();
- byte[] bin = new byte[(int)flen];
+ byte[] bin = new byte[(int) flen];
FileInputStream ins = new FileInputStream(file);
int len = 0;
@@ -92,9 +92,11 @@ public class DisplayHtmlServlet extends CMSServlet {
ins.close();
bos.close();
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath,
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
index 9607fbe2..45a404c5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import java.util.Date;
import java.util.Enumeration;
@@ -39,14 +38,13 @@ import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
-
/**
- * Return some javascript to the request which contains the list of
- * dynamic data in the CMS system.
+ * Return some javascript to the request which contains the list of dynamic data
+ * in the CMS system.
* <p>
- * This allows the requestor (browser) to make decisions about what
- * to present in the UI, depending on how CMS is configured
- *
+ * This allows the requestor (browser) to make decisions about what to present
+ * in the UI, depending on how CMS is configured
+ *
* @version $Revision$, $Date$
*/
public class DynamicVariablesServlet extends CMSServlet {
@@ -83,10 +81,10 @@ public class DynamicVariablesServlet extends CMSServlet {
private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()";
private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6);
private String VAR_CLA_CRL_URL_VALUE = null;
-
+
private String mAuthMgrCacheString = "";
- private long mAuthMgrCacheTime = 0;
- private final int AUTHMGRCACHE = 10; //number of seconds to cache list of
+ private long mAuthMgrCacheTime = 0;
+ private final int AUTHMGRCACHE = 10; // number of seconds to cache list of
// authmanagers for
private Hashtable dynvars = null;
private String mGetClientCert = "false";
@@ -99,8 +97,7 @@ public class DynamicVariablesServlet extends CMSServlet {
IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING);
try {
- mCrlurl =
- config.getString(PROP_CRLURL, "");
+ mCrlurl = config.getString(PROP_CRLURL, "");
} catch (EBaseException e) {
}
}
@@ -119,33 +116,38 @@ public class DynamicVariablesServlet extends CMSServlet {
/**
* Reads the following variables from the servlet config:
* <ul>
- * <li><strong>AuthMgr</strong> - the authentication manager to use to authenticate the request
- * <li><strong>GetClientCert</strong> - whether to request client auth for this request
- * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to the client
- * <li><strong>dynamicVariables</strong> - a string of the form:
- * serverdate=serverdate(),subsystemname=subsystemname(),
- * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
+ * <li><strong>AuthMgr</strong> - the authentication manager to use to
+ * authenticate the request
+ * <li><strong>GetClientCert</strong> - whether to request client auth for
+ * this request
+ * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to
+ * the client
+ * <li><strong>dynamicVariables</strong> - a string of the form:
+ * serverdate=serverdate(),subsystemname=subsystemname(),
+ * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
* </ul>
- * The dynamicVariables string is parsed by splitting on commas.
- * When services, the HTTP request provides a piece of javascript
- * code as follows.
+ * The dynamicVariables string is parsed by splitting on commas. When
+ * services, the HTTP request provides a piece of javascript code as
+ * follows.
* <p>
* Each sub expression "lhs=rhs()" forms a javascript statement of the form
- * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the
- * rhs. The possible values for the rhs() function are:
+ * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs.
+ * The possible values for the rhs() function are:
* <ul>
- * <li><strong>serverdate()</strong> - the timestamp of the server (used to ensure that the client
- * clock is set correctly)
+ * <li><strong>serverdate()</strong> - the timestamp of the server (used to
+ * ensure that the client clock is set correctly)
* <li><strong>subsystemname()</strong>
- * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https)
+ * <li><strong>http()</strong> - "true" or "false" - is this an http
+ * connection (as opposed to https)
* <li>authmgrs() - a comma separated list of authentication managers
- * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is
- * defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl'
+ * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA.
+ * This is defined in the CMS configuration parameter
+ * 'cloning.cloneMasterCrlUrl'
* </ul>
+ *
* @see javax.servlet.Servlet#init(ServletConfig)
*/
-
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mAuthMgr = sc.getInitParameter(PROP_AUTHMGR);
@@ -182,7 +184,8 @@ public class DynamicVariablesServlet extends CMSServlet {
} else if (varvalue.equalsIgnoreCase(VAR_CLA_CRL_URL_STRING)) {
varcode = VAR_CLA_CRL_URL;
} else {
- throw new ServletException("bad configuration parameter in " + PROP_DYNVAR);
+ throw new ServletException(
+ "bad configuration parameter in " + PROP_DYNVAR);
}
if (varcode != null) {
dynvars.put(varcode, (Object) varname);
@@ -193,20 +196,19 @@ public class DynamicVariablesServlet extends CMSServlet {
}
}
- public void service(HttpServletRequest httpReq,
- HttpServletResponse httpResp)
- throws ServletException, IOException {
+ public void service(HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
- throw new IOException(
- "CMS server is not ready to serve.");
+ throw new IOException("CMS server is not ready to serve.");
if (mAuthMgr != null) {
try {
IAuthToken token = authenticate(httpReq);
} catch (EBaseException e) {
- mServletCtx.log(CMS.getLogMessage("CMSGW_FILE_NO_ACCESS", e.toString()));
+ mServletCtx.log(CMS.getLogMessage("CMSGW_FILE_NO_ACCESS",
+ e.toString()));
httpResp.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
@@ -214,7 +216,7 @@ public class DynamicVariablesServlet extends CMSServlet {
httpResp.setContentType("application/x-javascript");
httpResp.setHeader("Pragma", "no-cache");
-
+
try {
ServletOutputStream os = httpResp.getOutputStream();
@@ -227,47 +229,40 @@ public class DynamicVariablesServlet extends CMSServlet {
Integer varcode = (Integer) k.nextElement();
if (varcode.equals(VAR_SERVERDATE)) {
- toBeWritten = dynvars.get(varcode) +
- "=" +
- getServerDate() +
- ";\n";
+ toBeWritten = dynvars.get(varcode) + "="
+ + getServerDate() + ";\n";
os.print(toBeWritten);
}
if (varcode.equals(VAR_SUBSYSTEMNAME)) {
if (getSubsystemName() != null) {
- toBeWritten = dynvars.get(varcode) +
- "=" + "\"" +
- getSubsystemName() + "\"" +
- ";\n";
+ toBeWritten = dynvars.get(varcode) + "=" + "\""
+ + getSubsystemName() + "\"" + ";\n";
os.print(toBeWritten);
}
}
if (varcode.equals(VAR_HTTP)) {
if (getHttp(httpReq) != null) {
- toBeWritten = dynvars.get(varcode) +
- "=" + "\"" +
- getHttp(httpReq) + "\"" +
- ";\n";
+ toBeWritten = dynvars.get(varcode) + "=" + "\""
+ + getHttp(httpReq) + "\"" + ";\n";
os.print(toBeWritten);
}
}
if (varcode.equals(VAR_CLA_CRL_URL)) {
if (getImportCrlUrl() != null) {
- toBeWritten = dynvars.get(varcode) +
- "=" + "\"" +
- getImportCrlUrl() + "\"" +
- ";\n";
+ toBeWritten = dynvars.get(varcode) + "=" + "\""
+ + getImportCrlUrl() + "\"" + ";\n";
os.print(toBeWritten);
}
}
if (varcode.equals(VAR_AUTHMGRS)) {
toBeWritten = "";
- IAuthSubsystem as = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem as = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
Enumeration ame = as.getAuthManagers();
Date d = CMS.getCurrentDate();
@@ -278,10 +273,12 @@ public class DynamicVariablesServlet extends CMSServlet {
StringBuffer sb = new StringBuffer();
while (ame.hasMoreElements()) {
- IAuthManager am = (IAuthManager) ame.nextElement();
+ IAuthManager am = (IAuthManager) ame
+ .nextElement();
String amName = am.getImplName();
- AuthMgrPlugin ap = as.getAuthManagerPluginImpl(amName);
+ AuthMgrPlugin ap = as
+ .getAuthManagerPluginImpl(amName);
if (ap.isVisible()) {
sb.append("authmanager[");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
index 3b8f8bd4..784ba40f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import java.util.Date;
import java.util.Enumeration;
@@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Retrieve information.
- *
+ *
* @version $Revision$, $Date$
*/
public class GetStats extends CMSServlet {
@@ -62,9 +60,9 @@ public class GetStats extends CMSServlet {
}
/**
- * initialize the servlet. This servlet uses the template
- * file "getOCSPInfo.template" to render the result page.
- *
+ * initialize the servlet. This servlet uses the template file
+ * "getOCSPInfo.template" to render the result page.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -79,14 +77,12 @@ public class GetStats extends CMSServlet {
mTemplates.remove(CMSRequest.SUCCESS);
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -94,14 +90,14 @@ public class GetStats extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -118,10 +114,11 @@ public class GetStats extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -130,12 +127,12 @@ public class GetStats extends CMSServlet {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
StatsEvent st = statsSub.getMainStatsEvent();
String op = httpReq.getParameter("op");
if (op != null && op.equals("clear")) {
- statsSub.resetCounters();
+ statsSub.resetCounters();
}
header.addStringValue("startTime", statsSub.getStartTime().toString());
@@ -149,43 +146,42 @@ public class GetStats extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
}
- public String getSep(int level)
- {
- StringBuffer s = new StringBuffer();
- for (int i = 0; i < level; i++) {
- s.append("-");
- }
- return s.toString();
+ public String getSep(int level) {
+ StringBuffer s = new StringBuffer();
+ for (int i = 0; i < level; i++) {
+ s.append("-");
+ }
+ return s.toString();
}
public void parse(CMSTemplateParams argSet, StatsEvent st, int level) {
Enumeration names = st.getSubEventNames();
while (names.hasMoreElements()) {
- String name = (String)names.nextElement();
- StatsEvent subSt = st.getSubEvent(name);
-
- IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("name", getSep(level) + " " + subSt.getName());
- rarg.addLongValue("noOfOp", subSt.getNoOfOperations());
- rarg.addLongValue("timeTaken", subSt.getTimeTaken());
- rarg.addLongValue("max", subSt.getMax());
- rarg.addLongValue("min", subSt.getMin());
- rarg.addLongValue("percentage", subSt.getPercentage());
- rarg.addLongValue("avg", subSt.getAvg());
- rarg.addLongValue("stddev", subSt.getStdDev());
- argSet.addRepeatRecord(rarg);
-
- parse(argSet, subSt, level+1);
+ String name = (String) names.nextElement();
+ StatsEvent subSt = st.getSubEvent(name);
+
+ IArgBlock rarg = CMS.createArgBlock();
+ rarg.addStringValue("name", getSep(level) + " " + subSt.getName());
+ rarg.addLongValue("noOfOp", subSt.getNoOfOperations());
+ rarg.addLongValue("timeTaken", subSt.getTimeTaken());
+ rarg.addLongValue("max", subSt.getMax());
+ rarg.addLongValue("min", subSt.getMin());
+ rarg.addLongValue("percentage", subSt.getPercentage());
+ rarg.addLongValue("avg", subSt.getAvg());
+ rarg.addLongValue("stddev", subSt.getStdDev());
+ argSet.addRepeatRecord(rarg);
+
+ parse(argSet, subSt, level + 1);
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
index 89179b57..60e80f1e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -32,11 +31,9 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.IndexTemplateFiller;
-
/**
- * This is the servlet that builds the index page in
- * various ports.
- *
+ * This is the servlet that builds the index page in various ports.
+ *
* @version $Revision$, $Date$
*/
public class IndexServlet extends CMSServlet {
@@ -68,10 +65,9 @@ public class IndexServlet extends CMSServlet {
mTemplateName = sc.getInitParameter(PROP_TEMPLATE);
/*
- mTemplates.put(CMSRequest.SUCCESS,
- new CMSLoadTemplate(
- PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
- mTemplateName, new IndexTemplateFiller()));
+ * mTemplates.put(CMSRequest.SUCCESS, new CMSLoadTemplate(
+ * PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, mTemplateName,
+ * new IndexTemplateFiller()));
*/
mTemplates.remove(CMSRequest.SUCCESS);
}
@@ -91,26 +87,25 @@ public class IndexServlet extends CMSServlet {
* Serves HTTP request.
*/
public void process(CMSRequest cmsReq) throws EBaseException {
- if (CMSGateway.getEnableAdminEnroll() &&
- mAuthority != null &&
- mAuthority instanceof ICertificateAuthority) {
+ if (CMSGateway.getEnableAdminEnroll() && mAuthority != null
+ && mAuthority instanceof ICertificateAuthority) {
try {
cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html");
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString()));
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL",
+ e.toString()));
+ throw new ECMSGWException(CMS.getLogMessage(
+ "CMSGW_ERROR_REDIRECTING_ADMINENROLL1", e.toString()));
}
return;
} else {
try {
- renderTemplate(
- cmsReq, mTemplateName, new IndexTemplateFiller());
+ renderTemplate(cmsReq, mTemplateName, new IndexTemplateFiller());
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName,
+ e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE"));
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
index 4c3dec80..6c84b88d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -34,7 +33,7 @@ import com.netscape.cmsutil.xml.XMLObject;
/**
* This servlet returns port information.
- *
+ *
* @version $Revision$, $Date$
*/
public class PortsServlet extends CMSServlet {
@@ -50,7 +49,7 @@ public class PortsServlet extends CMSServlet {
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
- // override these to output directly ourselves.
+ // override these to output directly ourselves.
mTemplates.remove(CMSRequest.SUCCESS);
mTemplates.remove(CMSRequest.ERROR);
}
@@ -67,10 +66,10 @@ public class PortsServlet extends CMSServlet {
String port = null;
if (secure.equals("true"))
- port = CMS.getEESSLPort();
+ port = CMS.getEESSLPort();
else
port = CMS.getEENonSSLPort();
-
+
try {
XMLObject xmlObj = null;
xmlObj = new XMLObject();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
index 15bfb306..b8e19534 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
@@ -2,7 +2,6 @@
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
@@ -21,34 +20,29 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-
/**
* This is a servlet that proxies request to another servlet.
- *
- * SERVLET REDIRECTION
- * Specify the URL of a servlet to forward the request to
- * destServlet: /ee/ca/newservlet
- *
- * PARAMETER MAPPING
- * In the servlet configuration (as an init-param in web.xml) you
- * can optionally specify a value for the parameter 'parameterMap'
- * which contains a list of HTTP parameters which should be
- * translated to new names.
*
- * parameterMap: name1->newname1,name2->newname2
- *
+ * SERVLET REDIRECTION Specify the URL of a servlet to forward the request to
+ * destServlet: /ee/ca/newservlet
+ *
+ * PARAMETER MAPPING In the servlet configuration (as an init-param in web.xml)
+ * you can optionally specify a value for the parameter 'parameterMap' which
+ * contains a list of HTTP parameters which should be translated to new names.
+ *
+ * parameterMap: name1->newname1,name2->newname2
+ *
* Optionally, names can be set to static values:
- *
- * parameterMap: name1->name2=value
- *
- * Examples:
- * Consider the following HTTP input parameters:
- * vehicle:car make:ford model:explorer
*
- * The following config strings will have this effect:
- * parameterMap: make->manufacturer,model->name=expedition,->suv=true
- * output: vehicle:car manufactuer:ford model:expedition suv:true
- *
+ * parameterMap: name1->name2=value
+ *
+ * Examples: Consider the following HTTP input parameters: vehicle:car make:ford
+ * model:explorer
+ *
+ * The following config strings will have this effect: parameterMap:
+ * make->manufacturer,model->name=expedition,->suv=true output: vehicle:car
+ * manufactuer:ford model:expedition suv:true
+ *
* @version $Revision$, $Date$
*/
public class ProxyServlet extends HttpServlet {
@@ -64,40 +58,41 @@ public class ProxyServlet extends HttpServlet {
private Vector mMatchStrings = new Vector();
private String mDestServletOnNoMatch = null;
private String mAppendPathInfoOnNoMatch = null;
- private Map mParamMap = new HashMap();
- private Map mParamValue = new HashMap();
+ private Map mParamMap = new HashMap();
+ private Map mParamValue = new HashMap();
public ProxyServlet() {
}
- private void parseParamTable(String s) {
- if (s == null) return;
-
- String[] params = s.split(",");
- for (int i=0;i<params.length;i++) {
- String p = params[i];
- if (p != null) {
- String[] paramNames = p.split("->");
- if (paramNames.length != 2) {
- }
- String from = paramNames[0];
- String to = paramNames[1];
- if (from != null && to != null) {
- String[] splitTo = to.split("=");
- String toName = splitTo[0];
- if (from.length() >0) {
- mParamMap.put(from,toName);
- }
- if (splitTo.length == 2) {
- String toValue = splitTo[1];
- String toValues[] = new String[1];
- toValues[0] = toValue;
- mParamValue.put(toName,toValues);
- }
- }
- }
- }
- }
+ private void parseParamTable(String s) {
+ if (s == null)
+ return;
+
+ String[] params = s.split(",");
+ for (int i = 0; i < params.length; i++) {
+ String p = params[i];
+ if (p != null) {
+ String[] paramNames = p.split("->");
+ if (paramNames.length != 2) {
+ }
+ String from = paramNames[0];
+ String to = paramNames[1];
+ if (from != null && to != null) {
+ String[] splitTo = to.split("=");
+ String toName = splitTo[0];
+ if (from.length() > 0) {
+ mParamMap.put(from, toName);
+ }
+ if (splitTo.length == 2) {
+ String toValue = splitTo[1];
+ String toValues[] = new String[1];
+ toValues[0] = toValue;
+ mParamValue.put(toName, toValues);
+ }
+ }
+ }
+ }
+ }
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -113,16 +108,16 @@ public class ProxyServlet extends HttpServlet {
mDest = sc.getInitParameter("destServlet");
mSrcContext = sc.getInitParameter("srcContext");
mAppendPathInfo = sc.getInitParameter("appendPathInfo");
- mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch");
+ mAppendPathInfoOnNoMatch = sc
+ .getInitParameter("appendPathInfoOnNoMatch");
String map = sc.getInitParameter("parameterMap");
- if (map != null) {
- parseParamTable(map);
- }
+ if (map != null) {
+ parseParamTable(map);
+ }
}
- public void service(HttpServletRequest req, HttpServletResponse res) throws
- IOException, ServletException
- {
+ public void service(HttpServletRequest req, HttpServletResponse res)
+ throws IOException, ServletException {
RequestDispatcher dispatcher = null;
String dest = mDest;
String uri = req.getRequestURI();
@@ -132,120 +127,120 @@ public class ProxyServlet extends HttpServlet {
if (mMatchStrings.size() != 0) {
boolean matched = false;
for (int i = 0; i < mMatchStrings.size(); i++) {
- String t = (String)mMatchStrings.elementAt(i);
- if (uri.indexOf(t) != -1) {
+ String t = (String) mMatchStrings.elementAt(i);
+ if (uri.indexOf(t) != -1) {
matched = true;
}
}
if (!matched) {
dest = mDestServletOnNoMatch;
// append Path info for OCSP request in Get method
- if (mAppendPathInfoOnNoMatch != null &&
- !mAppendPathInfoOnNoMatch.equals("")) {
+ if (mAppendPathInfoOnNoMatch != null
+ && !mAppendPathInfoOnNoMatch.equals("")) {
dest = dest + uri.replace(mAppendPathInfoOnNoMatch, "");
}
}
}
if (dest == null || dest.equals("")) {
- // mapping everything
- dest = uri;
- dest = dest.replaceFirst(mSrcContext, "");
+ // mapping everything
+ dest = uri;
+ dest = dest.replaceFirst(mSrcContext, "");
}
if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) {
- dest = dest + uri.replace(mAppendPathInfo, "");
+ dest = dest + uri.replace(mAppendPathInfo, "");
}
if (mDestContext != null && !mDestContext.equals("")) {
- dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest);
+ dispatcher = getServletContext().getContext(mDestContext)
+ .getRequestDispatcher(dest);
} else {
- dispatcher = req.getRequestDispatcher(dest);
+ dispatcher = req.getRequestDispatcher(dest);
}
- // If a parameter map was specified
- if (mParamMap != null && !mParamMap.isEmpty()) {
- // Make a new wrapper with the new parameters
- ProxyWrapper r = new ProxyWrapper(req);
- r.setParameterMapAndValue(mParamMap,mParamValue);
- req = r;
- }
-
- dispatcher.forward(req, res);
+ // If a parameter map was specified
+ if (mParamMap != null && !mParamMap.isEmpty()) {
+ // Make a new wrapper with the new parameters
+ ProxyWrapper r = new ProxyWrapper(req);
+ r.setParameterMapAndValue(mParamMap, mParamValue);
+ req = r;
+ }
+
+ dispatcher.forward(req, res);
}
}
-class ProxyWrapper extends HttpServletRequestWrapper
-{
- private Map mMap = null;
- private Map mValueMap = null;
-
- public ProxyWrapper(HttpServletRequest req)
- {
- super(req);
- }
-
- public void setParameterMapAndValue(Map m,Map v)
- {
- if (m != null) mMap = m;
- if (v != null) mValueMap = v;
- }
-
- public Map getParameterMap()
- {
- try {
- // If we haven't specified any parameter mapping, just
- // use the regular implementation
- if (mMap == null) return super.getParameterMap();
- else {
- // Make a new Map for us to put stuff in
- Map n = new HashMap();
- // get the HTTP parameters the user supplied.
- Map m = super.getParameterMap();
- Set s = m.entrySet();
- Iterator i = s.iterator();
- while (i.hasNext()) {
- Map.Entry me = (Map.Entry) i.next();
- String name = (String) me.getKey();
- String[] values = (String[])(me.getValue());
- String newname = null;
- if (name != null) {
- newname = (String) mMap.get(name);
- }
-
- // No mapping specified, just use existing name/value
- if (newname == null || mValueMap == null) {
- n.put(name,values);
- } else { // new name specified
- Object o = mValueMap.get(newname);
- // check if new (static) value specified
- if (o==null) {
- n.put(newname,values);
- } else {
- String newvalues[] = (String[])mValueMap.get(newname);
- n.put(newname,newvalues);
- }
- }
- }
- // Now, deal with static values set in the config
- // which weren't set in the HTTP request
- Set s2 = mValueMap.entrySet();
- Iterator i2 = s2.iterator();
- // Cycle through all the static values
- while (i2.hasNext()) {
- Map.Entry me2 = (Map.Entry) i2.next();
- String name2 = (String) me2.getKey();
- if (n.get(name2) == null) {
- String[] values2 = (String[])me2.getValue();
- // If the parameter is not set in the map
- // Set it now
- n.put(name2,values2);
- }
- }
-
- return n;
- }
- } catch (NullPointerException npe) {
- CMS.debug(npe);
- return null;
- }
- }
-}
+class ProxyWrapper extends HttpServletRequestWrapper {
+ private Map mMap = null;
+ private Map mValueMap = null;
+
+ public ProxyWrapper(HttpServletRequest req) {
+ super(req);
+ }
+
+ public void setParameterMapAndValue(Map m, Map v) {
+ if (m != null)
+ mMap = m;
+ if (v != null)
+ mValueMap = v;
+ }
+ public Map getParameterMap() {
+ try {
+ // If we haven't specified any parameter mapping, just
+ // use the regular implementation
+ if (mMap == null)
+ return super.getParameterMap();
+ else {
+ // Make a new Map for us to put stuff in
+ Map n = new HashMap();
+ // get the HTTP parameters the user supplied.
+ Map m = super.getParameterMap();
+ Set s = m.entrySet();
+ Iterator i = s.iterator();
+ while (i.hasNext()) {
+ Map.Entry me = (Map.Entry) i.next();
+ String name = (String) me.getKey();
+ String[] values = (String[]) (me.getValue());
+ String newname = null;
+ if (name != null) {
+ newname = (String) mMap.get(name);
+ }
+
+ // No mapping specified, just use existing name/value
+ if (newname == null || mValueMap == null) {
+ n.put(name, values);
+ } else { // new name specified
+ Object o = mValueMap.get(newname);
+ // check if new (static) value specified
+ if (o == null) {
+ n.put(newname, values);
+ } else {
+ String newvalues[] = (String[]) mValueMap
+ .get(newname);
+ n.put(newname, newvalues);
+ }
+ }
+ }
+ // Now, deal with static values set in the config
+ // which weren't set in the HTTP request
+ Set s2 = mValueMap.entrySet();
+ Iterator i2 = s2.iterator();
+ // Cycle through all the static values
+ while (i2.hasNext()) {
+ Map.Entry me2 = (Map.Entry) i2.next();
+ String name2 = (String) me2.getKey();
+ if (n.get(name2) == null) {
+ String[] values2 = (String[]) me2.getValue();
+ // If the parameter is not set in the map
+ // Set it now
+ n.put(name2, values2);
+ }
+ }
+
+ return n;
+ }
+ } catch (NullPointerException npe) {
+ CMS.debug(npe);
+ return null;
+ }
+ }
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
index 5daac065..625a69ed 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
import java.io.IOException;
import java.util.Date;
@@ -30,15 +29,14 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
/**
- * Displays detailed information about java VM internals, including
- * current JVM memory usage, and detailed information about each
- * thread.
+ * Displays detailed information about java VM internals, including current JVM
+ * memory usage, and detailed information about each thread.
* <p>
* Also allows user to trigger a new garbage collection
- *
+ *
* @version $Revision$, $Date$
*/
-public class SystemInfoServlet extends HttpServlet {
+public class SystemInfoServlet extends HttpServlet {
/**
*
@@ -53,21 +51,23 @@ public class SystemInfoServlet extends HttpServlet {
}
/**
- * service the request, returning HTML to the client.
- * This method has different behaviour depending on the
- * value of the 'op' HTTP parameter.
+ * service the request, returning HTML to the client. This method has
+ * different behaviour depending on the value of the 'op' HTTP parameter.
* <UL>
- * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet
- * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers
- * (@see java.lang.Runtime.getRuntime#gc() )
- * <li>op = general - display information about memory, and other JVM informatino
- * <li>op = thread - display details about each thread.
+ * <LI>op = <i>undefined</i> - display a menu with links to the other
+ * functionality of this servlet
+ * <li>op = gc - tell the JVM that we want to do a garbage collection and to
+ * run finalizers (@see java.lang.Runtime.getRuntime#gc() )
+ * <li>op = general - display information about memory, and other JVM
+ * informatino
+ * <li>op = thread - display details about each thread.
* </UL>
- * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
+ *
+ * @see javax.servlet.http.HttpServlet#service(HttpServletRequest,
+ * HttpServletResponse)
*/
- public void service(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ public void service(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
boolean collect = false;
String op = request.getParameter("op");
@@ -83,12 +83,12 @@ public class SystemInfoServlet extends HttpServlet {
}
}
- private void mainMenu(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ private void mainMenu(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
response.getWriter().println("<HTML>");
response.getWriter().println("<H1>");
- response.getWriter().println("<a href=" + request.getServletPath() + ">");
+ response.getWriter().println(
+ "<a href=" + request.getServletPath() + ">");
response.getWriter().println("Main");
response.getWriter().println("</a>");
response.getWriter().println("</H1>");
@@ -97,7 +97,8 @@ public class SystemInfoServlet extends HttpServlet {
response.getWriter().println("<tr>");
response.getWriter().println("<td>");
response.getWriter().println("<li>");
- response.getWriter().println("<a href=" + request.getServletPath() + "?op=general>");
+ response.getWriter().println(
+ "<a href=" + request.getServletPath() + "?op=general>");
response.getWriter().println("General");
response.getWriter().println("</a>");
response.getWriter().println("</td>");
@@ -105,7 +106,8 @@ public class SystemInfoServlet extends HttpServlet {
response.getWriter().println("<tr>");
response.getWriter().println("<td>");
response.getWriter().println("<li>");
- response.getWriter().println("<a href=" + request.getServletPath() + "?op=gc>");
+ response.getWriter().println(
+ "<a href=" + request.getServletPath() + "?op=gc>");
response.getWriter().println("Garbage Collection");
response.getWriter().println("</a>");
response.getWriter().println("</td>");
@@ -113,7 +115,8 @@ public class SystemInfoServlet extends HttpServlet {
response.getWriter().println("<tr>");
response.getWriter().println("<td>");
response.getWriter().println("<li>");
- response.getWriter().println("<a href=" + request.getServletPath() + "?op=thread>");
+ response.getWriter().println(
+ "<a href=" + request.getServletPath() + "?op=thread>");
response.getWriter().println("Thread Listing");
response.getWriter().println("</a>");
response.getWriter().println("</td>");
@@ -122,30 +125,31 @@ public class SystemInfoServlet extends HttpServlet {
response.getWriter().println("</HTML>");
}
- private void gc(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ private void gc(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
java.lang.Runtime.getRuntime().gc();
java.lang.Runtime.getRuntime().runFinalization();
response.getWriter().println("<HTML>");
response.getWriter().println("<H1>");
- response.getWriter().println("<a href=" + request.getServletPath() + ">");
+ response.getWriter().println(
+ "<a href=" + request.getServletPath() + ">");
response.getWriter().println("Main");
response.getWriter().println("</a>");
response.getWriter().println(" : ");
response.getWriter().println("Garbage Collection");
response.getWriter().println("</H1>");
response.getWriter().println("<p>");
- response.getWriter().println("The garbage collector has been executed.");
+ response.getWriter()
+ .println("The garbage collector has been executed.");
response.getWriter().println("</HTML>");
}
- private void general(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ private void general(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
response.getWriter().println("<HTML>");
response.getWriter().println("<H1>");
- response.getWriter().println("<a href=" + request.getServletPath() + ">");
+ response.getWriter().println(
+ "<a href=" + request.getServletPath() + ">");
response.getWriter().println("Main");
response.getWriter().println("</a>");
response.getWriter().println(" : ");
@@ -174,7 +178,8 @@ public class SystemInfoServlet extends HttpServlet {
response.getWriter().println("Available Processors:");
response.getWriter().println("</td>");
response.getWriter().println("<td>");
- response.getWriter().println(Runtime.getRuntime().availableProcessors());
+ response.getWriter()
+ .println(Runtime.getRuntime().availableProcessors());
response.getWriter().println("</td>");
response.getWriter().println("</tr>");
response.getWriter().println("<tr>");
@@ -214,20 +219,22 @@ public class SystemInfoServlet extends HttpServlet {
response.getWriter().println("Free Memory / Total Memory:");
response.getWriter().println("</td>");
response.getWriter().println("<td>");
- response.getWriter().println((Runtime.getRuntime().freeMemory() * 100) / Runtime.getRuntime().totalMemory() + "%");
+ response.getWriter().println(
+ (Runtime.getRuntime().freeMemory() * 100)
+ / Runtime.getRuntime().totalMemory() + "%");
response.getWriter().println("</td>");
response.getWriter().println("</tr>");
response.getWriter().println("</table>");
response.getWriter().println("</HTML>");
}
- private void thread(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ private void thread(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
response.getWriter().println("</table>");
response.getWriter().println("<HTML>");
response.getWriter().println("<H1>");
- response.getWriter().println("<a href=" + request.getServletPath() + ">");
+ response.getWriter().println(
+ "<a href=" + request.getServletPath() + ">");
response.getWriter().println("Main");
response.getWriter().println("</a>");
response.getWriter().println(" : ");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
index 02ab5b52..ca829561 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
@@ -17,11 +17,10 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.base;
-
/**
- * This class represents information about the client e.g. version,
- * langauge, vendor.
- *
+ * This class represents information about the client e.g. version, langauge,
+ * vendor.
+ *
* @version $Revision$, $Date$
*/
public class UserInfo {
@@ -36,7 +35,7 @@ public class UserInfo {
/**
* Returns the user language.
- *
+ *
* @param s user language info from the browser
* @return user language
*/
@@ -53,7 +52,7 @@ public class UserInfo {
/**
* Returns the user country.
- *
+ *
* @param s user language info from the browser
* @return user country
*/
@@ -67,10 +66,10 @@ public class UserInfo {
}
return "";
}
-
+
/**
* Returns the users agent.
- *
+ *
* @param s user language info from the browser
* @return user agent
*/
@@ -79,7 +78,7 @@ public class UserInfo {
if (s.indexOf(MSIE) != -1) {
return MSIE;
}
-
+
// Check for Netscape i.e. Mozilla
if (s.indexOf(MOZILLA) != -1) {
return MOZILLA;
@@ -87,5 +86,5 @@ public class UserInfo {
// Don't know agent. Return empty string.
return "";
- }
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
index 47b3c9f1..63ac96e1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
@@ -68,10 +67,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Revoke a certificate with a CMC-formatted revocation request
- *
+ *
* @version $Revision$, $Date$
*/
public class CMCRevReqServlet extends CMSServlet {
@@ -84,7 +82,7 @@ public class CMCRevReqServlet extends CMSServlet {
// revocation templates.
private final static String TPL_FILE = "revocationResult.template";
public static final String CRED_CMC = "cmcRequest";
-
+
private ICertificateRepository mCertDB = null;
private String mFormPath = null;
private IRequestQueue mQueue = null;
@@ -93,29 +91,26 @@ public class CMCRevReqServlet extends CMSServlet {
private final static String REVOKE = "revoke";
private final static String ON_HOLD = "on-hold";
private final static int ON_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
- // http params
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
+ // http params
public static final String SERIAL_NO = TOKEN_CERT_SERIAL;
public static final String REASON_CODE = "reasonCode";
public static final String CHALLENGE_PHRASE = "challengePhrase";
// request attributes
public static final String SERIALNO_ARRAY = "serialNoArray";
-
+
public CMCRevReqServlet() {
super();
}
- /**
+ /**
* initialize the servlet.
- * @param sc servlet configuration, read from the web.xml file
- */
+ *
+ * @param sc servlet configuration, read from the web.xml file
+ */
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -126,61 +121,65 @@ public class CMCRevReqServlet extends CMSServlet {
mTemplates.remove(CMSRequest.SUCCESS);
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
}
if (mAuthority instanceof ICertAuthority) {
- mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
+ mPublisherProcessor = ((ICertAuthority) mAuthority)
+ .getPublisherProcessor();
}
mQueue = mAuthority.getRequestQueue();
if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
}
-
- /**
- * Process the HTTP request.
- *
- * <ul>
- * <li>http.param cmcRequest the base-64 encoded CMC request
- * </ul>
- * @param cmsReq the object holding the request and response information
+ /**
+ * Process the HTTP request.
+ *
+ * <ul>
+ * <li>http.param cmcRequest the base-64 encoded CMC request
+ * </ul>
+ *
+ * @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
String cmcAgentSerialNumber = null;
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest req = cmsReq.getHttpReq();
- HttpServletResponse resp = cmsReq.getHttpResp();
-
+ HttpServletResponse resp = cmsReq.getHttpResp();
+
CMSTemplate form = null;
Locale[] locale = new Locale[1];
-CMS.debug("**** mFormPath = "+mFormPath);
+ CMS.debug("**** mFormPath = " + mFormPath);
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
EBaseException error = null;
IArgBlock header = CMS.createArgBlock();
IArgBlock ctx = CMS.createArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-
String cmc = (String) httpParams.get(CRED_CMC);
if (cmc == null) {
- throw new EMissingCredential(
- CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
+ throw new EMissingCredential(CMS.getUserMessage(
+ "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
}
IAuthToken authToken = authenticate(cmsReq);
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, "revoke");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "revoke");
} catch (Exception e) {
// do nothing for now
}
@@ -190,10 +189,10 @@ CMS.debug("**** mFormPath = "+mFormPath);
return;
}
- //IAuthToken authToken = getAuthToken(cmsReq);
- //Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL);
- //Object uid = authToken.get("uid");
- //===========================
+ // IAuthToken authToken = getAuthToken(cmsReq);
+ // Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL);
+ // Object uid = authToken.get("uid");
+ // ===========================
String authMgr = AuditFormat.NOAUTH;
BigInteger[] serialNoArray = null;
@@ -201,36 +200,38 @@ CMS.debug("**** mFormPath = "+mFormPath);
serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL);
}
- Integer reasonCode = Integer.valueOf(0);
- if (authToken != null) {
+ Integer reasonCode = Integer.valueOf(0);
+ if (authToken != null) {
reasonCode = authToken.getInInteger(REASON_CODE);
}
- RevocationReason reason = RevocationReason.fromInt(reasonCode.intValue());
+ RevocationReason reason = RevocationReason.fromInt(reasonCode
+ .intValue());
String comments = "";
Date invalidityDate = null;
String revokeAll = null;
int verifiedRecordCount = 0;
int totalRecordCount = 0;
-
+
if (serialNoArray != null) {
totalRecordCount = serialNoArray.length;
verifiedRecordCount = serialNoArray.length;
}
-
+
X509CertImpl[] certs = null;
- //for audit log.
+ // for audit log.
String initiative = null;
if (mAuthMgr != null && mAuthMgr.equals("CMCAuth")) {
// request is from agent
if (authToken != null) {
- authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
String agentID = authToken.getInString("userid");
- initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
- " authenticated by " + authMgr;
+ initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
+ + " authenticated by " + authMgr;
}
} else {
initiative = AuditFormat.FROMUSER;
@@ -241,24 +242,29 @@ CMS.debug("**** mFormPath = "+mFormPath);
certs = new X509CertImpl[serialNoArray.length];
for (int i = 0; i < serialNoArray.length; i++) {
- certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]);
+ certs[i] = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository().getX509Certificate(
+ serialNoArray[i]);
}
} else if (mAuthority instanceof IRegistrationAuthority) {
IRequest getCertsChallengeReq = null;
- getCertsChallengeReq = mQueue.newRequest(
- GETCERTS_FOR_CHALLENGE_REQUEST);
+ getCertsChallengeReq = mQueue
+ .newRequest(GETCERTS_FOR_CHALLENGE_REQUEST);
getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
mQueue.processRequest(getCertsChallengeReq);
RequestStatus status = getCertsChallengeReq.getRequestStatus();
if (status == RequestStatus.COMPLETE) {
- certs = getCertsChallengeReq.getExtDataInCertArray(IRequest.OLD_CERTS);
- header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
+ certs = getCertsChallengeReq
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
+ header.addStringValue("request", getCertsChallengeReq
+ .getRequestId().toString());
mRequestID = getCertsChallengeReq.getRequestId().toString();
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
}
}
@@ -268,23 +274,23 @@ CMS.debug("**** mFormPath = "+mFormPath);
for (int i = 0; i < serialNoArray.length; i++) {
IArgBlock rarg = CMS.createArgBlock();
- rarg.addBigIntegerValue("serialNumber",
- serialNoArray[i], 16);
- rarg.addStringValue("subject",
- certs[i].getSubjectDN().toString());
- rarg.addLongValue("validNotBefore",
- certs[i].getNotBefore().getTime() / 1000);
- rarg.addLongValue("validNotAfter",
- certs[i].getNotAfter().getTime() / 1000);
- //argSet.addRepeatRecord(rarg);
+ rarg.addBigIntegerValue("serialNumber", serialNoArray[i], 16);
+ rarg.addStringValue("subject", certs[i].getSubjectDN()
+ .toString());
+ rarg.addLongValue("validNotBefore", certs[i].getNotBefore()
+ .getTime() / 1000);
+ rarg.addLongValue("validNotAfter", certs[i].getNotAfter()
+ .getTime() / 1000);
+ // argSet.addRepeatRecord(rarg);
}
revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
- cmcAgentSerialNumber= authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT);
- process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp,
- verifiedRecordCount, revokeAll, totalRecordCount,
- comments, locale[0],cmcAgentSerialNumber);
-
+ cmcAgentSerialNumber = authToken
+ .getInString(IAuthManager.CRED_SSL_CLIENT_CERT);
+ process(argSet, header, reasonCode.intValue(), invalidityDate,
+ initiative, req, resp, verifiedRecordCount, revokeAll,
+ totalRecordCount, comments, locale[0], cmcAgentSerialNumber);
+
} else {
header.addIntegerValue("totalRecordCount", 0);
header.addIntegerValue("verifiedRecordCount", 0);
@@ -293,54 +299,56 @@ CMS.debug("**** mFormPath = "+mFormPath);
try {
ServletOutputStream out = resp.getOutputStream();
- if ((serialNoArray== null) || (serialNoArray.length == 0)) {
+ if ((serialNoArray == null) || (serialNoArray.length == 0)) {
cmsReq.setStatus(CMSRequest.ERROR);
- EBaseException ee = new EBaseException("No matched certificate is found");
+ EBaseException ee = new EBaseException(
+ "No matched certificate is found");
cmsReq.setError(ee);
} else {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
/**
* get cert to revoke from agent.
*/
- private BigInteger getCertFromAgent(
- IArgBlock httpParams, X509Certificate[] certContainer)
- throws EBaseException {
+ private BigInteger getCertFromAgent(IArgBlock httpParams,
+ X509Certificate[] certContainer) throws EBaseException {
BigInteger serialno = null;
X509Certificate cert = null;
// get serial no
serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
if (serialno == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
+ CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
}
// get cert from db if we're cert authority.
if (mAuthority instanceof ICertificateAuthority) {
cert = getX509Certificate(serialno);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
}
}
certContainer[0] = cert;
@@ -350,23 +358,21 @@ CMS.debug("**** mFormPath = "+mFormPath);
/**
* Revoke the specified certificate
*/
- private BigInteger getCertFromAuthMgr(
- AuthToken authToken, X509Certificate[] certContainer)
- throws EBaseException {
- X509CertImpl cert =
- authToken.getInCert(AuthToken.TOKEN_CERT);
+ private BigInteger getCertFromAuthMgr(AuthToken authToken,
+ X509Certificate[] certContainer) throws EBaseException {
+ X509CertImpl cert = authToken.getInCert(AuthToken.TOKEN_CERT);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
}
- if (mAuthority instanceof ICertificateAuthority &&
- !isCertFromCA(cert)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
+ if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
}
certContainer[0] = cert;
BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
@@ -375,25 +381,23 @@ CMS.debug("**** mFormPath = "+mFormPath);
}
/**
- * get cert to revoke from ssl
+ * get cert to revoke from ssl
*/
- private BigInteger getCertFromSSL(
- HttpServletRequest req, X509CertImpl[] certContainer)
- throws EBaseException {
+ private BigInteger getCertFromSSL(HttpServletRequest req,
+ X509CertImpl[] certContainer) throws EBaseException {
X509Certificate cert = getSSLClientCertificate(req);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_SSL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_SSL"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_SSL"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_SSL"));
}
- if (mAuthority instanceof ICertificateAuthority &&
- !isCertFromCA(cert)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION", ""));
+ if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION", ""));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
}
BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
@@ -406,56 +410,52 @@ CMS.debug("**** mFormPath = "+mFormPath);
* Process cert status change request using the Certificate Management
* protocol using CMS (CMC)
* <P>
- *
+ *
* (Certificate Request - an "EE" cert status change request)
* <P>
- *
+ *
* (Certificate Request Processed - an "EE" cert status change request)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+ * when a cert status change request (e. g. - "revocation") is made (before
* approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (revoked, expired, on-hold,
- * off-hold)
+ * <li>signed.audit
+ * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+ * certificate status is changed (revoked, expired, on-hold, off-hold)
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
- * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
- * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
- * 4 - Certificate superceded, 5 - Cessation of operation, or
- * 6 - Certificate is on hold)
+ * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2
+ * - CA key compromised; should not be used, 3 - Affiliation
+ * changed, 4 - Certificate superceded, 5 - Cessation of
+ * operation, or 6 - Certificate is on hold)
* @param invalidityDate certificate validity date
* @param initiative string containing the audit format
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param verifiedRecordCount number of verified records
- * @param revokeAll string containing information on all of the
- * certificates to be revoked
+ * @param revokeAll string containing information on all of the certificates
+ * to be revoked
* @param totalRecordCount total number of records (verified and unverified)
* @param comments string containing certificate comments
* @param locale the system locale
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate,
- String initiative,
- HttpServletRequest req,
- HttpServletResponse resp,
- int verifiedRecordCount,
- String revokeAll,
- int totalRecordCount,
- String comments,
- Locale locale,String cmcAgentSerialNumber)
- throws EBaseException {
+ int reason, Date invalidityDate, String initiative,
+ HttpServletRequest req, HttpServletResponse resp,
+ int verifiedRecordCount, String revokeAll, int totalRecordCount,
+ String comments, Locale locale, String cmcAgentSerialNumber)
+ throws EBaseException {
String eeSerialNumber = null;
- if(cmcAgentSerialNumber!=null) {
+ if (cmcAgentSerialNumber != null) {
eeSerialNumber = cmcAgentSerialNumber;
- }else{
- X509CertImpl sslCert = ( X509CertImpl ) getSSLClientCertificate( req );
- if( sslCert != null ) {
+ } else {
+ X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
+ if (sslCert != null) {
eeSerialNumber = sslCert.getSerialNumber().toString();
}
}
@@ -463,11 +463,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
- String auditRequesterID = auditRequesterID( req );
- String auditSerialNumber = auditSerialNumber( eeSerialNumber );
- String auditRequestType = auditRequestType( reason );
+ String auditRequesterID = auditRequesterID(req);
+ String auditSerialNumber = auditSerialNumber(eeSerialNumber);
+ String auditRequestType = auditRequestType(reason);
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- String auditReasonNum = String.valueOf( reason );
+ String auditReasonNum = String.valueOf(reason);
try {
int count = 0;
@@ -496,8 +496,9 @@ CMS.debug("**** mFormPath = "+mFormPath);
}
if (mAuthority instanceof ICertificateAuthority) {
- ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList(
- revokeAll, null, totalRecordCount);
+ ICertRecordList list = (ICertRecordList) mCertDB
+ .findCertRecordsInList(revokeAll, null,
+ totalRecordCount);
Enumeration e = list.getCertRecords(0, totalRecordCount - 1);
while (e != null && e.hasMoreElements()) {
@@ -506,18 +507,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
+ cert.getSerialNumber(), 16);
if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
- rarg.addStringValue("error", "Certificate " +
- cert.getSerialNumber().toString() +
- " is already revoked.");
+ rarg.addStringValue("error", "Certificate "
+ + cert.getSerialNumber().toString()
+ + " is already revoked.");
} else {
oldCertsV.addElement(cert);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ cert.getSerialNumber(), CMS.getCurrentDate(),
+ entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -529,42 +530,48 @@ CMS.debug("**** mFormPath = "+mFormPath);
} else if (mAuthority instanceof IRegistrationAuthority) {
String reqIdStr = null;
- if (mRequestID != null && mRequestID.length() > 0)
+ if (mRequestID != null && mRequestID.length() > 0)
reqIdStr = mRequestID;
Vector serialNumbers = new Vector();
if (revokeAll != null && revokeAll.length() > 0) {
- for (int i = revokeAll.indexOf('=');
- i < revokeAll.length() && i > -1;
- i = revokeAll.indexOf('=', i)) {
+ for (int i = revokeAll.indexOf('='); i < revokeAll.length()
+ && i > -1; i = revokeAll.indexOf('=', i)) {
if (i > -1) {
i++;
- while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
+ while (i < revokeAll.length()
+ && revokeAll.charAt(i) == ' ') {
i++;
}
String legalDigits = "0123456789";
int j = i;
- while (j < revokeAll.length() &&
- legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+ while (j < revokeAll.length()
+ && legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
j++;
}
if (j > i) {
- serialNumbers.addElement(revokeAll.substring(i, j));
+ serialNumbers.addElement(revokeAll.substring(i,
+ j));
}
}
}
}
- if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) {
- IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr));
- X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS);
+ if (reqIdStr != null && reqIdStr.length() > 0
+ && serialNumbers.size() > 0) {
+ IRequest certReq = mRequestQueue.findRequest(new RequestId(
+ reqIdStr));
+ X509CertImpl[] certs = certReq
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
for (int i = 0; i < certs.length; i++) {
boolean addToList = false;
for (int j = 0; j < serialNumbers.size(); j++) {
- if (certs[i].getSerialNumber().toString().equals(
- (String) serialNumbers.elementAt(j))) {
+ if (certs[i]
+ .getSerialNumber()
+ .toString()
+ .equals((String) serialNumbers.elementAt(j))) {
addToList = true;
break;
}
@@ -573,11 +580,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- certs[i].getSerialNumber(), 16);
+ certs[i].getSerialNumber(), 16);
oldCertsV.addElement(certs[i]);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(certs[i].getSerialNumber(),
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ certs[i].getSerialNumber(),
CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
@@ -590,17 +597,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
String b64eCert = req.getParameter("b64eCertificate");
if (b64eCert != null) {
- byte[] certBytes = com.netscape.osutil.OSUtil.AtoB(b64eCert);
+ byte[] certBytes = com.netscape.osutil.OSUtil
+ .AtoB(b64eCert);
X509CertImpl cert = new X509CertImpl(certBytes);
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
+ cert.getSerialNumber(), 16);
oldCertsV.addElement(cert);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ cert.getSerialNumber(), CMS.getCurrentDate(),
+ entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -620,17 +628,13 @@ CMS.debug("**** mFormPath = "+mFormPath);
revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i);
}
- IRequest revReq =
- mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
@@ -660,30 +664,35 @@ CMS.debug("**** mFormPath = "+mFormPath);
Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
- String[] svcErrors =
- revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors = revReq
+ .getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
String err = svcErrors[i];
if (err != null) {
- //cmsReq.setErrorDescription(err);
+ // cmsReq.setErrorDescription(err);
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: "
+ + err,
+ oldCerts[j]
+ .getSubjectDN(),
+ oldCerts[j]
+ .getSerialNumber()
+ .toString(16),
+ RevocationReason
+ .fromInt(reason)
+ .toString() });
}
}
}
@@ -695,24 +704,27 @@ CMS.debug("**** mFormPath = "+mFormPath);
// audit log the success.
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(
+ 16),
+ RevocationReason.fromInt(reason)
+ .toString() });
}
}
header.addStringValue("revoked", "yes");
- Integer updateCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
header.addStringValue("updateCRL", "yes");
@@ -720,92 +732,98 @@ CMS.debug("**** mFormPath = "+mFormPath);
header.addStringValue("updateCRLSuccess", "yes");
} else {
header.addStringValue("updateCRLSuccess", "no");
- String crlError =
- revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ String crlError = revReq
+ .getExtDataInString(IRequest.CRL_UPDATE_ERROR);
if (crlError != null)
- header.addStringValue("updateCRLError",
- crlError);
+ header.addStringValue("updateCRLError", crlError);
}
// let known crl publishing status too.
- Integer publishCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue("publishCRLSuccess", "yes");
} else {
header.addStringValue("publishCRLSuccess", "no");
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null)
header.addStringValue("publishCRLError",
- publError);
+ publError);
}
}
}
if (mAuthority instanceof ICertificateAuthority) {
// let known update and publish status of all crls.
- Enumeration otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ Enumeration otherCRLs = ((ICertificateAuthority) mAuthority)
+ .getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
- ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs
+ .nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
continue;
String updateStatusStr = crl.getCrlUpdateStatusStr();
- Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
+ Integer updateResult = revReq
+ .getExtDataInInteger(updateStatusStr);
if (updateResult != null) {
if (updateResult.equals(IRequest.RES_SUCCESS)) {
- CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
- updateStatusStr));
+ CMS.debug("CMCRevReqServlet: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_ADDING_HEADER",
+ updateStatusStr));
header.addStringValue(updateStatusStr, "yes");
} else {
- String updateErrorStr = crl.getCrlUpdateErrorStr();
+ String updateErrorStr = crl
+ .getCrlUpdateErrorStr();
- CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
- updateStatusStr));
+ CMS.debug("CMCRevReqServlet: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_ADDING_HEADER_NO",
+ updateStatusStr));
header.addStringValue(updateStatusStr, "no");
- String error =
- revReq.getExtDataInString(updateErrorStr);
+ String error = revReq
+ .getExtDataInString(updateErrorStr);
if (error != null)
- header.addStringValue(updateErrorStr,
- error);
+ header.addStringValue(updateErrorStr, error);
}
- String publishStatusStr = crl.getCrlPublishStatusStr();
- Integer publishResult =
- revReq.getExtDataInInteger(publishStatusStr);
+ String publishStatusStr = crl
+ .getCrlPublishStatusStr();
+ Integer publishResult = revReq
+ .getExtDataInInteger(publishStatusStr);
if (publishResult == null)
continue;
if (publishResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue(publishStatusStr, "yes");
} else {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr = crl
+ .getCrlPublishErrorStr();
header.addStringValue(publishStatusStr, "no");
- String error =
- revReq.getExtDataInString(publishErrorStr);
+ String error = revReq
+ .getExtDataInString(publishErrorStr);
if (error != null)
- header.addStringValue(
- publishErrorStr, error);
+ header.addStringValue(publishErrorStr,
+ error);
}
}
}
}
- if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
+ if (mPublisherProcessor != null
+ && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- revReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus = revReq
+ .getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -821,12 +839,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
header.addIntegerValue("certsToUpdate", certsToUpdate);
// add crl publishing status.
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
- header.addStringValue("crlPublishError",
- publError);
+ header.addStringValue("crlPublishError", publError);
}
} else {
header.addStringValue("dirEnabled", "no");
@@ -839,27 +856,32 @@ CMS.debug("**** mFormPath = "+mFormPath);
// audit log the pending
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "pending",
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "pending",
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(
+ 16),
+ RevocationReason.fromInt(reason)
+ .toString() });
}
}
} else {
- Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
+ Vector errors = revReq
+ .getExtDataInStringVector(IRequest.ERRORS);
StringBuffer errorStr = new StringBuffer();
if (errors != null && errors.size() > 0) {
for (int ii = 0; ii < errors.size(); ii++) {
- errorStr.append(errors.elementAt(ii));;
+ errorStr.append(errors.elementAt(ii));
+ ;
}
}
header.addStringValue("error", errorStr.toString());
@@ -867,17 +889,20 @@ CMS.debug("**** mFormPath = "+mFormPath);
// audit log the error
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(
+ 16),
+ RevocationReason.fromInt(reason)
+ .toString() });
}
}
}
@@ -886,17 +911,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -906,12 +931,9 @@ CMS.debug("**** mFormPath = "+mFormPath);
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -920,18 +942,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
- {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -945,12 +966,9 @@ CMS.debug("**** mFormPath = "+mFormPath);
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -959,18 +977,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
- {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -979,18 +996,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
throw e;
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED",
+ e.toString()));
if (auditRequest) {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -999,35 +1014,32 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
- {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
}
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
} catch (Exception e) {
if (auditRequest) {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -1036,18 +1048,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
- {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -1061,11 +1072,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -1091,11 +1102,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -1113,8 +1124,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
// convert it to hexadecimal
serialNumber = "0x"
- + Integer.toHexString(
- Integer.valueOf(serialNumber).intValue());
+ + Integer.toHexString(Integer.valueOf(serialNumber)
+ .intValue());
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -1124,11 +1135,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
/**
* Signed Audit Log Request Type
- *
- * This method is called to obtain the "Request Type" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "Request Type" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param reason an integer denoting the revocation reason
* @return string containing REVOKE or ON_HOLD
*/
@@ -1150,4 +1161,3 @@ CMS.debug("**** mFormPath = "+mFormPath);
return requestType;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
index 8dff2768..807f0493 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
@@ -66,11 +65,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Takes the certificate info (serial number) and optional challenge phrase, creates a
- * revocation request and submits it to the authority subsystem for processing
- *
+ * Takes the certificate info (serial number) and optional challenge phrase,
+ * creates a revocation request and submits it to the authority subsystem for
+ * processing
+ *
* @version $Revision$, $Date$
*/
public class ChallengeRevocationServlet1 extends CMSServlet {
@@ -89,7 +88,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
private IPublisherProcessor mPublisherProcessor = null;
private String mRequestID = null;
- // http params
+ // http params
public static final String SERIAL_NO = TOKEN_CERT_SERIAL;
public static final String REASON_CODE = "reasonCode";
public static final String CHALLENGE_PHRASE = "challengePhrase";
@@ -102,10 +101,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
}
/**
- * Initialize the servlet. This servlet uses the file
- * revocationResult.template for the response
- *
- * @param sc servlet configuration, read from the web.xml file
+ * Initialize the servlet. This servlet uses the file
+ * revocationResult.template for the response
+ *
+ * @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -116,26 +115,27 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
mTemplates.remove(CMSRequest.SUCCESS);
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
}
if (mAuthority instanceof ICertAuthority) {
- mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
+ mPublisherProcessor = ((ICertAuthority) mAuthority)
+ .getPublisherProcessor();
}
mQueue = mAuthority.getRequestQueue();
}
- /**
- * Process the HTTP request.
+ /**
+ * Process the HTTP request.
* <ul>
* <li>http.param REASON_CODE the revocation reason
- * <li>http.param b64eCertificate the base-64 encoded certificate to revoke
+ * <li>http.param b64eCertificate the base-64 encoded certificate to revoke
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
@@ -146,8 +146,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
EBaseException error = null;
@@ -159,37 +161,40 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
// for audit log
IAuthToken authToken = authenticate(cmsReq);
String authMgr = AuditFormat.NOAUTH;
-
+
BigInteger[] serialNoArray = null;
if (authToken != null) {
serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO);
}
// set revocation reason, default to unspecified if not set.
- int reasonCode =
- httpParams.getValueAsInt(REASON_CODE, 0);
- // header.addIntegerValue("reason", reasonCode);
+ int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0);
+ // header.addIntegerValue("reason", reasonCode);
RevocationReason reason = RevocationReason.fromInt(reasonCode);
String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
Date invalidityDate = null;
String revokeAll = null;
- int totalRecordCount = (serialNoArray != null)? serialNoArray.length:0;
- int verifiedRecordCount = (serialNoArray != null)? serialNoArray.length:0;
+ int totalRecordCount = (serialNoArray != null) ? serialNoArray.length
+ : 0;
+ int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length
+ : 0;
X509CertImpl[] certs = null;
- //for audit log.
+ // for audit log.
String initiative = null;
- if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+ if (mAuthMgr != null
+ && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
// request is from agent
if (authToken != null) {
- authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
String agentID = authToken.getInString("userid");
- initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
- " authenticated by " + authMgr;
+ initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
+ + " authenticated by " + authMgr;
}
} else {
initiative = AuditFormat.FROMUSER;
@@ -198,11 +203,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "revoke");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "revoke");
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -215,24 +220,29 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
certs = new X509CertImpl[serialNoArray.length];
for (int i = 0; i < serialNoArray.length; i++) {
- certs[i] = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificate(serialNoArray[i]);
+ certs[i] = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository().getX509Certificate(
+ serialNoArray[i]);
}
} else if (mAuthority instanceof IRegistrationAuthority) {
IRequest getCertsChallengeReq = null;
- getCertsChallengeReq = mQueue.newRequest(
- GETCERTS_FOR_CHALLENGE_REQUEST);
+ getCertsChallengeReq = mQueue
+ .newRequest(GETCERTS_FOR_CHALLENGE_REQUEST);
getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
mQueue.processRequest(getCertsChallengeReq);
RequestStatus status = getCertsChallengeReq.getRequestStatus();
if (status == RequestStatus.COMPLETE) {
- certs = getCertsChallengeReq.getExtDataInCertArray(IRequest.OLD_CERTS);
- header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
+ certs = getCertsChallengeReq
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
+ header.addStringValue("request", getCertsChallengeReq
+ .getRequestId().toString());
mRequestID = getCertsChallengeReq.getRequestId().toString();
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
}
}
@@ -242,21 +252,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
for (int i = 0; i < serialNoArray.length; i++) {
IArgBlock rarg = CMS.createArgBlock();
- rarg.addBigIntegerValue("serialNumber",
- serialNoArray[i], 16);
- rarg.addStringValue("subject",
- certs[i].getSubjectDN().toString());
- rarg.addLongValue("validNotBefore",
- certs[i].getNotBefore().getTime() / 1000);
- rarg.addLongValue("validNotAfter",
- certs[i].getNotAfter().getTime() / 1000);
- //argSet.addRepeatRecord(rarg);
+ rarg.addBigIntegerValue("serialNumber", serialNoArray[i], 16);
+ rarg.addStringValue("subject", certs[i].getSubjectDN()
+ .toString());
+ rarg.addLongValue("validNotBefore", certs[i].getNotBefore()
+ .getTime() / 1000);
+ rarg.addLongValue("validNotAfter", certs[i].getNotAfter()
+ .getTime() / 1000);
+ // argSet.addRepeatRecord(rarg);
}
revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
- process(argSet, header, reasonCode, invalidityDate, initiative, req, resp,
- verifiedRecordCount, revokeAll, totalRecordCount,
- comments, locale[0]);
+ process(argSet, header, reasonCode, invalidityDate, initiative,
+ req, resp, verifiedRecordCount, revokeAll,
+ totalRecordCount, comments, locale[0]);
} else {
header.addIntegerValue("totalRecordCount", 0);
header.addIntegerValue("verifiedRecordCount", 0);
@@ -265,10 +274,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
try {
ServletOutputStream out = resp.getOutputStream();
- if( serialNoArray == null ) {
- CMS.debug( "ChallengeRevcationServlet1::process() - " +
- " serialNoArray is null!" );
- EBaseException ee = new EBaseException( "No matched certificate is found" );
+ if (serialNoArray == null) {
+ CMS.debug("ChallengeRevcationServlet1::process() - "
+ + " serialNoArray is null!");
+ EBaseException ee = new EBaseException(
+ "No matched certificate is found");
cmsReq.setError(ee);
return;
@@ -276,37 +286,34 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
if (serialNoArray.length == 0) {
cmsReq.setStatus(CMSRequest.ERROR);
- EBaseException ee = new EBaseException("No matched certificate is found");
+ EBaseException ee = new EBaseException(
+ "No matched certificate is found");
cmsReq.setError(ee);
} else {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
}
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate,
- String initiative,
- HttpServletRequest req,
- HttpServletResponse resp,
- int verifiedRecordCount,
- String revokeAll,
- int totalRecordCount,
- String comments,
- Locale locale)
- throws EBaseException {
+ int reason, Date invalidityDate, String initiative,
+ HttpServletRequest req, HttpServletResponse resp,
+ int verifiedRecordCount, String revokeAll, int totalRecordCount,
+ String comments, Locale locale) throws EBaseException {
try {
int count = 0;
Vector oldCertsV = new Vector();
@@ -334,8 +341,9 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
}
if (mAuthority instanceof ICertificateAuthority) {
- ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList(
- revokeAll, null, totalRecordCount);
+ ICertRecordList list = (ICertRecordList) mCertDB
+ .findCertRecordsInList(revokeAll, null,
+ totalRecordCount);
Enumeration e = list.getCertRecords(0, totalRecordCount - 1);
while (e != null && e.hasMoreElements()) {
@@ -344,18 +352,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
+ cert.getSerialNumber(), 16);
if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
- rarg.addStringValue("error", "Certificate " +
- cert.getSerialNumber().toString() +
- " is already revoked.");
+ rarg.addStringValue("error", "Certificate "
+ + cert.getSerialNumber().toString()
+ + " is already revoked.");
} else {
oldCertsV.addElement(cert);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ cert.getSerialNumber(), CMS.getCurrentDate(),
+ entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -367,42 +375,48 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
} else if (mAuthority instanceof IRegistrationAuthority) {
String reqIdStr = null;
- if (mRequestID != null && mRequestID.length() > 0)
+ if (mRequestID != null && mRequestID.length() > 0)
reqIdStr = mRequestID;
Vector serialNumbers = new Vector();
if (revokeAll != null && revokeAll.length() > 0) {
- for (int i = revokeAll.indexOf('=');
- i < revokeAll.length() && i > -1;
- i = revokeAll.indexOf('=', i)) {
+ for (int i = revokeAll.indexOf('='); i < revokeAll.length()
+ && i > -1; i = revokeAll.indexOf('=', i)) {
if (i > -1) {
i++;
- while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
+ while (i < revokeAll.length()
+ && revokeAll.charAt(i) == ' ') {
i++;
}
String legalDigits = "0123456789";
int j = i;
- while (j < revokeAll.length() &&
- legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+ while (j < revokeAll.length()
+ && legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
j++;
}
if (j > i) {
- serialNumbers.addElement(revokeAll.substring(i, j));
+ serialNumbers.addElement(revokeAll.substring(i,
+ j));
}
}
}
}
- if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) {
- IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr));
- X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS);
+ if (reqIdStr != null && reqIdStr.length() > 0
+ && serialNumbers.size() > 0) {
+ IRequest certReq = mRequestQueue.findRequest(new RequestId(
+ reqIdStr));
+ X509CertImpl[] certs = certReq
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
for (int i = 0; i < certs.length; i++) {
boolean addToList = false;
for (int j = 0; j < serialNumbers.size(); j++) {
- if (certs[i].getSerialNumber().toString().equals(
- (String) serialNumbers.elementAt(j))) {
+ if (certs[i]
+ .getSerialNumber()
+ .toString()
+ .equals((String) serialNumbers.elementAt(j))) {
addToList = true;
break;
}
@@ -411,11 +425,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- certs[i].getSerialNumber(), 16);
+ certs[i].getSerialNumber(), 16);
oldCertsV.addElement(certs[i]);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(certs[i].getSerialNumber(),
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ certs[i].getSerialNumber(),
CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
@@ -428,17 +442,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
String b64eCert = req.getParameter("b64eCertificate");
if (b64eCert != null) {
- byte[] certBytes = com.netscape.osutil.OSUtil.AtoB(b64eCert);
+ byte[] certBytes = com.netscape.osutil.OSUtil
+ .AtoB(b64eCert);
X509CertImpl cert = new X509CertImpl(certBytes);
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
+ cert.getSerialNumber(), 16);
oldCertsV.addElement(cert);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ cert.getSerialNumber(), CMS.getCurrentDate(),
+ entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -458,8 +473,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i);
}
- IRequest revReq =
- mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST);
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
@@ -478,30 +492,35 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
- String[] svcErrors =
- revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors = revReq
+ .getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
String err = svcErrors[i];
if (err != null) {
- //cmsReq.setErrorDescription(err);
+ // cmsReq.setErrorDescription(err);
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: "
+ + err,
+ oldCerts[j]
+ .getSubjectDN(),
+ oldCerts[j]
+ .getSerialNumber()
+ .toString(16),
+ RevocationReason
+ .fromInt(reason)
+ .toString() });
}
}
}
@@ -513,24 +532,27 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
// audit log the success.
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(
+ 16),
+ RevocationReason.fromInt(reason)
+ .toString() });
}
}
header.addStringValue("revoked", "yes");
- Integer updateCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
header.addStringValue("updateCRL", "yes");
@@ -538,92 +560,98 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
header.addStringValue("updateCRLSuccess", "yes");
} else {
header.addStringValue("updateCRLSuccess", "no");
- String crlError =
- revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ String crlError = revReq
+ .getExtDataInString(IRequest.CRL_UPDATE_ERROR);
if (crlError != null)
- header.addStringValue("updateCRLError",
- crlError);
+ header.addStringValue("updateCRLError", crlError);
}
// let known crl publishing status too.
- Integer publishCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue("publishCRLSuccess", "yes");
} else {
header.addStringValue("publishCRLSuccess", "no");
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null)
header.addStringValue("publishCRLError",
- publError);
+ publError);
}
}
}
if (mAuthority instanceof ICertificateAuthority) {
// let known update and publish status of all crls.
- Enumeration otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ Enumeration otherCRLs = ((ICertificateAuthority) mAuthority)
+ .getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
- ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs
+ .nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
continue;
String updateStatusStr = crl.getCrlUpdateStatusStr();
- Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
+ Integer updateResult = revReq
+ .getExtDataInInteger(updateStatusStr);
if (updateResult != null) {
if (updateResult.equals(IRequest.RES_SUCCESS)) {
- CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
- updateStatusStr));
+ CMS.debug("ChallengeRevcationServlet1: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_ADDING_HEADER",
+ updateStatusStr));
header.addStringValue(updateStatusStr, "yes");
} else {
- String updateErrorStr = crl.getCrlUpdateErrorStr();
+ String updateErrorStr = crl
+ .getCrlUpdateErrorStr();
- CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
- updateStatusStr));
+ CMS.debug("ChallengeRevcationServlet1: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_ADDING_HEADER_NO",
+ updateStatusStr));
header.addStringValue(updateStatusStr, "no");
- String error =
- revReq.getExtDataInString(updateErrorStr);
+ String error = revReq
+ .getExtDataInString(updateErrorStr);
if (error != null)
- header.addStringValue(updateErrorStr,
- error);
+ header.addStringValue(updateErrorStr, error);
}
- String publishStatusStr = crl.getCrlPublishStatusStr();
- Integer publishResult =
- revReq.getExtDataInInteger(publishStatusStr);
+ String publishStatusStr = crl
+ .getCrlPublishStatusStr();
+ Integer publishResult = revReq
+ .getExtDataInInteger(publishStatusStr);
if (publishResult == null)
continue;
if (publishResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue(publishStatusStr, "yes");
} else {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr = crl
+ .getCrlPublishErrorStr();
header.addStringValue(publishStatusStr, "no");
- String error =
- revReq.getExtDataInString(publishErrorStr);
+ String error = revReq
+ .getExtDataInString(publishErrorStr);
if (error != null)
- header.addStringValue(
- publishErrorStr, error);
+ header.addStringValue(publishErrorStr,
+ error);
}
}
}
}
- if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
+ if (mPublisherProcessor != null
+ && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- revReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus = revReq
+ .getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -639,12 +667,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
header.addIntegerValue("certsToUpdate", certsToUpdate);
// add crl publishing status.
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
- header.addStringValue("crlPublishError",
- publError);
+ header.addStringValue("crlPublishError", publError);
}
} else {
header.addStringValue("dirEnabled", "no");
@@ -657,22 +684,26 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
// audit log the pending
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "pending",
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "pending",
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(
+ 16),
+ RevocationReason.fromInt(reason)
+ .toString() });
}
}
} else {
- Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
+ Vector errors = revReq
+ .getExtDataInStringVector(IRequest.ERRORS);
StringBuffer errorStr = new StringBuffer();
if (errors != null && errors.size() > 0) {
@@ -685,17 +716,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
// audit log the error
for (int j = 0; j < count; j++) {
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- oldCerts[j].getSubjectDN(),
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ oldCerts[j].getSubjectDN(),
+ oldCerts[j].getSerialNumber().toString(
+ 16),
+ RevocationReason.fromInt(reason)
+ .toString() });
}
}
}
@@ -706,8 +740,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
throw e;
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
} catch (Exception e) {
e.printStackTrace();
}
@@ -715,4 +751,3 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
index 88abe80e..b6fd03e9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Locale;
@@ -39,12 +38,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Redirect a request to the Master. This servlet is used in
- * a clone when a requested service (such as CRL) is not available.
- * It redirects the user to the master.
- *
+ * Redirect a request to the Master. This servlet is used in a clone when a
+ * requested service (such as CRL) is not available. It redirects the user to
+ * the master.
+ *
* @version $Revision$, $Date$
*/
public class CloneRedirect extends CMSServlet {
@@ -71,7 +69,8 @@ public class CloneRedirect extends CMSServlet {
/**
* Initialize the servlet.
- * @param sc servlet configuration, read from the web.xml file
+ *
+ * @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -83,8 +82,9 @@ public class CloneRedirect extends CMSServlet {
if (authConfig != null) {
try {
- mNewUrl = authConfig.getString(PROP_REDIRECT_URL,
- "*** master URL unavailable, check your configuration ***");
+ mNewUrl = authConfig
+ .getString(PROP_REDIRECT_URL,
+ "*** master URL unavailable, check your configuration ***");
} catch (EBaseException e) {
// do nothing
}
@@ -93,8 +93,8 @@ public class CloneRedirect extends CMSServlet {
if (mAuthority instanceof ICertificateAuthority)
mCA = (ICertificateAuthority) mAuthority;
-
- // override success to do output with our own template.
+
+ // override success to do output with our own template.
mTemplates.remove(CMSRequest.SUCCESS);
}
@@ -117,29 +117,32 @@ public class CloneRedirect extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
- CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl));
+ CMS.debug("CloneRedirect: "
+ + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl));
header.addStringValue("masterURL", mNewUrl);
try {
ServletOutputStream out = resp.getOutputStream();
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
@@ -147,13 +150,11 @@ public class CloneRedirect extends CMSServlet {
* Display information about redirecting to the master's URL info
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- String signatureAlgorithm,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req, HttpServletResponse resp,
+ String signatureAlgorithm, Locale locale) throws EBaseException {
- CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl));
+ CMS.debug("CloneRedirect: "
+ + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl));
header.addStringValue("masterURL", mNewUrl);
return;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
index 0ccf7f18..40514846 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Date;
import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* 'Face-to-face' certificate enrollment.
- *
+ *
* @version $Revision$, $Date$
*/
public class DirAuthServlet extends CMSServlet {
@@ -64,15 +62,15 @@ public class DirAuthServlet extends CMSServlet {
super();
}
- /**
+ /**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
try {
- mFormPath = sc.getInitParameter(
- PROP_SUCCESS_TEMPLATE);
+ mFormPath = sc.getInitParameter(PROP_SUCCESS_TEMPLATE);
if (mFormPath == null)
mFormPath = TPL_FILE;
} catch (Exception e) {
@@ -81,15 +79,13 @@ public class DirAuthServlet extends CMSServlet {
mTemplates.remove(CMSRequest.SUCCESS);
}
-
- /**
+ /**
* Process the HTTP request. This servlet reads configuration information
- * from the hashDirEnrollment configuration substore
- *
+ * from the hashDirEnrollment configuration substore
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -99,9 +95,10 @@ public class DirAuthServlet extends CMSServlet {
IArgBlock args = cmsReq.getHttpParams();
if (!(mAuthority instanceof IRegistrationAuthority)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP"));
- cmsReq.setError(new ECMSGWException(
- CMS.getLogMessage("CMSGW_NOT_YET_IMPLEMENTED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getLogMessage("CMSGW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -112,10 +109,10 @@ public class DirAuthServlet extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
- cmsReq.setError(new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -129,8 +126,8 @@ public class DirAuthServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "submit");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "submit");
} catch (Exception e) {
// do nothing for now
}
@@ -142,7 +139,8 @@ public class DirAuthServlet extends CMSServlet {
IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("hashDirEnrollment.name");
- IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem authSS = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
IAuthManager authMgr = authSS.get(val);
HashAuthentication mgr = (HashAuthentication) authMgr;
@@ -166,7 +164,7 @@ public class DirAuthServlet extends CMSServlet {
printError(cmsReq, "2");
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
- }
+ }
mgr.setLastLogin(reqHost, currTime);
@@ -176,11 +174,12 @@ public class DirAuthServlet extends CMSServlet {
mgr.addAuthToken(pageID, authToken);
- header.addStringValue("pageID", pageID);
+ header.addStringValue("pageID", pageID);
header.addStringValue("uid", uid);
- header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid));
+ header.addStringValue("fingerprint",
+ mgr.hashFingerprint(reqHost, pageID, uid));
header.addStringValue("hostname", reqHost);
-
+
try {
ServletOutputStream out = httpResp.getOutputStream();
@@ -188,10 +187,11 @@ public class DirAuthServlet extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE",
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -199,7 +199,7 @@ public class DirAuthServlet extends CMSServlet {
}
private void printError(CMSRequest cmsReq, String errorCode)
- throws EBaseException {
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -218,10 +218,10 @@ public class DirAuthServlet extends CMSServlet {
try {
form = getTemplate(formPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -234,9 +234,10 @@ public class DirAuthServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE",
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
cmsReq.setStatus(CMSRequest.ERROR);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
index 9f353312..380bb9d7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* For Face-to-face enrollment, disable EE enrollment feature
- *
+ *
* @version $Revision$, $Date$
* @see com.netscape.cms.servlet.cert.EnableEnrollResult
*/
@@ -82,8 +80,7 @@ public class DisableEnrollResult extends CMSServlet {
/**
* Services the request
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -92,8 +89,8 @@ public class DisableEnrollResult extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, token,
- mAuthzResourceName, "disable");
+ authzToken = authorize(mAclMethod, token, mAuthzResourceName,
+ "disable");
} catch (Exception e) {
// do nothing for now
}
@@ -112,9 +109,10 @@ public class DisableEnrollResult extends CMSServlet {
IArgBlock args = cmsReq.getHttpParams();
if (!(mAuthority instanceof IRegistrationAuthority)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP"));
- cmsReq.setError(new ECMSGWException(
- CMS.getLogMessage("CMSGW_NOT_YET_IMPLEMENTED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_CA_FROM_RA_NOT_IMP"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getLogMessage("CMSGW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -125,10 +123,10 @@ public class DisableEnrollResult extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -139,7 +137,8 @@ public class DisableEnrollResult extends CMSServlet {
IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("hashDirEnrollment.name");
- IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem authSS = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
IAuthManager authMgr = authSS.get(val);
HashAuthentication mgr = (HashAuthentication) authMgr;
@@ -162,10 +161,11 @@ public class DisableEnrollResult extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE",
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
index 61cadc4a..62a1f5e9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Display detailed information about a certificate
- *
- * The template 'displayBySerial.template' is used to
- * render the response for this servlet.
- *
+ *
+ * The template 'displayBySerial.template' is used to render the response for
+ * this servlet.
+ *
* @version $Revision$, $Date$
*/
public class DisplayBySerial extends CMSServlet {
@@ -99,26 +97,29 @@ public class DisplayBySerial extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
}
try {
- mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
+ mCACerts = ((ICertAuthority) mAuthority).getCACertChain()
+ .getChain();
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
}
// coming from ee
mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1;
-
- if (mOutputTemplatePath != null)
+
+ if (mOutputTemplatePath != null)
mForm1Path = mOutputTemplatePath;
- // override success and error templates to null -
+ // override success and error templates to null -
// handle templates locally.
mTemplates.remove(CMSRequest.SUCCESS);
}
@@ -126,8 +127,8 @@ public class DisplayBySerial extends CMSServlet {
/**
* Serves HTTP request. The format of this request is as follows:
* <ul>
- * <li>http.param serialNumber Decimal serial number of certificate to display
- * (or hex if serialNumber preceded by 0x)
+ * <li>http.param serialNumber Decimal serial number of certificate to
+ * display (or hex if serialNumber preceded by 0x)
* </ul>
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -148,10 +149,11 @@ public class DisplayBySerial extends CMSServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ mAuthzResourceName, "read");
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
@@ -166,17 +168,22 @@ public class DisplayBySerial extends CMSServlet {
form = getTemplate(mForm1Path, req, locale);
}
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", String.valueOf(serialNumber)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1",
+ String.valueOf(serialNumber)));
- error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ error = new ECMSGWException(
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path,
+ e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
} catch (EDBRecordNotFoundException e) {
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", "0x" + serialNumber.toString(16)));
+ throw new ECMSGWException(CMS.getLogMessage(
+ "CMSGW_CERT_SERIAL_NOT_FOUND_1",
+ "0x" + serialNumber.toString(16)));
}
IArgBlock header = CMS.createArgBlock();
@@ -185,15 +192,14 @@ public class DisplayBySerial extends CMSServlet {
try {
if (serialNumber.compareTo(MINUS_ONE) > 0) {
- process(argSet, header, serialNumber,
- req, resp, locale[0]);
+ process(argSet, header, serialNumber, req, resp, locale[0]);
} else {
error = new ECMSGWException(
- CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
+ CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
}
} catch (EBaseException e) {
error = e;
- }
+ }
try {
ServletOutputStream out = resp.getOutputStream();
@@ -201,20 +207,22 @@ public class DisplayBySerial extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
@@ -223,55 +231,53 @@ public class DisplayBySerial extends CMSServlet {
* Display information about a particular certificate
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- BigInteger seq, HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ BigInteger seq, HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) throws EBaseException {
String certType[] = new String[1];
try {
ICertRecord rec = getCertRecord(seq, certType);
-
+
if (certType[0].equalsIgnoreCase("x509")) {
processX509(argSet, header, seq, req, resp, locale);
return;
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
throw e;
}
-
+
return;
}
-
+
private void processX509(CMSTemplateParams argSet, IArgBlock header,
- BigInteger seq, HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ BigInteger seq, HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) throws EBaseException {
try {
ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
- if (rec == null) {
- CMS.debug("DisplayBySerial: failed to read record");
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+ if (rec == null) {
+ CMS.debug("DisplayBySerial: failed to read record");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
X509CertImpl cert = rec.getCertificate();
- if (cert == null) {
- CMS.debug("DisplayBySerial: no certificate in record");
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+ if (cert == null) {
+ CMS.debug("DisplayBySerial: no certificate in record");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
try {
- X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
- if (info == null) {
- CMS.debug("DisplayBySerial: no info found");
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+ X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME
+ + "." + X509CertImpl.INFO);
+ if (info == null) {
+ CMS.debug("DisplayBySerial: no info found");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
- CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) info
+ .get(X509CertInfo.EXTENSIONS);
boolean emailCert = false;
@@ -282,16 +288,20 @@ public class DisplayBySerial extends CMSServlet {
if (ext instanceof NSCertTypeExtension) {
NSCertTypeExtension type = (NSCertTypeExtension) ext;
- if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue())
+ if (((Boolean) type.get(NSCertTypeExtension.EMAIL))
+ .booleanValue())
emailCert = true;
}
if (ext instanceof KeyUsageExtension) {
- KeyUsageExtension usage =
- (KeyUsageExtension) ext;
+ KeyUsageExtension usage = (KeyUsageExtension) ext;
try {
- if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
- ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+ if (((Boolean) usage
+ .get(KeyUsageExtension.DIGITAL_SIGNATURE))
+ .booleanValue()
+ || ((Boolean) usage
+ .get(KeyUsageExtension.DATA_ENCIPHERMENT))
+ .booleanValue())
emailCert = true;
} catch (ArrayIndexOutOfBoundsException e) {
// bug356108:
@@ -304,16 +314,23 @@ public class DisplayBySerial extends CMSServlet {
header.addBooleanValue("emailCert", emailCert);
boolean noCertImport = true;
- MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
+ MetaInfo metaInfo = (MetaInfo) rec
+ .get(ICertRecord.ATTR_META_INFO);
if (metaInfo != null) {
- String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
-
- if (rid != null && mAuthority instanceof ICertificateAuthority) {
- IRequest r = ((ICertificateAuthority) mAuthority).getRequestQueue().findRequest(new RequestId(rid));
- String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-
- if (certType != null && certType.equals(IRequest.CLIENT_CERT)) {
+ String rid = (String) metaInfo
+ .get(ICertRecord.META_REQUEST_ID);
+
+ if (rid != null
+ && mAuthority instanceof ICertificateAuthority) {
+ IRequest r = ((ICertificateAuthority) mAuthority)
+ .getRequestQueue().findRequest(
+ new RequestId(rid));
+ String certType = r.getExtDataInString(
+ IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+
+ if (certType != null
+ && certType.equals(IRequest.CLIENT_CERT)) {
noCertImport = false;
}
}
@@ -321,8 +338,9 @@ public class DisplayBySerial extends CMSServlet {
header.addBooleanValue("noCertImport", noCertImport);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS",
+ e.toString()));
}
IRevocationInfo revocationInfo = rec.getRevocationInfo();
@@ -338,7 +356,8 @@ public class DisplayBySerial extends CMSServlet {
Extension ext = (Extension) enumx.nextElement();
if (ext instanceof CRLReasonExtension) {
- reason = ((CRLReasonExtension) ext).getReason().toInt();
+ reason = ((CRLReasonExtension) ext).getReason()
+ .toInt();
}
}
header.addIntegerValue("revocationReason", reason);
@@ -347,20 +366,16 @@ public class DisplayBySerial extends CMSServlet {
ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert);
- header.addStringValue("certPrettyPrint",
- certDetails.toString(locale));
+ header.addStringValue("certPrettyPrint",
+ certDetails.toString(locale));
/*
- String scheme = req.getScheme();
- if (scheme.equals("http") && connectionIsSSL(req))
- scheme = "https";
- String requestURI = req.getRequestURI();
- int i = requestURI.indexOf('?');
- String newRequestURI =
- (i > -1)? requestURI.substring(0, i): requestURI;
- header.addStringValue("serviceURL", scheme +"://"+
- req.getServerName() + ":"+
- req.getServerPort() + newRequestURI);
+ * String scheme = req.getScheme(); if (scheme.equals("http") &&
+ * connectionIsSSL(req)) scheme = "https"; String requestURI =
+ * req.getRequestURI(); int i = requestURI.indexOf('?'); String
+ * newRequestURI = (i > -1)? requestURI.substring(0, i): requestURI;
+ * header.addStringValue("serviceURL", scheme +"://"+
+ * req.getServerName() + ":"+ req.getServerPort() + newRequestURI);
*/
header.addStringValue("authorityid", mAuthority.getId());
@@ -369,8 +384,9 @@ public class DisplayBySerial extends CMSServlet {
try {
certFingerprints = CMS.getFingerPrints(cert);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT",
+ e.toString()));
}
if (certFingerprints.length() > 0)
header.addStringValue("certFingerprint", certFingerprints);
@@ -378,30 +394,30 @@ public class DisplayBySerial extends CMSServlet {
byte[] ba = cert.getEncoded();
// Do base 64 encoding
- header.addStringValue("certChainBase64", com.netscape.osutil.OSUtil.BtoA(ba));
+ header.addStringValue("certChainBase64",
+ com.netscape.osutil.OSUtil.BtoA(ba));
header.addStringValue("serialNumber", seq.toString(16));
/*
- String userAgent = req.getHeader("user-agent");
- String agent =
- (userAgent != null)? UserInfo.getUserAgent(userAgent): "";
+ * String userAgent = req.getHeader("user-agent"); String agent =
+ * (userAgent != null)? UserInfo.getUserAgent(userAgent): "";
*/
// Now formulate a PKCS#7 blob
- X509CertImpl[] certsInChain = new X509CertImpl[1];;
+ X509CertImpl[] certsInChain = new X509CertImpl[1];
+ ;
if (mCACerts != null) {
for (int i = 0; i < mCACerts.length; i++) {
if (cert.equals(mCACerts[i])) {
- certsInChain = new
- X509CertImpl[mCACerts.length];
+ certsInChain = new X509CertImpl[mCACerts.length];
break;
}
certsInChain = new X509CertImpl[mCACerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = cert;
-
+
// Set the Ca certificate chain
if (mCACerts != null) {
for (int i = 0; i < mCACerts.length; i++) {
@@ -414,43 +430,42 @@ public class DisplayBySerial extends CMSServlet {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]),
- certsInChain,
- new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
+ new byte[0]), certsInChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
- p7.encodeSignedData(bos,false);
+ p7.encodeSignedData(bos, false);
byte[] p7Bytes = bos.toByteArray();
- p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
+ p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
header.addStringValue("pkcs7ChainBase64", p7Str);
} catch (Exception e) {
- //p7Str = "PKCS#7 B64 Encoding error - " + e.toString()
- //+ "; Please contact your administrator";
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
+ // p7Str = "PKCS#7 B64 Encoding error - " + e.toString()
+ // + "; Please contact your administrator";
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1",
+ e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7"));
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
throw e;
} catch (CertificateEncodingException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
}
return;
}
-
+
private ICertRecord getCertRecord(BigInteger seq, String certtype[])
- throws EBaseException {
+ throws EBaseException {
ICertRecord rec = null;
-
+
try {
rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
X509CertImpl x509cert = rec.getCertificate();
@@ -460,28 +475,28 @@ public class DisplayBySerial extends CMSServlet {
return rec;
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
throw e;
}
-
+
return rec;
}
private BigInteger getSerialNumber(HttpServletRequest req)
- throws NumberFormatException {
+ throws NumberFormatException {
String serialNumString = req.getParameter("serialNumber");
if (serialNumString != null) {
serialNumString = serialNumString.trim();
- if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) {
+ if (serialNumString.startsWith("0x")
+ || serialNumString.startsWith("0X")) {
return new BigInteger(serialNumString.substring(2), 16);
} else {
- return new BigInteger(serialNumString);
+ return new BigInteger(serialNumString);
}
- } else {
+ } else {
throw new NumberFormatException();
- }
+ }
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
index 3a5f3f06..7f47db5f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
@@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Decode the CRL and display it to the requester.
- *
+ *
* @version $Revision$, $Date$
*/
public class DisplayCRL extends CMSServlet {
@@ -64,8 +62,8 @@ public class DisplayCRL extends CMSServlet {
private static final long serialVersionUID = 1152016798229054027L;
private final static String INFO = "DisplayCRL";
private final static String TPL_FILE = "displayCRL.template";
- //private final static String E_TPL_FILE = "error.template";
- //private final static String OUT_ERROR = "errorDetails";
+ // private final static String E_TPL_FILE = "error.template";
+ // private final static String OUT_ERROR = "errorDetails";
private String mFormPath = null;
private ICertificateAuthority mCA = null;
@@ -78,9 +76,10 @@ public class DisplayCRL extends CMSServlet {
}
/**
- * Initialize the servlet. This servlet uses the 'displayCRL.template' file to
- * to render the response to the client.
- * @param sc servlet configuration, read from the web.xml file
+ * Initialize the servlet. This servlet uses the 'displayCRL.template' file
+ * to to render the response to the client.
+ *
+ * @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -96,15 +95,16 @@ public class DisplayCRL extends CMSServlet {
}
/**
- * Process the HTTP request
+ * Process the HTTP request
* <ul>
- * <li>http.param crlIssuingPoint number
- * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL
- * <li>http.param pageStart which page to start displaying from
- * <li>http.param pageSize number of entries to show per page
+ * <li>http.param crlIssuingPoint number
+ * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or
+ * deltaCRL
+ * <li>http.param pageStart which page to start displaying from
+ * <li>http.param pageSize number of entries to show per page
* </ul>
+ *
* @param cmsReq the Request to service.
-
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
@@ -115,8 +115,8 @@ public class DisplayCRL extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (Exception e) {
// do nothing for now
}
@@ -132,8 +132,9 @@ public class DisplayCRL extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath,
+ e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
@@ -147,24 +148,25 @@ public class DisplayCRL extends CMSServlet {
String crlIssuingPointId = req.getParameter("crlIssuingPoint");
- process(argSet, header, req, resp, crlIssuingPointId,
- locale[0]);
+ process(argSet, header, req, resp, crlIssuingPointId, locale[0]);
try {
ServletOutputStream out = resp.getOutputStream();
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
@@ -172,10 +174,8 @@ public class DisplayCRL extends CMSServlet {
* Display information about a particular CRL.
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- String crlIssuingPointId,
- Locale locale) {
+ HttpServletRequest req, HttpServletResponse resp,
+ String crlIssuingPointId, Locale locale) {
boolean updateStatus = true;
EBaseException error = null;
ICRLIssuingPoint crlIP = null;
@@ -189,27 +189,30 @@ public class DisplayCRL extends CMSServlet {
ICRLRepository crlRepository = mCA.getCRLRepository();
try {
- masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
- masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
- if (masterHost != null && masterHost.length() > 0 &&
- masterPort != null && masterPort.length() > 0) {
+ masterHost = CMS.getConfigStore().getString("master.ca.agent.host",
+ "");
+ masterPort = CMS.getConfigStore().getString("master.ca.agent.port",
+ "");
+ if (masterHost != null && masterHost.length() > 0
+ && masterPort != null && masterPort.length() > 0) {
clonedCA = true;
ipNames = crlRepository.getIssuingPointsNames();
}
} catch (EBaseException e) {
}
-
+
if (clonedCA) {
if (crlIssuingPointId != null) {
if (ipNames != null && ipNames.size() > 0) {
int i;
for (i = 0; i < ipNames.size(); i++) {
- String ipName = (String)ipNames.elementAt(i);
+ String ipName = (String) ipNames.elementAt(i);
if (crlIssuingPointId.equals(ipName)) {
break;
}
}
- if (i >= ipNames.size()) crlIssuingPointId = null;
+ if (i >= ipNames.size())
+ crlIssuingPointId = null;
} else {
crlIssuingPointId = null;
}
@@ -226,13 +229,15 @@ public class DisplayCRL extends CMSServlet {
isCRLCacheEnabled = ip.isCRLCacheEnabled();
break;
}
- if (!ips.hasMoreElements()) crlIssuingPointId = null;
+ if (!ips.hasMoreElements())
+ crlIssuingPointId = null;
}
}
}
if (crlIssuingPointId == null) {
header.addStringValue("error",
- "Request to unspecified or non-existing CRL issuing point: "+ipId);
+ "Request to unspecified or non-existing CRL issuing point: "
+ + ipId);
return;
}
@@ -240,36 +245,43 @@ public class DisplayCRL extends CMSServlet {
String crlDisplayType = req.getParameter("crlDisplayType");
- if (crlDisplayType == null) crlDisplayType = "cachedCRL";
+ if (crlDisplayType == null)
+ crlDisplayType = "cachedCRL";
header.addStringValue("crlDisplayType", crlDisplayType);
try {
- crlRecord =
- (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId);
+ crlRecord = (ICRLIssuingPointRecord) mCA.getCRLRepository()
+ .readCRLIssuingPointRecord(crlIssuingPointId);
} catch (EBaseException e) {
header.addStringValue("error", e.toString(locale));
return;
}
if (crlRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
- return;
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+ header.addStringValue(
+ "error",
+ new ECMSGWException(CMS.getUserMessage(locale,
+ "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+ return;
}
header.addStringValue("crlIssuingPoint", crlIssuingPointId);
if (crlDisplayType.equals("deltaCRL")) {
if (clonedCA) {
- header.addStringValue("crlNumber", crlRecord.getDeltaCRLNumber().toString());
+ header.addStringValue("crlNumber", crlRecord
+ .getDeltaCRLNumber().toString());
} else {
- header.addStringValue("crlNumber", crlIP.getDeltaCRLNumber().toString());
+ header.addStringValue("crlNumber", crlIP.getDeltaCRLNumber()
+ .toString());
}
} else {
if (clonedCA) {
- header.addStringValue("crlNumber", crlRecord.getCRLNumber().toString());
+ header.addStringValue("crlNumber", crlRecord.getCRLNumber()
+ .toString());
} else {
- header.addStringValue("crlNumber", crlIP.getCRLNumber().toString());
+ header.addStringValue("crlNumber", crlIP.getCRLNumber()
+ .toString());
}
}
long lCRLSize = crlRecord.getCRLSize().longValue();
@@ -283,10 +295,12 @@ public class DisplayCRL extends CMSServlet {
byte[] crlbytes = crlRecord.getCRL();
if (crlbytes == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+ header.addStringValue(
+ "error",
+ new ECMSGWException(CMS.getUserMessage(locale,
+ "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
return;
}
@@ -298,14 +312,19 @@ public class DisplayCRL extends CMSServlet {
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString()));
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString()));
+ header.addStringValue(
+ "error",
+ new ECMSGWException(CMS.getUserMessage(locale,
+ "CMS_GW_DECODE_CRL_FAILED")).toString());
}
}
- if (crl != null || (isCRLCacheEnabled && crlDisplayType.equals("cachedCRL"))) {
- if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) {
+ if (crl != null
+ || (isCRLCacheEnabled && crlDisplayType.equals("cachedCRL"))) {
+ if (crlDisplayType.equals("entireCRL")
+ || crlDisplayType.equals("cachedCRL")) {
ICRLPrettyPrint crlDetails = null;
if (crlDisplayType.equals("entireCRL")) {
crlDetails = CMS.getCRLPrettyPrint(crl);
@@ -320,28 +339,29 @@ public class DisplayCRL extends CMSServlet {
long lPageStart = new Long(pageStart).longValue();
long lPageSize = new Long(pageSize).longValue();
- if (lPageStart < 1) lPageStart = 1;
+ if (lPageStart < 1)
+ lPageStart = 1;
// if (lPageStart + lPageSize - lCRLSize > 1)
- // lPageStart = lCRLSize - lPageSize + 1;
+ // lPageStart = lCRLSize - lPageSize + 1;
- header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale,
- lCRLSize, lPageStart, lPageSize));
+ header.addStringValue("crlPrettyPrint", crlDetails
+ .toString(locale, lCRLSize, lPageStart, lPageSize));
header.addLongValue("pageStart", lPageStart);
header.addLongValue("pageSize", lPageSize);
} else {
- header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale));
+ header.addStringValue("crlPrettyPrint",
+ crlDetails.toString(locale));
}
} else if (crlDisplayType.equals("crlHeader")) {
ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
- header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0));
+ header.addStringValue("crlPrettyPrint",
+ crlDetails.toString(locale, lCRLSize, 0, 0));
} else if (crlDisplayType.equals("base64Encoded")) {
try {
byte[] ba = crl.getEncoded();
- String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba);
+ String crlBase64Encoded = com.netscape.osutil.OSUtil
+ .BtoA(ba);
int length = crlBase64Encoded.length();
int i = 0;
int j = 0;
@@ -356,7 +376,8 @@ public class DisplayCRL extends CMSServlet {
if (i >= length) {
IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
+ rarg.addStringValue("crlBase64Encoded",
+ crlBase64Encoded.substring(j, k));
argSet.addRepeatRecord(rarg);
}
} else {
@@ -364,11 +385,13 @@ public class DisplayCRL extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
if (k > -1) {
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
+ rarg.addStringValue("crlBase64Encoded",
+ crlBase64Encoded.substring(j, k));
i = k + 1;
j = i;
} else {
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length));
+ rarg.addStringValue("crlBase64Encoded",
+ crlBase64Encoded.substring(j, length));
i = length;
}
argSet.addRepeatRecord(rarg);
@@ -377,70 +400,93 @@ public class DisplayCRL extends CMSServlet {
} catch (CRLException e) {
}
} else if (crlDisplayType.equals("deltaCRL")) {
- if ((clonedCA && crlRecord.getDeltaCRLSize() != null &&
- crlRecord.getDeltaCRLSize().longValue() > -1) ||
- (crlIP != null && crlIP.isDeltaCRLEnabled())) {
+ if ((clonedCA && crlRecord.getDeltaCRLSize() != null && crlRecord
+ .getDeltaCRLSize().longValue() > -1)
+ || (crlIP != null && crlIP.isDeltaCRLEnabled())) {
byte[] deltaCRLBytes = crlRecord.getDeltaCRL();
if (deltaCRLBytes == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId));
- header.addStringValue("error", "Delta CRL is not available");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId));
+ header.addStringValue("error",
+ "Delta CRL is not available");
} else {
X509CRLImpl deltaCRL = null;
try {
deltaCRL = new X509CRLImpl(deltaCRLBytes);
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString()));
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_DECODE_DELTA_CRL", e.toString()));
+ header.addStringValue(
+ "error",
+ new ECMSGWException(CMS.getUserMessage(
+ locale, "CMS_GW_DECODE_CRL_FAILED"))
+ .toString());
}
if (deltaCRL != null) {
BigInteger crlNumber = crlRecord.getCRLNumber();
- BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
- if ((clonedCA && crlNumber != null && deltaNumber != null &&
- deltaNumber.compareTo(crlNumber) >= 0) ||
- (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) {
+ BigInteger deltaNumber = crlRecord
+ .getDeltaCRLNumber();
+ if ((clonedCA && crlNumber != null
+ && deltaNumber != null && deltaNumber
+ .compareTo(crlNumber) >= 0)
+ || (crlIP != null && crlIP
+ .isThisCurrentDeltaCRL(deltaCRL))) {
- header.addIntegerValue("deltaCRLSize",
- deltaCRL.getNumberOfRevokedCertificates());
+ header.addIntegerValue("deltaCRLSize", deltaCRL
+ .getNumberOfRevokedCertificates());
- ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL);
+ ICRLPrettyPrint crlDetails = CMS
+ .getCRLPrettyPrint(deltaCRL);
- header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0));
+ header.addStringValue("crlPrettyPrint",
+ crlDetails.toString(locale, 0, 0, 0));
try {
byte[] ba = deltaCRL.getEncoded();
- String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba);
+ String crlBase64Encoded = com.netscape.osutil.OSUtil
+ .BtoA(ba);
int length = crlBase64Encoded.length();
int i = 0;
int j = 0;
int n = 1;
while (i < length) {
- int k = crlBase64Encoded.indexOf('\n', i);
+ int k = crlBase64Encoded.indexOf('\n',
+ i);
if (n < 100 && k > -1) {
n++;
i = k + 1;
if (i >= length) {
- IArgBlock rarg = CMS.createArgBlock();
+ IArgBlock rarg = CMS
+ .createArgBlock();
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
+ rarg.addStringValue(
+ "crlBase64Encoded",
+ crlBase64Encoded
+ .substring(j, k));
argSet.addRepeatRecord(rarg);
}
} else {
n = 1;
- IArgBlock rarg = CMS.createArgBlock();
+ IArgBlock rarg = CMS
+ .createArgBlock();
if (k > -1) {
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
+ rarg.addStringValue(
+ "crlBase64Encoded",
+ crlBase64Encoded
+ .substring(j, k));
i = k + 1;
j = i;
} else {
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length));
+ rarg.addStringValue(
+ "crlBase64Encoded",
+ crlBase64Encoded
+ .substring(j,
+ length));
i = length;
}
argSet.addRepeatRecord(rarg);
@@ -449,25 +495,32 @@ public class DisplayCRL extends CMSServlet {
} catch (CRLException e) {
}
} else {
- header.addStringValue("error", "Current Delta CRL is not available.");
+ header.addStringValue("error",
+ "Current Delta CRL is not available.");
}
}
}
} else {
- header.addStringValue("error", "Delta CRL is not enabled for " +
- crlIssuingPointId +
- " issuing point");
+ header.addStringValue("error",
+ "Delta CRL is not enabled for " + crlIssuingPointId
+ + " issuing point");
}
}
} else if (!isCRLCacheEnabled && crlDisplayType.equals("cachedCRL")) {
- header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
- header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
+ header.addStringValue("error", CMS.getUserMessage(locale,
+ "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
+ header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale,
+ "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
} else {
- header.addStringValue("error",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
- header.addStringValue("crlPrettyPrint",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+ header.addStringValue(
+ "error",
+ new ECMSGWException(CMS.getUserMessage(locale,
+ "CMS_GW_DECODE_CRL_FAILED")).toString());
+ header.addStringValue(
+ "crlPrettyPrint",
+ new ECMSGWException(CMS.getUserMessage(locale,
+ "CMS_GW_DECODE_CRL_FAILED")).toString());
}
return;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
index 6efda2bb..74c4ff28 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Date;
import java.util.Locale;
@@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Servlet to report the status, ie, the agent-initiated user
- * enrollment is enabled or disabled.
- *
+ * Servlet to report the status, ie, the agent-initiated user enrollment is
+ * enabled or disabled.
+ *
* @version $Revision$, $Date$
*/
public class DisplayHashUserEnroll extends CMSServlet {
@@ -72,8 +70,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
super.init(sc);
try {
- mFormPath = sc.getInitParameter(
- PROP_SUCCESS_TEMPLATE);
+ mFormPath = sc.getInitParameter(PROP_SUCCESS_TEMPLATE);
if (mFormPath == null)
mFormPath = TPL_FILE;
} catch (Exception e) {
@@ -89,8 +86,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
/**
* Services the request
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -98,8 +94,8 @@ public class DisplayHashUserEnroll extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (Exception e) {
// do nothing for now
}
@@ -115,9 +111,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
IArgBlock args = cmsReq.getHttpParams();
if (!(mAuthority instanceof IRegistrationAuthority)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE"));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -128,7 +125,8 @@ public class DisplayHashUserEnroll extends CMSServlet {
IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("hashDirEnrollment.name");
- IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem authSS = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
IAuthManager authMgr = authSS.get(val);
HashAuthentication mgr = (HashAuthentication) authMgr;
boolean isEnable = mgr.isEnable(reqHost);
@@ -152,7 +150,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
printError(cmsReq, "2");
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
- }
+ }
mgr.setLastLogin(reqHost, currTime);
@@ -162,10 +160,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -177,10 +175,11 @@ public class DisplayHashUserEnroll extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -188,7 +187,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
}
private void printError(CMSRequest cmsReq, String errorCode)
- throws EBaseException {
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -207,10 +206,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
try {
form = getTemplate(formPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -223,10 +222,11 @@ public class DisplayHashUserEnroll extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
+ e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
index b333c787..dbca061a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -71,10 +70,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Revoke a Certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class DoRevoke extends CMSServlet {
@@ -98,20 +96,17 @@ public class DoRevoke extends CMSServlet {
private final static String REVOKE = "revoke";
private final static String ON_HOLD = "on-hold";
private final static int ON_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
public DoRevoke() {
super();
}
/**
- * initialize the servlet. This servlet uses the template
- * file "revocationResult.template" to render the result
+ * initialize the servlet. This servlet uses the template file
+ * "revocationResult.template" to render the result
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -122,13 +117,15 @@ public class DoRevoke extends CMSServlet {
mUL = mUG.getCertUserLocator();
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
if (((ICertificateAuthority) mAuthority).noncesEnabled()) {
mNonces = ((ICertificateAuthority) mAuthority).getNonces();
}
}
if (mAuthority instanceof ICertAuthority) {
- mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
+ mPublisherProcessor = ((ICertAuthority) mAuthority)
+ .getPublisherProcessor();
}
mQueue = mAuthority.getRequestQueue();
@@ -145,16 +142,20 @@ public class DoRevoke extends CMSServlet {
}
/**
- * Serves HTTP request. The http parameters used by this request are as follows:
+ * Serves HTTP request. The http parameters used by this request are as
+ * follows:
+ *
* <pre>
* serialNumber Serial number of certificate to revoke (in HEX)
* revocationReason Revocation reason (Described below)
* totalRecordCount [number]
* verifiedRecordCount [number]
* invalidityDate [number of seconds in Jan 1,1970]
- *
+ *
* </pre>
+ *
* revocationReason can be one of these values:
+ *
* <pre>
* 0 = Unspecified (default)
* 1 = Key compromised
@@ -184,8 +185,11 @@ public class DoRevoke extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
IArgBlock header = CMS.createArgBlock();
@@ -194,21 +198,18 @@ public class DoRevoke extends CMSServlet {
try {
if (req.getParameter("revocationReason") != null) {
- reason = Integer.parseInt(req.getParameter(
- "revocationReason"));
+ reason = Integer.parseInt(req.getParameter("revocationReason"));
}
if (req.getParameter("totalRecordCount") != null) {
- totalRecordCount = Integer.parseInt(req.getParameter(
- "totalRecordCount"));
+ totalRecordCount = Integer.parseInt(req
+ .getParameter("totalRecordCount"));
}
if (req.getParameter("verifiedRecordCount") != null) {
- verifiedRecordCount = Integer.parseInt(
- req.getParameter(
- "verifiedRecordCount"));
+ verifiedRecordCount = Integer.parseInt(req
+ .getParameter("verifiedRecordCount"));
}
if (req.getParameter("invalidityDate") != null) {
- long l = Long.parseLong(req.getParameter(
- "invalidityDate"));
+ long l = Long.parseLong(req.getParameter("invalidityDate"));
if (l > 0) {
invalidityDate = new Date(l);
@@ -226,10 +227,11 @@ public class DoRevoke extends CMSServlet {
certChain[0] = cert2;
IUser user = null;
try {
- user = (IUser) mUL.locateUser(new Certificates(certChain));
+ user = (IUser) mUL.locateUser(new Certificates(
+ certChain));
} catch (Exception e) {
- CMS.debug("DoRevoke: Failed to map certificate '"+
- cert2.getSubjectDN().getName()+"' to user.");
+ CMS.debug("DoRevoke: Failed to map certificate '"
+ + cert2.getSubjectDN().getName() + "' to user.");
}
if (mUG.isMemberOf(user, "Subsystem Group")) {
skipNonceVerification = true;
@@ -242,15 +244,17 @@ public class DoRevoke extends CMSServlet {
X509Certificate cert1 = mNonces.getCertificate(nonce);
if (cert1 == null) {
CMS.debug("DoRevoke: Unknown nonce");
- } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) {
+ } else if (cert1 != null && cert2 != null
+ && cert1.equals(cert2)) {
nonceVerified = true;
mNonces.removeNonce(nonce);
}
} else {
CMS.debug("DoRevoke: Missing nonce");
}
- CMS.debug("DoRevoke: nonceVerified="+nonceVerified);
- CMS.debug("DoRevoke: skipNonceVerification="+skipNonceVerification);
+ CMS.debug("DoRevoke: nonceVerified=" + nonceVerified);
+ CMS.debug("DoRevoke: skipNonceVerification="
+ + skipNonceVerification);
if ((!nonceVerified) && (!skipNonceVerification)) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
@@ -261,7 +265,7 @@ public class DoRevoke extends CMSServlet {
String eeSubjectDN = null;
String eeSerialNumber = null;
- //for audit log.
+ // for audit log.
String initiative = null;
String authMgr = AuditFormat.NOAUTH;
@@ -272,46 +276,51 @@ public class DoRevoke extends CMSServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "revoke");
+ mAuthzResourceName, "revoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
-
- if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+
+ if (mAuthMgr != null
+ && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
if (authToken != null) {
String serialNumber = req.getParameter("serialNumber");
X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
- if (serialNumber != null) {
+ if (serialNumber != null) {
eeSerialNumber = serialNumber;
}
- authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
String agentID = authToken.getInString("userid");
- initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
- " authenticated by " + authMgr;
+ initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
+ + " authenticated by " + authMgr;
}
} else {
// request is fromUser.
initiative = AuditFormat.FROMUSER;
-
+
String serialNumber = req.getParameter("serialNumber");
X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
- if (serialNumber == null || sslCert == null ||
- !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) {
+ if (serialNumber == null
+ || sslCert == null
+ || !(serialNumber.equals(sslCert.getSerialNumber()
+ .toString(16)))) {
authorized = false;
} else {
eeSubjectDN = sslCert.getSubjectDN().toString();
@@ -322,29 +331,25 @@ public class DoRevoke extends CMSServlet {
if (authorized) {
process(argSet, header, reason, invalidityDate, initiative,
- req, resp, verifiedRecordCount, revokeAll,
- totalRecordCount, eeSerialNumber, eeSubjectDN,
- comments, locale[0]);
+ req, resp, verifiedRecordCount, revokeAll,
+ totalRecordCount, eeSerialNumber, eeSubjectDN,
+ comments, locale[0]);
}
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
- error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
/*
- catch (Exception e) {
- noError = false;
- header.addStringValue(OUT_ERROR,
- MessageFormatter.getLocalizedString(
- errorlocale[0],
- BaseResources.class.getName(),
- BaseResources.INTERNAL_ERROR_1,
- e.toString()));
- }
+ * catch (Exception e) { noError = false;
+ * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString(
+ * errorlocale[0], BaseResources.class.getName(),
+ * BaseResources.INTERNAL_ERROR_1, e.toString())); }
*/
try {
@@ -353,11 +358,11 @@ public class DoRevoke extends CMSServlet {
if (error == null && authorized) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else if (!authorized) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
@@ -366,67 +371,63 @@ public class DoRevoke extends CMSServlet {
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
/**
* Process cert status change request
* <P>
- *
- * (Certificate Request - either an "agent" cert status change request,
- * or an "EE" cert status change request)
+ *
+ * (Certificate Request - either an "agent" cert status change request, or
+ * an "EE" cert status change request)
* <P>
- *
- * (Certificate Request Processed - either an "agent" cert status change
- * request, or an "EE" cert status change request)
+ *
+ * (Certificate Request Processed - either an "agent" cert status change
+ * request, or an "EE" cert status change request)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+ * when a cert status change request (e. g. - "revocation") is made (before
* approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (revoked, expired, on-hold,
- * off-hold)
+ * <li>signed.audit
+ * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+ * certificate status is changed (revoked, expired, on-hold, off-hold)
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
- * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
- * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
- * 4 - Certificate superceded, 5 - Cessation of operation, or
- * 6 - Certificate is on hold)
+ * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2
+ * - CA key compromised; should not be used, 3 - Affiliation
+ * changed, 4 - Certificate superceded, 5 - Cessation of
+ * operation, or 6 - Certificate is on hold)
* @param invalidityDate certificate validity date
* @param initiative string containing the audit format
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param verifiedRecordCount number of verified records
- * @param revokeAll string containing information on all of the
- * certificates to be revoked
+ * @param revokeAll string containing information on all of the certificates
+ * to be revoked
* @param totalRecordCount total number of records (verified and unverified)
- * @param eeSerialNumber string containing the end-entity certificate
- * serial number
+ * @param eeSerialNumber string containing the end-entity certificate serial
+ * number
* @param eeSubjectDN string containing the end-entity certificate subject
- * distinguished name (DN)
+ * distinguished name (DN)
* @param comments string containing certificate comments
* @param locale the system locale
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate,
- String initiative,
- HttpServletRequest req,
- HttpServletResponse resp,
- int verifiedRecordCount,
- String revokeAll,
- int totalRecordCount,
- String eeSerialNumber,
- String eeSubjectDN,
- String comments,
- Locale locale)
- throws EBaseException {
+ int reason, Date invalidityDate, String initiative,
+ HttpServletRequest req, HttpServletResponse resp,
+ int verifiedRecordCount, String revokeAll, int totalRecordCount,
+ String eeSerialNumber, String eeSubjectDN, String comments,
+ Locale locale) throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -436,7 +437,8 @@ public class DoRevoke extends CMSServlet {
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
String auditReasonNum = String.valueOf(reason);
- CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber);
+ CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber
+ + " auditSerialNumber: " + auditSerialNumber);
long startTime = CMS.getCurrentDate().getTime();
try {
@@ -479,47 +481,54 @@ public class DoRevoke extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
// we do not want to revoke the CA certificate accidentially
- if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) {
- CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber());
+ if (xcert != null
+ && isSystemCertificate(xcert.getSerialNumber())) {
+ CMS.debug("DoRevoke: skipped revocation request for system certificate "
+ + xcert.getSerialNumber());
continue;
}
-
- if (xcert != null) {
- rarg.addStringValue("serialNumber",
- xcert.getSerialNumber().toString(16));
- if (eeSerialNumber != null &&
- (eeSerialNumber.equals(xcert.getSerialNumber().toString())) &&
- rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16)));
+ if (xcert != null) {
+ rarg.addStringValue("serialNumber", xcert
+ .getSerialNumber().toString(16));
+
+ if (eeSerialNumber != null
+ && (eeSerialNumber.equals(xcert
+ .getSerialNumber().toString()))
+ && rec.getStatus().equals(
+ ICertRecord.STATUS_REVOKED)) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CA_CERTIFICATE_ALREADY_REVOKED_1", xcert
+ .getSerialNumber().toString(16)));
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
- } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
- rarg.addStringValue("error", "Certificate 0x" +
- xcert.getSerialNumber().toString(16) +
- " is already revoked.");
- } else if (eeSubjectDN != null &&
- (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) {
- rarg.addStringValue("error", "Certificate 0x" +
- xcert.getSerialNumber().toString(16) +
- " belongs to different subject.");
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
+ } else if (rec.getStatus().equals(
+ ICertRecord.STATUS_REVOKED)) {
+ rarg.addStringValue("error", "Certificate 0x"
+ + xcert.getSerialNumber().toString(16)
+ + " is already revoked.");
+ } else if (eeSubjectDN != null
+ && (!eeSubjectDN.equals(xcert.getSubjectDN()
+ .toString()))) {
+ rarg.addStringValue("error", "Certificate 0x"
+ + xcert.getSerialNumber().toString(16)
+ + " belongs to different subject.");
} else {
oldCertsV.addElement(xcert);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(xcert.getSerialNumber(),
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ xcert.getSerialNumber(),
CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
@@ -535,57 +544,67 @@ public class DoRevoke extends CMSServlet {
Vector serialNumbers = new Vector();
if (revokeAll != null && revokeAll.length() > 0) {
- for (int i = revokeAll.indexOf('=');
- i < revokeAll.length() && i > -1;
- i = revokeAll.indexOf('=', i)) {
+ for (int i = revokeAll.indexOf('='); i < revokeAll.length()
+ && i > -1; i = revokeAll.indexOf('=', i)) {
if (i > -1) {
i++;
- while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
+ while (i < revokeAll.length()
+ && revokeAll.charAt(i) == ' ') {
i++;
}
// xxxx decimal serial number?
String legalDigits = "0123456789";
int j = i;
- while (j < revokeAll.length() && legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+ while (j < revokeAll.length()
+ && legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
j++;
}
if (j > i) {
- serialNumbers.addElement(revokeAll.substring(i, j));
+ serialNumbers.addElement(revokeAll.substring(i,
+ j));
}
}
}
}
- if (reqIdStr != null && reqIdStr.length() > 0 && serialNumbers.size() > 0) {
- IRequest certReq = mRequestQueue.findRequest(new RequestId(reqIdStr));
- X509CertImpl[] certs = certReq.getExtDataInCertArray(IRequest.OLD_CERTS);
+ if (reqIdStr != null && reqIdStr.length() > 0
+ && serialNumbers.size() > 0) {
+ IRequest certReq = mRequestQueue.findRequest(new RequestId(
+ reqIdStr));
+ X509CertImpl[] certs = certReq
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
boolean authorized = false;
for (int i = 0; i < certs.length; i++) {
boolean addToList = false;
- for (int j = 0; j < serialNumbers.size();
- j++) {
- //xxxxx serial number in decimal?
- if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) &&
- eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) {
+ for (int j = 0; j < serialNumbers.size(); j++) {
+ // xxxxx serial number in decimal?
+ if (certs[i]
+ .getSerialNumber()
+ .toString()
+ .equals((String) serialNumbers.elementAt(j))
+ && eeSubjectDN != null
+ && eeSubjectDN.equals(certs[i]
+ .getSubjectDN().toString())) {
addToList = true;
break;
}
}
- if (eeSerialNumber != null &&
- eeSerialNumber.equals(certs[i].getSerialNumber().toString())) {
+ if (eeSerialNumber != null
+ && eeSerialNumber.equals(certs[i]
+ .getSerialNumber().toString())) {
authorized = true;
}
if (addToList) {
IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("serialNumber",
- certs[i].getSerialNumber().toString(16));
+ rarg.addStringValue("serialNumber", certs[i]
+ .getSerialNumber().toString(16));
oldCertsV.addElement(certs[i]);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(certs[i].getSerialNumber(),
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ certs[i].getSerialNumber(),
CMS.getCurrentDate(), entryExtn);
revCertImplsV.addElement(revCertImpl);
@@ -596,38 +615,38 @@ public class DoRevoke extends CMSServlet {
}
if (!authorized) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
+ CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType);
audit(auditMessage);
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
}
} else {
String b64eCert = req.getParameter("b64eCertificate");
if (b64eCert != null) {
- // BASE64Decoder decoder = new BASE64Decoder();
- // byte[] certBytes = decoder.decodeBuffer(b64eCert);
+ // BASE64Decoder decoder = new BASE64Decoder();
+ // byte[] certBytes = decoder.decodeBuffer(b64eCert);
byte[] certBytes = CMS.AtoB(b64eCert);
X509CertImpl cert = new X509CertImpl(certBytes);
IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("serialNumber",
- cert.getSerialNumber().toString(16));
+ rarg.addStringValue("serialNumber", cert
+ .getSerialNumber().toString(16));
oldCertsV.addElement(cert);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(cert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ cert.getSerialNumber(), CMS.getCurrentDate(),
+ entryExtn);
revCertImplsV.addElement(revCertImpl);
count++;
@@ -636,27 +655,26 @@ public class DoRevoke extends CMSServlet {
}
}
}
- if (count == 0) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
+ if (count == 0) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_REVOCATION_ERROR_CERT_NOT_FOUND"));
}
header.addIntegerValue("totalRecordCount", count);
X509CertImpl[] oldCerts = new X509CertImpl[count];
- //Certificate[] oldCerts = new Certificate[count];
+ // Certificate[] oldCerts = new Certificate[count];
RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count];
for (int i = 0; i < count; i++) {
@@ -664,32 +682,29 @@ public class DoRevoke extends CMSServlet {
revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i);
}
- IRequest revReq =
- mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
- if(initiative.equals(AuditFormat.FROMUSER))
- revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
+ if (initiative.equals(AuditFormat.FROMUSER))
+ revReq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_EE);
else
- revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
+ revReq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_AGENT);
revReq.setExtData(IRequest.OLD_CERTS, oldCerts);
if (comments != null) {
revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
}
- revReq.setExtData(IRequest.REVOKED_REASON,
- Integer.valueOf(reason));
+ revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason));
// change audit processing from "REQUEST" to "REQUEST_PROCESSED"
// to distinguish which type of signed audit log message to save
@@ -707,38 +722,44 @@ public class DoRevoke extends CMSServlet {
// The SVC_PENDING check has been added for the Cloned CA request
// that is meant for the Master CA. From Clone's point of view
// the request is complete
- if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
- // audit log the error
+ if ((stat == RequestStatus.COMPLETE)
+ || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
+ // audit log the error
Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
- String[] svcErrors =
- revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors = revReq
+ .getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
String err = svcErrors[i];
if (err != null) {
- //cmsReq.setErrorDescription(err);
+ // cmsReq.setErrorDescription(err);
for (int j = 0; j < count; j++) {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: "
+ + err,
+ cert.getSubjectDN(),
+ cert.getSerialNumber()
+ .toString(
+ 16),
+ RevocationReason
+ .fromInt(
+ reason)
+ .toString() });
}
}
}
@@ -749,26 +770,24 @@ public class DoRevoke extends CMSServlet {
// store a message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus
+ .equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
- return;
+ return;
}
long endTime = CMS.getCurrentDate().getTime();
@@ -779,25 +798,29 @@ public class DoRevoke extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason)
+ .toString()
+ + " time: "
+ + (endTime - startTime) });
}
}
}
header.addStringValue("revoked", "yes");
- Integer updateCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
header.addStringValue("updateCRL", "yes");
@@ -805,92 +828,99 @@ public class DoRevoke extends CMSServlet {
header.addStringValue("updateCRLSuccess", "yes");
} else {
header.addStringValue("updateCRLSuccess", "no");
- String crlError =
- revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ String crlError = revReq
+ .getExtDataInString(IRequest.CRL_UPDATE_ERROR);
- if (crlError != null)
- header.addStringValue("updateCRLError",
- crlError);
+ if (crlError != null)
+ header.addStringValue("updateCRLError", crlError);
}
// let known crl publishing status too.
- Integer publishCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue("publishCRLSuccess", "yes");
} else {
header.addStringValue("publishCRLSuccess", "no");
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
- if (publError != null)
- header.addStringValue("publishCRLError",
- publError);
+ if (publError != null)
+ header.addStringValue("publishCRLError",
+ publError);
}
}
}
if (mAuthority instanceof ICertificateAuthority) {
- // let known update and publish status of all crls.
- Enumeration otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ // let known update and publish status of all crls.
+ Enumeration otherCRLs = ((ICertificateAuthority) mAuthority)
+ .getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
- ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs
+ .nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
continue;
String updateStatusStr = crl.getCrlUpdateStatusStr();
- Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
+ Integer updateResult = revReq
+ .getExtDataInInteger(updateStatusStr);
if (updateResult != null) {
if (updateResult.equals(IRequest.RES_SUCCESS)) {
- CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", updateStatusStr));
+ CMS.debug("DoRevoke: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_ADDING_HEADER",
+ updateStatusStr));
header.addStringValue(updateStatusStr, "yes");
} else {
- String updateErrorStr = crl.getCrlUpdateErrorStr();
+ String updateErrorStr = crl
+ .getCrlUpdateErrorStr();
- CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
- updateStatusStr));
+ CMS.debug("DoRevoke: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_ADDING_HEADER_NO",
+ updateStatusStr));
header.addStringValue(updateStatusStr, "no");
- String error =
- revReq.getExtDataInString(updateErrorStr);
+ String error = revReq
+ .getExtDataInString(updateErrorStr);
- if (error != null)
- header.addStringValue(updateErrorStr,
- error);
+ if (error != null)
+ header.addStringValue(updateErrorStr, error);
}
- String publishStatusStr = crl.getCrlPublishStatusStr();
- Integer publishResult =
- revReq.getExtDataInInteger(publishStatusStr);
+ String publishStatusStr = crl
+ .getCrlPublishStatusStr();
+ Integer publishResult = revReq
+ .getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (publishResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue(publishStatusStr, "yes");
} else {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr = crl
+ .getCrlPublishErrorStr();
header.addStringValue(publishStatusStr, "no");
- String error =
- revReq.getExtDataInString(publishErrorStr);
+ String error = revReq
+ .getExtDataInString(publishErrorStr);
- if (error != null)
- header.addStringValue(
- publishErrorStr, error);
+ if (error != null)
+ header.addStringValue(publishErrorStr,
+ error);
}
}
}
}
- if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
+ if (mPublisherProcessor != null
+ && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- revReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus = revReq
+ .getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -905,13 +935,12 @@ public class DoRevoke extends CMSServlet {
header.addIntegerValue("certsUpdated", certsUpdated);
header.addIntegerValue("certsToUpdate", certsToUpdate);
- // add crl publishing status.
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ // add crl publishing status.
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
- header.addStringValue("crlPublishError",
- publError);
+ header.addStringValue("crlPublishError", publError);
}
} else {
header.addStringValue("dirEnabled", "no");
@@ -919,12 +948,14 @@ public class DoRevoke extends CMSServlet {
header.addStringValue("error", null);
} else {
- if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) {
+ if (stat == RequestStatus.PENDING
+ || stat == RequestStatus.REJECTED) {
header.addStringValue("revoked", stat.toString());
} else {
header.addStringValue("revoked", "no");
}
- Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
+ Vector errors = revReq
+ .getExtDataInStringVector(IRequest.ERRORS);
if (errors != null) {
StringBuffer errInfo = new StringBuffer();
for (int i = 0; i < errors.size(); i++) {
@@ -945,17 +976,19 @@ public class DoRevoke extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason)
+ .toString() });
}
}
}
@@ -965,18 +998,17 @@ public class DoRevoke extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
- ) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -986,12 +1018,9 @@ public class DoRevoke extends CMSServlet {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -999,21 +1028,18 @@ public class DoRevoke extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -1027,12 +1053,9 @@ public class DoRevoke extends CMSServlet {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -1040,21 +1063,18 @@ public class DoRevoke extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -1062,19 +1082,17 @@ public class DoRevoke extends CMSServlet {
throw e;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1",
+ e.toString()));
if (auditRequest) {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -1082,27 +1100,25 @@ public class DoRevoke extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
}
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
}
return;
@@ -1110,11 +1126,11 @@ public class DoRevoke extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -1140,11 +1156,11 @@ public class DoRevoke extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -1163,30 +1179,28 @@ public class DoRevoke extends CMSServlet {
// find out if the value is hex or decimal
int value = -1;
-
- //try int
- try {
- value = Integer.parseInt(serialNumber,10);
+
+ // try int
+ try {
+ value = Integer.parseInt(serialNumber, 10);
} catch (NumberFormatException e) {
}
-
- //try hex
- if( value == -1) {
+
+ // try hex
+ if (value == -1) {
try {
- value = Integer.parseInt(serialNumber,16);
+ value = Integer.parseInt(serialNumber, 16);
} catch (NumberFormatException e) {
}
}
// give up if it isn't hex or dec
- if ( value == -1) {
+ if (value == -1) {
throw new NumberFormatException();
}
// convert it to hexadecimal
- serialNumber = "0x"
- + Integer.toHexString(
- value);
+ serialNumber = "0x" + Integer.toHexString(value);
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -1196,11 +1210,11 @@ public class DoRevoke extends CMSServlet {
/**
* Signed Audit Log Request Type
- *
- * This method is called to obtain the "Request Type" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "Request Type" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param reason an integer denoting the revocation reason
* @return string containing REVOKE or ON_HOLD
*/
@@ -1222,4 +1236,3 @@ public class DoRevoke extends CMSServlet {
return requestType;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
index ce074a05..d29f795b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.io.OutputStream;
import java.util.Date;
@@ -63,10 +62,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Revoke a Certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class DoRevokeTPS extends CMSServlet {
@@ -89,20 +87,17 @@ public class DoRevokeTPS extends CMSServlet {
private final static String REVOKE = "revoke";
private final static String ON_HOLD = "on-hold";
private final static int ON_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
public DoRevokeTPS() {
super();
}
/**
- * initialize the servlet. This servlet uses the template
- * file "revocationResult.template" to render the result
+ * initialize the servlet. This servlet uses the template file
+ * "revocationResult.template" to render the result
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -110,10 +105,12 @@ public class DoRevokeTPS extends CMSServlet {
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
}
if (mAuthority instanceof ICertAuthority) {
- mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
+ mPublisherProcessor = ((ICertAuthority) mAuthority)
+ .getPublisherProcessor();
}
mQueue = mAuthority.getRequestQueue();
@@ -131,16 +128,20 @@ public class DoRevokeTPS extends CMSServlet {
}
/**
- * Serves HTTP request. The http parameters used by this request are as follows:
+ * Serves HTTP request. The http parameters used by this request are as
+ * follows:
+ *
* <pre>
* serialNumber Serial number of certificate to revoke (in HEX)
* revocationReason Revocation reason (Described below)
* totalRecordCount [number]
* verifiedRecordCount [number]
* invalidityDate [number of seconds in Jan 1,1970]
- *
+ *
* </pre>
+ *
* revocationReason can be one of these values:
+ *
* <pre>
* 0 = Unspecified (default)
* 1 = Key compromised
@@ -171,11 +172,15 @@ public class DoRevokeTPS extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
} catch (Exception e) {
- CMS.debug("DoRevokeTPS getTemplate failed");
- throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ CMS.debug("DoRevokeTPS getTemplate failed");
+ throw new EBaseException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
CMS.debug("DoRevokeTPS after getTemplate");
@@ -185,16 +190,14 @@ public class DoRevokeTPS extends CMSServlet {
try {
if (req.getParameter("revocationReason") != null) {
- reason = Integer.parseInt(req.getParameter(
- "revocationReason"));
+ reason = Integer.parseInt(req.getParameter("revocationReason"));
}
if (req.getParameter("totalRecordCount") != null) {
- totalRecordCount = Integer.parseInt(req.getParameter(
- "totalRecordCount"));
+ totalRecordCount = Integer.parseInt(req
+ .getParameter("totalRecordCount"));
}
if (req.getParameter("invalidityDate") != null) {
- long l = Long.parseLong(req.getParameter(
- "invalidityDate"));
+ long l = Long.parseLong(req.getParameter("invalidityDate"));
if (l > 0) {
invalidityDate = new Date(l);
@@ -203,7 +206,7 @@ public class DoRevokeTPS extends CMSServlet {
revokeAll = req.getParameter("revokeAll");
String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
- //for audit log.
+ // for audit log.
String initiative = null;
String authMgr = AuditFormat.NOAUTH;
@@ -212,27 +215,31 @@ public class DoRevokeTPS extends CMSServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "revoke");
+ mAuthzResourceName, "revoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
- if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+
+ if (mAuthMgr != null
+ && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
if (authToken != null) {
- authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
String agentID = authToken.getInString("userid");
- initiative = AuditFormat.FROMAGENT + " agentID: " + agentID +
- " authenticated by " + authMgr;
+ initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
+ + " authenticated by " + authMgr;
}
} else {
CMS.debug("DoRevokeTPS: Missing authentication manager");
@@ -241,13 +248,15 @@ public class DoRevokeTPS extends CMSServlet {
}
if (authorized) {
- process(argSet, header, reason, invalidityDate, initiative, req,
- resp, revokeAll, totalRecordCount, comments, locale[0]);
+ process(argSet, header, reason, invalidityDate, initiative,
+ req, resp, revokeAll, totalRecordCount, comments,
+ locale[0]);
}
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
- error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -260,10 +269,10 @@ public class DoRevokeTPS extends CMSServlet {
errorString = "error=unauthorized";
} else if (error != null) {
o_status = "status=3";
- errorString = "error="+error.toString();
+ errorString = "error=" + error.toString();
}
- String pp = o_status+"\n"+errorString;
+ String pp = o_status + "\n" + errorString;
byte[] b = pp.getBytes();
resp.setContentType("text/html");
resp.setContentLength(b.length);
@@ -271,59 +280,57 @@ public class DoRevokeTPS extends CMSServlet {
os.write(b);
os.flush();
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
}
}
/**
* Process cert status change request
* <P>
- *
- * (Certificate Request - either an "agent" cert status change request,
- * or an "EE" cert status change request)
+ *
+ * (Certificate Request - either an "agent" cert status change request, or
+ * an "EE" cert status change request)
* <P>
- *
- * (Certificate Request Processed - either an "agent" cert status change
- * request, or an "EE" cert status change request)
+ *
+ * (Certificate Request Processed - either an "agent" cert status change
+ * request, or an "EE" cert status change request)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+ * when a cert status change request (e. g. - "revocation") is made (before
* approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (revoked, expired, on-hold,
- * off-hold)
+ * <li>signed.audit
+ * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+ * certificate status is changed (revoked, expired, on-hold, off-hold)
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
- * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
- * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
- * 4 - Certificate superceded, 5 - Cessation of operation, or
- * 6 - Certificate is on hold)
+ * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2
+ * - CA key compromised; should not be used, 3 - Affiliation
+ * changed, 4 - Certificate superceded, 5 - Cessation of
+ * operation, or 6 - Certificate is on hold)
* @param invalidityDate certificate validity date
* @param initiative string containing the audit format
* @param req HTTP servlet request
* @param resp HTTP servlet response
- * @param revokeAll string containing information on all of the
- * certificates to be revoked
+ * @param revokeAll string containing information on all of the certificates
+ * to be revoked
* @param totalRecordCount total number of records (verified and unverified)
* @param comments string containing certificate comments
* @param locale the system locale
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int reason, Date invalidityDate,
- String initiative,
- HttpServletRequest req,
- HttpServletResponse resp,
- String revokeAll,
- int totalRecordCount,
- String comments,
- Locale locale)
- throws EBaseException {
+ int reason, Date invalidityDate, String initiative,
+ HttpServletRequest req, HttpServletResponse resp, String revokeAll,
+ int totalRecordCount, String comments, Locale locale)
+ throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -333,21 +340,20 @@ public class DoRevokeTPS extends CMSServlet {
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
String auditReasonNum = String.valueOf(reason);
-
if (revokeAll != null) {
- CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
+ CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
- String serial = "";
+ String serial = "";
String[] tokens;
tokens = revokeAll.split("=");
if (tokens.length == 2) {
serial = tokens[1];
- //remove the trailing paren
+ // remove the trailing paren
if (serial.endsWith(")")) {
- serial = serial.substring(0,serial.length() -1);
+ serial = serial.substring(0, serial.length() - 1);
}
- auditSerialNumber = serial;
+ auditSerialNumber = serial;
}
}
@@ -393,30 +399,36 @@ public class DoRevokeTPS extends CMSServlet {
}
X509CertImpl xcert = rec.getCertificate();
IArgBlock rarg = CMS.createArgBlock();
-
+
// we do not want to revoke the CA certificate accidentially
- if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) {
- CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber());
+ if (xcert != null
+ && isSystemCertificate(xcert.getSerialNumber())) {
+ CMS.debug("DoRevokeTPS: skipped revocation request for system certificate "
+ + xcert.getSerialNumber());
badCertsRequested = true;
continue;
}
if (xcert != null) {
- rarg.addStringValue("serialNumber",
- xcert.getSerialNumber().toString(16));
+ rarg.addStringValue("serialNumber", xcert.getSerialNumber()
+ .toString(16));
if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
alreadyRevokedCertFound = true;
- CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked.");
+ CMS.debug("Certificate 0x"
+ + xcert.getSerialNumber().toString(16)
+ + " has been revoked.");
} else {
oldCertsV.addElement(xcert);
- RevokedCertImpl revCertImpl =
- new RevokedCertImpl(xcert.getSerialNumber(),
- CMS.getCurrentDate(), entryExtn);
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ xcert.getSerialNumber(), CMS.getCurrentDate(),
+ entryExtn);
revCertImplsV.addElement(revCertImpl);
- CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked.");
+ CMS.debug("Certificate 0x"
+ + xcert.getSerialNumber().toString(16)
+ + " is going to be revoked.");
count++;
}
} else {
@@ -424,40 +436,37 @@ public class DoRevokeTPS extends CMSServlet {
}
}
- if (count == 0) {
+ if (count == 0) {
// Situation where no certs were reoked here, but some certs
// requested happened to be already revoked. Don't return error.
- if (alreadyRevokedCertFound == true && badCertsRequested == false) {
- CMS.debug("Only have previously revoked certs in the list.");
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
-
- audit(auditMessage);
- return;
+ if (alreadyRevokedCertFound == true
+ && badCertsRequested == false) {
+ CMS.debug("Only have previously revoked certs in the list.");
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditSerialNumber, auditRequestType);
+
+ audit(auditMessage);
+ return;
}
-
+
errorString = "error=No certificates are revoked.";
o_status = "status=2";
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
}
X509CertImpl[] oldCerts = new X509CertImpl[count];
@@ -468,33 +477,30 @@ public class DoRevokeTPS extends CMSServlet {
revCertImpls[i] = (RevokedCertImpl) revCertImplsV.elementAt(i);
}
- IRequest revReq =
- mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+ IRequest revReq = mQueue.newRequest(IRequest.REVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
- if(initiative.equals(AuditFormat.FROMUSER)) {
- revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
+ if (initiative.equals(AuditFormat.FROMUSER)) {
+ revReq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_EE);
} else {
- revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
+ revReq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_AGENT);
}
revReq.setExtData(IRequest.OLD_CERTS, oldCerts);
if (comments != null) {
revReq.setExtData(IRequest.REQUESTOR_COMMENTS, comments);
}
- revReq.setExtData(IRequest.REVOKED_REASON,
- Integer.valueOf(reason));
+ revReq.setExtData(IRequest.REVOKED_REASON, Integer.valueOf(reason));
// change audit processing from "REQUEST" to "REQUEST_PROCESSED"
// to distinguish which type of signed audit log message to save
@@ -512,38 +518,44 @@ public class DoRevokeTPS extends CMSServlet {
// The SVC_PENDING check has been added for the Cloned CA request
// that is meant for the Master CA. From Clone's point of view
// the request is complete
- if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
- // audit log the error
+ if ((stat == RequestStatus.COMPLETE)
+ || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
+ // audit log the error
Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
- String[] svcErrors =
- revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors = revReq
+ .getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
String err = svcErrors[i];
if (err != null) {
- //cmsReq.setErrorDescription(err);
+ // cmsReq.setErrorDescription(err);
for (int j = 0; j < count; j++) {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed with error: "
+ + err,
+ cert.getSubjectDN(),
+ cert.getSerialNumber()
+ .toString(
+ 16),
+ RevocationReason
+ .fromInt(
+ reason)
+ .toString() });
}
}
}
@@ -554,26 +566,24 @@ public class DoRevokeTPS extends CMSServlet {
// store a message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus
+ .equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
- return;
+ return;
}
long endTime = CMS.getCurrentDate().getTime();
@@ -584,93 +594,103 @@ public class DoRevokeTPS extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- "completed",
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ "completed",
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason)
+ .toString()
+ + " time: "
+ + (endTime - startTime) });
}
}
}
header.addStringValue("revoked", "yes");
- Integer updateCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
o_status = "status=3";
- if (revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) {
+ if (revReq
+ .getExtDataInString(IRequest.CRL_UPDATE_ERROR) != null) {
errorString = "error=Update CRL Error.";
// 3 means miscellaneous
}
}
// let known crl publishing status too.
- Integer publishCRLResult =
- revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult = revReq
+ .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
o_status = "status=3";
if (publError != null) {
- errorString = "error="+publError;
+ errorString = "error=" + publError;
}
}
}
}
if (mAuthority instanceof ICertificateAuthority) {
- // let known update and publish status of all crls.
- Enumeration otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ // let known update and publish status of all crls.
+ Enumeration otherCRLs = ((ICertificateAuthority) mAuthority)
+ .getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
- ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs
+ .nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
continue;
String updateStatusStr = crl.getCrlUpdateStatusStr();
- Integer updateResult = revReq.getExtDataInInteger(updateStatusStr);
+ Integer updateResult = revReq
+ .getExtDataInInteger(updateStatusStr);
if (updateResult != null) {
if (!updateResult.equals(IRequest.RES_SUCCESS)) {
- String updateErrorStr = crl.getCrlUpdateErrorStr();
+ String updateErrorStr = crl
+ .getCrlUpdateErrorStr();
- CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
- updateStatusStr));
- String error =
- revReq.getExtDataInString(updateErrorStr);
+ CMS.debug("DoRevoke: "
+ + CMS.getLogMessage(
+ "ADMIN_SRVLT_ADDING_HEADER_NO",
+ updateStatusStr));
+ String error = revReq
+ .getExtDataInString(updateErrorStr);
o_status = "status=3";
- if (error != null) {
- errorString = "error="+error;
+ if (error != null) {
+ errorString = "error=" + error;
}
}
- String publishStatusStr = crl.getCrlPublishStatusStr();
- Integer publishResult =
- revReq.getExtDataInInteger(publishStatusStr);
+ String publishStatusStr = crl
+ .getCrlPublishStatusStr();
+ Integer publishResult = revReq
+ .getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (!publishResult.equals(IRequest.RES_SUCCESS)) {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr = crl
+ .getCrlPublishErrorStr();
- String error =
- revReq.getExtDataInString(publishErrorStr);
+ String error = revReq
+ .getExtDataInString(publishErrorStr);
o_status = "status=3";
if (error != null) {
@@ -681,10 +701,11 @@ public class DoRevokeTPS extends CMSServlet {
}
}
- if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
+ if (mPublisherProcessor != null
+ && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- revReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus = revReq
+ .getExtDataInIntegerArray("ldapPublishStatus");
int certsToUpdate = 0;
int certsUpdated = 0;
@@ -697,27 +718,30 @@ public class DoRevokeTPS extends CMSServlet {
}
}
- // add crl publishing status.
- String publError =
- revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ // add crl publishing status.
+ String publError = revReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
- errorString = "error="+publError;
+ errorString = "error=" + publError;
o_status = "status=3";
}
- } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) {
+ } else if (mPublisherProcessor == null
+ && mPublisherProcessor.ldapEnabled()) {
errorString = "error=LDAP publishing not enabled.";
o_status = "status=3";
}
} else {
- if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) {
+ if (stat == RequestStatus.PENDING
+ || stat == RequestStatus.REJECTED) {
o_status = "status=2";
- errorString = "error="+stat.toString();
+ errorString = "error=" + stat.toString();
} else {
o_status = "status=2";
errorString = "error=Undefined request status";
}
- Vector errors = revReq.getExtDataInStringVector(IRequest.ERRORS);
+ Vector errors = revReq
+ .getExtDataInStringVector(IRequest.ERRORS);
if (errors != null) {
StringBuffer errInfo = new StringBuffer();
@@ -742,17 +766,19 @@ public class DoRevokeTPS extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- revReq.getRequestId(),
- initiative,
- stat.toString(),
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ revReq.getRequestId(),
+ initiative,
+ stat.toString(),
+ cert.getSubjectDN(),
+ cert.getSerialNumber().toString(16),
+ RevocationReason.fromInt(reason)
+ .toString() });
}
}
}
@@ -762,18 +788,17 @@ public class DoRevokeTPS extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
- ) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -784,12 +809,9 @@ public class DoRevokeTPS extends CMSServlet {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -797,21 +819,18 @@ public class DoRevokeTPS extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -819,19 +838,17 @@ public class DoRevokeTPS extends CMSServlet {
throw e;
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1",
+ e.toString()));
if (auditRequest) {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -839,27 +856,25 @@ public class DoRevokeTPS extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
}
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
+ throw new ECMSGWException(
+ CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
}
return;
@@ -867,11 +882,11 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -897,11 +912,11 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -919,8 +934,8 @@ public class DoRevokeTPS extends CMSServlet {
// convert it to hexadecimal
serialNumber = "0x"
- + Integer.toHexString(
- Integer.valueOf(serialNumber).intValue());
+ + Integer.toHexString(Integer.valueOf(serialNumber)
+ .intValue());
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -930,11 +945,11 @@ public class DoRevokeTPS extends CMSServlet {
/**
* Signed Audit Log Request Type
- *
- * This method is called to obtain the "Request Type" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "Request Type" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param reason an integer denoting the revocation reason
* @return string containing REVOKE or ON_HOLD
*/
@@ -956,4 +971,3 @@ public class DoRevokeTPS extends CMSServlet {
return requestType;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
index e1791045..68813478 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Enumeration;
@@ -56,11 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * 'Unrevoke' a certificate. (For certificates that are on-hold only,
- * take them off-hold)
- *
+ * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them
+ * off-hold)
+ *
* @version $Revision$, $Date$
*/
public class DoUnrevoke extends CMSServlet {
@@ -80,29 +78,28 @@ public class DoUnrevoke extends CMSServlet {
private final static String OFF_HOLD = "off-hold";
private final static int OFF_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
public DoUnrevoke() {
super();
}
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
}
if (mAuthority instanceof ICertAuthority) {
- mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
+ mPublisherProcessor = ((ICertAuthority) mAuthority)
+ .getPublisherProcessor();
}
mQueue = mAuthority.getRequestQueue();
@@ -112,14 +109,14 @@ public class DoUnrevoke extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The
- * certificate must be revoked with a revovcation reason 'on hold' for this
- * operation to succeed. The serial number may be expressed as a hex number by
- * prefixing '0x' to the serialNumber string
+ * <li>http.param serialNumber Decimal serial number of certificate to
+ * unrevoke. The certificate must be revoked with a revovcation reason 'on
+ * hold' for this operation to succeed. The serial number may be expressed
+ * as a hex number by prefixing '0x' to the serialNumber string
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -136,10 +133,10 @@ public class DoUnrevoke extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -149,32 +146,34 @@ public class DoUnrevoke extends CMSServlet {
try {
serialNumber = getSerialNumbers(req);
- //for audit log.
+ // for audit log.
IAuthToken authToken = authenticate(cmsReq);
String authMgr = AuditFormat.NOAUTH;
-
+
if (authToken != null) {
- authMgr =
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
- } else {
- CMS.debug( "DoUnrevoke::process() - authToken is null!" );
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ } else {
+ CMS.debug("DoUnrevoke::process() - authToken is null!");
return;
}
String agentID = authToken.getInString("userid");
String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
- + " authenticated by " + authMgr;
+ + " authenticated by " + authMgr;
AuthzToken authzToken = null;
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "unrevoke");
+ mAuthzResourceName, "unrevoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
@@ -182,11 +181,14 @@ public class DoUnrevoke extends CMSServlet {
return;
}
- process(argSet, header, serialNumber, req, resp, locale[0], initiative);
+ process(argSet, header, serialNumber, req, resp, locale[0],
+ initiative);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -197,44 +199,46 @@ public class DoUnrevoke extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
-
/**
* Process X509 cert status change request
* <P>
- *
- * (Certificate Request - an "agent" cert status change request to take
- * a certificate off-hold)
+ *
+ * (Certificate Request - an "agent" cert status change request to take a
+ * certificate off-hold)
* <P>
- *
- * (Certificate Request Processed - an "agent" cert status change request
- * to take a certificate off-hold)
+ *
+ * (Certificate Request Processed - an "agent" cert status change request to
+ * take a certificate off-hold)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+ * when a cert status change request (e. g. - "revocation") is made (before
* approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (taken off-hold)
+ * <li>signed.audit
+ * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+ * certificate status is changed (taken off-hold)
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
* @param serialNumbers the serial number of the certificate
@@ -245,16 +249,15 @@ public class DoUnrevoke extends CMSServlet {
* @exception EBaseException an error has occurred
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- BigInteger[] serialNumbers,
- HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale, String initiative)
- throws EBaseException {
+ BigInteger[] serialNumbers, HttpServletRequest req,
+ HttpServletResponse resp, Locale locale, String initiative)
+ throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(req);
- String auditSerialNumber = auditSerialNumber(serialNumbers[0].toString());
+ String auditSerialNumber = auditSerialNumber(serialNumbers[0]
+ .toString());
String auditRequestType = OFF_HOLD;
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
String auditReasonNum = String.valueOf(OFF_HOLD_REASON);
@@ -262,32 +265,34 @@ public class DoUnrevoke extends CMSServlet {
try {
StringBuffer snList = new StringBuffer();
- // certs are for old cloning and they should be removed as soon as possible
+ // certs are for old cloning and they should be removed as soon as
+ // possible
X509CertImpl[] certs = new X509CertImpl[serialNumbers.length];
for (int i = 0; i < serialNumbers.length; i++) {
- certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]);
- if (snList.length() > 0) snList.append(", ");
+ certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]);
+ if (snList.length() > 0)
+ snList.append(", ");
snList.append("0x");
snList.append(serialNumbers[i].toString(16));
}
header.addStringValue("serialNumber", snList.toString());
- IRequest unrevReq = mQueue.newRequest(IRequest.UNREVOCATION_REQUEST);
+ IRequest unrevReq = mQueue
+ .newRequest(IRequest.UNREVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
- unrevReq.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST);
+ unrevReq.setExtData(IRequest.REQ_TYPE,
+ IRequest.UNREVOCATION_REQUEST);
unrevReq.setExtData(IRequest.OLD_SERIALS, serialNumbers);
- unrevReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
+ unrevReq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_AGENT);
// change audit processing from "REQUEST" to "REQUEST_PROCESSED"
// to distinguish which type of signed audit log message to save
@@ -302,7 +307,8 @@ public class DoUnrevoke extends CMSServlet {
RequestStatus status = unrevReq.getRequestStatus();
String type = unrevReq.getRequestType();
- if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) {
+ if ((status == RequestStatus.COMPLETE)
+ || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) {
Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT);
@@ -310,15 +316,11 @@ public class DoUnrevoke extends CMSServlet {
header.addStringValue("unrevoked", "yes");
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "completed",
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT, new Object[] {
+ unrevReq.getRequestId(), initiative,
+ "completed", certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) });
}
} else {
header.addStringValue("unrevoked", "no");
@@ -327,60 +329,61 @@ public class DoUnrevoke extends CMSServlet {
if (error != null) {
header.addStringValue("error", error);
if (certs[0] != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "completed with error: " +
- error,
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ "completed with error: " + error,
+ certs[0].getSubjectDN(),
+ "0x"
+ + serialNumbers[0]
+ .toString(16) });
}
/****************************************************/
-
- /* IMPORTANT: In the event that the following */
-
- /* "throw error;" statement is */
-
- /* uncommented, uncomment the following */
-
- /* signed audit log message, also!!! */
-
+
+ /* IMPORTANT: In the event that the following */
+
+ /* "throw error;" statement is */
+
+ /* uncommented, uncomment the following */
+
+ /* signed audit log message, also!!! */
+
/****************************************************/
- // // store a message in the signed audit log file
- // // if and only if "auditApprovalStatus" is
- // // "complete", "revoked", or "canceled"
- // if( ( auditApprovalStatus.equals(
- // RequestStatus.COMPLETE_STRING ) ) ||
- // ( auditApprovalStatus.equals(
- // RequestStatus.REJECTED_STRING ) ) ||
- // ( auditApprovalStatus.equals(
- // RequestStatus.CANCELED_STRING ) ) ) {
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditRequesterID,
- // auditSerialNumber,
- // auditRequestType,
- // auditReasonNum,
- // auditApprovalStatus );
+ // // store a message in the signed audit log file
+ // // if and only if "auditApprovalStatus" is
+ // // "complete", "revoked", or "canceled"
+ // if( ( auditApprovalStatus.equals(
+ // RequestStatus.COMPLETE_STRING ) ) ||
+ // ( auditApprovalStatus.equals(
+ // RequestStatus.REJECTED_STRING ) ) ||
+ // ( auditApprovalStatus.equals(
+ // RequestStatus.CANCELED_STRING ) ) ) {
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditRequesterID,
+ // auditSerialNumber,
+ // auditRequestType,
+ // auditReasonNum,
+ // auditApprovalStatus );
//
- // audit( auditMessage );
- // }
+ // audit( auditMessage );
+ // }
- // throw error;
+ // throw error;
}
}
- Integer updateCRLResult =
- unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult = unrevReq
+ .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
header.addStringValue("updateCRL", "yes");
@@ -388,91 +391,90 @@ public class DoUnrevoke extends CMSServlet {
header.addStringValue("updateCRLSuccess", "yes");
} else {
header.addStringValue("updateCRLSuccess", "no");
- String crlError =
- unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ String crlError = unrevReq
+ .getExtDataInString(IRequest.CRL_UPDATE_ERROR);
- if (crlError != null)
- header.addStringValue("updateCRLError",
- crlError);
+ if (crlError != null)
+ header.addStringValue("updateCRLError", crlError);
}
// let known crl publishing status too.
- Integer publishCRLResult =
- unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult = unrevReq
+ .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue("publishCRLSuccess", "yes");
} else {
header.addStringValue("publishCRLSuccess", "no");
- String publError =
- unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError = unrevReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
- if (publError != null)
- header.addStringValue("publishCRLError",
- publError);
+ if (publError != null)
+ header.addStringValue("publishCRLError",
+ publError);
}
}
}
- // let known update and publish status of all crls.
- Enumeration otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ // let known update and publish status of all crls.
+ Enumeration otherCRLs = ((ICertificateAuthority) mAuthority)
+ .getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
- ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs
+ .nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
continue;
String updateStatusStr = crl.getCrlUpdateStatusStr();
- Integer updateResult = unrevReq.getExtDataInInteger(updateStatusStr);
+ Integer updateResult = unrevReq
+ .getExtDataInInteger(updateStatusStr);
if (updateResult != null) {
if (updateResult.equals(IRequest.RES_SUCCESS)) {
- CMS.debug("DoUnrevoke: adding header " +
- updateStatusStr + " yes ");
+ CMS.debug("DoUnrevoke: adding header "
+ + updateStatusStr + " yes ");
header.addStringValue(updateStatusStr, "yes");
} else {
String updateErrorStr = crl.getCrlUpdateErrorStr();
- CMS.debug("DoUnrevoke: adding header " +
- updateStatusStr + " no ");
+ CMS.debug("DoUnrevoke: adding header "
+ + updateStatusStr + " no ");
header.addStringValue(updateStatusStr, "no");
- String error =
- unrevReq.getExtDataInString(updateErrorStr);
+ String error = unrevReq
+ .getExtDataInString(updateErrorStr);
- if (error != null)
- header.addStringValue(
- updateErrorStr, error);
+ if (error != null)
+ header.addStringValue(updateErrorStr, error);
}
String publishStatusStr = crl.getCrlPublishStatusStr();
- Integer publishResult =
- unrevReq.getExtDataInInteger(publishStatusStr);
+ Integer publishResult = unrevReq
+ .getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (publishResult.equals(IRequest.RES_SUCCESS)) {
header.addStringValue(publishStatusStr, "yes");
} else {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr = crl
+ .getCrlPublishErrorStr();
header.addStringValue(publishStatusStr, "no");
- String error =
- unrevReq.getExtDataInString(publishErrorStr);
+ String error = unrevReq
+ .getExtDataInString(publishErrorStr);
- if (error != null)
- header.addStringValue(
- publishErrorStr, error);
+ if (error != null)
+ header.addStringValue(publishErrorStr, error);
}
}
}
- if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
+ if (mPublisherProcessor != null
+ && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus = unrevReq
+ .getExtDataInIntegerArray("ldapPublishStatus");
if (ldapPublishStatus != null) {
if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) {
@@ -490,30 +492,20 @@ public class DoUnrevoke extends CMSServlet {
header.addStringValue("unrevoked", "pending");
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "pending",
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] { unrevReq.getRequestId(), initiative,
+ "pending", certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) });
}
} else {
header.addStringValue("error", "Request Status.Error");
header.addStringValue("unrevoked", "no");
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- status.toString(),
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] { unrevReq.getRequestId(), initiative,
+ status.toString(), certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) });
}
}
@@ -521,18 +513,17 @@ public class DoUnrevoke extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
- ) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -542,12 +533,9 @@ public class DoUnrevoke extends CMSServlet {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -555,21 +543,18 @@ public class DoUnrevoke extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -580,7 +565,7 @@ public class DoUnrevoke extends CMSServlet {
}
private BigInteger[] getSerialNumbers(HttpServletRequest req)
- throws NumberFormatException {
+ throws NumberFormatException {
String serialNumString = req.getParameter("serialNumber");
StringTokenizer snList = new StringTokenizer(serialNumString, " ");
@@ -601,7 +586,7 @@ public class DoUnrevoke extends CMSServlet {
biList.addElement(bi);
} else {
throw new NumberFormatException();
- }
+ }
}
if (biList.size() < 1) {
throw new NumberFormatException();
@@ -617,11 +602,11 @@ public class DoUnrevoke extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -647,11 +632,11 @@ public class DoUnrevoke extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -669,8 +654,8 @@ public class DoUnrevoke extends CMSServlet {
// convert it to hexadecimal
serialNumber = "0x"
- + Integer.toHexString(
- Integer.valueOf(serialNumber).intValue());
+ + Integer.toHexString(Integer.valueOf(serialNumber)
+ .intValue());
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -678,4 +663,3 @@ public class DoUnrevoke extends CMSServlet {
return serialNumber;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
index 8f46ee9c..18eb0fc3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
@@ -55,11 +54,10 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * 'Unrevoke' a certificate. (For certificates that are on-hold only,
- * take them off-hold)
- *
+ * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them
+ * off-hold)
+ *
* @version $Revision$, $Date$
*/
public class DoUnrevokeTPS extends CMSServlet {
@@ -81,29 +79,28 @@ public class DoUnrevokeTPS extends CMSServlet {
private final static String OFF_HOLD = "off-hold";
private final static int OFF_HOLD_REASON = 6;
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
public DoUnrevokeTPS() {
super();
}
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority) {
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
}
if (mAuthority instanceof ICertAuthority) {
- mPublisherProcessor = ((ICertAuthority) mAuthority).getPublisherProcessor();
+ mPublisherProcessor = ((ICertAuthority) mAuthority)
+ .getPublisherProcessor();
}
mQueue = mAuthority.getRequestQueue();
@@ -112,14 +109,14 @@ public class DoUnrevokeTPS extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The
- * certificate must be revoked with a revovcation reason 'on hold' for this
- * operation to succeed. The serial number may be expressed as a hex number by
- * prefixing '0x' to the serialNumber string
+ * <li>http.param serialNumber Decimal serial number of certificate to
+ * unrevoke. The certificate must be revoked with a revovcation reason 'on
+ * hold' for this operation to succeed. The serial number may be expressed
+ * as a hex number by prefixing '0x' to the serialNumber string
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -133,53 +130,52 @@ public class DoUnrevokeTPS extends CMSServlet {
Locale[] locale = new Locale[1];
-/*
- try {
- form = getTemplate(mFormPath, req, locale);
- } catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
- }
-*/
+ /*
+ * try { form = getTemplate(mFormPath, req, locale); } catch
+ * (IOException e) { log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new
+ * ECMSGWException(
+ * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); }
+ */
try {
serialNumbers = getSerialNumbers(req);
- //for audit log.
+ // for audit log.
IAuthToken authToken = authenticate(cmsReq);
String authMgr = AuditFormat.NOAUTH;
-
+
if (authToken != null) {
- authMgr =
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
- } else {
- CMS.debug( "DoUnrevokeTPS::process() - authToken is null!" );
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ } else {
+ CMS.debug("DoUnrevokeTPS::process() - authToken is null!");
return;
- }
+ }
String agentID = authToken.getInString("userid");
String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
- + " authenticated by " + authMgr;
+ + " authenticated by " + authMgr;
AuthzToken authzToken = null;
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "unrevoke");
+ mAuthzResourceName, "unrevoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
o_status = "status=3";
errorString = "error=unauthorized";
- String pp = o_status+"\n"+errorString;
+ String pp = o_status + "\n" + errorString;
byte[] b = pp.getBytes();
resp.setContentType("text/html");
resp.setContentLength(b.length);
@@ -191,8 +187,10 @@ public class DoUnrevokeTPS extends CMSServlet {
process(serialNumbers, req, resp, locale[0], initiative);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
} catch (IOException e) {
@@ -206,10 +204,10 @@ public class DoUnrevokeTPS extends CMSServlet {
errorString = "error=";
} else {
o_status = "status=3";
- errorString = "error="+error.toString();
+ errorString = "error=" + error.toString();
}
- String pp = o_status+"\n"+errorString;
+ String pp = o_status + "\n" + errorString;
byte[] b = pp.getBytes();
resp.setContentType("text/html");
resp.setContentLength(b.length);
@@ -217,33 +215,35 @@ public class DoUnrevokeTPS extends CMSServlet {
os.write(b);
os.flush();
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
-
/**
* Process X509 cert status change request
* <P>
- *
- * (Certificate Request - an "agent" cert status change request to take
- * a certificate off-hold)
+ *
+ * (Certificate Request - an "agent" cert status change request to take a
+ * certificate off-hold)
* <P>
- *
- * (Certificate Request Processed - an "agent" cert status change request
- * to take a certificate off-hold)
+ *
+ * (Certificate Request Processed - an "agent" cert status change request to
+ * take a certificate off-hold)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
- * a cert status change request (e. g. - "revocation") is made (before
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+ * when a cert status change request (e. g. - "revocation") is made (before
* approval process)
- * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
- * used when a certificate status is changed (taken off-hold)
+ * <li>signed.audit
+ * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+ * certificate status is changed (taken off-hold)
* </ul>
+ *
* @param serialNumbers the serial number of the certificate
* @param req HTTP servlet request
* @param resp HTTP servlet response
@@ -251,16 +251,15 @@ public class DoUnrevokeTPS extends CMSServlet {
* @param initiative string containing the audit format
* @exception EBaseException an error has occurred
*/
- private void process(BigInteger[] serialNumbers,
- HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale, String initiative)
- throws EBaseException {
+ private void process(BigInteger[] serialNumbers, HttpServletRequest req,
+ HttpServletResponse resp, Locale locale, String initiative)
+ throws EBaseException {
boolean auditRequest = true;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(req);
- String auditSerialNumber = auditSerialNumber(serialNumbers[0].toString());
+ String auditSerialNumber = auditSerialNumber(serialNumbers[0]
+ .toString());
String auditRequestType = OFF_HOLD;
String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
String auditReasonNum = String.valueOf(OFF_HOLD_REASON);
@@ -268,30 +267,32 @@ public class DoUnrevokeTPS extends CMSServlet {
try {
String snList = "";
- // certs are for old cloning and they should be removed as soon as possible
+ // certs are for old cloning and they should be removed as soon as
+ // possible
X509CertImpl[] certs = new X509CertImpl[serialNumbers.length];
for (int i = 0; i < serialNumbers.length; i++) {
- certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]);
- if (snList.length() > 0) snList += ", ";
+ certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]);
+ if (snList.length() > 0)
+ snList += ", ";
snList += "0x" + serialNumbers[i].toString(16);
}
- IRequest unrevReq = mQueue.newRequest(IRequest.UNREVOCATION_REQUEST);
+ IRequest unrevReq = mQueue
+ .newRequest(IRequest.UNREVOCATION_REQUEST);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
- unrevReq.setExtData(IRequest.REQ_TYPE, IRequest.UNREVOCATION_REQUEST);
+ unrevReq.setExtData(IRequest.REQ_TYPE,
+ IRequest.UNREVOCATION_REQUEST);
unrevReq.setExtData(IRequest.OLD_SERIALS, serialNumbers);
- unrevReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
+ unrevReq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_AGENT);
// change audit processing from "REQUEST" to "REQUEST_PROCESSED"
// to distinguish which type of signed audit log message to save
@@ -306,125 +307,125 @@ public class DoUnrevokeTPS extends CMSServlet {
RequestStatus status = unrevReq.getRequestStatus();
String type = unrevReq.getRequestType();
- if ((status == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) {
+ if ((status == RequestStatus.COMPLETE)
+ || ((type.equals(IRequest.CLA_UNCERT4CRL_REQUEST)) && (status == RequestStatus.SVC_PENDING))) {
Integer result = unrevReq.getExtDataInInteger(IRequest.RESULT);
if (result != null && result.equals(IRequest.RES_SUCCESS)) {
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "completed",
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT, new Object[] {
+ unrevReq.getRequestId(), initiative,
+ "completed", certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) });
}
} else {
String error = unrevReq.getExtDataInString(IRequest.ERROR);
if (error != null) {
o_status = "status=3";
- errorString = "error="+error;
+ errorString = "error=" + error;
if (certs[0] != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "completed with error: " +
- error,
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] {
+ unrevReq.getRequestId(),
+ initiative,
+ "completed with error: " + error,
+ certs[0].getSubjectDN(),
+ "0x"
+ + serialNumbers[0]
+ .toString(16) });
}
}
}
- Integer updateCRLResult =
- unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+ Integer updateCRLResult = unrevReq
+ .getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
if (updateCRLResult != null) {
if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
- String crlError =
- unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+ String crlError = unrevReq
+ .getExtDataInString(IRequest.CRL_UPDATE_ERROR);
if (crlError != null) {
o_status = "status=3";
- errorString = "error="+crlError;
+ errorString = "error=" + crlError;
}
}
// let known crl publishing status too.
- Integer publishCRLResult =
- unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+ Integer publishCRLResult = unrevReq
+ .getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
if (publishCRLResult != null) {
if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
- String publError =
- unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+ String publError = unrevReq
+ .getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
if (publError != null) {
o_status = "status=3";
- errorString = "error="+publError;
+ errorString = "error=" + publError;
}
}
}
}
- // let known update and publish status of all crls.
- Enumeration otherCRLs =
- ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+ // let known update and publish status of all crls.
+ Enumeration otherCRLs = ((ICertificateAuthority) mAuthority)
+ .getCRLIssuingPoints();
while (otherCRLs.hasMoreElements()) {
- ICRLIssuingPoint crl = (ICRLIssuingPoint)
- otherCRLs.nextElement();
+ ICRLIssuingPoint crl = (ICRLIssuingPoint) otherCRLs
+ .nextElement();
String crlId = crl.getId();
if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
continue;
String updateStatusStr = crl.getCrlUpdateStatusStr();
- Integer updateResult = unrevReq.getExtDataInInteger(updateStatusStr);
+ Integer updateResult = unrevReq
+ .getExtDataInInteger(updateStatusStr);
if (updateResult != null) {
if (!updateResult.equals(IRequest.RES_SUCCESS)) {
String updateErrorStr = crl.getCrlUpdateErrorStr();
- String error =
- unrevReq.getExtDataInString(updateErrorStr);
+ String error = unrevReq
+ .getExtDataInString(updateErrorStr);
if (error != null) {
o_status = "status=3";
- errorString = "error="+error;
+ errorString = "error=" + error;
}
}
String publishStatusStr = crl.getCrlPublishStatusStr();
- Integer publishResult =
- unrevReq.getExtDataInInteger(publishStatusStr);
+ Integer publishResult = unrevReq
+ .getExtDataInInteger(publishStatusStr);
- if (publishResult == null)
+ if (publishResult == null)
continue;
if (!publishResult.equals(IRequest.RES_SUCCESS)) {
- String publishErrorStr =
- crl.getCrlPublishErrorStr();
+ String publishErrorStr = crl
+ .getCrlPublishErrorStr();
- String error =
- unrevReq.getExtDataInString(publishErrorStr);
+ String error = unrevReq
+ .getExtDataInString(publishErrorStr);
if (error != null) {
o_status = "status=3";
- errorString = "error="+error;
+ errorString = "error=" + error;
}
}
}
}
- if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
- Integer[] ldapPublishStatus =
- unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
+ if (mPublisherProcessor != null
+ && mPublisherProcessor.ldapEnabled()) {
+ Integer[] ldapPublishStatus = unrevReq
+ .getExtDataInIntegerArray("ldapPublishStatus");
if (ldapPublishStatus != null) {
if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) {
@@ -432,25 +433,21 @@ public class DoUnrevokeTPS extends CMSServlet {
errorString = "error=Problem in publishing to LDAP";
}
}
- } else if (mPublisherProcessor == null || (! mPublisherProcessor.ldapEnabled())) {
+ } else if (mPublisherProcessor == null
+ || (!mPublisherProcessor.ldapEnabled())) {
o_status = "status=3";
errorString = "error=LDAP Publisher not enabled";
}
} else if (status == RequestStatus.PENDING) {
o_status = "status=2";
- errorString = "error="+status.toString();
+ errorString = "error=" + status.toString();
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- "pending",
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] { unrevReq.getRequestId(), initiative,
+ "pending", certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) });
}
} else {
o_status = "status=2";
@@ -458,15 +455,10 @@ public class DoUnrevokeTPS extends CMSServlet {
if (certs[0] != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOUNREVOKEFORMAT,
- new Object[] {
- unrevReq.getRequestId(),
- initiative,
- status.toString(),
- certs[0].getSubjectDN(),
- "0x" + serialNumbers[0].toString(16)}
- );
+ AuditFormat.LEVEL, AuditFormat.DOUNREVOKEFORMAT,
+ new Object[] { unrevReq.getRequestId(), initiative,
+ status.toString(), certs[0].getSubjectDN(),
+ "0x" + serialNumbers[0].toString(16) });
}
}
@@ -474,18 +466,17 @@ public class DoUnrevokeTPS extends CMSServlet {
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
- || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
- || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
- ) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -495,12 +486,9 @@ public class DoUnrevokeTPS extends CMSServlet {
// store a "CERT_STATUS_CHANGE_REQUEST" failure
// message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType);
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditSerialNumber, auditRequestType);
audit(auditMessage);
} else {
@@ -508,21 +496,18 @@ public class DoUnrevokeTPS extends CMSServlet {
// message in the signed audit log file
// if and only if "auditApprovalStatus" is
// "complete", "revoked", or "canceled"
- if ((auditApprovalStatus.equals(
- RequestStatus.COMPLETE_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.REJECTED_STRING)) ||
- (auditApprovalStatus.equals(
- RequestStatus.CANCELED_STRING))) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditSerialNumber,
- auditRequestType,
- auditReasonNum,
- auditApprovalStatus);
+ if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.REJECTED_STRING))
+ || (auditApprovalStatus
+ .equals(RequestStatus.CANCELED_STRING))) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditSerialNumber,
+ auditRequestType, auditReasonNum,
+ auditApprovalStatus);
audit(auditMessage);
}
@@ -533,7 +518,7 @@ public class DoUnrevokeTPS extends CMSServlet {
}
private BigInteger[] getSerialNumbers(HttpServletRequest req)
- throws NumberFormatException {
+ throws NumberFormatException {
String serialNumString = req.getParameter("serialNumber");
StringTokenizer snList = new StringTokenizer(serialNumString, " ");
@@ -554,7 +539,7 @@ public class DoUnrevokeTPS extends CMSServlet {
biList.addElement(bi);
} else {
throw new NumberFormatException();
- }
+ }
}
if (biList.size() < 1) {
throw new NumberFormatException();
@@ -570,11 +555,11 @@ public class DoUnrevokeTPS extends CMSServlet {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message RequesterID
*/
@@ -600,11 +585,11 @@ public class DoUnrevokeTPS extends CMSServlet {
/**
* Signed Audit Log Serial Number
- *
+ *
* This method is called to obtain the serial number of the certificate
* whose status is to be changed for a signed audit log message.
* <P>
- *
+ *
* @param eeSerialNumber a string containing the un-normalized serialNumber
* @return id string containing the signed audit log message RequesterID
*/
@@ -622,8 +607,8 @@ public class DoUnrevokeTPS extends CMSServlet {
// convert it to hexadecimal
serialNumber = "0x"
- + Integer.toHexString(
- Integer.valueOf(serialNumber).intValue());
+ + Integer.toHexString(Integer.valueOf(serialNumber)
+ .intValue());
} else {
serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
@@ -631,4 +616,3 @@ public class DoUnrevokeTPS extends CMSServlet {
return serialNumber;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
index b1d89426..0335837d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Locale;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* For Face-to-face enrollment, enable EE enrollment feature
- *
+ *
* @version $Revision$, $Date$
* @see com.netscape.cms.servlet.cert.DisableEnrollResult
*/
@@ -87,8 +85,7 @@ public class EnableEnrollResult extends CMSServlet {
/**
* Services the request
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -97,8 +94,8 @@ public class EnableEnrollResult extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "enable");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "enable");
} catch (Exception e) {
// do nothing for now
}
@@ -117,9 +114,10 @@ public class EnableEnrollResult extends CMSServlet {
IArgBlock args = cmsReq.getHttpParams();
if (!(mAuthority instanceof IRegistrationAuthority)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -130,10 +128,11 @@ public class EnableEnrollResult extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -149,7 +148,8 @@ public class EnableEnrollResult extends CMSServlet {
header.addStringValue("machineName", machine);
header.addStringValue("port", port);
String val = configStore.getString("hashDirEnrollment.name");
- IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem authSS = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
IAuthManager authMgr = authSS.get(val);
HashAuthentication mgr = (HashAuthentication) authMgr;
@@ -162,7 +162,7 @@ public class EnableEnrollResult extends CMSServlet {
String timeout = args.getValueAsString("timeout", "600");
mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000,
- random.nextLong() + "", 0);
+ random.nextLong() + "", 0);
header.addStringValue("code", "0");
}
@@ -173,10 +173,10 @@ public class EnableEnrollResult extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
index ee64cb94..e58aeb8e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
@@ -77,10 +76,9 @@ import com.netscape.cms.servlet.processors.KeyGenProcessor;
import com.netscape.cms.servlet.processors.PKCS10Processor;
import com.netscape.cms.servlet.processors.PKIProcessor;
-
/**
* Submit a Certificate Enrollment request
- *
+ *
* @version $Revision$, $Date$
*/
public class EnrollServlet extends CMSServlet {
@@ -92,10 +90,9 @@ public class EnrollServlet extends CMSServlet {
public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll";
// enrollment templates.
- public static final String
- ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template";
+ public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template";
- // http params
+ // http params
public static final String OLD_CERT_TYPE = "csrCertType";
public static final String CERT_TYPE = "certType";
// same as in ConfigConstant.java
@@ -118,8 +115,7 @@ public class EnrollServlet extends CMSServlet {
private boolean mAuthTokenOverride = true;
private String mEnrollSuccessTemplate = null;
- private ICMSTemplateFiller
- mEnrollSuccessFiller = new ImportCertsTemplateFiller();
+ private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
ICertificateAuthority mCa = null;
ICertificateRepository mRepository = null;
@@ -127,56 +123,46 @@ public class EnrollServlet extends CMSServlet {
private boolean enforcePop = false;
private String auditServiceID = ILogger.UNIDENTIFIED;
- private final static String ADMIN_CA_ENROLLMENT_SERVLET =
- "caadminEnroll";
- private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET =
- "cabulkissuance";
- private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET =
- "rabulkissuance";
- private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET =
- "cacertbasedenrollment";
- private final static String EE_CA_ENROLLMENT_SERVLET =
- "caenrollment";
- private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET =
- "racertbasedenrollment";
- private final static String EE_RA_ENROLLMENT_SERVLET =
- "raenrollment";
+ private final static String ADMIN_CA_ENROLLMENT_SERVLET = "caadminEnroll";
+ private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET = "cabulkissuance";
+ private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET = "rabulkissuance";
+ private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET = "cacertbasedenrollment";
+ private final static String EE_CA_ENROLLMENT_SERVLET = "caenrollment";
+ private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET = "racertbasedenrollment";
+ private final static String EE_RA_ENROLLMENT_SERVLET = "raenrollment";
private final static byte EOL[] = { Character.LINE_SEPARATOR };
- private final static String[]
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-
- /* 0 */ "automated non-profile cert request rejection: "
- + "unable to render OLD_CERT_TYPE response",
-
- /* 1 */ "automated non-profile cert request rejection: "
- + "unable to complete handleEnrollAuditLog() method",
-
- /* 2 */ "automated non-profile cert request rejection: "
- + "unable to render success template",
-
- /* 3 */ "automated non-profile cert request rejection: "
- + "indeterminate reason for inability to process "
- + "cert request due to an EBaseException"
- };
- private final static String
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
- "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
+ private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+ /* 0 */"automated non-profile cert request rejection: "
+ + "unable to render OLD_CERT_TYPE response",
+
+ /* 1 */"automated non-profile cert request rejection: "
+ + "unable to complete handleEnrollAuditLog() method",
+
+ /* 2 */"automated non-profile cert request rejection: "
+ + "unable to render success template",
+
+ /* 3 */"automated non-profile cert request rejection: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to an EBaseException" };
+ private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+
private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-
+
public EnrollServlet() {
super();
}
/**
- * initialize the servlet.<p>
- * the following parameters are read from the servlet config:
- * <ul><li>CMSServlet.PROP_ID - ID for signed audit log messages
- * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file
+ * initialize the servlet.
+ * <p>
+ * the following parameters are read from the servlet config:
+ * <ul>
+ * <li>CMSServlet.PROP_ID - ID for signed audit log messages
+ * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -187,8 +173,8 @@ public class EnrollServlet extends CMSServlet {
try {
IConfigStore configStore = CMS.getConfigStore();
- String PKI_Subsystem = configStore.getString( "subsystem.0.id",
- null );
+ String PKI_Subsystem = configStore.getString("subsystem.0.id",
+ null);
// CMS 6.1 began utilizing the "Certificate Profiles" framework
// instead of the legacy "Certificate Policies" framework.
@@ -199,51 +185,49 @@ public class EnrollServlet extends CMSServlet {
// framework would be deprecated and disabled by default
// (see Bugzilla Bug #472597).
//
- // NOTE: The "Certificate Policies" framework ONLY applied to
- // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
+ // NOTE: The "Certificate Policies" framework ONLY applied to
+ // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
//
- // Further, the "EnrollServlet.java" servlet is ONLY
- // used by the CA for the following:
+ // Further, the "EnrollServlet.java" servlet is ONLY
+ // used by the CA for the following:
//
- // SERVLET-NAME URL-PATTERN
- // ====================================================
- // caadminEnroll ca/admin/ca/adminEnroll.html
- // cabulkissuance ca/agent/ca/bulkissuance.html
- // cacertbasedenrollment ca/certbasedenrollment.html
- // caenrollment ca/enrollment.html
+ // SERVLET-NAME URL-PATTERN
+ // ====================================================
+ // caadminEnroll ca/admin/ca/adminEnroll.html
+ // cabulkissuance ca/agent/ca/bulkissuance.html
+ // cacertbasedenrollment ca/certbasedenrollment.html
+ // caenrollment ca/enrollment.html
//
- // The "EnrollServlet.java" servlet is NOT used by
- // the KRA.
+ // The "EnrollServlet.java" servlet is NOT used by
+ // the KRA.
//
- if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ) {
+ if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) {
String policyStatus = PKI_Subsystem.trim().toLowerCase()
- + "." + "Policy"
- + "." + IPolicyProcessor.PROP_ENABLE;
-
- if( configStore.getBoolean( policyStatus, true ) == true ) {
- // NOTE: If "<subsystem>.Policy.enable=<boolean>"
- // is missing, then the referenced instance
- // existed prior to this name=value pair
- // existing in its 'CS.cfg' file, and thus
- // we err on the side that the user may
- // still need to use the policy framework.
- CMS.debug( "EnrollServlet::init Certificate "
- + "Policy Framework (deprecated) "
- + "is ENABLED" );
+ + "." + "Policy" + "."
+ + IPolicyProcessor.PROP_ENABLE;
+
+ if (configStore.getBoolean(policyStatus, true) == true) {
+ // NOTE: If "<subsystem>.Policy.enable=<boolean>"
+ // is missing, then the referenced instance
+ // existed prior to this name=value pair
+ // existing in its 'CS.cfg' file, and thus
+ // we err on the side that the user may
+ // still need to use the policy framework.
+ CMS.debug("EnrollServlet::init Certificate "
+ + "Policy Framework (deprecated) "
+ + "is ENABLED");
} else {
- // CS 8.1 Default: <subsystem>.Policy.enable=false
- CMS.debug( "EnrollServlet::init Certificate "
- + "Policy Framework (deprecated) "
- + "is DISABLED" );
+ // CS 8.1 Default: <subsystem>.Policy.enable=false
+ CMS.debug("EnrollServlet::init Certificate "
+ + "Policy Framework (deprecated) "
+ + "is DISABLED");
return;
}
}
- } catch( EBaseException e ) {
- throw new ServletException( "EnrollServlet::init - "
- + "EBaseException: "
- + "Unable to initialize "
- + "Certificate Policy Framework "
- + "(deprecated)" );
+ } catch (EBaseException e) {
+ throw new ServletException("EnrollServlet::init - "
+ + "EBaseException: " + "Unable to initialize "
+ + "Certificate Policy Framework " + "(deprecated)");
}
// override success template to allow direct import of keygen certs.
@@ -254,37 +238,36 @@ public class EnrollServlet extends CMSServlet {
String id = sc.getInitParameter(CMSServlet.PROP_ID);
if (id != null) {
- if (!(auditServiceID.equals(
- ADMIN_CA_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- AGENT_CA_BULK_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- AGENT_RA_BULK_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- EE_CA_CERT_BASED_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- EE_CA_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- EE_RA_CERT_BASED_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- EE_RA_ENROLLMENT_SERVLET))) {
+ if (!(auditServiceID.equals(ADMIN_CA_ENROLLMENT_SERVLET))
+ && !(auditServiceID
+ .equals(AGENT_CA_BULK_ENROLLMENT_SERVLET))
+ && !(auditServiceID
+ .equals(AGENT_RA_BULK_ENROLLMENT_SERVLET))
+ && !(auditServiceID
+ .equals(EE_CA_CERT_BASED_ENROLLMENT_SERVLET))
+ && !(auditServiceID
+ .equals(EE_CA_ENROLLMENT_SERVLET))
+ && !(auditServiceID
+ .equals(EE_RA_CERT_BASED_ENROLLMENT_SERVLET))
+ && !(auditServiceID
+ .equals(EE_RA_ENROLLMENT_SERVLET))) {
auditServiceID = ILogger.UNIDENTIFIED;
} else {
auditServiceID = id.trim();
}
}
- mEnrollSuccessTemplate = sc.getInitParameter(
- CMSServlet.PROP_SUCCESS_TEMPLATE);
+ mEnrollSuccessTemplate = sc
+ .getInitParameter(CMSServlet.PROP_SUCCESS_TEMPLATE);
if (mEnrollSuccessTemplate == null)
mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE;
- String fillername = sc.getInitParameter(
- PROP_SUCCESS_TEMPLATE_FILLER);
+ String fillername = sc
+ .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
if (fillername != null) {
ICMSTemplateFiller filler = newFillerObject(fillername);
- if (filler != null)
+ if (filler != null)
mEnrollSuccessFiller = filler;
}
@@ -293,10 +276,10 @@ public class EnrollServlet extends CMSServlet {
init_testbed_hack(mConfig);
} catch (Exception e) {
- // this should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR",
- e.toString(), mId));
+ // this should never happen.
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR",
+ e.toString(), mId));
}
} catch (ServletException eAudit1) {
// rethrow caught exception
@@ -304,64 +287,61 @@ public class EnrollServlet extends CMSServlet {
}
}
-
- /**
- * XXX (SHOULD CHANGE TO READ FROM Servletconfig)
- * Getter method to see if Proof of Posession checking is enabled.
- * this value is set in the CMS.cfg filem with the parameter
- * "enrollment.enforcePop". It defaults to false
- * @return true if user is required to Prove that they possess the
- * private key corresponding to the public key in the certificate
- * request they are submitting
- */
+ /**
+ * XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if
+ * Proof of Posession checking is enabled. this value is set in the CMS.cfg
+ * filem with the parameter "enrollment.enforcePop". It defaults to false
+ *
+ * @return true if user is required to Prove that they possess the private
+ * key corresponding to the public key in the certificate request
+ * they are submitting
+ */
public boolean getEnforcePop() {
return enforcePop;
}
/**
- * Process the HTTP request.
- * <UL><LI>If the request is coming through the admin port, it is only
- * allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file
- * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is
- * renamed with more information about the current request ID
- * <LI>The request is preprocessed, then processed further in one
- * of the cert request processor classes: KeyGenProcessor, PKCS10Processor,
- * CMCProcessor, CRMFProcessor
- * </UL>
- *
+ * Process the HTTP request.
+ * <UL>
+ * <LI>If the request is coming through the admin port, it is only allowed
+ * to continue if 'admin enrollment' is enabled in the CMS.cfg file
+ * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread
+ * is renamed with more information about the current request ID
+ * <LI>The request is preprocessed, then processed further in one of the
+ * cert request processor classes: KeyGenProcessor, PKCS10Processor,
+ * CMCProcessor, CRMFProcessor
+ * </UL>
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
// SPECIAL CASE:
// if it is adminEnroll servlet,check if it's enabled
- if (mId.equals(ADMIN_ENROLL_SERVLET_ID) &&
- !CMSGateway.getEnableAdminEnroll()) {
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup."));
+ if (mId.equals(ADMIN_ENROLL_SERVLET_ID)
+ && !CMSGateway.getEnableAdminEnroll()) {
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP"));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REDIRECTING_ADMINENROLL_ERROR",
+ "Attempt to access adminEnroll after already setup."));
}
- processX509(cmsReq);
+ processX509(cmsReq);
}
private boolean getCertAuthEnrollStatus(IArgBlock httpParams) {
/*
- * === certAuth based enroll ===
- * "certAuthEnroll" is on.
- * "certauthEnrollType can be one of the three:
- * single - it's for single cert enrollment
- * dual - it's for dual certs enrollment
- * encryption - getting the encryption cert only via
- * authentication of the signing cert
- * (crmf or keyGenInfo)
+ * === certAuth based enroll === "certAuthEnroll" is on.
+ * "certauthEnrollType can be one of the three: single - it's for single
+ * cert enrollment dual - it's for dual certs enrollment encryption -
+ * getting the encryption cert only via authentication of the signing
+ * cert (crmf or keyGenInfo)
*/
boolean certAuthEnroll = false;
- String certAuthEnrollOn =
- httpParams.getValueAsString("certauthEnroll", null);
+ String certAuthEnrollOn = httpParams.getValueAsString("certauthEnroll",
+ null);
if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
certAuthEnroll = true;
@@ -372,14 +352,14 @@ public class EnrollServlet extends CMSServlet {
}
- private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll)
- throws EBaseException {
+ private String getCertAuthEnrollType(IArgBlock httpParams,
+ boolean certAuthEnroll) throws EBaseException {
String certauthEnrollType = null;
if (certAuthEnroll == true) {
- certauthEnrollType =
- httpParams.getValueAsString("certauthEnrollType", null);
+ certauthEnrollType = httpParams.getValueAsString(
+ "certauthEnrollType", null);
if (certauthEnrollType != null) {
if (certauthEnrollType.equals("dual")) {
CMS.debug("EnrollServlet: certauthEnrollType is dual");
@@ -388,54 +368,50 @@ public class EnrollServlet extends CMSServlet {
} else if (certauthEnrollType.equals("single")) {
CMS.debug("EnrollServlet: certauthEnrollType is single");
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1",
+ certauthEnrollType));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
}
} else {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
+ CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
}
}
-
+
return certauthEnrollType;
-
+
}
private boolean checkClientCertSigningOnly(X509Certificate sslClientCert)
- throws EBaseException {
- if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
- false) ||
- ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
- true) &&
- (CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
- true))) {
+ throws EBaseException {
+ if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false)
+ || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS
+ .isEncryptionCert((X509CertImpl) sslClientCert) == true))) {
// either it's not a signing cert, or it's a dual cert
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+ CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
}
return true;
}
-
- private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert,
- ICertificateAuthority mCa, String certBasedOldSubjectDN,
- BigInteger certBasedOldSerialNum)
- throws EBaseException {
-
+
+ private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo,
+ IAuthToken authToken, X509Certificate sslClientCert,
+ ICertificateAuthority mCa, String certBasedOldSubjectDN,
+ BigInteger certBasedOldSerialNum) throws EBaseException {
+
CMS.debug("EnrollServlet: In handleCertAuthDual!");
-
+
if (mCa == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NOT_A_CA"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_A_CA"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_A_CA"));
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NOT_A_CA"));
}
// first, make sure the client cert is indeed a
@@ -457,21 +433,28 @@ public class EnrollServlet extends CMSServlet {
try {
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED",
+ e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED",
+ e.toString()));
}
- String filter =
- "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
- ICertRecordList list =
- (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10);
+ String filter = "(&(x509cert.subject=" + certBasedOldSubjectDN
+ + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum
+ + "))(certStatus=VALID))";
+ ICertRecordList list = (ICertRecordList) mCa.getCertificateRepository()
+ .findCertRecordsInList(filter, null, 10);
int size = list.getSize();
Enumeration en = list.getCertRecords(0, size - 1);
boolean gotEncCert = false;
@@ -484,8 +467,8 @@ public class EnrollServlet extends CMSServlet {
// pairing encryption cert not found
} else {
X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
- X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo,
- encCertInfo};
+ X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
+ encCertInfo };
int i = 1;
boolean encCertFound = false;
@@ -495,9 +478,9 @@ public class EnrollServlet extends CMSServlet {
X509CertImpl cert = record.getCertificate();
// if not encryption cert only, try next one
- if ((CMS.isEncryptionCert(cert) == false) ||
- ((CMS.isEncryptionCert(cert) == true) &&
- (CMS.isSigningCert(cert) == true))) {
+ if ((CMS.isEncryptionCert(cert) == false)
+ || ((CMS.isEncryptionCert(cert) == true) && (CMS
+ .isSigningCert(cert) == true))) {
CMS.debug("EnrollServlet: Not encryption only cert, will try next one.");
continue;
@@ -508,29 +491,33 @@ public class EnrollServlet extends CMSServlet {
encCertFound = true;
try {
- encCertInfo = (X509CertInfo)
- cert.get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ encCertInfo = (X509CertInfo) cert.get(X509CertImpl.NAME
+ + "." + X509CertImpl.INFO);
} catch (CertificateParsingException ex) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTINFO"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTINFO"));
}
try {
- encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
+ encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(
+ key));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED",
+ e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED",
+ e.toString()));
}
CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!");
@@ -545,16 +532,17 @@ public class EnrollServlet extends CMSServlet {
return null;
}
- CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length);
+ CMS.debug("EnrollServlet: returning cInfoArray of length "
+ + cInfoArray.length);
return cInfoArray;
- }
+ }
}
- private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken,
- X509CertInfo certInfo, long startTime)
- throws EBaseException {
- //for audit log
+ private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq,
+ String authMgr, IAuthToken authToken, X509CertInfo certInfo,
+ long startTime) throws EBaseException {
+ // for audit log
String initiative = null;
String agentID = null;
@@ -565,7 +553,7 @@ public class EnrollServlet extends CMSServlet {
} else {
agentID = authToken.getInString("userid");
initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
- }
+ }
// if service not complete return standard templates.
RequestStatus status = req.getRequestStatus();
@@ -575,7 +563,8 @@ public class EnrollServlet extends CMSServlet {
// audit log the status
try {
if (status == RequestStatus.REJECTED) {
- Vector messages = req.getExtDataInStringVector(IRequest.ERRORS);
+ Vector messages = req
+ .getExtDataInStringVector(IRequest.ERRORS);
if (messages != null) {
Enumeration msgs = messages.elements();
@@ -585,55 +574,48 @@ public class EnrollServlet extends CMSServlet {
wholeMsg.append("\n");
wholeMsg.append(msgs.nextElement());
}
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT),
- " violation: " +
- wholeMsg.toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] { req.getRequestId(), initiative,
+ authMgr, status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT),
+ " violation: " + wholeMsg.toString() });
} else { // no policy violation, from agent
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT), ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] { req.getRequestId(), initiative,
+ authMgr, status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT), "" });
}
} else { // other imcomplete status
long endTime = CMS.getCurrentDate().getTime();
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT)
+ + " time: " + (endTime - startTime),
+ "" });
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
}
return false;
}
@@ -644,40 +626,35 @@ public class EnrollServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
- String[] svcErrors =
- req.getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors = req
+ .getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
String err = svcErrors[i];
if (err != null) {
- //System.out.println(
- //"revocation servlet: setting error description "+
- //err.toString());
+ // System.out.println(
+ // "revocation servlet: setting error description "+
+ // err.toString());
cmsReq.setErrorDescription(err);
// audit log the error
try {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed with error: " +
- err,
- certInfo.get(X509CertInfo.SUBJECT), ""
- }
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT, new Object[] {
+ req.getRequestId(), initiative,
+ authMgr,
+ "completed with error: " + err,
+ certInfo.get(X509CertInfo.SUBJECT),
+ "" });
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
e.toString()));
}
@@ -695,29 +672,29 @@ public class EnrollServlet extends CMSServlet {
/**
* Process X509 certificate enrollment request
* <P>
- *
+ *
* (Certificate Request - either an "admin" cert request for an admin
- * certificate, an "agent" cert request for "bulk enrollment", or
- * an "EE" standard cert request)
+ * certificate, an "agent" cert request for "bulk enrollment", or an "EE"
+ * standard cert request)
* <P>
- *
+ *
* (Certificate Request Processed - either an automated "admin" non-profile
- * based CA admin cert acceptance, an automated "admin" non-profile based
- * CA admin cert rejection, an automated "EE" non-profile based cert
- * acceptance, or an automated "EE" non-profile based cert rejection)
+ * based CA admin cert acceptance, an automated "admin" non-profile based CA
+ * admin cert rejection, an automated "EE" non-profile based cert
+ * acceptance, or an automated "EE" non-profile based cert rejection)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a
- * non-profile cert request is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when
+ * a non-profile cert request is made (before approval process)
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
* certificate request has just been through the approval process
* </ul>
+ *
* @param cmsReq a certificate enrollment request
* @exception EBaseException an error has occurred
*/
- protected void processX509(CMSRequest cmsReq)
- throws EBaseException {
+ protected void processX509(CMSRequest cmsReq) throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = ILogger.UNIDENTIFIED;
@@ -735,7 +712,7 @@ public class EnrollServlet extends CMSServlet {
IConfigStore configStore = CMS.getConfigStore();
- /* XXX shouldn't we read this from ServletConfig at init time? */
+ /* XXX shouldn't we read this from ServletConfig at init time? */
enforcePop = configStore.getBoolean("enrollment.enforcePop", false);
CMS.debug("EnrollServlet: enforcePop " + enforcePop);
@@ -745,19 +722,21 @@ public class EnrollServlet extends CMSServlet {
startTime = CMS.getCurrentDate().getTime();
httpParams = cmsReq.getHttpParams();
httpReq = cmsReq.getHttpReq();
- if (mAuthMgr != null) {
+ if (mAuthMgr != null) {
authToken = authenticate(cmsReq);
}
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "submit");
+ mAuthzResourceName, "submit");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
@@ -765,15 +744,12 @@ public class EnrollServlet extends CMSServlet {
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
- // an "agent" cert request for "bulk enrollment", or
- // an "EE" standard cert request)
+ // an "agent" cert request for "bulk enrollment", or
+ // an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
@@ -793,27 +769,23 @@ public class EnrollServlet extends CMSServlet {
}
try {
- if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) {
- String currentName = Thread.currentThread().getName();
-
- Thread.currentThread().setName(currentName
- + "-request-"
- + req.getRequestId().toString()
- + "-"
- + (new Date()).getTime());
+ if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) {
+ String currentName = Thread.currentThread().getName();
+
+ Thread.currentThread().setName(
+ currentName + "-request-"
+ + req.getRequestId().toString() + "-"
+ + (new Date()).getTime());
}
} catch (Exception e) {
}
/*
- * === certAuth based enroll ===
- * "certAuthEnroll" is on.
- * "certauthEnrollType can be one of the three:
- * single - it's for single cert enrollment
- * dual - it's for dual certs enrollment
- * encryption - getting the encryption cert only via
- * authentication of the signing cert
- * (crmf or keyGenInfo)
+ * === certAuth based enroll === "certAuthEnroll" is on.
+ * "certauthEnrollType can be one of the three: single - it's for
+ * single cert enrollment dual - it's for dual certs enrollment
+ * encryption - getting the encryption cert only via authentication
+ * of the signing cert (crmf or keyGenInfo)
*/
boolean certAuthEnroll = false;
String certauthEnrollType = null;
@@ -823,20 +795,17 @@ public class EnrollServlet extends CMSServlet {
try {
if (certAuthEnroll == true) {
certauthEnrollType = getCertAuthEnrollType(httpParams,
- certAuthEnroll);
+ certAuthEnroll);
}
} catch (ECMSGWException e) {
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
- // an "agent" cert request for "bulk enrollment", or
- // an "EE" standard cert request)
+ // an "agent" cert request for "bulk enrollment", or
+ // an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
@@ -846,7 +815,7 @@ public class EnrollServlet extends CMSServlet {
CMS.debug("EnrollServlet: In EnrollServlet.processX509!");
CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll);
CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType);
-
+
String challengePassword = httpParams.getValueAsString(
"challengePassword", "");
@@ -861,96 +830,91 @@ public class EnrollServlet extends CMSServlet {
BigInteger certBasedOldSerialNum = null;
// check if request was authenticated, if so set authtoken &
- // certInfo. also if authenticated, take certInfo from authToken.
+ // certInfo. also if authenticated, take certInfo from authToken.
certInfo = null;
if (certAuthEnroll == true) {
sslClientCert = getSSLClientCertificate(httpReq);
if (sslClientCert == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
+ CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
- // an "agent" cert request for "bulk enrollment", or
- // an "EE" standard cert request)
+ // an "agent" cert request for "bulk enrollment", or
+ // an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
+ CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
}
- certBasedOldSubjectDN = (String)
- sslClientCert.getSubjectDN().toString();
- certBasedOldSerialNum = (BigInteger)
- sslClientCert.getSerialNumber();
+ certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN()
+ .toString();
+ certBasedOldSerialNum = (BigInteger) sslClientCert
+ .getSerialNumber();
- CMS.debug("EnrollServlet: certBasedOldSubjectDN " + certBasedOldSubjectDN);
- CMS.debug("EnrollServlet: certBasedOldSerialNum " + certBasedOldSerialNum);
+ CMS.debug("EnrollServlet: certBasedOldSubjectDN "
+ + certBasedOldSubjectDN);
+ CMS.debug("EnrollServlet: certBasedOldSerialNum "
+ + certBasedOldSerialNum);
// if the cert subject name is NOT MISSING, retrieve the
// actual "auditCertificateSubjectName" and "normalize" it
if (certBasedOldSubjectDN != null) {
- // NOTE: This is ok even if the cert subject name
- // is "" (empty)!
+ // NOTE: This is ok even if the cert subject name
+ // is "" (empty)!
auditCertificateSubjectName = certBasedOldSubjectDN.trim();
}
try {
- certInfo = (X509CertInfo)
- ((X509CertImpl) sslClientCert).get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert)
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
} catch (CertificateParsingException ex) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTINFO"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTINFO"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
- // an "agent" cert request for "bulk enrollment", or
- // an "EE" standard cert request)
+ // an "agent" cert request for "bulk enrollment", or
+ // an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
- throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+ throw new ECMSGWException(CMS.getUserMessage(
+ getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
}
} else {
CMS.debug("EnrollServlet: No CertAuthEnroll.");
certInfo = CMS.getDefaultX509CertInfo();
}
- X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo};
+ X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
X509CertInfo authCertInfo = null;
String authMgr = AuditFormat.NOAUTH;
// if authentication
if (authToken != null) {
- authMgr =
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
- // don't store agent token in request.
- // agent currently used for bulk issuance.
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ // don't store agent token in request.
+ // agent currently used for bulk issuance.
// if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
- log(ILogger.LL_INFO,
- "Enrollment request was authenticated by " +
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
+ log(ILogger.LL_INFO,
+ "Enrollment request was authenticated by "
+ + authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
- PKIProcessor.fillCertInfoFromAuthToken(certInfo,
- authToken);
+ PKIProcessor.fillCertInfoFromAuthToken(certInfo, authToken);
// save authtoken attrs to request directly
// (for policy use)
saveAuthToken(authToken, req);
@@ -962,24 +926,21 @@ public class EnrollServlet extends CMSServlet {
if (certAuthEnroll == true) {
// log(ILogger.LL_DEBUG,
- // "just gotten subjectDN and serialNumber " +
- // "from ssl client cert");
+ // "just gotten subjectDN and serialNumber " +
+ // "from ssl client cert");
if (authToken == null) {
// authToken is null, can't match to anyone; bail!
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
- // an "agent" cert request for "bulk enrollment", or
- // an "EE" standard cert request)
+ // an "agent" cert request for "bulk enrollment", or
+ // an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
@@ -1025,40 +986,40 @@ public class EnrollServlet extends CMSServlet {
// ok, if the above fails, it could
// be a PKCS10 with header
pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST,
- false, null);
+ false, null);
// e.printStackTrace();
}
}
- //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
+ // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
} else {
try {
// coming from server cut & paste blob.
- pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST,
- false, null);
+ pkcs10 = httpParams.getValueAsPKCS10(PKCS10_REQUEST, false,
+ null);
} catch (Exception ex) {
ex.printStackTrace();
}
}
-
+
String cmc = null;
- String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null);
-
- if(asciiBASE64Blob!=null)
- {
- int startIndex = asciiBASE64Blob.indexOf(HEADER);
- int endIndex = asciiBASE64Blob.indexOf(TRAILER);
- if (startIndex!= -1 && endIndex!=-1) {
- startIndex = startIndex + HEADER.length();
- cmc=asciiBASE64Blob.substring(startIndex, endIndex);
- }else
- cmc = asciiBASE64Blob;
- CMS.debug("EnrollServlet: cmc " + cmc);
+ String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST,
+ null);
+
+ if (asciiBASE64Blob != null) {
+ int startIndex = asciiBASE64Blob.indexOf(HEADER);
+ int endIndex = asciiBASE64Blob.indexOf(TRAILER);
+ if (startIndex != -1 && endIndex != -1) {
+ startIndex = startIndex + HEADER.length();
+ cmc = asciiBASE64Blob.substring(startIndex, endIndex);
+ } else
+ cmc = asciiBASE64Blob;
+ CMS.debug("EnrollServlet: cmc " + cmc);
}
-
+
String crmf = httpParams.getValueAsString(CRMF_REQUEST, null);
-
+
CMS.debug("EnrollServlet: crmf " + crmf);
if (certAuthEnroll == true) {
@@ -1068,27 +1029,24 @@ public class EnrollServlet extends CMSServlet {
// for dual certs
if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
- CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL");
+ CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL");
boolean gotEncCert = false;
X509CertInfo[] cInfoArray = null;
try {
cInfoArray = handleCertAuthDual(certInfo, authToken,
- sslClientCert, mCa,
- certBasedOldSubjectDN,
- certBasedOldSerialNum);
+ sslClientCert, mCa, certBasedOldSubjectDN,
+ certBasedOldSerialNum);
} catch (ECMSGWException e) {
// store a message in the signed audit log file
// (either an "admin" cert request for an admin
- // certificate, an "agent" cert request for
- // "bulk enrollment", or an "EE" standard cert request)
+ // certificate, an "agent" cert request for
+ // "bulk enrollment", or an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditServiceID,
+ auditCertificateSubjectName);
audit(auditMessage);
@@ -1096,7 +1054,8 @@ public class EnrollServlet extends CMSServlet {
}
if (cInfoArray != null && cInfoArray.length != 0) {
- CMS.debug("EnrollServlet: cInfoArray Length " + cInfoArray.length);
+ CMS.debug("EnrollServlet: cInfoArray Length "
+ + cInfoArray.length);
certInfoArray = cInfoArray;
gotEncCert = true;
@@ -1105,25 +1064,22 @@ public class EnrollServlet extends CMSServlet {
if (gotEncCert == false) {
// encryption cert not found, bail
log(ILogger.LL_FAILURE,
- CMS.getLogMessage(
- "CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
+ CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin
- // certificate, an "agent" cert request for
- // "bulk enrollment", or an "EE" standard cert request)
+ // certificate, an "agent" cert request for
+ // "bulk enrollment", or an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditServiceID,
+ auditCertificateSubjectName);
audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
+ CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
}
} else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
@@ -1137,15 +1093,13 @@ public class EnrollServlet extends CMSServlet {
} catch (ECMSGWException e) {
// store a message in the signed audit log file
// (either an "admin" cert request for an admin
- // certificate, an "agent" cert request for
- // "bulk enrollment", or an "EE" standard cert request)
+ // certificate, an "agent" cert request for
+ // "bulk enrollment", or an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditServiceID,
+ auditCertificateSubjectName);
audit(auditMessage);
@@ -1156,49 +1110,47 @@ public class EnrollServlet extends CMSServlet {
* either crmf or keyGenInfo
*/
if (keyGenInfo != null) {
- KeyGenProcessor keyGenProc = new KeyGenProcessor(cmsReq,
- this);
+ KeyGenProcessor keyGenProc = new KeyGenProcessor(
+ cmsReq, this);
- keyGenProc.fillCertInfo(null, certInfo,
- authToken, httpParams);
+ keyGenProc.fillCertInfo(null, certInfo, authToken,
+ httpParams);
- req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
- CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
- sslClientCert.getIssuerDN().toString());
+ req.setExtData(CLIENT_ISSUER, sslClientCert
+ .getIssuerDN().toString());
+ CMS.debug("EnrollServlet: sslClientCert issuerDN = "
+ + sslClientCert.getIssuerDN().toString());
} else if (crmf != null && crmf != "") {
- CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop);
+ CRMFProcessor crmfProc = new CRMFProcessor(cmsReq,
+ this, enforcePop);
certInfoArray = crmfProc.fillCertInfoArray(crmf,
- authToken,
- httpParams,
- req);
-
- req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
- CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
- sslClientCert.getIssuerDN().toString());
+ authToken, httpParams, req);
+
+ req.setExtData(CLIENT_ISSUER, sslClientCert
+ .getIssuerDN().toString());
+ CMS.debug("EnrollServlet: sslClientCert issuerDN = "
+ + sslClientCert.getIssuerDN().toString());
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ")
+ + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin
- // certificate, an "agent" cert request for
- // "bulk enrollment", or an "EE" standard cert request)
+ // certificate, an "agent" cert request for
+ // "bulk enrollment", or an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditServiceID,
+ auditCertificateSubjectName);
audit(auditMessage);
- throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
+ throw new ECMSGWException(CMS.getUserMessage(
+ getLocale(httpReq),
+ "CMS_GW_MISSING_KEYGEN_INFO"));
}
} else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
@@ -1206,55 +1158,52 @@ public class EnrollServlet extends CMSServlet {
// have to be buried here to handle the issuer
if (keyGenInfo != null) {
- KeyGenProcessor keyGenProc = new KeyGenProcessor(cmsReq,
- this);
+ KeyGenProcessor keyGenProc = new KeyGenProcessor(
+ cmsReq, this);
- keyGenProc.fillCertInfo(null, certInfo,
- authToken, httpParams);
+ keyGenProc.fillCertInfo(null, certInfo, authToken,
+ httpParams);
} else if (pkcs10 != null) {
- PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq,
- this);
+ PKCS10Processor pkcs10Proc = new PKCS10Processor(
+ cmsReq, this);
- pkcs10Proc.fillCertInfo(pkcs10, certInfo,
- authToken, httpParams);
+ pkcs10Proc.fillCertInfo(pkcs10, certInfo, authToken,
+ httpParams);
} else if (cmc != null && cmc != "") {
- CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop);
+ CMCProcessor cmcProc = new CMCProcessor(cmsReq, this,
+ enforcePop);
certInfoArray = cmcProc.fillCertInfoArray(cmc,
- authToken,
- httpParams,
- req);
+ authToken, httpParams, req);
} else if (crmf != null && crmf != "") {
- CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop);
+ CRMFProcessor crmfProc = new CRMFProcessor(cmsReq,
+ this, enforcePop);
certInfoArray = crmfProc.fillCertInfoArray(crmf,
- authToken,
- httpParams,
- req);
+ authToken, httpParams, req);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ")
+ + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin
- // certificate, an "agent" cert request for
- // "bulk enrollment", or an "EE" standard cert request)
+ // certificate, an "agent" cert request for
+ // "bulk enrollment", or an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditServiceID,
+ auditCertificateSubjectName);
audit(auditMessage);
- throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
+ throw new ECMSGWException(CMS.getUserMessage(
+ getLocale(httpReq),
+ "CMS_GW_MISSING_KEYGEN_INFO"));
}
- req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
+ req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN()
+ .toString());
}
} else if (keyGenInfo != null) {
@@ -1267,63 +1216,63 @@ public class EnrollServlet extends CMSServlet {
CMS.debug("EnrollServlet: Trying PKCS10 with no cert auth.");
PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq, this);
- pkcs10Proc.fillCertInfo(pkcs10, certInfo, authToken, httpParams);
+ pkcs10Proc
+ .fillCertInfo(pkcs10, certInfo, authToken, httpParams);
} else if (cmc != null) {
CMS.debug("EnrollServlet: Trying CMC with no cert auth.");
- CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop);
+ CMCProcessor cmcProc = new CMCProcessor(cmsReq, this,
+ enforcePop);
certInfoArray = cmcProc.fillCertInfoArray(cmc, authToken,
- httpParams, req);
+ httpParams, req);
} else if (crmf != null && crmf != "") {
CMS.debug("EnrollServlet: Trying CRMF with no cert auth.");
- CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop);
+ CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this,
+ enforcePop);
certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken,
- httpParams, req);
+ httpParams, req);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ")
+ + CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
- // an "agent" cert request for "bulk enrollment", or
- // an "EE" standard cert request)
+ // an "agent" cert request for "bulk enrollment", or
+ // an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
- throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
+ throw new ECMSGWException(CMS.getUserMessage(
+ getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
}
-
// if ca, fill in default signing alg here
-
+
try {
- ICertificateAuthority caSub =
- (ICertificateAuthority) CMS.getSubsystem("ca");
- if (certInfoArray != null && caSub != null) {
- for (int ix = 0; ix < certInfoArray.length; ix++) {
- X509CertInfo ci = (X509CertInfo)certInfoArray[ix];
- String defaultSig = caSub.getDefaultAlgorithm();
- AlgorithmId algid = AlgorithmId.get(defaultSig);
- ci.set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(algid));
+ ICertificateAuthority caSub = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
+ if (certInfoArray != null && caSub != null) {
+ for (int ix = 0; ix < certInfoArray.length; ix++) {
+ X509CertInfo ci = (X509CertInfo) certInfoArray[ix];
+ String defaultSig = caSub.getDefaultAlgorithm();
+ AlgorithmId algid = AlgorithmId.get(defaultSig);
+ ci.set(X509CertInfo.ALGORITHM_ID,
+ new CertificateAlgorithmId(algid));
+ }
}
- }
} catch (Exception e) {
- CMS.debug("Failed to set signing alg to certinfo " + e.toString());
+ CMS.debug("Failed to set signing alg to certinfo "
+ + e.toString());
}
req.setExtData(IRequest.CERT_INFO, certInfoArray);
-
if (challengePassword != null && !challengePassword.equals("")) {
String pwd = hashPassword(challengePassword);
@@ -1332,30 +1281,24 @@ public class EnrollServlet extends CMSServlet {
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
- // an "agent" cert request for "bulk enrollment", or
- // an "EE" standard cert request)
+ // an "agent" cert request for "bulk enrollment", or
+ // an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
// (either an "admin" cert request for an admin certificate,
- // an "agent" cert request for "bulk enrollment", or
- // an "EE" standard cert request)
+ // an "agent" cert request for "bulk enrollment", or
+ // an "EE" standard cert request)
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
@@ -1367,9 +1310,9 @@ public class EnrollServlet extends CMSServlet {
// ensure that any low-level exceptions are reported
// to the signed audit log and stored as failures
try {
- // send request to request queue.
+ // send request to request queue.
mRequestQueue.processRequest(req);
- // process result.
+ // process result.
// render OLD_CERT_TYPE's response differently, we
// do not want any javascript in HTML, and need to
@@ -1379,20 +1322,18 @@ public class EnrollServlet extends CMSServlet {
renderServerEnrollResult(cmsReq);
cmsReq.setStatus(CMSRequest.SUCCESS); // no default render
- issuedCerts =
- cmsReq.getIRequest().getExtDataInCertArray(
- IRequest.ISSUED_CERTS);
+ issuedCerts = cmsReq.getIRequest().getExtDataInCertArray(
+ IRequest.ISSUED_CERTS);
for (int i = 0; i < issuedCerts.length; i++) {
// (automated "agent" cert request processed
- // - "accepted")
+ // - "accepted")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue(issuedCerts[i]));
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue(issuedCerts[i]));
audit(auditMessage);
}
@@ -1401,12 +1342,10 @@ public class EnrollServlet extends CMSServlet {
// (automated "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION,
+ SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]);
audit(auditMessage);
}
@@ -1414,19 +1353,16 @@ public class EnrollServlet extends CMSServlet {
return;
}
- boolean completed = handleEnrollAuditLog(req, cmsReq,
- mAuthMgr, authToken,
- certInfo, startTime);
+ boolean completed = handleEnrollAuditLog(req, cmsReq, mAuthMgr,
+ authToken, certInfo, startTime);
if (completed == false) {
// (automated "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[1]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION,
+ SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[1]);
audit(auditMessage);
@@ -1451,38 +1387,34 @@ public class EnrollServlet extends CMSServlet {
// audit log the success.
long endTime = CMS.getCurrentDate().getTime();
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[]
- { req.getRequestId(),
- initiative,
- mAuthMgr,
- "completed",
- issuedCerts[0].getSubjectDN(),
- "cert issued serial number: 0x" +
- issuedCerts[0].getSerialNumber().toString(16) +
- " time: " +
- (endTime - startTime) }
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ mAuthMgr,
+ "completed",
+ issuedCerts[0].getSubjectDN(),
+ "cert issued serial number: 0x"
+ + issuedCerts[0].getSerialNumber()
+ .toString(16) + " time: "
+ + (endTime - startTime) });
// handle initial admin enrollment if in adminEnroll mode.
checkAdminEnroll(cmsReq, issuedCerts);
// return cert as mime type binary if requested.
- if (checkImportCertToNav(cmsReq.getHttpResp(),
- httpParams, issuedCerts[0])) {
+ if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams,
+ issuedCerts[0])) {
cmsReq.setStatus(CMSRequest.SUCCESS);
for (int i = 0; i < issuedCerts.length; i++) {
// (automated "agent" cert request processed - "accepted")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue(issuedCerts[i]));
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue(issuedCerts[i]));
audit(auditMessage);
}
@@ -1492,53 +1424,46 @@ public class EnrollServlet extends CMSServlet {
// use success template.
try {
- cmsReq.setResult(issuedCerts);
- renderTemplate(cmsReq, mEnrollSuccessTemplate,
- mEnrollSuccessFiller);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ cmsReq.setResult(issuedCerts);
+ renderTemplate(cmsReq, mEnrollSuccessTemplate,
+ mEnrollSuccessFiller);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
for (int i = 0; i < issuedCerts.length; i++) {
// (automated "agent" cert request processed - "accepted")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue(issuedCerts[i]));
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue(issuedCerts[i]));
audit(auditMessage);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_TEMP_REND_ERR",
- mEnrollSuccessFiller.toString(),
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(),
e.toString()));
// (automated "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[2]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION,
+ SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[2]);
audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
+ CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
// (automated "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[3]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION,
+ SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[3]);
audit(auditMessage);
@@ -1549,20 +1474,21 @@ public class EnrollServlet extends CMSServlet {
}
/**
- * check if this is first enroll from admin enroll.
- * If so disable admin enroll from here on.
+ * check if this is first enroll from admin enroll. If so disable admin
+ * enroll from here on.
*/
- protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
- throws EBaseException {
+ protected void checkAdminEnroll(CMSRequest cmsReq,
+ X509CertImpl[] issuedCerts) throws EBaseException {
// this is special case, get the admin certificate
- if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
+ if (mAuthMgr != null
+ && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
addAdminAgent(cmsReq, issuedCerts);
CMSGateway.disableAdminEnroll();
}
}
- protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
- throws EBaseException {
+ protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
+ throws EBaseException {
String userid = cmsReq.getHttpParams().getValueAsString("uid");
IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
@@ -1572,14 +1498,12 @@ public class EnrollServlet extends CMSServlet {
try {
ug.addUserCert(adminuser);
} catch (netscape.ldap.LDAPException e) {
- CMS.debug(
- "EnrollServlet: Cannot add admin's certificate to its entry in the " +
- "user group database. Error " + e);
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
+ CMS.debug("EnrollServlet: Cannot add admin's certificate to its entry in the "
+ + "user group database. Error " + e);
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
}
- IGroup agentGroup =
- ug.getGroupFromName(CA_AGENT_GROUP);
+ IGroup agentGroup = ug.getGroupFromName(CA_AGENT_GROUP);
if (agentGroup != null) {
// add user to the group if necessary
@@ -1587,23 +1511,22 @@ public class EnrollServlet extends CMSServlet {
agentGroup.addMemberName(userid);
ug.modifyGroup(agentGroup);
mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] {userid, userid, CA_AGENT_GROUP}
- );
+ AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+ new Object[] { userid, userid, CA_AGENT_GROUP });
}
} else {
- String msg = "Cannot add admin to the " +
- CA_AGENT_GROUP +
- " group: Group does not exist.";
+ String msg = "Cannot add admin to the " + CA_AGENT_GROUP
+ + " group: Group does not exist.";
CMS.debug("EnrollServlet: " + msg);
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR"));
}
}
- protected void renderServerEnrollResult(CMSRequest cmsReq) throws
- IOException {
+ protected void renderServerEnrollResult(CMSRequest cmsReq)
+ throws IOException {
HttpServletResponse httpResp = cmsReq.getHttpResp();
httpResp.setContentType("text/html");
@@ -1618,11 +1541,16 @@ public class EnrollServlet extends CMSServlet {
out.println("</TITLE>");
// out.println("<BODY BGCOLOR=white>");
- if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) {
+ if (cmsReq.getIRequest().getRequestStatus()
+ .equals(RequestStatus.COMPLETE)) {
out.println("<H1>");
out.println("SUCCESS");
out.println("</H1>");
- out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message
+ out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX
+ // -
+ // localize
+ // the
+ // message
out.println("<P>");
out.println("Request Creation Time: ");
out.println(cmsReq.getIRequest().getCreationTime().toString());
@@ -1636,25 +1564,30 @@ public class EnrollServlet extends CMSServlet {
out.println("Certificate: ");
out.println("<P>");
out.println("<PRE>");
- X509CertImpl certs[] =
- cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ X509CertImpl certs[] = cmsReq.getIRequest().getExtDataInCertArray(
+ IRequest.ISSUED_CERTS);
out.println(CMS.getEncodedCert(certs[0]));
out.println("</PRE>");
out.println("<P>");
- out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
- cmsReq.getIRequest().getCreationTime().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_ID=" +
- cmsReq.getIRequest().getRequestId().toString() + ">");
- out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
- CMS.getEncodedCert(certs[0]) + ">");
- } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
+ out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME="
+ + cmsReq.getIRequest().getCreationTime().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS="
+ + cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_ID="
+ + cmsReq.getIRequest().getRequestId().toString() + ">");
+ out.println("<!HTTP_OUTPUT X509_CERTIFICATE="
+ + CMS.getEncodedCert(certs[0]) + ">");
+ } else if (cmsReq.getIRequest().getRequestStatus()
+ .equals(RequestStatus.PENDING)) {
out.println("<H1>");
out.println("PENDING");
out.println("</H1>");
- out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message
+ out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX
+ // -
+ // localize
+ // the
+ // message
out.println("<P>");
out.println("Request Creation Time: ");
out.println(cmsReq.getIRequest().getCreationTime().toString());
@@ -1665,18 +1598,22 @@ public class EnrollServlet extends CMSServlet {
out.println("Request ID: ");
out.println(cmsReq.getIRequest().getRequestId().toString());
out.println("<P>");
- out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
- cmsReq.getIRequest().getCreationTime().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_ID=" +
- cmsReq.getIRequest().getRequestId().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME="
+ + cmsReq.getIRequest().getCreationTime().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS="
+ + cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_ID="
+ + cmsReq.getIRequest().getRequestId().toString() + ">");
} else {
out.println("<H1>");
out.println("ERROR");
out.println("</H1>");
out.println("<!INFO>");
- out.println("Please consult your local administrator for assistance."); // XXX - localize the message
+ out.println("Please consult your local administrator for assistance."); // XXX
+ // -
+ // localize
+ // the
+ // message
out.println("<!/INFO>");
out.println("<P>");
out.println("Request Status: ");
@@ -1685,62 +1622,55 @@ public class EnrollServlet extends CMSServlet {
out.println("Error: ");
out.println(cmsReq.getError()); // XXX - need to parse in Locale
out.println("<P>");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT ERROR=" +
- cmsReq.getError() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS="
+ + cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT ERROR=" + cmsReq.getError() + ">");
}
/**
- // include all the input data
- ArgBlock args = cmsReq.getHttpParams();
- Enumeration ele = args.getElements();
- while (ele.hasMoreElements()) {
- String eleT = (String)ele.nextElement();
- out.println("<!HTTP_INPUT " + eleT + "=" +
- args.get(eleT) + ">");
- }
+ * // include all the input data ArgBlock args = cmsReq.getHttpParams();
+ * Enumeration ele = args.getElements(); while (ele.hasMoreElements()) {
+ * String eleT = (String)ele.nextElement(); out.println("<!HTTP_INPUT "
+ * + eleT + "=" + args.get(eleT) + ">"); }
**/
out.println("</HTML>");
}
- // XXX ALERT !!
- // Remove the following and calls to them when we bundle a cartman
- // later than alpha1.
- // These are here to cover up problem in cartman where the
- // key usage extension always ends up being digital signature only
+ // XXX ALERT !!
+ // Remove the following and calls to them when we bundle a cartman
+ // later than alpha1.
+ // These are here to cover up problem in cartman where the
+ // key usage extension always ends up being digital signature only
// and for rsa-ex ends up having no bits set.
private boolean mIsTestBed = false;
- private void init_testbed_hack(IConfigStore config)
- throws EBaseException {
+ private void init_testbed_hack(IConfigStore config) throws EBaseException {
mIsTestBed = config.getBoolean("isTestBed", true);
}
- private void do_testbed_hack(
- int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams)
- throws EBaseException {
- if (!mIsTestBed)
+ private void do_testbed_hack(int nummsgs, X509CertInfo[] certinfo,
+ IArgBlock httpParams) throws EBaseException {
+ if (!mIsTestBed)
return;
- // get around bug in cartman - bits are off by one byte.
+ // get around bug in cartman - bits are off by one byte.
for (int i = 0; i < certinfo.length; i++) {
try {
X509CertInfo cert = certinfo[i];
- CertificateExtensions exts = (CertificateExtensions)
- cert.get(CertificateExtensions.NAME);
+ CertificateExtensions exts = (CertificateExtensions) cert
+ .get(CertificateExtensions.NAME);
if (exts == null) {
// should not happen.
continue;
}
- KeyUsageExtension ext = (KeyUsageExtension)
- exts.get(KeyUsageExtension.NAME);
+ KeyUsageExtension ext = (KeyUsageExtension) exts
+ .get(KeyUsageExtension.NAME);
- if (ext == null)
- // should not happen
+ if (ext == null)
+ // should not happen
continue;
byte[] value = ext.getExtensionValue();
@@ -1751,33 +1681,30 @@ public class EnrollServlet extends CMSServlet {
newvalue[1] = 0x03;
newvalue[2] = 0x07;
newvalue[3] = value[3];
- // force encryption certs to have digitial signature
+ // force encryption certs to have digitial signature
// set too so smime can find the cert for encryption.
if (value[3] == 0x20) {
/*
- newvalue[3] = 0x3f;
- newvalue[4] = (byte)0x80;
+ * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80;
*/
- if (httpParams.getValueAsBoolean(
- "dual-use-hack", true)) {
+ if (httpParams.getValueAsBoolean("dual-use-hack", true)) {
newvalue[3] = (byte) 0xE0; // same as rsa-dual-use.
}
}
newvalue[4] = 0;
- KeyUsageExtension newext =
- new KeyUsageExtension(Boolean.valueOf(true),
- (Object) newvalue);
+ KeyUsageExtension newext = new KeyUsageExtension(
+ Boolean.valueOf(true), (Object) newvalue);
exts.delete(KeyUsageExtension.NAME);
exts.set(KeyUsageExtension.NAME, newext);
}
} catch (IOException e) {
- // should never happen
+ // should never happen
continue;
} catch (CertificateException e) {
- // should never happen
+ // should never happen
continue;
}
}
@@ -1786,11 +1713,11 @@ public class EnrollServlet extends CMSServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param x509cert an X509CertImpl
* @return cert string containing the certificate
*/
@@ -1843,4 +1770,3 @@ public class EnrollServlet extends CMSServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
index a723cb52..e80b5a7e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
@@ -58,7 +57,6 @@ import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.crypto.CryptoUtil;
-
/**
* Retrieve certificate by serial number.
*
@@ -83,17 +81,17 @@ public class GetBySerial extends CMSServlet {
super();
}
- /**
+ /**
* Initialize the servlet. This servlet uses the template file
- * "ImportCert.template" to import the cert to the users browser,
- * if that is what the user requested
+ * "ImportCert.template" to import the cert to the users browser, if that is
+ * what the user requested
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
try {
- mImportTemplate = sc.getInitParameter(
- PROP_SUCCESS_TEMPLATE);
+ mImportTemplate = sc.getInitParameter(PROP_SUCCESS_TEMPLATE);
mIETemplate = sc.getInitParameter("importCertTemplate");
if (mImportTemplate == null)
mImportTemplate = IMPORT_CERT_TEMPLATE;
@@ -102,11 +100,12 @@ public class GetBySerial extends CMSServlet {
}
mImportTemplateFiller = new ImportCertsTemplateFiller();
- // override success and error templates to null -
+ // override success and error templates to null -
// handle templates locally.
mTemplates.remove(CMSRequest.SUCCESS);
- ICertificateAuthority mCa = (ICertificateAuthority) CMS.getSubsystem("ca");
+ ICertificateAuthority mCa = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
if (mCa == null) {
return;
}
@@ -115,11 +114,11 @@ public class GetBySerial extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param serialNumber serial number of certificate in HEX
+ * <li>http.param serialNumber serial number of certificate in HEX
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -135,14 +134,14 @@ public class GetBySerial extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "import");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "import");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -160,20 +159,22 @@ public class GetBySerial extends CMSServlet {
serialNo = null;
}
if (serial == null || serialNo == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo);
if (certRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1",
+ serialNo.toString(16)));
+ cmsReq.setError(new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_CERT_SERIAL_NOT_FOUND",
+ "0x" + serialNo.toString(16))));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -181,37 +182,41 @@ public class GetBySerial extends CMSServlet {
// if RA, needs requestOwner to match
// first, find the user's group
if (authToken != null) {
- String group = authToken.getInString("group");
-
- if ((group != null) && (group != "")) {
- CMS.debug("GetBySerial process: auth group="+group);
- if (group.equals("Registration Manager Agents")) {
- boolean groupMatched = false;
- // find the cert record's orig. requestor's group
- MetaInfo metai = certRecord.getMetaInfo();
- if (metai != null) {
- String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID);
- RequestId rid = new RequestId(reqId);
- IRequest creq = mReqQ.findRequest(rid);
- if (creq != null) {
- String reqOwner = creq.getRequestOwner();
- if (reqOwner != null) {
- CMS.debug("GetBySerial process: req owner="+reqOwner);
- if (reqOwner.equals(group))
- groupMatched = true;
- }
+ String group = authToken.getInString("group");
+
+ if ((group != null) && (group != "")) {
+ CMS.debug("GetBySerial process: auth group=" + group);
+ if (group.equals("Registration Manager Agents")) {
+ boolean groupMatched = false;
+ // find the cert record's orig. requestor's group
+ MetaInfo metai = certRecord.getMetaInfo();
+ if (metai != null) {
+ String reqId = (String) metai
+ .get(ICertRecord.META_REQUEST_ID);
+ RequestId rid = new RequestId(reqId);
+ IRequest creq = mReqQ.findRequest(rid);
+ if (creq != null) {
+ String reqOwner = creq.getRequestOwner();
+ if (reqOwner != null) {
+ CMS.debug("GetBySerial process: req owner="
+ + reqOwner);
+ if (reqOwner.equals(group))
+ groupMatched = true;
+ }
+ }
+ }
+ if (groupMatched == false) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CERT_SERIAL_NOT_FOUND_1",
+ serialNo.toString(16)));
+ cmsReq.setError(new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_CERT_SERIAL_NOT_FOUND",
+ "0x" + serialNo.toString(16))));
+ cmsReq.setStatus(CMSRequest.ERROR);
+ return;
+ }
}
- }
- if (groupMatched == false) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
- cmsReq.setStatus(CMSRequest.ERROR);
- return;
- }
}
- }
}
X509CertImpl cert = certRecord.getCertificate();
@@ -224,7 +229,8 @@ public class GetBySerial extends CMSServlet {
IArgBlock ctx = CMS.createArgBlock();
Locale[] locale = new Locale[1];
CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
CertificateChain cachain = ca.getCACertChain();
X509Certificate[] cacerts = cachain.getChain();
X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
@@ -235,8 +241,8 @@ public class GetBySerial extends CMSServlet {
}
userChain[0] = cert;
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
+ new byte[0]), userChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
try {
@@ -246,8 +252,9 @@ public class GetBySerial extends CMSServlet {
byte[] p7Bytes = bos.toByteArray();
String p7Str = CMS.BtoA(p7Bytes);
-
- header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str));
+
+ header.addStringValue("pkcs7",
+ CryptoUtil.normalizeCertStr(p7Str));
try {
CMSTemplate form = getTemplate(mIETemplate, req, locale);
ServletOutputStream out = response.getOutputStream();
@@ -256,21 +263,22 @@ public class GetBySerial extends CMSServlet {
form.renderOutput(out, argSet);
return;
} catch (Exception ee) {
- CMS.debug("GetBySerial process: Exception="+ee.toString());
+ CMS.debug("GetBySerial process: Exception=" + ee.toString());
}
- } //browser is IE
-
+ } // browser is IE
+
MetaInfo metai = certRecord.getMetaInfo();
String crmfReqId = null;
if (metai != null) {
crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID);
- if (crmfReqId != null)
+ if (crmfReqId != null)
cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId);
}
- if (crmfReqId == null && checkImportCertToNav(
- cmsReq.getHttpResp(), cmsReq.getHttpParams(), cert)) {
+ if (crmfReqId == null
+ && checkImportCertToNav(cmsReq.getHttpResp(),
+ cmsReq.getHttpParams(), cert)) {
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
}
@@ -283,19 +291,20 @@ public class GetBySerial extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
// XXX follow request in cert record to set certtype, which will
- // import cert only if it's client. For now assume "client" if
+ // import cert only if it's client. For now assume "client" if
// someone clicked to import this cert.
cmsReq.getHttpParams().set("certType", "client");
try {
renderTemplate(cmsReq, mImportTemplate, mImportTemplateFiller);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
-
+
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
index facf501c..fc393b49 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
@@ -15,10 +15,9 @@
// (C) 2007 Red Hat, Inc.
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
- package com.netscape.cms.servlet.cert;
+package com.netscape.cms.servlet.cert;
-
- import java.io.ByteArrayOutputStream;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -49,236 +48,242 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
- /**
- * Retrieve the Certificates comprising the CA Chain for this CA.
- *
- * @version $Revision$, $Date$
- */
- public class GetCAChain extends CMSServlet {
- /**
+/**
+ * Retrieve the Certificates comprising the CA Chain for this CA.
+ *
+ * @version $Revision$, $Date$
+ */
+public class GetCAChain extends CMSServlet {
+ /**
*
*/
- private static final long serialVersionUID = -8189048155415074581L;
- private final static String TPL_FILE = "displayCaCert.template";
- private String mFormPath = null;
-
- public GetCAChain() {
- super();
- }
-
- /**
- * initialize the servlet.
- * @param sc servlet configuration, read from the web.xml file
- */
- public void init(ServletConfig sc) throws ServletException {
- super.init(sc);
-
- // override success to display own output.
- mTemplates.remove(CMSRequest.SUCCESS);
- // coming from ee
- mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
- }
-
- /**
- * Process the HTTP request.
- * <ul>
- * <li>http.param op 'downloadBIN' - return the binary certificate chain
- * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
- * </ul>
- * @param cmsReq the object holding the request and response information
- */
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
- HttpServletRequest httpReq = cmsReq.getHttpReq();
- HttpServletResponse httpResp = cmsReq.getHttpResp();
-
- IAuthToken authToken = authenticate(cmsReq);
-
- // Construct an ArgBlock
- IArgBlock args = cmsReq.getHttpParams();
-
- // Get the operation code
- String op = null;
-
- op = args.getValueAsString("op", null);
- if (op == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"));
- }
-
- cmsReq.setStatus(CMSRequest.SUCCESS);
-
- AuthzToken authzToken = null;
-
- if (op.startsWith("download")) {
- try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "download");
- } catch (EAuthzAccessDenied e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- } catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- }
-
- if (authzToken == null) {
- cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
- return;
- }
-
- downloadChain(op, args, httpReq, httpResp, cmsReq);
- } else if (op.startsWith("display")) {
- try {
- authzToken = mAuthz.authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
- } catch (EAuthzAccessDenied e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- } catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- }
-
- if (authzToken == null) {
- cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
- return;
- }
-
- displayChain(op, args, httpReq, httpResp, cmsReq);
- } else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
- }
- // cmsReq.setResult(null);
- return;
- }
-
- private void downloadChain(String op,
- IArgBlock args,
- HttpServletRequest httpReq,
- HttpServletResponse httpResp,
- CMSRequest cmsReq)
- throws EBaseException {
-
- /* check browser info ? */
-
- /* check if pkcs7 will work for both nav and ie */
-
- byte[] bytes = null;
-
- /*
- * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert.
- * This means that we can only hand out the root CA, and not
- * the whole chain.
- */
-
- if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) {
- X509Certificate[] caCerts =
- ((ICertAuthority) mAuthority).getCACertChain().getChain();
-
- try {
- bytes = caCerts[0].getEncoded();
- } catch (CertificateEncodingException e) {
- cmsReq.setStatus(CMSRequest.ERROR);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR"));
- }
- } else {
- CertificateChain certChain =
- ((ICertAuthority) mAuthority).getCACertChain();
-
- if (certChain == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY"));
- }
-
- try {
- ByteArrayOutputStream encoded = new ByteArrayOutputStream();
-
- certChain.encode(encoded, false);
- bytes = encoded.toByteArray();
- } catch (IOException e) {
- cmsReq.setStatus(CMSRequest.ERROR);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
- }
- }
-
- String mimeType = null;
-
- if (op.equals("downloadBIN")) {
- mimeType = "application/octet-stream";
- } else {
- try {
- mimeType = args.getValueAsString("mimeType");
- } catch (EBaseException e) {
- mimeType = "application/octet-stream";
- }
- }
-
- try {
- if (op.equals("downloadBIN")) {
- // file suffixes changed to comply with RFC 5280
- // requirements for AIA extensions
- if (clientIsMSIE(httpReq)) {
- httpResp.setHeader("Content-disposition",
- "attachment; filename=ca.cer");
- } else {
- httpResp.setHeader("Content-disposition",
- "attachment; filename=ca.p7c");
- }
- }
- httpResp.setContentType(mimeType);
- httpResp.getOutputStream().write(bytes);
- httpResp.setContentLength(bytes.length);
- httpResp.getOutputStream().flush();
- } catch (IOException e) {
- cmsReq.setStatus(CMSRequest.ERROR);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
- }
- }
-
- private void displayChain(String op,
- IArgBlock args,
- HttpServletRequest httpReq,
- HttpServletResponse httpResp,
- CMSRequest cmsReq)
- throws EBaseException {
- String outputString = null;
-
- CertificateChain certChain =
- ((ICertAuthority) mAuthority).getCACertChain();
-
- if (certChain == null) {
- cmsReq.setStatus(CMSRequest.ERROR);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
- }
-
- CMSTemplate form = null;
- Locale[] locale = new Locale[1];
-
- if (mOutputTemplatePath != null)
- mFormPath = mOutputTemplatePath;
+ private static final long serialVersionUID = -8189048155415074581L;
+ private final static String TPL_FILE = "displayCaCert.template";
+ private String mFormPath = null;
+
+ public GetCAChain() {
+ super();
+ }
+
+ /**
+ * initialize the servlet.
+ *
+ * @param sc servlet configuration, read from the web.xml file
+ */
+ public void init(ServletConfig sc) throws ServletException {
+ super.init(sc);
+
+ // override success to display own output.
+ mTemplates.remove(CMSRequest.SUCCESS);
+ // coming from ee
+ mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
+ }
+
+ /**
+ * Process the HTTP request.
+ * <ul>
+ * <li>http.param op 'downloadBIN' - return the binary certificate chain
+ * <li>http.param op 'displayIND' - display pretty-print of certificate
+ * chain components
+ * </ul>
+ *
+ * @param cmsReq the object holding the request and response information
+ */
+ protected void process(CMSRequest cmsReq) throws EBaseException {
+ HttpServletRequest httpReq = cmsReq.getHttpReq();
+ HttpServletResponse httpResp = cmsReq.getHttpResp();
+
+ IAuthToken authToken = authenticate(cmsReq);
+
+ // Construct an ArgBlock
+ IArgBlock args = cmsReq.getHttpParams();
+
+ // Get the operation code
+ String op = null;
+
+ op = args.getValueAsString("op", null);
+ if (op == null) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"));
+ }
+
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+
+ AuthzToken authzToken = null;
+
+ if (op.startsWith("download")) {
+ try {
+ authzToken = authorize(mAclMethod, authToken,
+ mAuthzResourceName, "download");
+ } catch (EAuthzAccessDenied e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
+ }
+
+ if (authzToken == null) {
+ cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+ return;
+ }
+
+ downloadChain(op, args, httpReq, httpResp, cmsReq);
+ } else if (op.startsWith("display")) {
+ try {
+ authzToken = mAuthz.authorize(mAclMethod, authToken,
+ mAuthzResourceName, "read");
+ } catch (EAuthzAccessDenied e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
+ }
+
+ if (authzToken == null) {
+ cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+ return;
+ }
+
+ displayChain(op, args, httpReq, httpResp, cmsReq);
+ } else {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
+ }
+ // cmsReq.setResult(null);
+ return;
+ }
+
+ private void downloadChain(String op, IArgBlock args,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ CMSRequest cmsReq) throws EBaseException {
+
+ /* check browser info ? */
+
+ /* check if pkcs7 will work for both nav and ie */
+
+ byte[] bytes = null;
+
+ /*
+ * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. This
+ * means that we can only hand out the root CA, and not the whole chain.
+ */
+
+ if (clientIsMSIE(httpReq)
+ && (op.equals("download") || op.equals("downloadBIN"))) {
+ X509Certificate[] caCerts = ((ICertAuthority) mAuthority)
+ .getCACertChain().getChain();
+
+ try {
+ bytes = caCerts[0].getEncoded();
+ } catch (CertificateEncodingException e) {
+ cmsReq.setStatus(CMSRequest.ERROR);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR"));
+ }
+ } else {
+ CertificateChain certChain = ((ICertAuthority) mAuthority)
+ .getCACertChain();
+
+ if (certChain == null) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY"));
+ }
+
+ try {
+ ByteArrayOutputStream encoded = new ByteArrayOutputStream();
+
+ certChain.encode(encoded, false);
+ bytes = encoded.toByteArray();
+ } catch (IOException e) {
+ cmsReq.setStatus(CMSRequest.ERROR);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+ }
+ }
+
+ String mimeType = null;
+
+ if (op.equals("downloadBIN")) {
+ mimeType = "application/octet-stream";
+ } else {
+ try {
+ mimeType = args.getValueAsString("mimeType");
+ } catch (EBaseException e) {
+ mimeType = "application/octet-stream";
+ }
+ }
+
+ try {
+ if (op.equals("downloadBIN")) {
+ // file suffixes changed to comply with RFC 5280
+ // requirements for AIA extensions
+ if (clientIsMSIE(httpReq)) {
+ httpResp.setHeader("Content-disposition",
+ "attachment; filename=ca.cer");
+ } else {
+ httpResp.setHeader("Content-disposition",
+ "attachment; filename=ca.p7c");
+ }
+ }
+ httpResp.setContentType(mimeType);
+ httpResp.getOutputStream().write(bytes);
+ httpResp.setContentLength(bytes.length);
+ httpResp.getOutputStream().flush();
+ } catch (IOException e) {
+ cmsReq.setStatus(CMSRequest.ERROR);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1",
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
+ }
+ }
+
+ private void displayChain(String op, IArgBlock args,
+ HttpServletRequest httpReq, HttpServletResponse httpResp,
+ CMSRequest cmsReq) throws EBaseException {
+ String outputString = null;
+
+ CertificateChain certChain = ((ICertAuthority) mAuthority)
+ .getCACertChain();
+
+ if (certChain == null) {
+ cmsReq.setStatus(CMSRequest.ERROR);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
+ }
+
+ CMSTemplate form = null;
+ Locale[] locale = new Locale[1];
+
+ if (mOutputTemplatePath != null)
+ mFormPath = mOutputTemplatePath;
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -306,23 +311,25 @@ import com.netscape.cms.servlet.common.ECMSGWException;
byte[] bytes = null;
try {
- subjectdn =
- certChain.getFirstCertificate().getSubjectDN().toString();
+ subjectdn = certChain.getFirstCertificate().getSubjectDN()
+ .toString();
ByteArrayOutputStream encoded = new ByteArrayOutputStream();
certChain.encode(encoded);
bytes = encoded.toByteArray();
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+ CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
}
String chainBase64 = getBase64(bytes);
header.addStringValue("subjectdn", subjectdn);
header.addStringValue("chainBase64", chainBase64);
- } else {
+ } else {
try {
X509Certificate[] certs = certChain.getChain();
@@ -339,13 +346,13 @@ import com.netscape.cms.servlet.common.ECMSGWException;
String subjectdn = certs[i].getSubjectDN().toString();
String finger = null;
try {
- finger = CMS.getFingerPrints(certs[i]);
+ finger = CMS.getFingerPrints(certs[i]);
} catch (Exception e) {
throw new IOException("Internal Error");
}
- ICertPrettyPrint certDetails =
- CMS.getCertPrettyPrint((X509CertImpl) certs[i]);
+ ICertPrettyPrint certDetails = CMS
+ .getCertPrettyPrint((X509CertImpl) certs[i]);
IArgBlock rarg = CMS.createArgBlock();
@@ -353,14 +360,15 @@ import com.netscape.cms.servlet.common.ECMSGWException;
rarg.addStringValue("subjectdn", subjectdn);
rarg.addStringValue("base64", getBase64(bytes));
rarg.addStringValue("certDetails",
- certDetails.toString(locale[0]));
+ certDetails.toString(locale[0]));
argSet.addRepeatRecord(rarg);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
}
}
@@ -371,10 +379,11 @@ import com.netscape.cms.servlet.common.ECMSGWException;
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
@@ -410,7 +419,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
locale = Locale.getDefault();
} else {
locale = new Locale(UserInfo.getUserLanguage(lang),
- UserInfo.getUserCountry(lang));
+ UserInfo.getUserCountry(lang));
}
return locale;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
index 2bbec482..3b87ed5a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Retrieve CRL for a Certificate Authority
- *
+ *
* @version $Revision$, $Date$
*/
public class GetCRL extends CMSServlet {
@@ -68,6 +66,7 @@ public class GetCRL extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -79,15 +78,13 @@ public class GetCRL extends CMSServlet {
mFormPath = mOutputTemplatePath;
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
- * @see DisplayCRL#process
+ * @see DisplayCRL#process
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -96,14 +93,14 @@ public class GetCRL extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -115,9 +112,10 @@ public class GetCRL extends CMSServlet {
IArgBlock args = cmsReq.getHttpParams();
if (!(mAuthority instanceof ICertificateAuthority)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -125,14 +123,15 @@ public class GetCRL extends CMSServlet {
CMSTemplate form = null;
Locale[] locale = new Locale[1];
-CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
+ CMS.debug("**** mFormPath before getTemplate = " + mFormPath);
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -148,16 +147,18 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
op = args.getValueAsString("op", null);
crlId = args.getValueAsString("crlIssuingPoint", null);
if (op == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
if (crlId == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT"));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_NO_CRL_SELECTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -165,23 +166,25 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
ICRLIssuingPointRecord crlRecord = null;
ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
ICRLIssuingPoint crlIP = null;
- if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId);
+ if (ca != null)
+ crlIP = ca.getCRLIssuingPoint(crlId);
try {
- crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId);
+ crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository()
+ .readCRLIssuingPointRecord(crlId);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND")));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_CRL_NOT_FOUND")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
if (crlRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -200,40 +203,43 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
header.addStringValue("crlDisplayType", crlDisplayType);
}
- if ((op.equals("checkCRLcache") ||
- (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) &&
- (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) {
- cmsReq.setError(
- CMS.getUserMessage(
- ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())?
- "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId));
+ if ((op.equals("checkCRLcache") || (op.equals("displayCRL")
+ && crlDisplayType != null && crlDisplayType.equals("cachedCRL")))
+ && (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP
+ .isCRLCacheEmpty())) {
+ cmsReq.setError(CMS.getUserMessage(
+ ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP
+ .isCRLCacheEmpty()) ? "CMS_GW_CRL_CACHE_IS_EMPTY"
+ : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
byte[] crlbytes = null;
- if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") ||
- (op.equals("displayCRL") && crlDisplayType != null &&
- crlDisplayType.equals("deltaCRL"))) {
+ if (op.equals("importDeltaCRL")
+ || op.equals("getDeltaCRL")
+ || (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType
+ .equals("deltaCRL"))) {
crlbytes = crlRecord.getDeltaCRL();
- } else if (op.equals("importCRL") || op.equals("getCRL") ||
- op.equals("checkCRL") ||
- (op.equals("displayCRL") &&
- crlDisplayType != null &&
- (crlDisplayType.equals("entireCRL") ||
- crlDisplayType.equals("crlHeader") ||
- crlDisplayType.equals("base64Encoded")))) {
+ } else if (op.equals("importCRL")
+ || op.equals("getCRL")
+ || op.equals("checkCRL")
+ || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType
+ .equals("entireCRL")
+ || crlDisplayType.equals("crlHeader") || crlDisplayType
+ .equals("base64Encoded")))) {
crlbytes = crlRecord.getCRL();
- }
-
- if (crlbytes == null && (!op.equals("checkCRLcache")) &&
- (!(op.equals("displayCRL") && crlDisplayType != null &&
- crlDisplayType.equals("cachedCRL")))) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+ }
+
+ if (crlbytes == null
+ && (!op.equals("checkCRLcache"))
+ && (!(op.equals("displayCRL") && crlDisplayType != null && crlDisplayType
+ .equals("cachedCRL")))) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -241,48 +247,56 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
X509CRLImpl crl = null;
- if (op.equals("checkCRL") || op.equals("importCRL") ||
- op.equals("importDeltaCRL") ||
- (op.equals("displayCRL") && crlDisplayType != null &&
- (crlDisplayType.equals("entireCRL") ||
- crlDisplayType.equals("crlHeader") ||
- crlDisplayType.equals("base64Encoded") ||
- crlDisplayType.equals("deltaCRL")))) {
+ if (op.equals("checkCRL")
+ || op.equals("importCRL")
+ || op.equals("importDeltaCRL")
+ || (op.equals("displayCRL") && crlDisplayType != null && (crlDisplayType
+ .equals("entireCRL")
+ || crlDisplayType.equals("crlHeader")
+ || crlDisplayType.equals("base64Encoded") || crlDisplayType
+ .equals("deltaCRL")))) {
try {
- if (op.equals("displayCRL") && crlDisplayType != null &&
- crlDisplayType.equals("crlHeader")) {
+ if (op.equals("displayCRL") && crlDisplayType != null
+ && crlDisplayType.equals("crlHeader")) {
crl = new X509CRLImpl(crlbytes, false);
} else {
crl = new X509CRLImpl(crlbytes);
}
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1",
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DECODE_CRL_FAILED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
- if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") &&
- crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) &&
- ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) &&
- (crlRecord.getCRLNumber() == null ||
- crlRecord.getDeltaCRLNumber() == null ||
- crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 ||
- crlRecord.getDeltaCRLSize() == null ||
- crlRecord.getDeltaCRLSize().longValue() == -1))) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1"));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+ if ((op.equals("importDeltaCRL") || (op.equals("displayCRL")
+ && crlDisplayType != null && crlDisplayType
+ .equals("deltaCRL")))
+ && ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) && (crlRecord
+ .getCRLNumber() == null
+ || crlRecord.getDeltaCRLNumber() == null
+ || crlRecord.getDeltaCRLNumber().compareTo(
+ crlRecord.getCRLNumber()) < 0
+ || crlRecord.getDeltaCRLSize() == null || crlRecord
+ .getDeltaCRLSize().longValue() == -1))) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
- }
+ }
String mimeType = "application/x-pkcs7-crl";
- if (op.equals("checkCRLcache") || op.equals("checkCRL") || op.equals("displayCRL")) {
+ if (op.equals("checkCRLcache") || op.equals("checkCRL")
+ || op.equals("displayCRL")) {
header.addStringValue("toDo", op);
- String certSerialNumber = args.getValueAsString("certSerialNumber", "");
+ String certSerialNumber = args.getValueAsString("certSerialNumber",
+ "");
header.addStringValue("certSerialNumber", certSerialNumber);
if (certSerialNumber.startsWith("0x")) {
@@ -290,8 +304,8 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
}
if (op.equals("checkCRLcache")) {
- if (crlIP.getRevocationDateFromCache(
- new BigInteger(certSerialNumber), false, false) != null) {
+ if (crlIP.getRevocationDateFromCache(new BigInteger(
+ certSerialNumber), false, false) != null) {
header.addBooleanValue("isOnCRL", true);
} else {
header.addBooleanValue("isOnCRL", false);
@@ -300,14 +314,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
if (op.equals("checkCRL")) {
header.addBooleanValue("isOnCRL",
- crl.isRevoked(new BigInteger(certSerialNumber)));
+ crl.isRevoked(new BigInteger(certSerialNumber)));
}
if (op.equals("displayCRL")) {
- if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) {
- ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))?
- CMS.getCRLPrettyPrint(crl):
- CMS.getCRLCachePrettyPrint(crlIP);
+ if (crlDisplayType.equals("entireCRL")
+ || crlDisplayType.equals("cachedCRL")) {
+ ICRLPrettyPrint crlDetails = (crlDisplayType
+ .equals("entireCRL")) ? CMS.getCRLPrettyPrint(crl)
+ : CMS.getCRLCachePrettyPrint(crlIP);
String pageStart = args.getValueAsString("pageStart", null);
String pageSize = args.getValueAsString("pageSize", null);
@@ -315,26 +330,28 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
long lPageStart = new Long(pageStart).longValue();
long lPageSize = new Long(pageSize).longValue();
- if (lPageStart < 1) lPageStart = 1;
+ if (lPageStart < 1)
+ lPageStart = 1;
- header.addStringValue("crlPrettyPrint",
- crlDetails.toString(locale[0],
- lCRLSize, lPageStart, lPageSize));
+ header.addStringValue("crlPrettyPrint", crlDetails
+ .toString(locale[0], lCRLSize, lPageStart,
+ lPageSize));
header.addLongValue("pageStart", lPageStart);
header.addLongValue("pageSize", lPageSize);
} else {
- header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale[0]));
+ header.addStringValue("crlPrettyPrint",
+ crlDetails.toString(locale[0]));
}
} else if (crlDisplayType.equals("crlHeader")) {
ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
- header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0));
+ header.addStringValue("crlPrettyPrint",
+ crlDetails.toString(locale[0], lCRLSize, 0, 0));
} else if (crlDisplayType.equals("base64Encoded")) {
try {
byte[] ba = crl.getEncoded();
- String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba);
+ String crlBase64Encoded = com.netscape.osutil.OSUtil
+ .BtoA(ba);
int length = crlBase64Encoded.length();
int i = 0;
int j = 0;
@@ -351,11 +368,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
IArgBlock rarg = CMS.createArgBlock();
if (k > -1) {
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
+ rarg.addStringValue("crlBase64Encoded",
+ crlBase64Encoded.substring(j, k));
i = k + 1;
j = i;
} else {
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length));
+ rarg.addStringValue("crlBase64Encoded",
+ crlBase64Encoded.substring(j,
+ length));
i = length;
}
argSet.addRepeatRecord(rarg);
@@ -365,16 +385,17 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
}
} else if (crlDisplayType.equals("deltaCRL")) {
header.addIntegerValue("deltaCRLSize",
- crl.getNumberOfRevokedCertificates());
+ crl.getNumberOfRevokedCertificates());
ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
- header.addStringValue(
- "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0));
+ header.addStringValue("crlPrettyPrint",
+ crlDetails.toString(locale[0], 0, 0, 0));
try {
byte[] ba = crl.getEncoded();
- String crlBase64Encoded = com.netscape.osutil.OSUtil.BtoA(ba);
+ String crlBase64Encoded = com.netscape.osutil.OSUtil
+ .BtoA(ba);
int length = crlBase64Encoded.length();
int i = 0;
int j = 0;
@@ -391,11 +412,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
IArgBlock rarg = CMS.createArgBlock();
if (k > -1) {
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, k));
+ rarg.addStringValue("crlBase64Encoded",
+ crlBase64Encoded.substring(j, k));
i = k + 1;
j = i;
} else {
- rarg.addStringValue("crlBase64Encoded", crlBase64Encoded.substring(j, length));
+ rarg.addStringValue("crlBase64Encoded",
+ crlBase64Encoded.substring(j,
+ length));
i = length;
}
argSet.addRepeatRecord(rarg);
@@ -413,10 +437,11 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
return;
@@ -427,32 +452,34 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
mimeType = "application/x-pkcs7-crl";
} else if (op.equals("getCRL")) {
mimeType = "application/octet-stream";
- httpResp.setHeader("Content-disposition",
- "attachment; filename=" + crlId + ".crl");
+ httpResp.setHeader("Content-disposition", "attachment; filename="
+ + crlId + ".crl");
} else if (op.equals("getDeltaCRL")) {
mimeType = "application/octet-stream";
httpResp.setHeader("Content-disposition",
- "attachment; filename=delta-" + crlId + ".crl");
+ "attachment; filename=delta-" + crlId + ".crl");
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
+ CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
}
try {
- // if (clientIsMSIE(httpReq) && op.equals("getCRL"))
- // httpResp.setHeader("Content-disposition",
- // "attachment; filename=getCRL.crl");
+ // if (clientIsMSIE(httpReq) && op.equals("getCRL"))
+ // httpResp.setHeader("Content-disposition",
+ // "attachment; filename=getCRL.crl");
httpResp.setContentType(mimeType);
httpResp.setContentLength(bytes.length);
httpResp.getOutputStream().write(bytes);
httpResp.getOutputStream().flush();
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR"));
}
- // cmsReq.setResult(null);
+ // cmsReq.setResult(null);
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
index 5909bc4b..7dcec5cd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Locale;
@@ -52,10 +51,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
- * Gets a issued certificate from a request id.
- *
+ * Gets a issued certificate from a request id.
+ *
* @version $Revision$, $Date$
*/
public class GetCertFromRequest extends CMSServlet {
@@ -64,27 +62,26 @@ public class GetCertFromRequest extends CMSServlet {
*/
private static final long serialVersionUID = 5310646832256611066L;
private final static String PROP_IMPORT = "importCert";
- protected static final String
- GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
- protected static final String
- DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
+ protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
+ protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
protected static final String REQUEST_ID = "requestId";
protected static final String CERT_TYPE = "certtype";
- protected String mCertFrReqSuccessTemplate = null;
+ protected String mCertFrReqSuccessTemplate = null;
protected ICMSTemplateFiller mCertFrReqFiller = null;
protected IRequestQueue mQueue = null;
protected boolean mImportCert = true;
- public GetCertFromRequest() {
+ public GetCertFromRequest() {
super();
}
/**
* initialize the servlet. This servlet uses the template files
- * "displayCertFromRequest.template" and "ImportCert.template"
+ * "displayCertFromRequest.template" and "ImportCert.template"
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -92,8 +89,7 @@ public class GetCertFromRequest extends CMSServlet {
mTemplates.remove(CMSRequest.SUCCESS);
mQueue = mAuthority.getRequestQueue();
try {
- String tmp = sc.getInitParameter(
- PROP_IMPORT);
+ String tmp = sc.getInitParameter(PROP_IMPORT);
if (tmp != null && tmp.trim().equalsIgnoreCase("false"))
mImportCert = false;
@@ -102,46 +98,43 @@ public class GetCertFromRequest extends CMSServlet {
if (mImportCert)
defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE;
- else
+ else
defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE;
if (mAuthority instanceof IRegistrationAuthority)
defTemplate = "/ra/" + defTemplate;
- else
+ else
defTemplate = "/ca/" + defTemplate;
- mCertFrReqSuccessTemplate = sc.getInitParameter(
- PROP_SUCCESS_TEMPLATE);
+ mCertFrReqSuccessTemplate = sc
+ .getInitParameter(PROP_SUCCESS_TEMPLATE);
if (mCertFrReqSuccessTemplate == null)
mCertFrReqSuccessTemplate = defTemplate;
- String fillername =
- sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+ String fillername = sc
+ .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
if (fillername != null) {
ICMSTemplateFiller filler = newFillerObject(fillername);
- if (filler != null)
+ if (filler != null)
mCertFrReqFiller = filler;
} else {
mCertFrReqFiller = new CertFrRequestFiller();
}
} catch (Exception e) {
// should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
- mId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
}
}
-
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param requestId The request ID to search on
+ * <li>http.param requestId The request ID to search on
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -150,14 +143,14 @@ public class GetCertFromRequest extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -165,96 +158,104 @@ public class GetCertFromRequest extends CMSServlet {
return;
}
- String requestId = httpParams.getValueAsString(REQUEST_ID, null);
+ String requestId = httpParams.getValueAsString(REQUEST_ID, null);
if (requestId == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
}
// check if request Id is valid.
try {
Integer.parseInt(requestId);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId));
- throw new EBaseException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId));
+ throw new EBaseException(CMS.getUserMessage(getLocale(httpReq),
+ "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
}
IRequest r = mQueue.findRequest(new RequestId(requestId));
if (r == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
}
if (authToken != null) {
- //if RA, group and requestOwner must match
- String group = authToken.getInString("group");
- if ((group != null) && (group != "") &&
- group.equals("Registration Manager Agents")) {
- boolean groupMatched = false;
- String reqOwner = r.getRequestOwner();
- if (reqOwner != null) {
- CMS.debug("GetCertFromRequest process: req owner="+reqOwner);
- if (reqOwner.equals(group))
- groupMatched = true;
- }
- if (groupMatched == false) {
- CMS.debug("RA group unmatched");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ // if RA, group and requestOwner must match
+ String group = authToken.getInString("group");
+ if ((group != null) && (group != "")
+ && group.equals("Registration Manager Agents")) {
+ boolean groupMatched = false;
+ String reqOwner = r.getRequestOwner();
+ if (reqOwner != null) {
+ CMS.debug("GetCertFromRequest process: req owner="
+ + reqOwner);
+ if (reqOwner.equals(group))
+ groupMatched = true;
+ }
+ if (groupMatched == false) {
+ CMS.debug("RA group unmatched");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_ID_NOT_FOUND", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ }
}
- }
}
- if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId));
+ if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r
+ .getRequestType().equals(IRequest.RENEWAL_REQUEST)))) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_NOT_ENROLLMENT", requestId));
}
RequestStatus status = r.getRequestStatus();
if (!status.equals(RequestStatus.COMPLETE)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_NOT_COMPLETED", requestId));
}
Integer result = r.getExtDataInInteger(IRequest.RESULT);
if (result != null && !result.equals(IRequest.RES_SUCCESS)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_HAD_ERROR", requestId));
}
Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (r.getExtDataInString("profile") != null) {
// handle profile-based request
- X509CertImpl cert = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl cert = r
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
X509CertImpl certs[] = new X509CertImpl[1];
certs[0] = cert;
o = certs;
}
if (o == null || !(o instanceof X509CertImpl[])) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
}
if (o instanceof X509CertImpl[]) {
X509CertImpl[] certs = (X509CertImpl[]) o;
if (certs == null || certs.length == 0 || certs[0] == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
}
// for importsCert to get the crmf_reqid.
@@ -262,58 +263,66 @@ public class GetCertFromRequest extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
- if (mImportCert &&
- checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) {
+ if (mImportCert
+ && checkImportCertToNav(cmsReq.getHttpResp(), httpParams,
+ certs[0])) {
return;
}
try {
cmsReq.setResult(certs);
- renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller);
+ renderTemplate(cmsReq, mCertFrReqSuccessTemplate,
+ mCertFrReqFiller);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGE_ERROR_DISPLAY_TEMPLATE_1",
mCertFrReqSuccessTemplate, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
return;
}
}
-
class CertFrRequestFiller extends ImportCertsTemplateFiller {
public CertFrRequestFiller() {
}
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
- CMSTemplateParams tparams =
- super.getTemplateParams(cmsReq, authority, locale, e);
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) throws Exception {
+ CMSTemplateParams tparams = super.getTemplateParams(cmsReq, authority,
+ locale, e);
String reqId = cmsReq.getHttpParams().getValueAsString(
GetCertFromRequest.REQUEST_ID);
- tparams.getHeader().addStringValue(GetCertFromRequest.REQUEST_ID, reqId);
+ tparams.getHeader()
+ .addStringValue(GetCertFromRequest.REQUEST_ID, reqId);
if (reqId != null) {
- IRequest r = authority.getRequestQueue().findRequest(new RequestId(reqId));
+ IRequest r = authority.getRequestQueue().findRequest(
+ new RequestId(reqId));
if (r != null) {
boolean noCertImport = true;
- String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+ String certType = r.getExtDataInString(IRequest.HTTP_PARAMS,
+ IRequest.CERT_TYPE);
if (certType != null && certType.equals(IRequest.CLIENT_CERT)) {
noCertImport = false;
}
- tparams.getHeader().addBooleanValue("noCertImport", noCertImport);
+ tparams.getHeader().addBooleanValue("noCertImport",
+ noCertImport);
- X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ X509CertImpl[] certs = r
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (certs != null) {
- X509CertInfo info = (X509CertInfo) certs[0].get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
- CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
+ X509CertInfo info = (X509CertInfo) certs[0]
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ CertificateExtensions extensions = (CertificateExtensions) info
+ .get(X509CertInfo.EXTENSIONS);
- tparams.getHeader().addStringValue(GetCertFromRequest.CERT_TYPE, "x509");
+ tparams.getHeader().addStringValue(
+ GetCertFromRequest.CERT_TYPE, "x509");
boolean emailCert = false;
@@ -324,16 +333,21 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller {
if (ext instanceof NSCertTypeExtension) {
NSCertTypeExtension type = (NSCertTypeExtension) ext;
- if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue())
+ if (((Boolean) type
+ .get(NSCertTypeExtension.EMAIL))
+ .booleanValue())
emailCert = true;
}
if (ext instanceof KeyUsageExtension) {
- KeyUsageExtension usage =
- (KeyUsageExtension) ext;
+ KeyUsageExtension usage = (KeyUsageExtension) ext;
try {
- if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
- ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+ if (((Boolean) usage
+ .get(KeyUsageExtension.DIGITAL_SIGNATURE))
+ .booleanValue()
+ || ((Boolean) usage
+ .get(KeyUsageExtension.DATA_ENCIPHERMENT))
+ .booleanValue())
emailCert = true;
} catch (ArrayIndexOutOfBoundsException e0) {
// bug356108:
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
index 8b5536ea..1e9f9a02 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Servlet to get the enrollment status, enable or disable.
- *
+ *
* @version $Revision$, $Date$
*/
public class GetEnableStatus extends CMSServlet {
@@ -64,7 +62,8 @@ public class GetEnableStatus extends CMSServlet {
}
/**
- * initialize the servlet.
+ * initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -80,15 +79,14 @@ public class GetEnableStatus extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -96,8 +94,8 @@ public class GetEnableStatus extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (Exception e) {
// do nothing for now
}
@@ -113,9 +111,10 @@ public class GetEnableStatus extends CMSServlet {
IArgBlock args = cmsReq.getHttpParams();
if (!(mAuthority instanceof IRegistrationAuthority)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -126,11 +125,11 @@ public class GetEnableStatus extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
- mFormPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -142,7 +141,8 @@ public class GetEnableStatus extends CMSServlet {
IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("hashDirEnrollment.name");
- IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem authSS = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
IAuthManager authMgr = authSS.get(val);
HashAuthentication mgr = (HashAuthentication) authMgr;
long timeout = HashAuthentication.DEFAULT_TIMEOUT / 1000;
@@ -164,10 +164,10 @@ public class GetEnableStatus extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
index 9d83d430..300ba3e0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Enumeration;
@@ -49,10 +48,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Get detailed information about CA CRL processing
- *
+ *
* @version $Revision$, $Date$
*/
public class GetInfo extends CMSServlet {
@@ -76,6 +74,7 @@ public class GetInfo extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -90,11 +89,11 @@ public class GetInfo extends CMSServlet {
}
/**
- * XXX Process the HTTP request.
+ * XXX Process the HTTP request.
* <ul>
* <li>http.param template filename of template to use to render the result
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -105,14 +104,14 @@ public class GetInfo extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -129,35 +128,33 @@ public class GetInfo extends CMSServlet {
String template = req.getParameter("template");
String formFile = "";
-/*
- for (int i = 0; ((template != null) && (i < template.length())); i++) {
- char c = template.charAt(i);
- if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') {
- template = null;
- break;
- }
- }
-*/
-
+ /*
+ * for (int i = 0; ((template != null) && (i < template.length())); i++)
+ * { char c = template.charAt(i); if (!Character.isLetterOrDigit(c) && c
+ * != '_' && c != '-') { template = null; break; } }
+ */
if (template != null) {
formFile = template + ".template";
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
CMSTemplate form = null;
Locale[] locale = new Locale[1];
-CMS.debug("*** formFile = "+formFile);
+ CMS.debug("*** formFile = " + formFile);
try {
form = getTemplate(formFile, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -172,29 +169,27 @@ CMS.debug("*** formFile = "+formFile);
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req, HttpServletResponse resp, Locale locale)
+ throws EBaseException {
if (mCA != null) {
String crlIssuingPoints = "";
String crlNumbers = "";
@@ -207,20 +202,23 @@ CMS.debug("*** formFile = "+formFile);
String crlTesting = "";
boolean isDeltaCRLEnabled = false;
- String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
- String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
-
- if (masterHost != null && masterHost.length() > 0 &&
- masterPort != null && masterPort.length() > 0) {
+ String masterHost = CMS.getConfigStore().getString(
+ "master.ca.agent.host", "");
+ String masterPort = CMS.getConfigStore().getString(
+ "master.ca.agent.port", "");
+
+ if (masterHost != null && masterHost.length() > 0
+ && masterPort != null && masterPort.length() > 0) {
ICRLRepository crlRepository = mCA.getCRLRepository();
Vector ipNames = crlRepository.getIssuingPointsNames();
for (int i = 0; i < ipNames.size(); i++) {
- String ipName = (String)ipNames.elementAt(i);
+ String ipName = (String) ipNames.elementAt(i);
ICRLIssuingPointRecord crlRecord = null;
try {
- crlRecord = crlRepository.readCRLIssuingPointRecord(ipName);
+ crlRecord = crlRepository
+ .readCRLIssuingPointRecord(ipName);
} catch (Exception e) {
}
if (crlRecord != null) {
@@ -236,8 +234,8 @@ CMS.debug("*** formFile = "+formFile);
if (crlSizes.length() > 0)
crlSizes += "+";
- crlSizes += ((crlRecord.getCRLSize() != null)?
- crlRecord.getCRLSize().toString(): "-1");
+ crlSizes += ((crlRecord.getCRLSize() != null) ? crlRecord
+ .getCRLSize().toString() : "-1");
if (deltaSizes.length() > 0)
deltaSizes += "+";
@@ -304,13 +302,18 @@ CMS.debug("*** formFile = "+formFile);
if (recentChanges.length() > 0)
recentChanges += "+";
if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_PUBLISHING_STARTED) {
- recentChanges += "Publishing CRL #" + ip.getCRLNumber();
+ recentChanges += "Publishing CRL #"
+ + ip.getCRLNumber();
} else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) {
- recentChanges += "Creating CRL #" + ip.getNextCRLNumber();
- } else { // ip.CRL_UPDATE_DONE
- recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " +
- ip.getNumberOfRecentlyUnrevokedCerts() + ", " +
- ip.getNumberOfRecentlyExpiredCerts();
+ recentChanges += "Creating CRL #"
+ + ip.getNextCRLNumber();
+ } else { // ip.CRL_UPDATE_DONE
+ recentChanges += ip
+ .getNumberOfRecentlyRevokedCerts()
+ + ", "
+ + ip.getNumberOfRecentlyUnrevokedCerts()
+ + ", "
+ + ip.getNumberOfRecentlyExpiredCerts();
}
isDeltaCRLEnabled |= ip.isDeltaCRLEnabled();
@@ -326,7 +329,8 @@ CMS.debug("*** formFile = "+formFile);
if (crlTesting.length() > 0)
crlTesting += "+";
- crlTesting += ((ip.isCRLCacheTestingEnabled())?"1":"0");
+ crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1"
+ : "0");
}
}
@@ -345,11 +349,14 @@ CMS.debug("*** formFile = "+formFile);
header.addStringValue("master_host", masterHost);
header.addStringValue("master_port", masterPort);
- header.addStringValue("masterCRLIssuingPoint", ICertificateAuthority.PROP_MASTER_CRL);
- ICRLIssuingPoint ip0 = mCA.getCRLIssuingPoint(ICertificateAuthority.PROP_MASTER_CRL);
+ header.addStringValue("masterCRLIssuingPoint",
+ ICertificateAuthority.PROP_MASTER_CRL);
+ ICRLIssuingPoint ip0 = mCA
+ .getCRLIssuingPoint(ICertificateAuthority.PROP_MASTER_CRL);
if (ip0 != null) {
- header.addStringValue("defaultAlgorithm", ip0.getSigningAlgorithm());
+ header.addStringValue("defaultAlgorithm",
+ ip0.getSigningAlgorithm());
}
if (recentChanges.length() > 0)
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
index 645cb831..0922f882 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -85,10 +84,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
* performs face-to-face enrollment.
- *
+ *
* @version $Revision$, $Date$
*/
public class HashEnrollServlet extends CMSServlet {
@@ -100,10 +98,9 @@ public class HashEnrollServlet extends CMSServlet {
public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll";
// enrollment templates.
- public static final String
- ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template";
+ public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template";
- // http params
+ // http params
public static final String OLD_CERT_TYPE = "csrCertType";
public static final String CERT_TYPE = "certType";
// same as in ConfigConstant.java
@@ -123,8 +120,7 @@ public class HashEnrollServlet extends CMSServlet {
private boolean mAuthTokenOverride = true;
private String mEnrollSuccessTemplate = null;
- private ICMSTemplateFiller
- mEnrollSuccessFiller = new ImportCertsTemplateFiller();
+ private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
ICertificateAuthority mCa = null;
ICertificateRepository mRepository = null;
@@ -135,6 +131,7 @@ public class HashEnrollServlet extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -142,17 +139,17 @@ public class HashEnrollServlet extends CMSServlet {
// override success template to allow direct import of keygen certs.
mTemplates.remove(CMSRequest.SUCCESS);
try {
- mEnrollSuccessTemplate = sc.getInitParameter(
- CMSServlet.PROP_SUCCESS_TEMPLATE);
+ mEnrollSuccessTemplate = sc
+ .getInitParameter(CMSServlet.PROP_SUCCESS_TEMPLATE);
if (mEnrollSuccessTemplate == null)
mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE;
- String fillername =
- sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+ String fillername = sc
+ .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
if (fillername != null) {
ICMSTemplateFiller filler = newFillerObject(fillername);
- if (filler != null)
+ if (filler != null)
mEnrollSuccessFiller = filler;
}
@@ -161,20 +158,18 @@ public class HashEnrollServlet extends CMSServlet {
init_testbed_hack(mConfig);
} catch (Exception e) {
- // this should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
+ // this should never happen.
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
}
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -192,8 +187,8 @@ public class HashEnrollServlet extends CMSServlet {
IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("hashDirEnrollment.name");
- IAuthSubsystem authSS = (IAuthSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem authSS = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
IAuthManager authMgr = authSS.get(val);
HashAuthentication mgr = (HashAuthentication) authMgr;
@@ -226,14 +221,15 @@ public class HashEnrollServlet extends CMSServlet {
certType = httpParams.getValueAsString(OLD_CERT_TYPE, null);
if (certType == null) {
certType = httpParams.getValueAsString(CERT_TYPE, "client");
- } else {;
- }
+ } else {
+ ;
+ }
- processX509(cmsReq);
+ processX509(cmsReq);
}
-
+
private void printError(CMSRequest cmsReq, String errorCode)
- throws EBaseException {
+ throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -253,9 +249,10 @@ public class HashEnrollServlet extends CMSServlet {
form = getTemplate(formPath, httpReq, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath,
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -267,16 +264,15 @@ public class HashEnrollServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
- e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
}
- protected void processX509(CMSRequest cmsReq)
- throws EBaseException {
+ protected void processX509(CMSRequest cmsReq) throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -284,19 +280,16 @@ public class HashEnrollServlet extends CMSServlet {
IRequest req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST);
/*
- * === certAuth based enroll ===
- * "certAuthEnroll" is on.
- * "certauthEnrollType can be one of the three:
- * single - it's for single cert enrollment
- * dual - it's for dual certs enrollment
- * encryption - getting the encryption cert only via
- * authentication of the signing cert
- * (crmf or keyGenInfo)
+ * === certAuth based enroll === "certAuthEnroll" is on.
+ * "certauthEnrollType can be one of the three: single - it's for single
+ * cert enrollment dual - it's for dual certs enrollment encryption -
+ * getting the encryption cert only via authentication of the signing
+ * cert (crmf or keyGenInfo)
*/
boolean certAuthEnroll = false;
- String certAuthEnrollOn =
- httpParams.getValueAsString("certauthEnroll", null);
+ String certAuthEnrollOn = httpParams.getValueAsString("certauthEnroll",
+ null);
X509CertInfo new_certInfo = null;
if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
@@ -307,8 +300,8 @@ public class HashEnrollServlet extends CMSServlet {
String certauthEnrollType = null;
if (certAuthEnroll == true) {
- certauthEnrollType =
- httpParams.getValueAsString("certauthEnrollType", null);
+ certauthEnrollType = httpParams.getValueAsString(
+ "certauthEnrollType", null);
if (certauthEnrollType != null) {
if (certauthEnrollType.equals("dual")) {
CMS.debug("HashEnrollServlet: certauthEnrollType is dual");
@@ -317,20 +310,22 @@ public class HashEnrollServlet extends CMSServlet {
} else if (certauthEnrollType.equals("single")) {
CMS.debug("HashEnrollServlet: certauthEnrollType is single");
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1",
+ certauthEnrollType));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
}
} else {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
}
}
- String challengePassword = httpParams.getValueAsString("challengePassword", "");
+ String challengePassword = httpParams.getValueAsString(
+ "challengePassword", "");
cmsReq.setIRequest(req);
saveHttpHeaders(httpReq, req);
@@ -340,8 +335,8 @@ public class HashEnrollServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, token,
- mAuthzResourceName, "import");
+ authzToken = authorize(mAclMethod, token, mAuthzResourceName,
+ "import");
} catch (Exception e) {
// do nothing for now
}
@@ -356,41 +351,43 @@ public class HashEnrollServlet extends CMSServlet {
String certBasedOldSubjectDN = null;
BigInteger certBasedOldSerialNum = null;
- // check if request was authenticated, if so set authtoken & certInfo.
- // also if authenticated, take certInfo from authToken.
+ // check if request was authenticated, if so set authtoken & certInfo.
+ // also if authenticated, take certInfo from authToken.
X509CertInfo certInfo = null;
if (certAuthEnroll == true) {
sslClientCert = getSSLClientCertificate(httpReq);
if (sslClientCert == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
+ CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
}
- certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString();
- certBasedOldSerialNum = (BigInteger) sslClientCert.getSerialNumber();
+ certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN()
+ .toString();
+ certBasedOldSerialNum = (BigInteger) sslClientCert
+ .getSerialNumber();
try {
- certInfo = (X509CertInfo)
- ((X509CertImpl) sslClientCert).get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ certInfo = (X509CertInfo) ((X509CertImpl) sslClientCert)
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
} catch (CertificateParsingException ex) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
- throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+ throw new ECMSGWException(CMS.getUserMessage(
+ getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
}
} else {
certInfo = CMS.getDefaultX509CertInfo();
}
- X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo};
+ X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
- //AuthToken authToken = access.getAuthToken();
+ // AuthToken authToken = access.getAuthToken();
IConfigStore configStore = CMS.getConfigStore();
String val = configStore.getString("hashDirEnrollment.name");
- IAuthSubsystem authSS = (IAuthSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem authSS = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
IAuthManager authMgr1 = authSS.get(val);
HashAuthentication mgr = (HashAuthentication) authMgr1;
String pageID = httpParams.getValueAsString("pageID", null);
@@ -405,24 +402,22 @@ public class HashEnrollServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
} else {
- authMgr =
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
- // don't store agent token in request.
- // agent currently used for bulk issuance.
+ authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ // don't store agent token in request.
+ // agent currently used for bulk issuance.
// if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
- log(ILogger.LL_INFO,
- "Enrollment request was authenticated by " +
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
+ log(ILogger.LL_INFO, "Enrollment request was authenticated by "
+ + authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
fillCertInfoFromAuthToken(certInfo, authToken);
- // save authtoken attrs to request directly (for policy use)
+ // save authtoken attrs to request directly (for policy use)
saveAuthToken(authToken, req);
// req.set(IRequest.AUTH_TOKEN, authToken);
// }
}
// fill certInfo from input types: keygen, cmc, pkcs10 or crmf
- KeyGenInfo keyGenInfo =
- httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null);
+ KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo(
+ SUBJECT_KEYGEN_INFO, null);
String certType = null;
@@ -441,8 +436,7 @@ public class HashEnrollServlet extends CMSServlet {
req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType);
}
- String crmf =
- httpParams.getValueAsString(CRMF_REQUEST, null);
+ String crmf = httpParams.getValueAsString(CRMF_REQUEST, null);
if (certAuthEnroll == true) {
@@ -451,25 +445,21 @@ public class HashEnrollServlet extends CMSServlet {
// for dual certs
if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
if (mCa == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NOT_A_CA"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NOT_A_CA"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_A_CA"));
+ CMS.getUserMessage("CMS_GW_NOT_A_CA"));
}
// first, make sure the client cert is indeed a
- // signing only cert
- if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
- false) ||
- ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
- true) &&
- (CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
- true))) {
+ // signing only cert
+ if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false)
+ || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS
+ .isEncryptionCert((X509CertImpl) sslClientCert) == true))) {
// either it's not a signing cert, or it's a dual cert
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+ CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
}
X509Key key = null;
@@ -478,22 +468,27 @@ public class HashEnrollServlet extends CMSServlet {
try {
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED",
+ e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED",
+ e.toString()));
}
- String filter =
- "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
- ICertRecordList list =
- (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter,
- null, 10);
+ String filter = "(&(x509cert.subject=" + certBasedOldSubjectDN
+ + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum
+ + "))(certStatus=VALID))";
+ ICertRecordList list = (ICertRecordList) mCa
+ .getCertificateRepository().findCertRecordsInList(
+ filter, null, 10);
int size = list.getSize();
Enumeration en = list.getCertRecords(0, size - 1);
boolean gotEncCert = false;
@@ -502,8 +497,8 @@ public class HashEnrollServlet extends CMSServlet {
// pairing encryption cert not found
} else {
X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
- X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo,
- encCertInfo};
+ X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
+ encCertInfo };
int i = 1;
while (en.hasMoreElements()) {
@@ -511,37 +506,47 @@ public class HashEnrollServlet extends CMSServlet {
X509CertImpl cert = record.getCertificate();
// if not encryption cert only, try next one
- if ((CMS.isEncryptionCert(cert) == false) ||
- ((CMS.isEncryptionCert(cert) == true) &&
- (CMS.isSigningCert(cert) == true))) {
+ if ((CMS.isEncryptionCert(cert) == false)
+ || ((CMS.isEncryptionCert(cert) == true) && (CMS
+ .isSigningCert(cert) == true))) {
continue;
}
key = (X509Key) cert.getPublicKey();
try {
- encCertInfo = (X509CertInfo)
- cert.get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ encCertInfo = (X509CertInfo) cert
+ .get(X509CertImpl.NAME + "."
+ + X509CertImpl.INFO);
} catch (CertificateParsingException ex) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
- throw new ECMSGWException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+ CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+ throw new ECMSGWException(CMS.getUserMessage(
+ getLocale(httpReq),
+ "CMS_GW_MISSING_CERTINFO"));
}
try {
- encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
+ encCertInfo.set(X509CertInfo.KEY,
+ new CertificateX509Key(key));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED",
+ e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+ CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED",
+ e.toString()));
}
fillCertInfoFromAuthToken(encCertInfo, authToken);
@@ -555,24 +560,21 @@ public class HashEnrollServlet extends CMSServlet {
if (gotEncCert == false) {
// encryption cert not found, bail
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
+ CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
+ CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
}
} else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
// first, make sure the client cert is indeed a
- // signing only cert
- if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
- false) ||
- ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
- true) &&
- (CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
- true))) {
+ // signing only cert
+ if ((CMS.isSigningCert((X509CertImpl) sslClientCert) == false)
+ || ((CMS.isSigningCert((X509CertImpl) sslClientCert) == true) && (CMS
+ .isEncryptionCert((X509CertImpl) sslClientCert) == true))) {
// either it's not a signing cert, or it's a dual cert
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+ CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
}
/*
@@ -580,15 +582,15 @@ public class HashEnrollServlet extends CMSServlet {
*/
if (crmf != null && crmf != "") {
certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
- req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
- CMS.debug(
- "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString());
+ req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN()
+ .toString());
+ CMS.debug("HashEnrollServlet: sslClientCert issuerDN = "
+ + sslClientCert.getIssuerDN().toString());
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
- throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
- "CMS_GW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ throw new ECMSGWException(CMS.getUserMessage(
+ getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
}
} else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
// have to be buried here to handle the issuer
@@ -596,21 +598,21 @@ public class HashEnrollServlet extends CMSServlet {
if (crmf != null && crmf != "") {
certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
- throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
- "CMS_GW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ throw new ECMSGWException(CMS.getUserMessage(
+ getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
}
- req.setExtData(CLIENT_ISSUER,
- sslClientCert.getIssuerDN().toString());
+ req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN()
+ .toString());
}
} else if (crmf != null && crmf != "") {
certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
} else {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
- "CMS_GW_MISSING_KEYGEN_INFO"));
+ "CMS_GW_MISSING_KEYGEN_INFO"));
}
req.setExtData(IRequest.CERT_INFO, certInfoArray);
@@ -621,9 +623,9 @@ public class HashEnrollServlet extends CMSServlet {
req.setExtData(CHALLENGE_PASSWORD, pwd);
}
- // send request to request queue.
+ // send request to request queue.
mRequestQueue.processRequest(req);
- // process result.
+ // process result.
// render OLD_CERT_TYPE's response differently, we
// dont want any javascript in HTML, and need to
@@ -638,27 +640,28 @@ public class HashEnrollServlet extends CMSServlet {
return;
}
- //for audit log
+ // for audit log
String initiative = null;
String agentID = null;
if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
- // request is from eegateway, so fromUser.
+ // request is from eegateway, so fromUser.
initiative = AuditFormat.FROMUSER;
} else {
agentID = authToken.getInString("userid");
initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
- }
+ }
// if service not complete return standard templates.
RequestStatus status = req.getRequestStatus();
if (status != RequestStatus.COMPLETE) {
cmsReq.setIRequestStatus(); // set status acc. to IRequest status.
- // audit log the status
+ // audit log the status
try {
if (status == RequestStatus.REJECTED) {
- Vector messages = req.getExtDataInStringVector(IRequest.ERRORS);
+ Vector messages = req
+ .getExtDataInStringVector(IRequest.ERRORS);
if (messages != null) {
Enumeration msgs = messages.elements();
@@ -668,52 +671,42 @@ public class HashEnrollServlet extends CMSServlet {
wholeMsg.append("\n");
wholeMsg.append(msgs.nextElement());
}
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT),
- " violation: " +
- wholeMsg.toString()},
- ILogger.L_MULTILINE
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] { req.getRequestId(), initiative,
+ authMgr, status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT),
+ " violation: " + wholeMsg.toString() },
+ ILogger.L_MULTILINE);
} else { // no policy violation, from agent
- mLogger.log(ILogger.EV_AUDIT,
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] { req.getRequestId(), initiative,
+ authMgr, status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT), "" });
+ }
+ } else { // other imcomplete status
+ mLogger.log(
+ ILogger.EV_AUDIT,
ILogger.S_OTHER,
AuditFormat.LEVEL,
AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT), ""}
- );
- }
- } else { // other imcomplete status
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- certInfo.get(X509CertInfo.SUBJECT), ""}
- );
+ new Object[] { req.getRequestId(), initiative,
+ authMgr, status.toString(),
+ certInfo.get(X509CertInfo.SUBJECT), "" });
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
}
return;
}
@@ -724,39 +717,35 @@ public class HashEnrollServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
- String[] svcErrors =
- req.getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors = req
+ .getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
String err = svcErrors[i];
if (err != null) {
- //System.out.println(
- //"revocation servlet: setting error description "+
- //err.toString());
+ // System.out.println(
+ // "revocation servlet: setting error description "+
+ // err.toString());
cmsReq.setErrorDescription(err);
// audit log the error
try {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed with error: " +
- err,
- certInfo.get(X509CertInfo.SUBJECT), ""}
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT, new Object[] {
+ req.getRequestId(), initiative,
+ authMgr,
+ "completed with error: " + err,
+ certInfo.get(X509CertInfo.SUBJECT),
+ "" });
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
e.toString()));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
e.toString()));
}
}
@@ -767,144 +756,143 @@ public class HashEnrollServlet extends CMSServlet {
// service success
cmsReq.setStatus(CMSRequest.SUCCESS);
- X509CertImpl[] issuedCerts =
- req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ X509CertImpl[] issuedCerts = req
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
// audit log the success.
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed",
- issuedCerts[0].getSubjectDN(),
- "cert issued serial number: 0x" +
- issuedCerts[0].getSerialNumber().toString(16)}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ issuedCerts[0].getSubjectDN(),
+ "cert issued serial number: 0x"
+ + issuedCerts[0].getSerialNumber().toString(16) });
// return cert as mime type binary if requested.
- if (checkImportCertToNav(
- cmsReq.getHttpResp(), httpParams, issuedCerts[0])) {
+ if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams,
+ issuedCerts[0])) {
cmsReq.setStatus(CMSRequest.SUCCESS);
return;
}
-
+
// use success template.
try {
- cmsReq.setResult(issuedCerts);
- renderTemplate(cmsReq, mEnrollSuccessTemplate,
- mEnrollSuccessFiller);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ cmsReq.setResult(issuedCerts);
+ renderTemplate(cmsReq, mEnrollSuccessTemplate, mEnrollSuccessFiller);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMP_REND_ERR",
+ mEnrollSuccessFiller.toString(), e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
+ CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
}
return;
}
/**
- * fill subject name, validity, extensions from authoken if any,
- * overriding what was in pkcs10.
- * fill subject name, extensions from http input if not authenticated.
- * requests not authenticated will need to be approved by an agent.
+ * fill subject name, validity, extensions from authoken if any, overriding
+ * what was in pkcs10. fill subject name, extensions from http input if not
+ * authenticated. requests not authenticated will need to be approved by an
+ * agent.
*/
- protected void fillCertInfoFromAuthToken(
- X509CertInfo certInfo, IAuthToken authToken)
- throws EBaseException {
+ protected void fillCertInfoFromAuthToken(X509CertInfo certInfo,
+ IAuthToken authToken) throws EBaseException {
// override subject, validity and extensions from auth token
// CA determines algorithm, version and issuer.
- // take key from keygen, cmc, pkcs10 or crmf.
+ // take key from keygen, cmc, pkcs10 or crmf.
// subject name.
try {
- String subjectname =
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
+ String subjectname = authToken
+ .getInString(AuthToken.TOKEN_CERT_SUBJECT);
if (subjectname != null) {
- CertificateSubjectName certSubject = (CertificateSubjectName)
- new CertificateSubjectName(new X500Name(subjectname));
+ CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName(
+ new X500Name(subjectname));
certInfo.set(X509CertInfo.SUBJECT, certSubject);
- log(ILogger.LL_INFO,
- "cert subject set to " + certSubject + " from authtoken");
+ log(ILogger.LL_INFO, "cert subject set to " + certSubject
+ + " from authtoken");
}
} catch (CertificateException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
// validity
try {
CertificateValidity validity = null;
- Date notBefore =
- authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
- Date notAfter =
- authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+ Date notBefore = authToken
+ .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+ Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
if (notBefore != null && notAfter != null) {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
- log(ILogger.LL_INFO,
- "cert validity set to " + validity + " from authtoken");
+ log(ILogger.LL_INFO, "cert validity set to " + validity
+ + " from authtoken");
}
} catch (CertificateException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
- e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
}
-
+
// extensions
try {
- CertificateExtensions extensions =
- authToken.getInCertExts(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = authToken
+ .getInCertExts(X509CertInfo.EXTENSIONS);
if (extensions != null) {
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
log(ILogger.LL_INFO, "cert extensions set from authtoken");
}
} catch (CertificateException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
- e.toString()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
}
}
- protected X509CertInfo[] fillCRMF(
- String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ protected X509CertInfo[] fillCRMF(String crmf, IAuthToken authToken,
+ IArgBlock httpParams, IRequest req) throws EBaseException {
try {
byte[] crmfBlob = CMS.AtoB(crmf);
- ByteArrayInputStream crmfBlobIn =
- new ByteArrayInputStream(crmfBlob);
-
- SEQUENCE crmfMsgs = (SEQUENCE)
- new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
+ ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob);
+
+ SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template(
+ new CertReqMsg.Template()).decode(crmfBlobIn);
int nummsgs = crmfMsgs.size();
X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -914,17 +902,11 @@ public class HashEnrollServlet extends CMSServlet {
CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
/*
- if (certReqMsg.hasPop()) {
- try {
- certReqMsg.verify();
- } catch (ChallengeResponseException ex) {
- // create and save the challenge
- // construct the cmmf message together
- // in a sequence to challenge the requestor
- } catch (Exception e) {
- // failed, should only affect one request
- }
- }
+ * if (certReqMsg.hasPop()) { try { certReqMsg.verify(); } catch
+ * (ChallengeResponseException ex) { // create and save the
+ * challenge // construct the cmmf message together // in a
+ * sequence to challenge the requestor } catch (Exception e) {
+ * // failed, should only affect one request } }
*/
CertRequest certReq = certReqMsg.getCertReq();
INTEGER certReqId = certReq.getCertReqId();
@@ -948,95 +930,94 @@ public class HashEnrollServlet extends CMSServlet {
// field suggested notBefore and notAfter in CRMF
// Tech Support #383184
- if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) {
- CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter());
+ if (certTemplate.getNotBefore() != null
+ || certTemplate.getNotAfter() != null) {
+ CertificateValidity certValidity = new CertificateValidity(
+ certTemplate.getNotBefore(),
+ certTemplate.getNotAfter());
- certInfo.set(X509CertInfo.VALIDITY, certValidity);
+ certInfo.set(X509CertInfo.VALIDITY, certValidity);
}
if (certTemplate.hasSubject()) {
Name subjectdn = certTemplate.getSubject();
- ByteArrayOutputStream subjectEncStream =
- new ByteArrayOutputStream();
+ ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream();
subjectdn.encode(subjectEncStream);
byte[] subjectEnc = subjectEncStream.toByteArray();
X500Name subject = new X500Name(subjectEnc);
- certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subject));
- } else if (authToken == null ||
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
- // No subject name - error!
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ certInfo.set(X509CertInfo.SUBJECT,
+ new CertificateSubjectName(subject));
+ } else if (authToken == null
+ || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ // No subject name - error!
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
- // get extensions
+ // get extensions
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (CertificateException e) {
extensions = null;
} catch (IOException e) {
extensions = null;
}
if (certTemplate.hasExtensions()) {
- // put each extension from CRMF into CertInfo.
- // index by extension name, consistent with
+ // put each extension from CRMF into CertInfo.
+ // index by extension name, consistent with
// CertificateExtensions.parseExtension() method.
- if (extensions == null)
+ if (extensions == null)
extensions = new CertificateExtensions();
int numexts = certTemplate.numExtensions();
for (int j = 0; j < numexts; j++) {
- org.mozilla.jss.pkix.cert.Extension jssext =
- certTemplate.extensionAt(j);
+ org.mozilla.jss.pkix.cert.Extension jssext = certTemplate
+ .extensionAt(j);
boolean isCritical = jssext.getCritical();
- org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
- jssext.getExtnId();
+ org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext
+ .getExtnId();
long[] numbers = jssoid.getNumbers();
int[] oidNumbers = new int[numbers.length];
for (int k = numbers.length - 1; k >= 0; k--) {
oidNumbers[k] = (int) numbers[k];
}
- ObjectIdentifier oid =
- new ObjectIdentifier(oidNumbers);
- org.mozilla.jss.asn1.OCTET_STRING jssvalue =
- jssext.getExtnValue();
- ByteArrayOutputStream jssvalueout =
- new ByteArrayOutputStream();
+ ObjectIdentifier oid = new ObjectIdentifier(oidNumbers);
+ org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext
+ .getExtnValue();
+ ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream();
jssvalue.encode(jssvalueout);
byte[] extValue = jssvalueout.toByteArray();
- Extension ext =
- new Extension(oid, isCritical, extValue);
+ Extension ext = new Extension(oid, isCritical, extValue);
extensions.parseExtension(ext);
}
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
- // Added a new configuration parameter
+ // Added a new configuration parameter
// eeGateway.Enrollment.authTokenOverride=[true|false]
// By default, it is set to true. In most
// of the case, administrator would want
// to have the control of the subject name
// formulation.
// -- CRMFfillCert
- if (authToken != null &&
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
- // if authenticated override subect name, validity and
+ if (authToken != null
+ && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+ // if authenticated override subect name, validity and
// extensions if any from authtoken.
fillCertInfoFromAuthToken(certInfo, authToken);
}
@@ -1048,32 +1029,34 @@ public class HashEnrollServlet extends CMSServlet {
return certInfoArray;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (InvalidBERException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (InvalidKeyException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
- e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
- protected void renderServerEnrollResult(CMSRequest cmsReq) throws
- IOException {
+ protected void renderServerEnrollResult(CMSRequest cmsReq)
+ throws IOException {
HttpServletResponse httpResp = cmsReq.getHttpResp();
httpResp.setContentType("text/html");
@@ -1088,11 +1071,16 @@ public class HashEnrollServlet extends CMSServlet {
out.println("</TITLE>");
// out.println("<BODY BGCOLOR=white>");
- if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.COMPLETE)) {
+ if (cmsReq.getIRequest().getRequestStatus()
+ .equals(RequestStatus.COMPLETE)) {
out.println("<H1>");
out.println("SUCCESS");
out.println("</H1>");
- out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message
+ out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX
+ // -
+ // localize
+ // the
+ // message
out.println("<P>");
out.println("Request Creation Time: ");
out.println(cmsReq.getIRequest().getCreationTime().toString());
@@ -1106,25 +1094,30 @@ public class HashEnrollServlet extends CMSServlet {
out.println("Certificate: ");
out.println("<P>");
out.println("<PRE>");
- X509CertImpl certs[] =
- cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ X509CertImpl certs[] = cmsReq.getIRequest().getExtDataInCertArray(
+ IRequest.ISSUED_CERTS);
out.println(CMS.getEncodedCert(certs[0]));
out.println("</PRE>");
out.println("<P>");
- out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
- cmsReq.getIRequest().getCreationTime().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_ID=" +
- cmsReq.getIRequest().getRequestId().toString() + ">");
- out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
- CMS.getEncodedCert(certs[0]) + ">");
- } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
+ out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME="
+ + cmsReq.getIRequest().getCreationTime().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS="
+ + cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_ID="
+ + cmsReq.getIRequest().getRequestId().toString() + ">");
+ out.println("<!HTTP_OUTPUT X509_CERTIFICATE="
+ + CMS.getEncodedCert(certs[0]) + ">");
+ } else if (cmsReq.getIRequest().getRequestStatus()
+ .equals(RequestStatus.PENDING)) {
out.println("<H1>");
out.println("PENDING");
out.println("</H1>");
- out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message
+ out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX
+ // -
+ // localize
+ // the
+ // message
out.println("<P>");
out.println("Request Creation Time: ");
out.println(cmsReq.getIRequest().getCreationTime().toString());
@@ -1135,18 +1128,22 @@ public class HashEnrollServlet extends CMSServlet {
out.println("Request ID: ");
out.println(cmsReq.getIRequest().getRequestId().toString());
out.println("<P>");
- out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
- cmsReq.getIRequest().getCreationTime().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT REQUEST_ID=" +
- cmsReq.getIRequest().getRequestId().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME="
+ + cmsReq.getIRequest().getCreationTime().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS="
+ + cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_ID="
+ + cmsReq.getIRequest().getRequestId().toString() + ">");
} else {
out.println("<H1>");
out.println("ERROR");
out.println("</H1>");
out.println("<!INFO>");
- out.println("Please consult your local administrator for assistance."); // XXX - localize the message
+ out.println("Please consult your local administrator for assistance."); // XXX
+ // -
+ // localize
+ // the
+ // message
out.println("<!/INFO>");
out.println("<P>");
out.println("Request Status: ");
@@ -1155,62 +1152,55 @@ public class HashEnrollServlet extends CMSServlet {
out.println("Error: ");
out.println(cmsReq.getError()); // XXX - need to parse in Locale
out.println("<P>");
- out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
- cmsReq.getStatus().toString() + ">");
- out.println("<!HTTP_OUTPUT ERROR=" +
- cmsReq.getError() + ">");
+ out.println("<!HTTP_OUTPUT REQUEST_STATUS="
+ + cmsReq.getStatus().toString() + ">");
+ out.println("<!HTTP_OUTPUT ERROR=" + cmsReq.getError() + ">");
}
/**
- // include all the input data
- IArgBlock args = cmsReq.getHttpParams();
- Enumeration ele = args.getElements();
- while (ele.hasMoreElements()) {
- String eleT = (String)ele.nextElement();
- out.println("<!HTTP_INPUT " + eleT + "=" +
- args.get(eleT) + ">");
- }
+ * // include all the input data IArgBlock args =
+ * cmsReq.getHttpParams(); Enumeration ele = args.getElements(); while
+ * (ele.hasMoreElements()) { String eleT = (String)ele.nextElement();
+ * out.println("<!HTTP_INPUT " + eleT + "=" + args.get(eleT) + ">"); }
**/
out.println("</HTML>");
}
- // XXX ALERT !!
- // Remove the following and calls to them when we bundle a cartman
- // later than alpha1.
- // These are here to cover up problem in cartman where the
- // key usage extension always ends up being digital signature only
+ // XXX ALERT !!
+ // Remove the following and calls to them when we bundle a cartman
+ // later than alpha1.
+ // These are here to cover up problem in cartman where the
+ // key usage extension always ends up being digital signature only
// and for rsa-ex ends up having no bits set.
private boolean mIsTestBed = false;
- private void init_testbed_hack(IConfigStore config)
- throws EBaseException {
+ private void init_testbed_hack(IConfigStore config) throws EBaseException {
mIsTestBed = config.getBoolean("isTestBed", true);
}
- private void do_testbed_hack(
- int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams)
- throws EBaseException {
- if (!mIsTestBed)
+ private void do_testbed_hack(int nummsgs, X509CertInfo[] certinfo,
+ IArgBlock httpParams) throws EBaseException {
+ if (!mIsTestBed)
return;
- // get around bug in cartman - bits are off by one byte.
+ // get around bug in cartman - bits are off by one byte.
for (int i = 0; i < certinfo.length; i++) {
try {
X509CertInfo cert = certinfo[i];
- CertificateExtensions exts = (CertificateExtensions)
- cert.get(CertificateExtensions.NAME);
+ CertificateExtensions exts = (CertificateExtensions) cert
+ .get(CertificateExtensions.NAME);
if (exts == null) {
// should not happen.
continue;
}
- KeyUsageExtension ext = (KeyUsageExtension)
- exts.get(KeyUsageExtension.NAME);
+ KeyUsageExtension ext = (KeyUsageExtension) exts
+ .get(KeyUsageExtension.NAME);
- if (ext == null)
- // should not happen
+ if (ext == null)
+ // should not happen
continue;
byte[] value = ext.getExtensionValue();
@@ -1221,36 +1211,32 @@ public class HashEnrollServlet extends CMSServlet {
newvalue[1] = 0x03;
newvalue[2] = 0x07;
newvalue[3] = value[3];
- // force encryption certs to have digitial signature
+ // force encryption certs to have digitial signature
// set too so smime can find the cert for encryption.
if (value[3] == 0x20) {
/*
- newvalue[3] = 0x3f;
- newvalue[4] = (byte)0x80;
+ * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80;
*/
- if (httpParams.getValueAsBoolean(
- "dual-use-hack", true)) {
+ if (httpParams.getValueAsBoolean("dual-use-hack", true)) {
newvalue[3] = (byte) 0xE0; // same as rsa-dual-use.
}
}
newvalue[4] = 0;
- KeyUsageExtension newext =
- new KeyUsageExtension(Boolean.valueOf(true),
- (Object) newvalue);
+ KeyUsageExtension newext = new KeyUsageExtension(
+ Boolean.valueOf(true), (Object) newvalue);
exts.delete(KeyUsageExtension.NAME);
exts.set(KeyUsageExtension.NAME, newext);
}
} catch (IOException e) {
- // should never happen
+ // should never happen
continue;
} catch (CertificateException e) {
- // should never happen
+ // should never happen
continue;
}
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
index 75726730..8f1e57c4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.StringReader;
@@ -58,25 +57,25 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
* Set up HTTP response to import certificate into browsers
*
- * The result must have been populate with the set of certificates
- * to return.
+ * The result must have been populate with the set of certificates to return.
+ *
* <pre>
* inputs: certtype.
* outputs:
- * - cert type from http input (if any)
+ * - cert type from http input (if any)
* - CA chain
- * - authority name (RM, CM, DRM)
+ * - authority name (RM, CM, DRM)
* - scheme:host:port of server.
- * array of one or more
+ * array of one or more
* - cert serial number
* - cert pretty print
- * - cert in base 64 encoding.
- * - cmmf blob to import
+ * - cert in base 64 encoding.
+ * - cmmf blob to import
* </pre>
+ *
* @version $Revision$, $Date$
*/
public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
@@ -88,7 +87,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco
public static final String CERT_NICKNAME = "certNickname";
public static final String CMMF_RESP = "cmmfResponse";
- public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
+ public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
public ImportCertsTemplateFiller() {
}
@@ -99,33 +98,31 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) throws Exception {
Certificate[] certs = (Certificate[]) cmsReq.getResult();
if (certs instanceof X509CertImpl[])
- return getX509TemplateParams(cmsReq, authority, locale, e);
+ return getX509TemplateParams(cmsReq, authority, locale, e);
else
return null;
}
-
- public CMSTemplateParams getX509TemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+
+ public CMSTemplateParams getX509TemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) throws Exception {
IArgBlock header = CMS.createArgBlock();
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(header, fixed);
- // set host name and port.
+ // set host name and port.
HttpServletRequest httpReq = cmsReq.getHttpReq();
String host = httpReq.getServerName();
int port = httpReq.getServerPort();
String scheme = httpReq.getScheme();
String format = httpReq.getParameter("format");
- if(format!=null && format.equals("cmc"))
+ if (format != null && format.equals("cmc"))
fixed.set("importCMC", "false");
- String agentPort = ""+port;
+ String agentPort = "" + port;
fixed.set("agentHost", host);
fixed.set("agentPort", agentPort);
fixed.set(ICMSTemplateFiller.HOST, host);
@@ -134,7 +131,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
IRequest r = cmsReq.getIRequest();
if (r != null) {
- fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId().toString());
+ fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId()
+ .toString());
}
// set key record (if KRA enabled)
@@ -142,53 +140,53 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
BigInteger keyRecSerialNo = r.getExtDataInBigInteger("keyRecord");
if (keyRecSerialNo != null) {
- fixed.set(ICMSTemplateFiller.KEYREC_ID, keyRecSerialNo.toString());
+ fixed.set(ICMSTemplateFiller.KEYREC_ID,
+ keyRecSerialNo.toString());
}
}
// set cert type.
IArgBlock httpParams = cmsReq.getHttpParams();
- String certType =
- httpParams.getValueAsString(CERT_TYPE, null);
+ String certType = httpParams.getValueAsString(CERT_TYPE, null);
- if (certType != null)
+ if (certType != null)
fixed.set(CERT_TYPE, certType);
- // this authority
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- (String) authority.getOfficialName());
+ // this authority
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ (String) authority.getOfficialName());
// CA chain.
- CertificateChain cachain =
- ((ICertAuthority) authority).getCACertChain();
+ CertificateChain cachain = ((ICertAuthority) authority)
+ .getCACertChain();
X509Certificate[] cacerts = cachain.getChain();
String replyTo = httpParams.getValueAsString("replyTo", null);
- if (replyTo != null) fixed.set("replyTo", replyTo);
+ if (replyTo != null)
+ fixed.set("replyTo", replyTo);
- // set user + CA cert chain and pkcs7 for MSIE.
+ // set user + CA cert chain and pkcs7 for MSIE.
X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
int m = 1, n = 0;
- for (; n < cacerts.length; m++, n++)
+ for (; n < cacerts.length; m++, n++)
userChain[m] = (X509CertImpl) cacerts[n];
- // certs.
+ // certs.
X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult();
// expose CRMF request id
String crmfReqId = cmsReq.getExtData(IRequest.CRMF_REQID);
if (crmfReqId == null) {
- crmfReqId = (String) cmsReq.getResult(
- IRequest.CRMF_REQID);
+ crmfReqId = (String) cmsReq.getResult(IRequest.CRMF_REQID);
}
if (crmfReqId != null) {
fixed.set(CRMF_REQID, crmfReqId);
}
- // set CA certs in cmmf, initialize CertRepContent
+ // set CA certs in cmmf, initialize CertRepContent
// note cartman can't trust ca certs yet but it'll import them.
// also set cert nickname for cartman.
CertRepContent certRepContent = null;
@@ -196,33 +194,31 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
if (CMSServlet.doCMMFResponse(httpParams)) {
byte[][] caPubs = new byte[cacerts.length][];
- for (int j = 0; j < cacerts.length; j++)
+ for (int j = 0; j < cacerts.length; j++)
caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
certRepContent = new CertRepContent(caPubs);
- String certnickname =
- cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
+ String certnickname = cmsReq.getHttpParams().getValueAsString(
+ CERT_NICKNAME, null);
// if nickname is not requested set to subject name by default.
- if (certnickname == null)
+ if (certnickname == null)
fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString());
else
fixed.set(CERT_NICKNAME, certnickname);
}
- // make pkcs7 for MSIE
- if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) &&
- (certType == null || certType.equals("client"))) {
+ // make pkcs7 for MSIE
+ if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq())
+ && (certType == null || certType.equals("client"))) {
userChain[0] = certs[0];
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]),
- userChain,
- new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
+ new byte[0]), userChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
p7.encodeSignedData(bos);
byte[] p7Bytes = bos.toByteArray();
- // String p7Str = encoder.encodeBuffer(p7Bytes);
+ // String p7Str = encoder.encodeBuffer(p7Bytes);
String p7Str = CMS.BtoA(p7Bytes);
header.set(PKCS7_RESP, p7Str);
@@ -234,24 +230,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
X509CertImpl cert = certs[i];
// set serial number.
- BigInteger serialNo =
- ((X509Certificate) cert).getSerialNumber();
+ BigInteger serialNo = ((X509Certificate) cert).getSerialNumber();
repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16);
// set base64 encoded blob.
byte[] certEncoded = cert.getEncoded();
- // String b64 = encoder.encodeBuffer(certEncoded);
+ // String b64 = encoder.encodeBuffer(certEncoded);
String b64 = CMS.BtoA(certEncoded);
- String b64cert = "-----BEGIN CERTIFICATE-----\n" +
- b64 + "\n-----END CERTIFICATE-----";
+ String b64cert = "-----BEGIN CERTIFICATE-----\n" + b64
+ + "\n-----END CERTIFICATE-----";
repeat.set(BASE64_CERT, b64cert);
-
+
// set cert pretty print.
-
- String prettyPrintRequested =
- cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
+
+ String prettyPrintRequested = cmsReq.getHttpParams()
+ .getValueAsString(CERT_PRETTYPRINT, null);
if (prettyPrintRequested == null) {
prettyPrintRequested = "true";
@@ -266,21 +261,21 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
repeat.set(CERT_PRETTYPRINT, ppStr);
// Now formulate a PKCS#7 blob
- X509CertImpl[] certsInChain = new X509CertImpl[1];;
+ X509CertImpl[] certsInChain = new X509CertImpl[1];
+ ;
if (cacerts != null) {
for (int j = 0; j < cacerts.length; j++) {
if (cert.equals(cacerts[j])) {
- certsInChain = new
- X509CertImpl[cacerts.length];
+ certsInChain = new X509CertImpl[cacerts.length];
break;
}
certsInChain = new X509CertImpl[cacerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = cert;
-
+
// Set the Ca certificate chain
if (cacerts != null) {
for (int j = 0; j < cacerts.length; j++) {
@@ -292,23 +287,21 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]),
- certsInChain,
- new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
+ new byte[0]), certsInChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
p7.encodeSignedData(bos);
byte[] p7Bytes = bos.toByteArray();
- //p7Str = encoder.encodeBuffer(p7Bytes);
+ // p7Str = encoder.encodeBuffer(p7Bytes);
p7Str = CMS.BtoA(p7Bytes);
repeat.addStringValue("pkcs7ChainBase64", p7Str);
} catch (Exception ex) {
- //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString()
- //+ "; Please contact your administrator";
+ // p7Str = "PKCS#7 B64 Encoding error - " + ex.toString()
+ // + "; Please contact your administrator";
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+ CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
}
// set cert fingerprint (for Cisco routers)
@@ -318,25 +311,24 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
fingerprint = CMS.getFingerPrints(cert);
} catch (CertificateEncodingException ex) {
// should never happen
- throw new EBaseException(
- CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
+ throw new EBaseException(CMS.getUserMessage(locale,
+ "CMS_BASE_INTERNAL_ERROR", ex.toString()));
} catch (NoSuchAlgorithmException ex) {
// should never happen
- throw new EBaseException(
- CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
+ throw new EBaseException(CMS.getUserMessage(locale,
+ "CMS_BASE_INTERNAL_ERROR", ex.toString()));
}
- if (fingerprint != null && fingerprint.length() > 0)
+ if (fingerprint != null && fingerprint.length() > 0)
repeat.set(CERT_FINGERPRINT, fingerprint);
- // cmmf response for this cert.
- if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null &&
- (certType == null || certType.equals("client"))) {
+ // cmmf response for this cert.
+ if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null
+ && (certType == null || certType.equals("client"))) {
PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
- CertifiedKeyPair certifiedKP =
- new CertifiedKeyPair(new CertOrEncCert(certEncoded));
- CertResponse resp =
- new CertResponse(new INTEGER(crmfReqId), status,
- certifiedKP);
+ CertifiedKeyPair certifiedKP = new CertifiedKeyPair(
+ new CertOrEncCert(certEncoded));
+ CertResponse resp = new CertResponse(new INTEGER(crmfReqId),
+ status, certifiedKP);
certRepContent.addCertResponse(resp);
}
@@ -352,19 +344,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
byte[] certRepBytes = certRepOut.toByteArray();
String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes);
// add CR to each return as required by cartman
- BufferedReader certRepB64lines =
- new BufferedReader(new StringReader(certRepB64));
+ BufferedReader certRepB64lines = new BufferedReader(
+ new StringReader(certRepB64));
StringWriter certRepStringOut = new StringWriter();
String oneLine = null;
boolean first = true;
while ((oneLine = certRepB64lines.readLine()) != null) {
if (first) {
- //certRepStringOut.write("\""+oneLine+"\"");
+ // certRepStringOut.write("\""+oneLine+"\"");
certRepStringOut.write(oneLine);
first = false;
} else {
- //certRepStringOut.write("+\"\\n"+oneLine+"\"");
+ // certRepStringOut.write("+\"\\n"+oneLine+"\"");
certRepStringOut.write("\n" + oneLine);
}
}
@@ -376,4 +368,3 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
index e79efc32..7ec6ee66 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
@@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Retrieve a paged list of certs matching the specified query
- *
+ *
* @version $Revision$, $Date$
*/
public class ListCerts extends CMSServlet {
@@ -81,8 +79,8 @@ public class ListCerts extends CMSServlet {
private ICertificateRepository mCertDB = null;
private X500Name mAuthName = null;
private String mFormPath = null;
- private boolean mReverse = false;
- private boolean mHardJumpTo = false; //jump to the end
+ private boolean mReverse = false;
+ private boolean mHardJumpTo = false; // jump to the end
private String mDirection = null;
private boolean mUseClientFilter = false;
private Vector mAllowedClientFilters = new Vector();
@@ -98,7 +96,7 @@ public class ListCerts extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "queryCert.template" to render the response
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -123,44 +121,54 @@ public class ListCerts extends CMSServlet {
/* do nothing, just use the default if integer parsing failed */
}
- /* useClientFilter should be off by default. We keep
- this parameter around so that we do not break
- the client applications that submits raw LDAP
- filter into this servlet. */
- if (sc.getInitParameter(USE_CLIENT_FILTER) != null &&
- sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) { mUseClientFilter = true;
+ /*
+ * useClientFilter should be off by default. We keep this parameter
+ * around so that we do not break the client applications that submits
+ * raw LDAP filter into this servlet.
+ */
+ if (sc.getInitParameter(USE_CLIENT_FILTER) != null
+ && sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase(
+ "true")) {
+ mUseClientFilter = true;
}
- if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) {
- mAllowedClientFilters.addElement("(certStatus=*)");
- mAllowedClientFilters.addElement("(certStatus=VALID)");
- mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
- mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))");
+ if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null
+ || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) {
+ mAllowedClientFilters.addElement("(certStatus=*)");
+ mAllowedClientFilters.addElement("(certStatus=VALID)");
+ mAllowedClientFilters
+ .addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
+ mAllowedClientFilters
+ .addElement("(|(certStatus=VALID)(certStatus=REVOKED))");
} else {
- StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ",");
+ StringTokenizer st = new StringTokenizer(
+ sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ",");
while (st.hasMoreTokens()) {
- mAllowedClientFilters.addElement(st.nextToken());
+ mAllowedClientFilters.addElement(st.nextToken());
}
}
}
- public String buildFilter(HttpServletRequest req)
- {
+ public String buildFilter(HttpServletRequest req) {
String queryCertFilter = req.getParameter("queryCertFilter");
- com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter);
+ com.netscape.certsrv.apps.CMS.debug("client queryCertFilter="
+ + queryCertFilter);
if (mUseClientFilter) {
com.netscape.certsrv.apps.CMS.debug("useClientFilter=true");
Enumeration filters = mAllowedClientFilters.elements();
// check to see if the filter is allowed
while (filters.hasMoreElements()) {
- String filter = (String)filters.nextElement();
- com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter);
+ String filter = (String) filters.nextElement();
+ com.netscape.certsrv.apps.CMS.debug("Comparing filter="
+ + filter + " queryCertFilter=" + queryCertFilter);
if (filter.equals(queryCertFilter)) {
return queryCertFilter;
}
}
- com.netscape.certsrv.apps.CMS.debug("Requested filter '" + queryCertFilter + "' is not allowed. Please check the " + ALLOWED_CLIENT_FILTERS + "parameter");
+ com.netscape.certsrv.apps.CMS.debug("Requested filter '"
+ + queryCertFilter + "' is not allowed. Please check the "
+ + ALLOWED_CLIENT_FILTERS + "parameter");
return null;
} else {
com.netscape.certsrv.apps.CMS.debug("useClientFilter=false");
@@ -168,35 +176,38 @@ public class ListCerts extends CMSServlet {
boolean skipRevoked = false;
boolean skipNonValid = false;
- if (req.getParameter("skipRevoked") != null &&
- req.getParameter("skipRevoked").equals("on")) {
+ if (req.getParameter("skipRevoked") != null
+ && req.getParameter("skipRevoked").equals("on")) {
skipRevoked = true;
}
- if (req.getParameter("skipNonValid") != null &&
- req.getParameter("skipNonValid").equals("on")) {
+ if (req.getParameter("skipNonValid") != null
+ && req.getParameter("skipNonValid").equals("on")) {
skipNonValid = true;
}
if (!skipRevoked && !skipNonValid) {
- queryCertFilter = "(certStatus=*)";
- } else if (skipRevoked && skipNonValid) {
- queryCertFilter = "(certStatus=VALID)";
- } else if (skipRevoked) {
- queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
- } else if (skipNonValid) {
- queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))";
+ queryCertFilter = "(certStatus=*)";
+ } else if (skipRevoked && skipNonValid) {
+ queryCertFilter = "(certStatus=VALID)";
+ } else if (skipRevoked) {
+ queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
+ } else if (skipNonValid) {
+ queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))";
}
return queryCertFilter;
}
/**
- * Process the HTTP request.
- * <ul>
- * <li>http.param maxCount Number of certificates to show
+ * Process the HTTP request.
+ * <ul>
+ * <li>http.param maxCount Number of certificates to show
* <li>http.param queryFilter and ldap style filter specifying the
- * certificates to show
- * <li>http.param querySentinelDown the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging down
- * <li>http.param querySentinelUp the serial number of the first certificate to show (default decimal, or hex if prefixed with 0x) when paging up
+ * certificates to show
+ * <li>http.param querySentinelDown the serial number of the first
+ * certificate to show (default decimal, or hex if prefixed with 0x) when
+ * paging down
+ * <li>http.param querySentinelUp the serial number of the first certificate
+ * to show (default decimal, or hex if prefixed with 0x) when paging up
* <li>http.param direction "up", "down", "begin", or "end"
* </ul>
*/
@@ -209,8 +220,8 @@ public class ListCerts extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "list");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "list");
} catch (Exception e) {
}
@@ -235,50 +246,54 @@ public class ListCerts extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ com.netscape.certsrv.apps.CMS.getLogMessage(
+ "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ com.netscape.certsrv.apps.CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
- mHardJumpTo = false;
+ mHardJumpTo = false;
try {
- if (req.getParameter("direction") != null) {
- mDirection = req.getParameter("direction").trim();
- mReverse = mDirection.equals("up");
- if (mReverse)
- com.netscape.certsrv.apps.CMS.debug("reverse is true");
- else
- com.netscape.certsrv.apps.CMS.debug("reverse is false");
+ if (req.getParameter("direction") != null) {
+ mDirection = req.getParameter("direction").trim();
+ mReverse = mDirection.equals("up");
+ if (mReverse)
+ com.netscape.certsrv.apps.CMS.debug("reverse is true");
+ else
+ com.netscape.certsrv.apps.CMS.debug("reverse is false");
- }
+ }
if (req.getParameter("maxCount") != null) {
maxCount = Integer.parseInt(req.getParameter("maxCount"));
}
if (maxCount == -1 || maxCount > mMaxReturns) {
- com.netscape.certsrv.apps.CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns);
+ com.netscape.certsrv.apps.CMS.debug("Resetting page size from "
+ + maxCount + " to " + mMaxReturns);
maxCount = mMaxReturns;
}
- String sentinelStr = "";
- if (mReverse) {
- sentinelStr = req.getParameter("querySentinelUp");
- } else if (mDirection.equals("end")) {
- // this servlet will figure out the end
- sentinelStr = "0";
- mReverse = true;
- mHardJumpTo = true;
- } else if (mDirection.equals("down")) {
- sentinelStr = req.getParameter("querySentinelDown");
- } else
- sentinelStr = "0";
- //begin and non-specified have sentinel default "0"
+ String sentinelStr = "";
+ if (mReverse) {
+ sentinelStr = req.getParameter("querySentinelUp");
+ } else if (mDirection.equals("end")) {
+ // this servlet will figure out the end
+ sentinelStr = "0";
+ mReverse = true;
+ mHardJumpTo = true;
+ } else if (mDirection.equals("down")) {
+ sentinelStr = req.getParameter("querySentinelDown");
+ } else
+ sentinelStr = "0";
+ // begin and non-specified have sentinel default "0"
if (sentinelStr != null) {
if (sentinelStr.trim().startsWith("0x")) {
- sentinel = new BigInteger(sentinelStr.trim().substring(2), 16);
+ sentinel = new BigInteger(sentinelStr.trim().substring(2),
+ 16);
} else {
sentinel = new BigInteger(sentinelStr, 10);
}
@@ -287,11 +302,12 @@ public class ListCerts extends CMSServlet {
revokeAll = req.getParameter("revokeAll");
if (mAuthority instanceof ICertificateAuthority) {
- X509CertImpl caCert = ((ICertificateAuthority) mAuthority).getSigningUnit().getCertImpl();
+ X509CertImpl caCert = ((ICertificateAuthority) mAuthority)
+ .getSigningUnit().getCertImpl();
- //if (isCertFromCA(caCert))
- header.addStringValue("caSerialNumber",
- caCert.getSerialNumber().toString(16));
+ // if (isCertFromCA(caCert))
+ header.addStringValue("caSerialNumber", caCert
+ .getSerialNumber().toString(16));
}
// constructs the ldap filter on the server side
@@ -301,25 +317,28 @@ public class ListCerts extends CMSServlet {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
- com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter);
+
+ com.netscape.certsrv.apps.CMS.debug("queryCertFilter="
+ + queryCertFilter);
int totalRecordCount = -1;
try {
- totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount"));
+ totalRecordCount = Integer.parseInt(req
+ .getParameter("totalRecordCount"));
} catch (Exception e) {
}
- processCertFilter(argSet, header, maxCount,
- sentinel,
- totalRecordCount,
- req.getParameter("serialTo"),
- queryCertFilter,
- req, resp, revokeAll, locale[0]);
+ processCertFilter(argSet, header, maxCount, sentinel,
+ totalRecordCount, req.getParameter("serialTo"),
+ queryCertFilter, req, resp, revokeAll, locale[0]);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-
- error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ com.netscape.certsrv.apps.CMS
+ .getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+
+ error = new EBaseException(
+ com.netscape.certsrv.apps.CMS.getUserMessage(
+ getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -332,44 +351,38 @@ public class ListCerts extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- cmsReq.setStatus(CMSRequest.SUCCESS);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ com.netscape.certsrv.apps.CMS.getLogMessage(
+ "CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ com.netscape.certsrv.apps.CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
- private void processCertFilter(CMSTemplateParams argSet,
- IArgBlock header,
- int maxCount,
- BigInteger sentinel,
- int totalRecordCount,
- String serialTo,
- String filter,
- HttpServletRequest req,
- HttpServletResponse resp,
- String revokeAll,
- Locale locale
- ) throws EBaseException {
+ private void processCertFilter(CMSTemplateParams argSet, IArgBlock header,
+ int maxCount, BigInteger sentinel, int totalRecordCount,
+ String serialTo, String filter, HttpServletRequest req,
+ HttpServletResponse resp, String revokeAll, Locale locale)
+ throws EBaseException {
BigInteger serialToVal = MINUS_ONE;
try {
if (serialTo != null) {
serialTo = serialTo.trim();
if (serialTo.startsWith("0x")) {
- serialToVal = new BigInteger
- (serialTo.substring(2), 16);
+ serialToVal = new BigInteger(serialTo.substring(2), 16);
serialTo = serialToVal.toString();
} else {
serialToVal = new BigInteger(serialTo);
@@ -379,32 +392,30 @@ public class ListCerts extends CMSServlet {
}
String jumpTo = sentinel.toString();
- int pSize = 0;
- if (mReverse) {
- if (!mHardJumpTo) //reverse gets one more
- pSize = -1*maxCount-1;
- else
- pSize = -1*maxCount;
- } else
- pSize = maxCount;
-
- ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList(
- filter, (String[]) null, jumpTo, mHardJumpTo, "serialno",
- pSize);
+ int pSize = 0;
+ if (mReverse) {
+ if (!mHardJumpTo) // reverse gets one more
+ pSize = -1 * maxCount - 1;
+ else
+ pSize = -1 * maxCount;
+ } else
+ pSize = maxCount;
+
+ ICertRecordList list = (ICertRecordList) mCertDB
+ .findCertRecordsInList(filter, (String[]) null, jumpTo,
+ mHardJumpTo, "serialno", pSize);
// retrive maxCount + 1 entries
- Enumeration e = list.getCertRecords(0, maxCount);
+ Enumeration e = list.getCertRecords(0, maxCount);
ICertRecordList tolist = null;
int toCurIndex = 0;
if (!serialToVal.equals(MINUS_ONE)) {
- // if user specify a range, we need to
+ // if user specify a range, we need to
// calculate the totalRecordCount
- tolist = (ICertRecordList) mCertDB.findCertRecordsInList(
- filter,
- (String[]) null, serialTo,
- "serialno", maxCount);
+ tolist = (ICertRecordList) mCertDB.findCertRecordsInList(filter,
+ (String[]) null, serialTo, "serialno", maxCount);
Enumeration en = tolist.getCertRecords(0, 0);
if (en == null || (!en.hasMoreElements())) {
@@ -417,88 +428,98 @@ public class ListCerts extends CMSServlet {
if (curToSerial.compareTo(serialToVal) == -1) {
toCurIndex = list.getSize() - 1;
} else {
- if (!rx.getSerialNumber().toString().equals(serialTo.trim())) {
+ if (!rx.getSerialNumber().toString()
+ .equals(serialTo.trim())) {
toCurIndex = toCurIndex - 1;
}
}
}
}
-
+
int curIndex = list.getCurrentIndex();
int count = 0;
- BigInteger firstSerial = new BigInteger("0");
- BigInteger curSerial = new BigInteger("0");
- ICertRecord[] recs = new ICertRecord[maxCount];
- int rcount = 0;
+ BigInteger firstSerial = new BigInteger("0");
+ BigInteger curSerial = new BigInteger("0");
+ ICertRecord[] recs = new ICertRecord[maxCount];
+ int rcount = 0;
if (e != null) {
- /* in reverse (page up), because the sentinel is the one after the
- * last item to be displayed, we need to skip it
- */
- while ((count < ((mReverse &&!mHardJumpTo)? (maxCount+1):maxCount)) && e.hasMoreElements()) {
+ /*
+ * in reverse (page up), because the sentinel is the one after the
+ * last item to be displayed, we need to skip it
+ */
+ while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1)
+ : maxCount)) && e.hasMoreElements()) {
ICertRecord rec = (ICertRecord) e.nextElement();
if (rec == null) {
- com.netscape.certsrv.apps.CMS.debug("record "+count+" is null");
+ com.netscape.certsrv.apps.CMS.debug("record " + count
+ + " is null");
break;
- }
+ }
curSerial = rec.getSerialNumber();
- com.netscape.certsrv.apps.CMS.debug("record "+count+" is serial#"+curSerial);
-
- if (count == 0) {
- firstSerial = curSerial;
- if (mReverse && !mHardJumpTo) {//reverse got one more, skip
- count++;
- continue;
- }
- }
-
- // DS has a problem where last record will be returned
- // even though the filter is not matched.
- /*cfu - is this necessary? it breaks when paging up
- if (curSerial.compareTo(sentinel) == -1) {
- com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break...");
-
- break;
- }
- */
+ com.netscape.certsrv.apps.CMS.debug("record " + count
+ + " is serial#" + curSerial);
+
+ if (count == 0) {
+ firstSerial = curSerial;
+ if (mReverse && !mHardJumpTo) {// reverse got one more, skip
+ count++;
+ continue;
+ }
+ }
+
+ // DS has a problem where last record will be returned
+ // even though the filter is not matched.
+ /*
+ * cfu - is this necessary? it breaks when paging up if
+ * (curSerial.compareTo(sentinel) == -1) {
+ * com.netscape.certsrv.apps
+ * .CMS.debug("curSerial compare sentinel -1 break...");
+ *
+ * break; }
+ */
if (!serialToVal.equals(MINUS_ONE)) {
// check if we go over the limit
if (curSerial.compareTo(serialToVal) == 1) {
- com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking...");
+ com.netscape.certsrv.apps.CMS
+ .debug("curSerial compare serialToVal 1 breaking...");
break;
- }
+ }
}
- if (mReverse) {
- recs[rcount++] = rec;
- } else {
+ if (mReverse) {
+ recs[rcount++] = rec;
+ } else {
- IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
+ IArgBlock rarg = com.netscape.certsrv.apps.CMS
+ .createArgBlock();
- fillRecordIntoArg(rec, rarg);
- argSet.addRepeatRecord(rarg);
- }
+ fillRecordIntoArg(rec, rarg);
+ argSet.addRepeatRecord(rarg);
+ }
count++;
}
} else {
- com.netscape.certsrv.apps.CMS.debug(
- "ListCerts::processCertFilter() - no Cert Records found!" );
+ com.netscape.certsrv.apps.CMS
+ .debug("ListCerts::processCertFilter() - no Cert Records found!");
return;
}
- if (mReverse) {
- // fill records into arg block and argSet
- for (int ii = rcount-1; ii>= 0; ii--) {
- if (recs[ii] != null) {
- IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
- //com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber());
- fillRecordIntoArg(recs[ii], rarg);
- argSet.addRepeatRecord(rarg);
- }
- }
- }
+ if (mReverse) {
+ // fill records into arg block and argSet
+ for (int ii = rcount - 1; ii >= 0; ii--) {
+ if (recs[ii] != null) {
+ IArgBlock rarg = com.netscape.certsrv.apps.CMS
+ .createArgBlock();
+ // com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+
+ // recs[ii].getSerialNumber());
+ fillRecordIntoArg(recs[ii], rarg);
+ argSet.addRepeatRecord(rarg);
+ }
+ }
+ }
// peek ahead
ICertRecord nextRec = null;
@@ -522,70 +543,72 @@ public class ListCerts extends CMSServlet {
if (totalRecordCount == -1) {
if (!serialToVal.equals(MINUS_ONE)) {
totalRecordCount = toCurIndex - curIndex + 1;
- com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount);
+ com.netscape.certsrv.apps.CMS.debug("totalRecordCount="
+ + totalRecordCount);
} else {
- totalRecordCount = list.getSize() -
- list.getCurrentIndex();
- com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount);
+ totalRecordCount = list.getSize() - list.getCurrentIndex();
+ com.netscape.certsrv.apps.CMS.debug("totalRecordCount="
+ + totalRecordCount);
}
}
header.addIntegerValue("totalRecordCount", totalRecordCount);
- header.addIntegerValue("currentRecordCount", list.getSize() -
- list.getCurrentIndex());
-
- String qs = "";
- if (mReverse)
- qs = "querySentinelUp";
- else
- qs = "querySentinelDown";
-
- if (mHardJumpTo) {
- com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString());
-
- header.addStringValue("querySentinelUp", curSerial.toString());
- } else {
- if (nextRec == null) {
- header.addStringValue(qs, null);
- com.netscape.certsrv.apps.CMS.debug("nextRec is null");
- if (mReverse) {
- com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString());
-
- header.addStringValue("querySentinelUp", curSerial.toString());
- }
- } else {
- BigInteger nextRecNo = nextRec.getSerialNumber();
+ header.addIntegerValue("currentRecordCount",
+ list.getSize() - list.getCurrentIndex());
+
+ String qs = "";
+ if (mReverse)
+ qs = "querySentinelUp";
+ else
+ qs = "querySentinelDown";
- if (serialToVal.equals(MINUS_ONE)) {
- header.addStringValue(
- qs, nextRecNo.toString());
+ if (mHardJumpTo) {
+ com.netscape.certsrv.apps.CMS
+ .debug("curSerial added to querySentinelUp:"
+ + curSerial.toString());
+
+ header.addStringValue("querySentinelUp", curSerial.toString());
+ } else {
+ if (nextRec == null) {
+ header.addStringValue(qs, null);
+ com.netscape.certsrv.apps.CMS.debug("nextRec is null");
+ if (mReverse) {
+ com.netscape.certsrv.apps.CMS
+ .debug("curSerial added to querySentinelUp:"
+ + curSerial.toString());
+
+ header.addStringValue("querySentinelUp",
+ curSerial.toString());
+ }
} else {
- if (nextRecNo.compareTo(serialToVal) <= 0) {
- header.addStringValue(
- qs, nextRecNo.toString());
+ BigInteger nextRecNo = nextRec.getSerialNumber();
+
+ if (serialToVal.equals(MINUS_ONE)) {
+ header.addStringValue(qs, nextRecNo.toString());
} else {
- header.addStringValue(qs,
- null);
+ if (nextRecNo.compareTo(serialToVal) <= 0) {
+ header.addStringValue(qs, nextRecNo.toString());
+ } else {
+ header.addStringValue(qs, null);
+ }
}
+ com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs
+ + " = " + nextRecNo.toString());
}
- com.netscape.certsrv.apps.CMS.debug("querySentinel "+qs+" = "+nextRecNo.toString());
- }
- } // !mHardJumpto
+ } // !mHardJumpto
- header.addStringValue(!mReverse? "querySentinelUp":"querySentinelDown",
- firstSerial.toString());
+ header.addStringValue(!mReverse ? "querySentinelUp"
+ : "querySentinelDown", firstSerial.toString());
}
/**
* Process the key search.
*/
- private void process(CMSTemplateParams argSet, IArgBlock header,
- int maxCount, int sentinel,
- String filter, HttpServletRequest req,
- HttpServletResponse resp,
- String revokeAll, Locale locale)
- throws EBaseException {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ int maxCount, int sentinel, String filter, HttpServletRequest req,
+ HttpServletResponse resp, String revokeAll, Locale locale)
+ throws EBaseException {
try {
if (filter.indexOf(CURRENT_TIME, 0) > -1) {
filter = insertCurrentTime(filter);
@@ -595,11 +618,11 @@ public class ListCerts extends CMSServlet {
}
// xxx the filter includes serial number range???
- ICertRecordList list =
- (ICertRecordList) mCertDB.findCertRecordsInList(filter, null, maxCount);
+ ICertRecordList list = (ICertRecordList) mCertDB
+ .findCertRecordsInList(filter, null, maxCount);
// sentinel is the index on the list now, not serial number
- Enumeration e =
- list.getCertRecords(sentinel, sentinel + maxCount - 1);
+ Enumeration e = list.getCertRecords(sentinel, sentinel + maxCount
+ - 1);
int count = 0;
@@ -628,7 +651,9 @@ public class ListCerts extends CMSServlet {
else
header.addStringValue("querySentinelDown", null);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERROR_LISTCERTS", e.toString()));
+ log(ILogger.LL_FAILURE,
+ com.netscape.certsrv.apps.CMS.getLogMessage(
+ "CMSGW_ERROR_LISTCERTS", e.toString()));
throw e;
}
return;
@@ -641,7 +666,8 @@ public class ListCerts extends CMSServlet {
int i = filter.indexOf(CURRENT_TIME, k);
while (i > -1) {
- if (now == null) now = new Date();
+ if (now == null)
+ now = new Date();
if (newFilter.length() == 0) {
newFilter.append(filter.substring(k, i));
newFilter.append(now.getTime());
@@ -662,7 +688,7 @@ public class ListCerts extends CMSServlet {
* Fills cert record into argument block.
*/
private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
- throws EBaseException {
+ throws EBaseException {
X509CertImpl xcert = rec.getCertificate();
@@ -670,15 +696,16 @@ public class ListCerts extends CMSServlet {
fillX509RecordIntoArg(rec, rarg);
}
}
-
+
private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
- throws EBaseException {
+ throws EBaseException {
X509CertImpl cert = rec.getCertificate();
rarg.addIntegerValue("version", cert.getVersion());
rarg.addStringValue("serialNumber", cert.getSerialNumber().toString(16));
- rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber().toString());
+ rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber()
+ .toString());
if (cert.getSubjectDN().toString().equals("")) {
rarg.addStringValue("subject", " ");
@@ -699,28 +726,32 @@ public class ListCerts extends CMSServlet {
if (pKey instanceof X509Key) {
key = (X509Key) pKey;
}
- rarg.addStringValue("subjectPublicKeyAlgorithm", key.getAlgorithmId().getOID().toString());
+ rarg.addStringValue("subjectPublicKeyAlgorithm", key
+ .getAlgorithmId().getOID().toString());
if (key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) {
RSAPublicKey rsaKey = new RSAPublicKey(key.getEncoded());
- rarg.addIntegerValue("subjectPublicKeyLength", rsaKey.getKeySize());
+ rarg.addIntegerValue("subjectPublicKeyLength",
+ rsaKey.getKeySize());
}
} catch (Exception e) {
rarg.addStringValue("subjectPublicKeyAlgorithm", null);
rarg.addIntegerValue("subjectPublicKeyLength", 0);
}
- rarg.addLongValue("validNotBefore", cert.getNotBefore().getTime() / 1000);
+ rarg.addLongValue("validNotBefore",
+ cert.getNotBefore().getTime() / 1000);
rarg.addLongValue("validNotAfter", cert.getNotAfter().getTime() / 1000);
rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
String issuedBy = rec.getIssuedBy();
- if (issuedBy == null) issuedBy = "";
+ if (issuedBy == null)
+ issuedBy = "";
rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
- rarg.addStringValue("revokedBy",
- ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
+ rarg.addStringValue("revokedBy", ((rec.getRevokedBy() == null) ? ""
+ : rec.getRevokedBy()));
if (rec.getRevokedOn() == null) {
rarg.addStringValue("revokedOn", null);
} else {
@@ -739,7 +770,8 @@ public class ListCerts extends CMSServlet {
Extension ext = (Extension) enum1.nextElement();
if (ext instanceof CRLReasonExtension) {
- reason = ((CRLReasonExtension) ext).getReason().toInt();
+ reason = ((CRLReasonExtension) ext).getReason()
+ .toInt();
break;
}
}
@@ -749,4 +781,3 @@ public class ListCerts extends CMSServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
index db77d039..577caa18 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Calendar;
import java.util.Date;
@@ -51,10 +50,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Provide statistical queries of request and certificate records.
- *
+ *
* @version $Revision$, $Date$
*/
public class Monitor extends CMSServlet {
@@ -83,8 +81,8 @@ public class Monitor extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
- * 'monitor.template' to render the response.
- *
+ * 'monitor.template' to render the response.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
@@ -111,8 +109,8 @@ public class Monitor extends CMSServlet {
* Process the HTTP request.
* <ul>
* <li>http.param startTime start of time period to query
- * <li>http.param endTime end of time period to query
- * <li>http.param interval time between queries
+ * <li>http.param endTime end of time period to query
+ * <li>http.param interval time between queries
* <li>http.param numberOfIntervals number of queries to run
* <li>http.param maxResults =number
* <li>http.param timeLimit =time
@@ -126,14 +124,14 @@ public class Monitor extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -158,9 +156,11 @@ public class Monitor extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -169,10 +169,11 @@ public class Monitor extends CMSServlet {
interval = req.getParameter("interval");
numberOfIntervals = req.getParameter("numberOfIntervals");
- process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]);
+ process(argSet, header, startTime, endTime, interval,
+ numberOfIntervals, locale[0]);
} catch (EBaseException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString()));
error = e;
}
@@ -182,35 +183,34 @@ public class Monitor extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
- e.toString()));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
- private void process(CMSTemplateParams argSet, IArgBlock header,
- String startTime, String endTime,
- String interval, String numberOfIntervals,
- Locale locale)
- throws EBaseException {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ String startTime, String endTime, String interval,
+ String numberOfIntervals, Locale locale) throws EBaseException {
if (interval == null || interval.length() == 0) {
header.addStringValue("error", "Invalid interval: " + interval);
return;
}
if (numberOfIntervals == null || numberOfIntervals.length() == 0) {
- header.addStringValue("error", "Invalid number of intervals: " + numberOfIntervals);
+ header.addStringValue("error", "Invalid number of intervals: "
+ + numberOfIntervals);
return;
}
@@ -235,7 +235,8 @@ public class Monitor extends CMSServlet {
try {
iNumberOfIntervals = Integer.parseInt(numberOfIntervals);
} catch (NumberFormatException nfe) {
- header.addStringValue("error", "Invalid number of intervals: " + numberOfIntervals);
+ header.addStringValue("error", "Invalid number of intervals: "
+ + numberOfIntervals);
return;
}
@@ -270,7 +271,7 @@ public class Monitor extends CMSServlet {
return;
}
-
+
Date nextDate(Date d, int seconds) {
Date date = new Date((d.getTime()) + ((long) (seconds * 1000)));
@@ -288,7 +289,8 @@ public class Monitor extends CMSServlet {
try {
if (mCertDB != null) {
- filter = Filter(ICertRecord.ATTR_CREATE_TIME, startTime, endTime);
+ filter = Filter(ICertRecord.ATTR_CREATE_TIME, startTime,
+ endTime);
Enumeration e = mCertDB.findCertRecs(filter);
@@ -306,18 +308,21 @@ public class Monitor extends CMSServlet {
}
if (mQueue != null) {
- filter = Filter(IRequestRecord.ATTR_CREATE_TIME, startTime, endTime);
+ filter = Filter(IRequestRecord.ATTR_CREATE_TIME, startTime,
+ endTime);
IRequestList reqList = mQueue.listRequestsByFilter(filter);
int count = 0;
while (reqList != null && reqList.hasMoreElements()) {
- IRequestRecord rec = (IRequestRecord) reqList.nextRequest();
+ IRequestRecord rec = (IRequestRecord) reqList
+ .nextRequest();
if (rec != null) {
if (count == 0) {
- arg.addStringValue("firstRequest", rec.getRequestId().toString());
+ arg.addStringValue("firstRequest", rec
+ .getRequestId().toString());
}
count++;
}
@@ -326,20 +331,21 @@ public class Monitor extends CMSServlet {
mTotalReqs += count;
}
} catch (Exception ex) {
- return "Exception: " + ex;
+ return "Exception: " + ex;
}
return null;
} else {
- return "Missing start or end date";
+ return "Missing start or end date";
}
}
Date StringToDate(String z) {
Date d = null;
- if (z != null && (z.length() == 14 ||
- z.length() == 15 && (z.charAt(14) == 'Z' || z.charAt(14) == 'z'))) {
+ if (z != null
+ && (z.length() == 14 || z.length() == 15
+ && (z.charAt(14) == 'Z' || z.charAt(14) == 'z'))) {
// 20020516132030Z or 20020516132030
try {
int year = Integer.parseInt(z.substring(0, 4));
@@ -348,12 +354,12 @@ public class Monitor extends CMSServlet {
int hour = Integer.parseInt(z.substring(8, 10));
int minute = Integer.parseInt(z.substring(10, 12));
int second = Integer.parseInt(z.substring(12, 14));
- Calendar calendar= Calendar.getInstance();
+ Calendar calendar = Calendar.getInstance();
calendar.set(year, month, date, hour, minute, second);
d = calendar.getTime();
} catch (NumberFormatException nfe) {
}
- } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5
+ } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5
try {
int i = Integer.parseInt(z);
@@ -370,37 +376,42 @@ public class Monitor extends CMSServlet {
Calendar calendar = Calendar.getInstance();
calendar.setTime(d);
-
String time = "" + (calendar.get(Calendar.YEAR));
int i = calendar.get(Calendar.MONTH) + 1;
- if (i < 10) time += "0";
+ if (i < 10)
+ time += "0";
time += i;
- i = calendar.get(Calendar.DAY_OF_MONTH);
- if (i < 10) time += "0";
+ i = calendar.get(Calendar.DAY_OF_MONTH);
+ if (i < 10)
+ time += "0";
time += i;
i = calendar.get(Calendar.HOUR_OF_DAY);
- if (i < 10) time += "0";
+ if (i < 10)
+ time += "0";
time += i;
i = calendar.get(Calendar.MINUTE);
- if (i < 10) time += "0";
+ if (i < 10)
+ time += "0";
time += i;
i = calendar.get(Calendar.SECOND);
- if (i < 10) time += "0";
+ if (i < 10)
+ time += "0";
time += i + "Z";
return time;
}
String Filter(String name, String start, String end) {
- String filter = "(&(" + name + ">=" + start + ")(" + name + "<=" + end + "))";
+ String filter = "(&(" + name + ">=" + start + ")(" + name + "<=" + end
+ + "))";
return filter;
}
String uriFilter(String name, String start, String end) {
- String filter = "(%26(" + name + "%3e%3d" + start + ")(" + name + "%3c%3d" + end + "))";
+ String filter = "(%26(" + name + "%3e%3d" + start + ")(" + name
+ + "%3c%3d" + end + "))";
return filter;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
index 50296cf1..2d11bff6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Specify the RevocationReason when revoking a certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class ReasonToRevoke extends CMSServlet {
@@ -75,9 +73,9 @@ public class ReasonToRevoke extends CMSServlet {
}
/**
- * initialize the servlet. This servlet uses the template file
- * 'reasonToRevoke.template' to render the response
- *
+ * initialize the servlet. This servlet uses the template file
+ * 'reasonToRevoke.template' to render the response
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -85,7 +83,8 @@ public class ReasonToRevoke extends CMSServlet {
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority) {
mCA = (ICertificateAuthority) mAuthority;
- mCertDB = ((ICertificateAuthority) mAuthority).getCertificateRepository();
+ mCertDB = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository();
}
if (mCA != null && mCA.noncesEnabled()) {
@@ -108,13 +107,13 @@ public class ReasonToRevoke extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -126,14 +125,14 @@ public class ReasonToRevoke extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "revoke");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "revoke");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -151,10 +150,11 @@ public class ReasonToRevoke extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -163,31 +163,28 @@ public class ReasonToRevoke extends CMSServlet {
try {
if (req.getParameter("totalRecordCount") != null) {
- totalRecordCount =
- Integer.parseInt(req.getParameter("totalRecordCount"));
+ totalRecordCount = Integer.parseInt(req
+ .getParameter("totalRecordCount"));
}
revokeAll = req.getParameter("revokeAll");
- process(argSet, header, req, resp,
- revokeAll, totalRecordCount, locale[0]);
+ process(argSet, header, req, resp, revokeAll, totalRecordCount,
+ locale[0]);
} catch (EBaseException e) {
error = e;
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
- }
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT"));
+ }
/*
- catch (Exception e) {
- noError = false;
- header.addStringValue(OUT_ERROR,
- MessageFormatter.getLocalizedString(
- errorlocale[0],
- BaseResources.class.getName(),
- BaseResources.INTERNAL_ERROR_1,
- e.toString()));
- }
+ * catch (Exception e) { noError = false;
+ * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString(
+ * errorlocale[0], BaseResources.class.getName(),
+ * BaseResources.INTERNAL_ERROR_1, e.toString())); }
*/
try {
@@ -196,30 +193,28 @@ public class ReasonToRevoke extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- String revokeAll, int totalRecordCount,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req, HttpServletResponse resp, String revokeAll,
+ int totalRecordCount, Locale locale) throws EBaseException {
header.addStringValue("revokeAll", revokeAll);
header.addIntegerValue("totalRecordCount", totalRecordCount);
@@ -237,15 +232,15 @@ public class ReasonToRevoke extends CMSServlet {
X509CertImpl caCert = mCA.getSigningUnit().getCertImpl();
if (isCertFromCA(caCert)) {
- header.addStringValue("caSerialNumber",
- caCert.getSerialNumber().toString(16));
+ header.addStringValue("caSerialNumber", caCert
+ .getSerialNumber().toString(16));
}
}
/**
- ICertRecordList list = mCertDB.findCertRecordsInList(
- revokeAll, null, totalRecordCount);
- Enumeration e = list.getCertRecords(0, totalRecordCount - 1);
+ * ICertRecordList list = mCertDB.findCertRecordsInList( revokeAll,
+ * null, totalRecordCount); Enumeration e = list.getCertRecords(0,
+ * totalRecordCount - 1);
**/
Enumeration e = mCertDB.searchCertificates(revokeAll,
totalRecordCount, mTimeLimits);
@@ -265,16 +260,16 @@ public class ReasonToRevoke extends CMSServlet {
count++;
IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("serialNumber",
- xcert.getSerialNumber().toString(16));
- rarg.addStringValue("serialNumberDecimal",
- xcert.getSerialNumber().toString());
- rarg.addStringValue("subject",
- xcert.getSubjectDN().toString());
- rarg.addLongValue("validNotBefore",
- xcert.getNotBefore().getTime() / 1000);
- rarg.addLongValue("validNotAfter",
- xcert.getNotAfter().getTime() / 1000);
+ rarg.addStringValue("serialNumber", xcert
+ .getSerialNumber().toString(16));
+ rarg.addStringValue("serialNumberDecimal", xcert
+ .getSerialNumber().toString());
+ rarg.addStringValue("subject", xcert.getSubjectDN()
+ .toString());
+ rarg.addLongValue("validNotBefore", xcert
+ .getNotBefore().getTime() / 1000);
+ rarg.addLongValue("validNotAfter", xcert.getNotAfter()
+ .getTime() / 1000);
argSet.addRepeatRecord(rarg);
}
}
@@ -288,4 +283,3 @@ public class ReasonToRevoke extends CMSServlet {
return;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
index 9c414b9c..fc81c70c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Calendar;
import java.util.Date;
@@ -54,7 +53,6 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Allow agent to turn on/off authentication managers
*
@@ -89,11 +87,11 @@ public class RemoteAuthConfig extends CMSServlet {
/**
* Initializes the servlet.
- *
- * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg
- * enables remote configuration for authentication plugins.
- * List of remotely set instances can be found in CMS.cfg
- * at "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>"
+ *
+ * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg enables
+ * remote configuration for authentication plugins. List of remotely set
+ * instances can be found in CMS.cfg at
+ * "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>"
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
@@ -102,9 +100,11 @@ public class RemoteAuthConfig extends CMSServlet {
mFileConfig = CMS.getConfigStore();
mAuthConfig = mFileConfig.getSubStore("auths");
try {
- mEnableRemoteConfiguration = mAuthConfig.getBoolean(ENABLE_REMOTE_CONFIG, false);
+ mEnableRemoteConfiguration = mAuthConfig.getBoolean(
+ ENABLE_REMOTE_CONFIG, false);
} catch (EBaseException eb) {
- // Thanks to design of getBoolean we have to catch but we will never get anything.
+ // Thanks to design of getBoolean we have to catch but we will never
+ // get anything.
}
String remoteList = null;
@@ -112,7 +112,8 @@ public class RemoteAuthConfig extends CMSServlet {
try {
remoteList = mAuthConfig.getString(REMOTELY_SET_INSTANCES, null);
} catch (EBaseException eb) {
- // Thanks to design of getString we have to catch but we will never get anything.
+ // Thanks to design of getString we have to catch but we will never
+ // get anything.
}
if (remoteList != null) {
StringTokenizer s = new StringTokenizer(remoteList, ",");
@@ -133,16 +134,10 @@ public class RemoteAuthConfig extends CMSServlet {
/**
* Serves HTTPS request. The format of this request is as follows:
- * https://host:ee-port/remoteAuthConfig?
- * op="add"|"delete"&
- * instance=<instanceName>&
- * of=<authPluginName>&
- * host=<hostName>&
- * port=<portNumber>&
- * password=<password>&
- * [adminDN=<adminDN>]&
- * [uid=<uid>]&
- * [baseDN=<baseDN>]
+ * https://host:ee-port/remoteAuthConfig? op="add"|"delete"&
+ * instance=<instanceName>& of=<authPluginName>& host=<hostName>&
+ * port=<portNumber>& password=<password>& [adminDN=<adminDN>]& [uid=<uid>]&
+ * [baseDN=<baseDN>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
@@ -174,7 +169,8 @@ public class RemoteAuthConfig extends CMSServlet {
if (adminDN != null && adminDN.length() > 0) {
errMsg = authenticateRemoteAdmin(host, port, adminDN, password);
} else {
- errMsg = authenticateRemoteAdmin(host, port, uid, baseDN, password);
+ errMsg = authenticateRemoteAdmin(host, port, uid, baseDN,
+ password);
}
if (errMsg == null || errMsg.length() == 0) {
if (mAuthSubsystem != null && mAuthConfig != null) {
@@ -197,14 +193,17 @@ public class RemoteAuthConfig extends CMSServlet {
header.addStringValue("error", errMsg);
} else {
header.addStringValue("plugin", plugin);
- header.addStringValue("instance", instance);
+ header.addStringValue("instance",
+ instance);
}
} else {
- header.addStringValue("error", "Unknown instance " +
- instance + ".");
+ header.addStringValue("error",
+ "Unknown instance " + instance
+ + ".");
}
} else {
- header.addStringValue("error", "Unknown plugin name: " + plugin);
+ header.addStringValue("error",
+ "Unknown plugin name: " + plugin);
}
} else if (op.equals("add")) {
String plugin = req.getParameter("of");
@@ -216,28 +215,33 @@ public class RemoteAuthConfig extends CMSServlet {
instance = makeInstanceName();
}
if (isInstanceListed(instance)) {
- header.addStringValue("error", "Instance name " +
- instance + " is already in use.");
+ header.addStringValue("error",
+ "Instance name " + instance
+ + " is already in use.");
} else {
errMsg = addInstance(instance, plugin,
- host, port, baseDN,
- req.getParameter("dnPattern"));
+ host, port, baseDN,
+ req.getParameter("dnPattern"));
if (errMsg != null && errMsg.length() > 0) {
header.addStringValue("error", errMsg);
} else {
header.addStringValue("plugin", plugin);
- header.addStringValue("instance", instance);
+ header.addStringValue("instance",
+ instance);
}
}
} else {
- header.addStringValue("error", "Unknown plugin name: " + plugin);
+ header.addStringValue("error",
+ "Unknown plugin name: " + plugin);
}
} else {
- header.addStringValue("error", "Unsupported operation: " + op);
+ header.addStringValue("error",
+ "Unsupported operation: " + op);
}
}
} else {
- header.addStringValue("error", "Invalid configuration data.");
+ header.addStringValue("error",
+ "Invalid configuration data.");
}
} else {
header.addStringValue("error", errMsg);
@@ -251,9 +255,10 @@ public class RemoteAuthConfig extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -263,15 +268,15 @@ public class RemoteAuthConfig extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
private String authenticateRemoteAdmin(String host, String port,
- String adminDN, String password) {
+ String adminDN, String password) {
if (host == null || host.length() == 0) {
return "Missing host name.";
}
@@ -313,13 +318,16 @@ public class RemoteAuthConfig extends CMSServlet {
LDAPEntry groupEntry = c.read(nextValue);
if (groupEntry != null) {
- LDAPAttribute gAttr = groupEntry.getAttribute(UNIQUE_MEMBER);
+ LDAPAttribute gAttr = groupEntry
+ .getAttribute(UNIQUE_MEMBER);
if (gAttr != null) {
- Enumeration eValues = gAttr.getStringValues();
+ Enumeration eValues = gAttr
+ .getStringValues();
while (eValues.hasMoreElements()) {
- String value = (String) eValues.nextElement();
+ String value = (String) eValues
+ .nextElement();
if (value.equals(entry.getDN())) {
c.disconnect();
@@ -339,13 +347,11 @@ public class RemoteAuthConfig extends CMSServlet {
} catch (LDAPException e) {
/*
- switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- case LDAPException.INVALID_CREDENTIALS:
- case LDAPException.INSUFFICIENT_ACCESS_RIGHTS:
- case LDAPException.LDAP_PARTIAL_RESULTS:
- default:
- }
+ * switch (e.getLDAPResultCode()) { case
+ * LDAPException.NO_SUCH_OBJECT: case
+ * LDAPException.INVALID_CREDENTIALS: case
+ * LDAPException.INSUFFICIENT_ACCESS_RIGHTS: case
+ * LDAPException.LDAP_PARTIAL_RESULTS: default: }
*/
c.disconnect();
return "LDAP error: " + e.toString();
@@ -362,8 +368,7 @@ public class RemoteAuthConfig extends CMSServlet {
}
private String authenticateRemoteAdmin(String host, String port,
- String uid, String baseDN,
- String password) {
+ String uid, String baseDN, String password) {
if (host == null || host.length() == 0) {
return "Missing host name.";
}
@@ -398,8 +403,7 @@ public class RemoteAuthConfig extends CMSServlet {
connected = true;
boolean memberOf = false;
LDAPSearchResults results = c.search(baseDN, LDAPv2.SCOPE_SUB,
- "(uid=" + uid + ")",
- null, false);
+ "(uid=" + uid + ")", null, false);
while (results.hasMoreElements()) {
LDAPEntry entry = null;
@@ -420,13 +424,16 @@ public class RemoteAuthConfig extends CMSServlet {
LDAPEntry groupEntry = c.read(nextValue);
if (groupEntry != null) {
- LDAPAttribute gAttr = groupEntry.getAttribute(UNIQUE_MEMBER);
+ LDAPAttribute gAttr = groupEntry
+ .getAttribute(UNIQUE_MEMBER);
if (gAttr != null) {
- Enumeration eValues = gAttr.getStringValues();
+ Enumeration eValues = gAttr
+ .getStringValues();
while (eValues.hasMoreElements()) {
- String value = (String) eValues.nextElement();
+ String value = (String) eValues
+ .nextElement();
if (value.equals(entry.getDN())) {
c.disconnect();
@@ -472,9 +479,8 @@ public class RemoteAuthConfig extends CMSServlet {
return "Access unauthorized";
}
- private String addInstance(String instance, String plugin,
- String host, String port,
- String baseDN, String dnPattern) {
+ private String addInstance(String instance, String plugin, String host,
+ String port, String baseDN, String dnPattern) {
if (host == null || host.length() == 0) {
return "Missing host name.";
}
@@ -516,7 +522,8 @@ public class RemoteAuthConfig extends CMSServlet {
StringBuffer list = new StringBuffer();
for (int i = 0; i < mRemotelySetInstances.size(); i++) {
- if (i > 0) list.append(",");
+ if (i > 0)
+ list.append(",");
list.append((String) mRemotelySetInstances.elementAt(i));
}
@@ -542,7 +549,8 @@ public class RemoteAuthConfig extends CMSServlet {
StringBuffer list = new StringBuffer();
for (int i = 0; i < mRemotelySetInstances.size(); i++) {
- if (i > 0) list.append(",");
+ if (i > 0)
+ list.append(",");
list.append((String) mRemotelySetInstances.elementAt(i));
}
@@ -602,17 +610,21 @@ public class RemoteAuthConfig extends CMSServlet {
int y = now.get(Calendar.YEAR);
String name = "R" + y;
- if (now.get(Calendar.MONTH) < 10) name += "0";
+ if (now.get(Calendar.MONTH) < 10)
+ name += "0";
name += now.get(Calendar.MONTH);
- if (now.get(Calendar.DAY_OF_MONTH) < 10) name += "0";
+ if (now.get(Calendar.DAY_OF_MONTH) < 10)
+ name += "0";
name += now.get(Calendar.DAY_OF_MONTH);
- if (now.get(Calendar.HOUR_OF_DAY) < 10) name += "0";
+ if (now.get(Calendar.HOUR_OF_DAY) < 10)
+ name += "0";
name += now.get(Calendar.HOUR_OF_DAY);
- if (now.get(Calendar.MINUTE) < 10) name += "0";
+ if (now.get(Calendar.MINUTE) < 10)
+ name += "0";
name += now.get(Calendar.MINUTE);
- if (now.get(Calendar.SECOND) < 10) name += "0";
+ if (now.get(Calendar.SECOND) < 10)
+ name += "0";
name += now.get(Calendar.SECOND);
return name;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
index 050dd36d..1eccf40e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
@@ -59,7 +58,7 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
/**
* Certificate Renewal
- *
+ *
* @version $Revision$, $Date$
*/
public class RenewalServlet extends CMSServlet {
@@ -69,29 +68,27 @@ public class RenewalServlet extends CMSServlet {
private static final long serialVersionUID = -3094124661102395244L;
// renewal templates.
- public static final String
- RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template";
+ public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template";
- // http params
+ // http params
public static final String CERT_TYPE = "certType";
public static final String SERIAL_NO = "serialNo";
- // XXX can't do pkcs10 cause it's got no serial no.
+ // XXX can't do pkcs10 cause it's got no serial no.
// (unless put serial no in pki attributes)
- // public static final String PKCS10 = "pkcs10";
+ // public static final String PKCS10 = "pkcs10";
public static final String IMPORT_CERT = "importCert";
private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
- private ICMSTemplateFiller
- mRenewalSuccessFiller = new ImportCertsTemplateFiller();
+ private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller();
public RenewalServlet() {
super();
}
/**
- * initialize the servlet. This servlet makes use of the
- * template file "RenewalSuccess.template" to render the
- * response
+ * initialize the servlet. This servlet makes use of the template file
+ * "RenewalSuccess.template" to render the response
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -99,47 +96,44 @@ public class RenewalServlet extends CMSServlet {
// override success template. has same info as enrollment.
mTemplates.remove(CMSRequest.SUCCESS);
try {
- mRenewalSuccessTemplate = sc.getInitParameter(
- PROP_SUCCESS_TEMPLATE);
+ mRenewalSuccessTemplate = sc
+ .getInitParameter(PROP_SUCCESS_TEMPLATE);
if (mRenewalSuccessTemplate == null)
mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
- String fillername =
- sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+ String fillername = sc
+ .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
if (fillername != null) {
ICMSTemplateFiller filler = newFillerObject(fillername);
- if (filler != null)
+ if (filler != null)
mRenewalSuccessFiller = filler;
}
} catch (Exception e) {
- // this should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
- mId));
+ // this should never happen.
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
}
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
long startTime = CMS.getCurrentDate().getTime();
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
- // renewal requires either:
- // - coming from ee:
- // - old cert from ssl client auth
- // - old certs from auth manager
- // - coming from agent or trusted RA:
- // - serial no of cert to be renewed.
-
+ // renewal requires either:
+ // - coming from ee:
+ // - old cert from ssl client auth
+ // - old certs from auth manager
+ // - coming from agent or trusted RA:
+ // - serial no of cert to be renewed.
+
BigInteger old_serial_no = null;
X509CertImpl old_cert = null;
X509CertImpl renewed_cert = null;
@@ -152,14 +146,14 @@ public class RenewalServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "renew");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "renew");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -170,12 +164,12 @@ public class RenewalServlet extends CMSServlet {
String authMgr = AuditFormat.NOAUTH;
if (authToken != null && !mAuthMgr.equals("sslClientCertAuthMgr")) {
- authMgr =
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
- // coming from agent
- if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+ // coming from agent
+ if (mAuthMgr != null
+ && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
X509Certificate[] cert = new X509Certificate[1];
old_serial_no = getCertFromAgent(httpParams, cert);
@@ -189,8 +183,8 @@ public class RenewalServlet extends CMSServlet {
int endMonth = httpParams.getValueAsInt("endMonth", -1);
int endDate = httpParams.getValueAsInt("endDate", -1);
- if (beginYear != -1 && beginMonth != -1 && beginDate != -1 &&
- endYear != -1 && endMonth != -1 && endDate != -1) {
+ if (beginYear != -1 && beginMonth != -1 && beginDate != -1
+ && endYear != -1 && endMonth != -1 && endDate != -1) {
Calendar calendar = Calendar.getInstance();
calendar.set(beginYear, beginMonth, beginDate);
notBefore = calendar.getTime();
@@ -199,7 +193,7 @@ public class RenewalServlet extends CMSServlet {
}
} // coming from client
else {
- // from auth manager
+ // from auth manager
X509CertImpl[] cert = new X509CertImpl[1];
old_serial_no = getCertFromAuthMgr(authToken, cert);
@@ -213,44 +207,43 @@ public class RenewalServlet extends CMSServlet {
X509CertInfo new_certInfo = null;
req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST);
- req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] {old_serial_no});
+ req.setExtData(IRequest.OLD_SERIALS,
+ new BigInteger[] { old_serial_no });
if (old_cert != null) {
req.setExtData(IRequest.OLD_CERTS,
- new X509CertImpl[] { old_cert }
- );
- // create new certinfo from old_cert contents.
- X509CertInfo old_certInfo = (X509CertInfo)
- ((X509CertImpl) old_cert).get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ new X509CertImpl[] { old_cert });
+ // create new certinfo from old_cert contents.
+ X509CertInfo old_certInfo = (X509CertInfo) ((X509CertImpl) old_cert)
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo());
} else {
- // if no old cert (came from RA agent) create new cert info
- // (serializable) to pass through policies. And set the old
+ // if no old cert (came from RA agent) create new cert info
+ // (serializable) to pass through policies. And set the old
// serial number to pick up.
new_certInfo = new CertInfo();
- new_certInfo.set(X509CertInfo.SERIAL_NUMBER,
- new CertificateSerialNumber(old_serial_no));
+ new_certInfo.set(X509CertInfo.SERIAL_NUMBER,
+ new CertificateSerialNumber(old_serial_no));
}
-
+
if (notBefore == null || notAfter == null) {
notBefore = new Date(0);
notAfter = new Date(0);
}
- new_certInfo.set(X509CertInfo.VALIDITY,
- new CertificateValidity(notBefore, notAfter));
- req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo }
- );
+ new_certInfo.set(X509CertInfo.VALIDITY, new CertificateValidity(
+ notBefore, notAfter));
+ req.setExtData(IRequest.CERT_INFO,
+ new X509CertInfo[] { new_certInfo });
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
}
saveHttpHeaders(httpReq, req);
@@ -259,22 +252,23 @@ public class RenewalServlet extends CMSServlet {
saveAuthToken(authToken, req);
cmsReq.setIRequest(req);
- // send request to request queue.
+ // send request to request queue.
mRequestQueue.processRequest(req);
// for audit log
String initiative = null;
String agentID = null;
- if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+ if (mAuthMgr != null
+ && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
agentID = authToken.getInString("userid");
initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
- }else {
+ } else {
// request is from eegateway, so fromUser.
initiative = AuditFormat.FROMUSER;
}
- // check resulting status
+ // check resulting status
RequestStatus status = req.getRequestStatus();
if (status != RequestStatus.COMPLETE) {
@@ -292,92 +286,76 @@ public class RenewalServlet extends CMSServlet {
wholeMsg.append(msgs.nextElement());
}
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "violation: " +
- wholeMsg.toString()}
- // wholeMsg},
- // ILogger.L_MULTILINE
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] { req.getRequestId(), initiative,
+ authMgr, status.toString(),
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "violation: " + wholeMsg.toString() }
+ // wholeMsg},
+ // ILogger.L_MULTILINE
);
} else { // no policy violation, from agent
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "" }
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] { req.getRequestId(), initiative,
+ authMgr, status.toString(),
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16), "" });
}
- } else { // other imcomplete status
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- status.toString(),
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "" }
- );
+ } else { // other imcomplete status
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL, AuditFormat.RENEWALFORMAT,
+ new Object[] { req.getRequestId(), initiative, authMgr,
+ status.toString(), old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16), "" });
}
return;
}
- // service error
+ // service error
Integer result = req.getExtDataInInteger(IRequest.RESULT);
- CMS.debug(
- "RenewalServlet: Result for request " + req.getRequestId() + " is " + result);
+ CMS.debug("RenewalServlet: Result for request " + req.getRequestId()
+ + " is " + result);
if (result.equals(IRequest.RES_ERROR)) {
- CMS.debug(
- "RenewalServlet: Result for request " + req.getRequestId() + " is error.");
+ CMS.debug("RenewalServlet: Result for request "
+ + req.getRequestId() + " is error.");
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
- String[] svcErrors =
- req.getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors = req
+ .getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
String err = svcErrors[i];
if (err != null) {
- //System.out.println(
- //"revocation servlet: setting error description "+
- //err.toString());
+ // System.out.println(
+ // "revocation servlet: setting error description "+
+ // err.toString());
cmsReq.setErrorDescription(err);
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed with error: " +
- err,
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "" }
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ "completed with error: " + err,
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "" });
}
}
@@ -392,32 +370,29 @@ public class RenewalServlet extends CMSServlet {
respondSuccess(cmsReq, renewed_cert);
long endTime = CMS.getCurrentDate().getTime();
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- req.getRequestId(),
- initiative,
- authMgr,
- "completed",
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "new serial number: 0x" +
- renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime)}
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ req.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber().toString(16),
+ "new serial number: 0x"
+ + renewed_cert.getSerialNumber().toString(16)
+ + " time: " + (endTime - startTime) });
return;
}
- private void respondSuccess(
- CMSRequest cmsReq, X509CertImpl renewed_cert)
- throws EBaseException {
- cmsReq.setResult(new X509CertImpl[] {renewed_cert}
- );
+ private void respondSuccess(CMSRequest cmsReq, X509CertImpl renewed_cert)
+ throws EBaseException {
+ cmsReq.setResult(new X509CertImpl[] { renewed_cert });
cmsReq.setStatus(CMSRequest.SUCCESS);
- // check if cert should be imported.
- // browser must have input type set to nav or cartman since
+ // check if cert should be imported.
+ // browser must have input type set to nav or cartman since
// there's no other way to tell
IArgBlock httpParams = cmsReq.getHttpParams();
@@ -425,73 +400,73 @@ public class RenewalServlet extends CMSServlet {
String certType = httpParams.getValueAsString(CERT_TYPE, "client");
String agent = httpReq.getHeader("user-agent");
- if (checkImportCertToNav(cmsReq.getHttpResp(),
- httpParams, renewed_cert)) {
+ if (checkImportCertToNav(cmsReq.getHttpResp(), httpParams, renewed_cert)) {
return;
} else {
try {
- renderTemplate(cmsReq,
- mRenewalSuccessTemplate, mRenewalSuccessFiller);
+ renderTemplate(cmsReq, mRenewalSuccessTemplate,
+ mRenewalSuccessFiller);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGE_ERROR_DISPLAY_TEMPLATE_1",
mRenewalSuccessTemplate, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
return;
}
- protected BigInteger getRenewedCert(ICertRecord certRec)
- throws EBaseException {
+ protected BigInteger getRenewedCert(ICertRecord certRec)
+ throws EBaseException {
BigInteger renewedCert = null;
String serial = null;
- MetaInfo meta = certRec.getMetaInfo();
+ MetaInfo meta = certRec.getMetaInfo();
if (meta == null) {
- log(ILogger.LL_INFO,
- "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16));
+ log(ILogger.LL_INFO, "no meta info in cert serial 0x"
+ + certRec.getSerialNumber().toString(16));
return null;
}
serial = (String) meta.get(ICertRecord.META_RENEWED_CERT);
if (serial == null) {
- log(ILogger.LL_INFO,
- "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16));
+ log(ILogger.LL_INFO, "no renewed cert in cert 0x"
+ + certRec.getSerialNumber().toString(16));
return null;
}
renewedCert = new BigInteger(serial);
- log(ILogger.LL_INFO,
- "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" +
- certRec.getSerialNumber().toString(16));
+ log(ILogger.LL_INFO,
+ "renewed cert serial 0x" + renewedCert.toString(16)
+ + "found for 0x"
+ + certRec.getSerialNumber().toString(16));
return renewedCert;
}
/**
* get certs to renew from agent.
*/
- private BigInteger getCertFromAgent(
- IArgBlock httpParams, X509Certificate[] certContainer)
- throws EBaseException {
+ private BigInteger getCertFromAgent(IArgBlock httpParams,
+ X509Certificate[] certContainer) throws EBaseException {
BigInteger serialno = null;
X509Certificate cert = null;
// get serial no
serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
if (serialno == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW"));
+ CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW"));
}
// get cert from db if we're cert authority.
if (mAuthority instanceof ICertificateAuthority) {
cert = getX509Certificate(serialno);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16)));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_MISSING_SERIALNO_FOR_RENEW_1",
+ serialno.toString(16)));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
}
}
certContainer[0] = cert;
@@ -501,24 +476,21 @@ public class RenewalServlet extends CMSServlet {
/**
* get cert to renew from auth manager
*/
- private BigInteger getCertFromAuthMgr(
- IAuthToken authToken, X509Certificate[] certContainer)
- throws EBaseException {
- X509CertImpl cert =
- authToken.getInCert(AuthToken.TOKEN_CERT);
+ private BigInteger getCertFromAuthMgr(IAuthToken authToken,
+ X509Certificate[] certContainer) throws EBaseException {
+ X509CertImpl cert = authToken.getInCert(AuthToken.TOKEN_CERT);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
}
- if (mAuthority instanceof ICertificateAuthority &&
- !isCertFromCA(cert)) {
- log(ILogger.LL_FAILURE, "certficate from auth manager for " +
- " renewal is not from this ca.");
+ if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) {
+ log(ILogger.LL_FAILURE, "certficate from auth manager for "
+ + " renewal is not from this ca.");
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
}
certContainer[0] = cert;
BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
index 9b39acc7..6142d685 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
@@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Perform the first step in revoking a certificate
- *
+ *
* @version $Revision$, $Date$
*/
public class RevocationServlet extends CMSServlet {
@@ -72,11 +70,11 @@ public class RevocationServlet extends CMSServlet {
// revocation templates.
private final static String TPL_FILE = "reasonToRevoke.template";
- // http params
+ // http params
public static final String SERIAL_NO = "serialNo";
- // XXX can't do pkcs10 cause it's got no serial no.
+ // XXX can't do pkcs10 cause it's got no serial no.
// (unless put serial no in pki attributes)
- // public static final String PKCS10 = "pkcs10";
+ // public static final String PKCS10 = "pkcs10";
public static final String REASON_CODE = "reasonCode";
private String mFormPath = null;
@@ -85,15 +83,14 @@ public class RevocationServlet extends CMSServlet {
private Random mRandom = null;
private Nonces mNonces = null;
-
public RevocationServlet() {
super();
}
/**
- * initialize the servlet. This servlet uses
- * the template file "reasonToRevoke.template" to render the
- * result.
+ * initialize the servlet. This servlet uses the template file
+ * "reasonToRevoke.template" to render the result.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -103,8 +100,7 @@ public class RevocationServlet extends CMSServlet {
mFormPath = "/" + TPL_FILE;
try {
- mFormPath = sc.getInitParameter(
- PROP_SUCCESS_TEMPLATE);
+ mFormPath = sc.getInitParameter(PROP_SUCCESS_TEMPLATE);
if (mFormPath == null)
mFormPath = "/" + TPL_FILE;
@@ -115,7 +111,7 @@ public class RevocationServlet extends CMSServlet {
}
}
- // set to false by revokeByDN=false in web.xml
+ // set to false by revokeByDN=false in web.xml
mRevokeByDN = false;
String tmp = sc.getInitParameter(PROP_REVOKEBYDN);
@@ -127,28 +123,26 @@ public class RevocationServlet extends CMSServlet {
}
}
-
/**
- * Process the HTTP request. Note that this servlet does not
- * actually perform the certificate revocation. This is the first
- * step in the multi-step revocation process. (the next step is
- * in the ReasonToRevoke servlet.
- *
+ * Process the HTTP request. Note that this servlet does not actually
+ * perform the certificate revocation. This is the first step in the
+ * multi-step revocation process. (the next step is in the ReasonToRevoke
+ * servlet.
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
- // revocation requires either:
- // - coming from ee:
- // - old cert from ssl client auth
- // - old certs from auth manager
- // - coming from agent or trusted RA:
- // - serial no of cert to be revoked.
-
+ // revocation requires either:
+ // - coming from ee:
+ // - old cert from ssl client auth
+ // - old certs from auth manager
+ // - coming from agent or trusted RA:
+ // - serial no of cert to be revoked.
+
BigInteger old_serial_no = null;
X509CertImpl old_cert = null;
String revokeAll = null;
@@ -159,10 +153,11 @@ public class RevocationServlet extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -174,45 +169,50 @@ public class RevocationServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "submit");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "submit");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
- // coming from agent
- if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+
+ // coming from agent
+ if (mAuthMgr != null
+ && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
X509Certificate[] cert = new X509Certificate[1];
old_serial_no = getCertFromAgent(httpParams, cert);
old_cert = (X509CertImpl) cert[0];
} // coming from client
else {
- // from auth manager
+ // from auth manager
X509CertImpl[] cert = new X509CertImpl[1];
-
+
old_serial_no = getCertFromAuthMgr(authToken, cert);
old_cert = cert[0];
}
- header.addStringValue("serialNumber", old_cert.getSerialNumber().toString(16));
- header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber().toString());
- // header.addStringValue("subject", old_cert.getSubjectDN().toString());
- // header.addLongValue("validNotBefore", old_cert.getNotBefore().getTime()/1000);
- // header.addLongValue("validNotAfter", old_cert.getNotAfter().getTime()/1000);
+ header.addStringValue("serialNumber", old_cert.getSerialNumber()
+ .toString(16));
+ header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber()
+ .toString());
+ // header.addStringValue("subject", old_cert.getSubjectDN().toString());
+ // header.addLongValue("validNotBefore",
+ // old_cert.getNotBefore().getTime()/1000);
+ // header.addLongValue("validNotAfter",
+ // old_cert.getNotAfter().getTime()/1000);
if (mNonces != null) {
long n = mRandom.nextLong();
- long m = mNonces.addNonce(n, (X509Certificate)old_cert);
+ long m = mNonces.addNonce(n, (X509Certificate) old_cert);
if ((n + m) != 0) {
header.addStringValue("nonce", Long.toString(m));
}
@@ -222,19 +222,20 @@ public class RevocationServlet extends CMSServlet {
X509CertImpl[] certsToRevoke = null;
if (mAuthority instanceof ICertificateAuthority) {
- certsToRevoke = ((ICertificateAuthority) mAuthority).getCertificateRepository().getX509Certificates(
- old_cert.getSubjectDN().toString(),
- ICertificateRepository.ALL_UNREVOKED_CERTS);
+ certsToRevoke = ((ICertificateAuthority) mAuthority)
+ .getCertificateRepository().getX509Certificates(
+ old_cert.getSubjectDN().toString(),
+ ICertificateRepository.ALL_UNREVOKED_CERTS);
} else if (mAuthority instanceof IRegistrationAuthority) {
IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST);
- String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." +
- X509CertInfo.SUBJECT + "=" +
- old_cert.getSubjectDN().toString() + ")(|(" +
- ICertRecord.ATTR_CERT_STATUS + "=" +
- ICertRecord.STATUS_VALID + ")(" +
- ICertRecord.ATTR_CERT_STATUS + "=" +
- ICertRecord.STATUS_EXPIRED + ")))";
+ String filter = "(&(" + ICertRecord.ATTR_X509CERT + "."
+ + X509CertInfo.SUBJECT + "="
+ + old_cert.getSubjectDN().toString() + ")(|("
+ + ICertRecord.ATTR_CERT_STATUS + "="
+ + ICertRecord.STATUS_VALID + ")("
+ + ICertRecord.ATTR_CERT_STATUS + "="
+ + ICertRecord.STATUS_EXPIRED + ")))";
req.setExtData(IRequest.CERT_FILTER, filter);
mRequestQueue.processRequest(req);
@@ -248,7 +249,8 @@ public class RevocationServlet extends CMSServlet {
String name = (String) enum1.nextElement();
if (name.equals(IRequest.OLD_CERTS)) {
- X509CertImpl[] certs = req.getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl[] certs = req
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
certsToRevoke = certs;
}
@@ -262,18 +264,20 @@ public class RevocationServlet extends CMSServlet {
if (certsToRevoke != null && certsToRevoke.length > 0) {
for (int i = 0; i < certsToRevoke.length; i++) {
- if (old_cert.getSerialNumber().equals(certsToRevoke[i].getSerialNumber())) {
+ if (old_cert.getSerialNumber().equals(
+ certsToRevoke[i].getSerialNumber())) {
authorized = true;
break;
}
}
}
- if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 ||
- (!authorized))) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16)));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED"));
+ if (!noInfo
+ && (certsToRevoke == null || certsToRevoke.length == 0 || (!authorized))) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16)));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED"));
}
if (!mRevokeByDN || noInfo) {
@@ -283,7 +287,8 @@ public class RevocationServlet extends CMSServlet {
byte[] ba = old_cert.getEncoded();
// Do base 64 encoding
- header.addStringValue("b64eCertificate", com.netscape.osutil.OSUtil.BtoA(ba));
+ header.addStringValue("b64eCertificate",
+ com.netscape.osutil.OSUtil.BtoA(ba));
} catch (CertificateEncodingException e) {
}
}
@@ -295,16 +300,16 @@ public class RevocationServlet extends CMSServlet {
for (int i = 0; i < certsToRevoke.length; i++) {
IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("serialNumber",
- certsToRevoke[i].getSerialNumber().toString(16));
- rarg.addStringValue("serialNumberDecimal",
- certsToRevoke[i].getSerialNumber().toString());
- rarg.addStringValue("subject",
- certsToRevoke[i].getSubjectDN().toString());
- rarg.addLongValue("validNotBefore",
- certsToRevoke[i].getNotBefore().getTime() / 1000);
- rarg.addLongValue("validNotAfter",
- certsToRevoke[i].getNotAfter().getTime() / 1000);
+ rarg.addStringValue("serialNumber", certsToRevoke[i]
+ .getSerialNumber().toString(16));
+ rarg.addStringValue("serialNumberDecimal", certsToRevoke[i]
+ .getSerialNumber().toString());
+ rarg.addStringValue("subject", certsToRevoke[i].getSubjectDN()
+ .toString());
+ rarg.addLongValue("validNotBefore", certsToRevoke[i]
+ .getNotBefore().getTime() / 1000);
+ rarg.addLongValue("validNotAfter", certsToRevoke[i]
+ .getNotAfter().getTime() / 1000);
argSet.addRepeatRecord(rarg);
}
} else {
@@ -313,7 +318,7 @@ public class RevocationServlet extends CMSServlet {
}
// set revocation reason, default to unspecified if not set.
- int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0);
+ int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0);
header.addIntegerValue("reason", reasonCode);
@@ -324,10 +329,11 @@ public class RevocationServlet extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
return;
@@ -336,29 +342,28 @@ public class RevocationServlet extends CMSServlet {
/**
* get cert to revoke from agent.
*/
- private BigInteger getCertFromAgent(
- IArgBlock httpParams, X509Certificate[] certContainer)
- throws EBaseException {
+ private BigInteger getCertFromAgent(IArgBlock httpParams,
+ X509Certificate[] certContainer) throws EBaseException {
BigInteger serialno = null;
X509Certificate cert = null;
// get serial no
serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
if (serialno == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
+ CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
}
// get cert from db if we're cert authority.
if (mAuthority instanceof ICertificateAuthority) {
cert = getX509Certificate(serialno);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
}
}
certContainer[0] = cert;
@@ -368,23 +373,21 @@ public class RevocationServlet extends CMSServlet {
/**
* get cert to revoke from auth manager
*/
- private BigInteger getCertFromAuthMgr(
- IAuthToken authToken, X509Certificate[] certContainer)
- throws EBaseException {
- X509CertImpl cert =
- authToken.getInCert(AuthToken.TOKEN_CERT);
+ private BigInteger getCertFromAuthMgr(IAuthToken authToken,
+ X509Certificate[] certContainer) throws EBaseException {
+ X509CertImpl cert = authToken.getInCert(AuthToken.TOKEN_CERT);
if (cert == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+ CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
}
- if (mAuthority instanceof ICertificateAuthority &&
- !isCertFromCA(cert)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
+ if (mAuthority instanceof ICertificateAuthority && !isCertFromCA(cert)) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+ CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
}
certContainer[0] = cert;
BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
@@ -393,4 +396,3 @@ public class RevocationServlet extends CMSServlet {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
index 3a571d44..d3513320 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
@@ -31,21 +30,13 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
- * Certificates Template filler.
- * must have list of certificates in result.
- * looks at inputs: certtype.
- * outputs:
- * - cert type from http input (if any)
- * - CA chain
- * - authority name (RM, CM, DRM)
- * - scheme:host:port of server.
- * array of one or more
- * - cert serial number
- * - cert pretty print
- * - cert in base 64 encoding.
- * - cmmf blob to import
+ * Certificates Template filler. must have list of certificates in result. looks
+ * at inputs: certtype. outputs: - cert type from http input (if any) - CA chain
+ * - authority name (RM, CM, DRM) - scheme:host:port of server. array of one or
+ * more - cert serial number - cert pretty print - cert in base 64 encoding. -
+ * cmmf blob to import
+ *
* @version $Revision$, $Date$
*/
class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
@@ -60,13 +51,12 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) throws Exception {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
- // set host name and port.
+ // set host name and port.
HttpServletRequest httpReq = cmsReq.getHttpReq();
String host = httpReq.getServerName();
int port = httpReq.getServerPort();
@@ -77,15 +67,14 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
fixed.set(ICMSTemplateFiller.SCHEME, scheme);
// this authority
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- (String) authority.getOfficialName());
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ (String) authority.getOfficialName());
// XXX CA chain.
- RevokedCertImpl[] revoked =
- (RevokedCertImpl[]) cmsReq.getResult();
+ RevokedCertImpl[] revoked = (RevokedCertImpl[]) cmsReq.getResult();
- // revoked certs.
+ // revoked certs.
for (int i = 0; i < revoked.length; i++) {
IArgBlock repeat = CMS.createArgBlock();
@@ -96,4 +85,3 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
index 84e7e784..40464e9e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
@@ -61,10 +60,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Search for certificates matching complex query filter
- *
+ *
* @version $Revision$, $Date$
*/
public class SrchCerts extends CMSServlet {
@@ -96,8 +94,9 @@ public class SrchCerts extends CMSServlet {
}
/**
- * initialize the servlet. This servlet uses srchCert.template
- * to render the response
+ * initialize the servlet. This servlet uses srchCert.template to render the
+ * response
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -111,7 +110,8 @@ public class SrchCerts extends CMSServlet {
if (authConfig != null) {
try {
- mMaxReturns = authConfig.getInteger(PROP_MAX_SEARCH_RETURNS, MAX_RESULTS);
+ mMaxReturns = authConfig.getInteger(
+ PROP_MAX_SEARCH_RETURNS, MAX_RESULTS);
} catch (EBaseException e) {
// do nothing
}
@@ -128,7 +128,8 @@ public class SrchCerts extends CMSServlet {
/* Server-Side time limit */
try {
- int maxResults = Integer.parseInt(sc.getInitParameter("maxResults"));
+ int maxResults = Integer
+ .parseInt(sc.getInitParameter("maxResults"));
if (maxResults < mMaxReturns)
mMaxReturns = maxResults;
} catch (Exception e) {
@@ -140,20 +141,21 @@ public class SrchCerts extends CMSServlet {
/* do nothing, just use the default if integer parsing failed */
}
- /* useClientFilter should be off by default. We keep
- this parameter around so that we do not break
- the client applications that submits raw LDAP
- filter into this servlet. */
- if (sc.getInitParameter("useClientFilter") != null &&
- sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) {
+ /*
+ * useClientFilter should be off by default. We keep this parameter
+ * around so that we do not break the client applications that submits
+ * raw LDAP filter into this servlet.
+ */
+ if (sc.getInitParameter("useClientFilter") != null
+ && sc.getInitParameter("useClientFilter").equalsIgnoreCase(
+ "true")) {
mUseClientFilter = true;
}
}
- private boolean isOn(HttpServletRequest req, String name)
- {
+ private boolean isOn(HttpServletRequest req, String name) {
String inUse = req.getParameter(name);
- if (inUse == null) {
+ if (inUse == null) {
return false;
}
if (inUse.equals("on")) {
@@ -162,10 +164,9 @@ public class SrchCerts extends CMSServlet {
return false;
}
- private boolean isOff(HttpServletRequest req, String name)
- {
+ private boolean isOff(HttpServletRequest req, String name) {
String inUse = req.getParameter(name);
- if (inUse == null) {
+ if (inUse == null) {
return false;
}
if (inUse.equals("off")) {
@@ -174,8 +175,8 @@ public class SrchCerts extends CMSServlet {
return false;
}
- private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildCertStatusFilter(HttpServletRequest req,
+ StringBuffer filter) {
if (!isOn(req, "statusInUse")) {
return;
}
@@ -185,8 +186,7 @@ public class SrchCerts extends CMSServlet {
filter.append(")");
}
- private void buildProfileFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "profileInUse")) {
return;
}
@@ -196,16 +196,16 @@ public class SrchCerts extends CMSServlet {
filter.append(")");
}
- private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildBasicConstraintsFilter(HttpServletRequest req,
+ StringBuffer filter) {
if (!isOn(req, "basicConstraintsInUse")) {
return;
}
filter.append("(x509cert.BasicConstraints.isCA=on)");
}
- private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildSerialNumberRangeFilter(HttpServletRequest req,
+ StringBuffer filter) {
if (!isOn(req, "serialNumberRangeInUse")) {
return;
}
@@ -225,9 +225,8 @@ public class SrchCerts extends CMSServlet {
}
}
- private void buildAVAFilter(HttpServletRequest req, String paramName,
- String avaName, StringBuffer lf, String match)
- {
+ private void buildAVAFilter(HttpServletRequest req, String paramName,
+ String avaName, StringBuffer lf, String match) {
String val = req.getParameter(paramName);
if (val != null && !val.equals("")) {
if (match != null && match.equals("exact")) {
@@ -254,8 +253,7 @@ public class SrchCerts extends CMSServlet {
}
}
- private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter)
- {
+ private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "subjectInUse")) {
return;
}
@@ -286,9 +284,8 @@ public class SrchCerts extends CMSServlet {
}
}
- private void buildRevokedByFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ private void buildRevokedByFilter(HttpServletRequest req,
+ StringBuffer filter) {
if (!isOn(req, "revokedByInUse")) {
return;
}
@@ -302,10 +299,8 @@ public class SrchCerts extends CMSServlet {
}
}
- private void buildDateFilter(HttpServletRequest req, String prefix,
- String outStr, long adjustment,
- StringBuffer filter)
- {
+ private void buildDateFilter(HttpServletRequest req, String prefix,
+ String outStr, long adjustment, StringBuffer filter) {
String queryCertFilter = null;
long epoch = 0;
try {
@@ -324,19 +319,16 @@ public class SrchCerts extends CMSServlet {
}
private void buildRevokedOnFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "revokedOnInUse")) {
return;
}
buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter);
- buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999,
- filter);
+ buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, filter);
}
private void buildRevocationReasonFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "revocationReasonInUse")) {
return;
}
@@ -347,23 +339,21 @@ public class SrchCerts extends CMSServlet {
String queryCertFilter = null;
StringTokenizer st = new StringTokenizer(reasons, ",");
if (st.hasMoreTokens()) {
- filter.append("(|");
- while (st.hasMoreTokens()) {
- String token = st.nextToken();
- if (queryCertFilter == null) {
- queryCertFilter = "";
- }
- filter.append("(x509cert.certRevoInfo=");
- filter.append(token);
- filter.append(")");
- }
- filter.append(")");
+ filter.append("(|");
+ while (st.hasMoreTokens()) {
+ String token = st.nextToken();
+ if (queryCertFilter == null) {
+ queryCertFilter = "";
+ }
+ filter.append("(x509cert.certRevoInfo=");
+ filter.append(token);
+ filter.append(")");
+ }
+ filter.append(")");
}
}
- private void buildIssuedByFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ private void buildIssuedByFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "issuedByInUse")) {
return;
}
@@ -377,44 +367,38 @@ public class SrchCerts extends CMSServlet {
}
}
- private void buildIssuedOnFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ private void buildIssuedOnFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "issuedOnInUse")) {
return;
}
buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter);
- buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999,
- filter);
+ buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, filter);
}
private void buildValidNotBeforeFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "validNotBeforeInUse")) {
return;
}
- buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=",
- 0, filter);
- buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=",
- 86399999, filter);
+ buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", 0,
+ filter);
+ buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=",
+ 86399999, filter);
}
private void buildValidNotAfterFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "validNotAfterInUse")) {
return;
}
- buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=",
- 0, filter);
- buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=",
- 86399999, filter);
+ buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", 0,
+ filter);
+ buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=",
+ 86399999, filter);
}
private void buildValidityLengthFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ StringBuffer filter) {
if (!isOn(req, "validityLengthInUse")) {
return;
}
@@ -438,9 +422,7 @@ public class SrchCerts extends CMSServlet {
filter.append(")");
}
- private void buildCertTypeFilter(HttpServletRequest req,
- StringBuffer filter)
- {
+ private void buildCertTypeFilter(HttpServletRequest req, StringBuffer filter) {
if (!isOn(req, "certTypeInUse")) {
return;
}
@@ -471,8 +453,7 @@ public class SrchCerts extends CMSServlet {
}
}
- public String buildFilter(HttpServletRequest req)
- {
+ public String buildFilter(HttpServletRequest req) {
String queryCertFilter = req.getParameter("queryCertFilter");
StringBuffer filter = new StringBuffer();
@@ -504,10 +485,8 @@ public class SrchCerts extends CMSServlet {
/**
* Serves HTTP request. This format of this request is as follows:
- * queryCert?
- * [maxCount=<number>]
- * [queryFilter=<filter>]
- * [revokeAll=<filter>]
+ * queryCert? [maxCount=<number>] [queryFilter=<filter>]
+ * [revokeAll=<filter>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
@@ -518,14 +497,14 @@ public class SrchCerts extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "list");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -551,10 +530,10 @@ public class SrchCerts extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -570,11 +549,13 @@ public class SrchCerts extends CMSServlet {
timeLimit = Integer.parseInt(timeLimitStr);
String queryCertFilter = buildFilter(req);
- process(argSet, header, queryCertFilter,
- revokeAll, maxResults, timeLimit, req, resp, locale[0]);
+ process(argSet, header, queryCertFilter, revokeAll, maxResults,
+ timeLimit, req, resp, locale[0]);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -585,33 +566,32 @@ public class SrchCerts extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- cmsReq.setStatus(CMSRequest.SUCCESS);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
/**
* Process the key search.
*/
- private void process(CMSTemplateParams argSet, IArgBlock header,
- String filter, String revokeAll,
- int maxResults, int timeLimit,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ String filter, String revokeAll, int maxResults, int timeLimit,
+ HttpServletRequest req, HttpServletResponse resp, Locale locale)
+ throws EBaseException {
try {
long startTime = CMS.getCurrentDate().getTime();
@@ -621,15 +601,19 @@ public class SrchCerts extends CMSServlet {
// xxx the filter includes serial number range???
if (maxResults == -1 || maxResults > mMaxReturns) {
- CMS.debug("Resetting maximum of returned results from " + maxResults + " to " + mMaxReturns);
+ CMS.debug("Resetting maximum of returned results from "
+ + maxResults + " to " + mMaxReturns);
maxResults = mMaxReturns;
}
if (timeLimit == -1 || timeLimit > mTimeLimits) {
- CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
+ CMS.debug("Resetting timelimit from " + timeLimit + " to "
+ + mTimeLimits);
timeLimit = mTimeLimits;
}
- CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit);
- Enumeration e = mCertDB.searchCertificates(filter, maxResults, timeLimit);
+ CMS.debug("Start searching ... " + "filter=" + filter
+ + " maxreturns=" + maxResults + " timelimit=" + timeLimit);
+ Enumeration e = mCertDB.searchCertificates(filter, maxResults,
+ timeLimit);
int count = 0;
@@ -671,7 +655,8 @@ public class SrchCerts extends CMSServlet {
int i = filter.indexOf(CURRENT_TIME, k);
while (i > -1) {
- if (now == null) now = new Date();
+ if (now == null)
+ now = new Date();
newFilter.append(filter.substring(k, i));
newFilter.append(now.getTime());
k = i + CURRENT_TIME.length();
@@ -687,7 +672,7 @@ public class SrchCerts extends CMSServlet {
* Fills cert record into argument block.
*/
private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
- throws EBaseException {
+ throws EBaseException {
X509CertImpl xcert = rec.getCertificate();
@@ -695,20 +680,21 @@ public class SrchCerts extends CMSServlet {
fillX509RecordIntoArg(rec, rarg);
}
}
-
+
private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
- throws EBaseException {
+ throws EBaseException {
X509CertImpl cert = rec.getCertificate();
rarg.addIntegerValue("version", cert.getVersion());
rarg.addStringValue("serialNumber", cert.getSerialNumber().toString(16));
- rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber().toString());
+ rarg.addStringValue("serialNumberDecimal", cert.getSerialNumber()
+ .toString());
String subject = (String) cert.getSubjectDN().toString();
if (subject.equals("")) {
- rarg.addStringValue("subject", " ");
+ rarg.addStringValue("subject", " ");
} else {
rarg.addStringValue("subject", subject);
@@ -728,28 +714,32 @@ public class SrchCerts extends CMSServlet {
if (pKey instanceof X509Key) {
key = (X509Key) pKey;
}
- rarg.addStringValue("subjectPublicKeyAlgorithm", key.getAlgorithmId().getOID().toString());
+ rarg.addStringValue("subjectPublicKeyAlgorithm", key
+ .getAlgorithmId().getOID().toString());
if (key.getAlgorithmId().toString().equalsIgnoreCase("RSA")) {
RSAPublicKey rsaKey = new RSAPublicKey(key.getEncoded());
- rarg.addIntegerValue("subjectPublicKeyLength", rsaKey.getKeySize());
+ rarg.addIntegerValue("subjectPublicKeyLength",
+ rsaKey.getKeySize());
}
} catch (Exception e) {
rarg.addStringValue("subjectPublicKeyAlgorithm", null);
rarg.addIntegerValue("subjectPublicKeyLength", 0);
}
- rarg.addLongValue("validNotBefore", cert.getNotBefore().getTime() / 1000);
+ rarg.addLongValue("validNotBefore",
+ cert.getNotBefore().getTime() / 1000);
rarg.addLongValue("validNotAfter", cert.getNotAfter().getTime() / 1000);
rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
String issuedBy = rec.getIssuedBy();
- if (issuedBy == null) issuedBy = "";
+ if (issuedBy == null)
+ issuedBy = "";
rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
- rarg.addStringValue("revokedBy",
- ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
+ rarg.addStringValue("revokedBy", ((rec.getRevokedBy() == null) ? ""
+ : rec.getRevokedBy()));
if (rec.getRevokedOn() == null) {
rarg.addStringValue("revokedOn", null);
} else {
@@ -768,7 +758,8 @@ public class SrchCerts extends CMSServlet {
Extension ext = (Extension) enum1.nextElement();
if (ext instanceof CRLReasonExtension) {
- reason = ((CRLReasonExtension) ext).getReason().toInt();
+ reason = ((CRLReasonExtension) ext).getReason()
+ .toInt();
break;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
index 396f333b..83e2d395 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Date;
@@ -59,10 +58,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Force the CRL to be updated now.
- *
+ *
* @version $Revision$, $Date$
*/
public class UpdateCRL extends CMSServlet {
@@ -87,40 +85,41 @@ public class UpdateCRL extends CMSServlet {
}
/**
- * Initializes the servlet. This servlet uses updateCRL.template
- * to render the result
+ * Initializes the servlet. This servlet uses updateCRL.template to render
+ * the result
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority)
mCA = (ICertificateAuthority) mAuthority;
-
- // override success to do output orw own template.
+
+ // override success to do output orw own template.
mTemplates.remove(CMSRequest.SUCCESS);
if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param signatureAlgorithm the algorithm to use to sign the CRL
- * <li>http.param waitForUpdate true/false - should the servlet wait until
- * the CRL update is complete?
+ * <li>http.param waitForUpdate true/false - should the servlet wait until
+ * the CRL update is complete?
* <li>http.param clearCRLCache true/false - should the CRL cache cleared
- * before the CRL is generated?
+ * before the CRL is generated?
* <li>http.param crlIssuingPoint the CRL Issuing Point to Update
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("crl", true /* main action */);
+ statsSub.startTiming("crl", true /* main action */);
}
long startTime = CMS.getCurrentDate().getTime();
@@ -128,20 +127,20 @@ public class UpdateCRL extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "update");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "update");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
return;
}
@@ -158,21 +157,20 @@ public class UpdateCRL extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
- String signatureAlgorithm =
- req.getParameter("signatureAlgorithm");
+ String signatureAlgorithm = req.getParameter("signatureAlgorithm");
- process(argSet, header, req, resp,
- signatureAlgorithm, locale[0]);
+ process(argSet, header, req, resp, signatureAlgorithm, locale[0]);
} catch (EBaseException e) {
error = e;
}
@@ -183,42 +181,43 @@ public class UpdateCRL extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
if (statsSub != null) {
- statsSub.endTiming("crl");
+ statsSub.endTiming("crl");
}
}
- private CRLExtensions crlEntryExtensions (String reason, String invalidity) {
+ private CRLExtensions crlEntryExtensions(String reason, String invalidity) {
CRLExtensions entryExts = new CRLExtensions();
CRLReasonExtension crlReasonExtn = null;
if (reason != null && reason.length() > 0) {
try {
- RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason));
- if (revReason == null) revReason = RevocationReason.UNSPECIFIED;
+ RevocationReason revReason = RevocationReason.fromInt(Integer
+ .parseInt(reason));
+ if (revReason == null)
+ revReason = RevocationReason.UNSPECIFIED;
crlReasonExtn = new CRLReasonExtension(revReason);
} catch (Exception e) {
- CMS.debug("Invalid revocation reason: "+reason);
+ CMS.debug("Invalid revocation reason: " + reason);
}
}
@@ -228,15 +227,16 @@ public class UpdateCRL extends CMSServlet {
Date invalidityDate = null;
try {
long backInTime = Long.parseLong(invalidity);
- invalidityDate = new Date(now-(backInTime*60000));
+ invalidityDate = new Date(now - (backInTime * 60000));
} catch (Exception e) {
- CMS.debug("Invalid invalidity time offset: "+invalidity);
+ CMS.debug("Invalid invalidity time offset: " + invalidity);
}
if (invalidityDate != null) {
try {
- invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
+ invalidityDateExtn = new InvalidityDateExtension(
+ invalidityDate);
} catch (Exception e) {
- CMS.debug("Error creating invalidity extension: "+e);
+ CMS.debug("Error creating invalidity extension: " + e);
}
}
}
@@ -245,7 +245,8 @@ public class UpdateCRL extends CMSServlet {
try {
entryExts.set(crlReasonExtn.getName(), crlReasonExtn);
} catch (Exception e) {
- CMS.debug("Error adding revocation reason extension to entry extensions: "+e);
+ CMS.debug("Error adding revocation reason extension to entry extensions: "
+ + e);
}
}
@@ -253,14 +254,16 @@ public class UpdateCRL extends CMSServlet {
try {
entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn);
} catch (Exception e) {
- CMS.debug("Error adding invalidity date extension to entry extensions: "+e);
+ CMS.debug("Error adding invalidity date extension to entry extensions: "
+ + e);
}
}
return entryExts;
}
- private void addInfo(CMSTemplateParams argSet, ICRLIssuingPoint crlIssuingPoint, long cacheUpdate) {
+ private void addInfo(CMSTemplateParams argSet,
+ ICRLIssuingPoint crlIssuingPoint, long cacheUpdate) {
IArgBlock rarg = CMS.createArgBlock();
rarg.addLongValue("cacheUpdate", cacheUpdate);
@@ -292,18 +295,12 @@ public class UpdateCRL extends CMSServlet {
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- String signatureAlgorithm,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req, HttpServletResponse resp,
+ String signatureAlgorithm, Locale locale) throws EBaseException {
long startTime = CMS.getCurrentDate().getTime();
- String waitForUpdate =
- req.getParameter("waitForUpdate");
- String clearCache =
- req.getParameter("clearCRLCache");
- String crlIssuingPointId =
- req.getParameter("crlIssuingPoint");
+ String waitForUpdate = req.getParameter("waitForUpdate");
+ String clearCache = req.getParameter("clearCRLCache");
+ String crlIssuingPointId = req.getParameter("crlIssuingPoint");
String test = req.getParameter("test");
String add = req.getParameter("add");
String from = req.getParameter("from");
@@ -321,40 +318,41 @@ public class UpdateCRL extends CMSServlet {
if (crlIssuingPointId.equals(ip.getId())) {
break;
}
- if (!ips.hasMoreElements()) crlIssuingPointId = null;
+ if (!ips.hasMoreElements())
+ crlIssuingPointId = null;
}
}
if (crlIssuingPointId == null) {
crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL;
}
- ICRLIssuingPoint crlIssuingPoint =
- mCA.getCRLIssuingPoint(crlIssuingPointId);
+ ICRLIssuingPoint crlIssuingPoint = mCA
+ .getCRLIssuingPoint(crlIssuingPointId);
header.addStringValue("crlIssuingPoint", crlIssuingPointId);
IPublisherProcessor lpm = mCA.getPublisherProcessor();
if (crlIssuingPoint != null) {
- if (clearCache != null && clearCache.equals("true") &&
- crlIssuingPoint.isCRLGenerationEnabled() &&
- crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
- crlIssuingPoint.isCRLIssuingPointInitialized()
- == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
+ if (clearCache != null
+ && clearCache.equals("true")
+ && crlIssuingPoint.isCRLGenerationEnabled()
+ && crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE
+ && crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
crlIssuingPoint.clearCRLCache();
}
- if (waitForUpdate != null && waitForUpdate.equals("true") &&
- crlIssuingPoint.isCRLGenerationEnabled() &&
- crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
- crlIssuingPoint.isCRLIssuingPointInitialized()
- == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
- if (test != null && test.equals("true") &&
- crlIssuingPoint.isCRLCacheTestingEnabled() &&
- (!mTesting.contains(crlIssuingPointId))) {
+ if (waitForUpdate != null
+ && waitForUpdate.equals("true")
+ && crlIssuingPoint.isCRLGenerationEnabled()
+ && crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE
+ && crlIssuingPoint.isCRLIssuingPointInitialized() == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
+ if (test != null && test.equals("true")
+ && crlIssuingPoint.isCRLCacheTestingEnabled()
+ && (!mTesting.contains(crlIssuingPointId))) {
CMS.debug("CRL test started.");
mTesting.add(crlIssuingPointId);
BigInteger addLen = null;
BigInteger startFrom = null;
- if (add != null && add.length() > 0 &&
- from != null && from.length() > 0) {
+ if (add != null && add.length() > 0 && from != null
+ && from.length() > 0) {
try {
addLen = new BigInteger(add);
startFrom = new BigInteger(from);
@@ -365,7 +363,8 @@ public class UpdateCRL extends CMSServlet {
Date revocationDate = CMS.getCurrentDate();
String err = null;
- CRLExtensions entryExts = crlEntryExtensions (reason, invalidity);
+ CRLExtensions entryExts = crlEntryExtensions(reason,
+ invalidity);
BigInteger serialNumber = startFrom;
BigInteger counter = addLen;
@@ -379,22 +378,25 @@ public class UpdateCRL extends CMSServlet {
long t1 = System.currentTimeMillis();
long t2 = 0;
-
+
while (counter.compareTo(BigInteger.ZERO) > 0) {
- RevokedCertImpl revokedCert =
- new RevokedCertImpl(serialNumber, revocationDate, entryExts);
- crlIssuingPoint.addRevokedCert(serialNumber, revokedCert);
+ RevokedCertImpl revokedCert = new RevokedCertImpl(
+ serialNumber, revocationDate, entryExts);
+ crlIssuingPoint.addRevokedCert(serialNumber,
+ revokedCert);
serialNumber = serialNumber.add(BigInteger.ONE);
counter = counter.subtract(BigInteger.ONE);
- if ((counter.compareTo(BigInteger.ZERO) == 0) ||
- (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) {
+ if ((counter.compareTo(BigInteger.ZERO) == 0)
+ || (stepBy != null && ((counter.mod(stepBy))
+ .compareTo(BigInteger.ZERO) == 0))) {
t2 = System.currentTimeMillis();
long t0 = t2 - t1;
t1 = t2;
try {
if (signatureAlgorithm != null) {
- crlIssuingPoint.updateCRLNow(signatureAlgorithm);
+ crlIssuingPoint
+ .updateCRLNow(signatureAlgorithm);
} else {
crlIssuingPoint.updateCRLNow();
}
@@ -420,12 +422,12 @@ public class UpdateCRL extends CMSServlet {
mTesting.remove(crlIssuingPointId);
CMS.debug("CRL test finished.");
- } else if (test != null && test.equals("true") &&
- crlIssuingPoint.isCRLCacheTestingEnabled() &&
- mTesting.contains(crlIssuingPointId)) {
+ } else if (test != null && test.equals("true")
+ && crlIssuingPoint.isCRLCacheTestingEnabled()
+ && mTesting.contains(crlIssuingPointId)) {
header.addStringValue("crlUpdate", "testingInProgress");
- } else if (test != null && test.equals("true") &&
- (!crlIssuingPoint.isCRLCacheTestingEnabled())) {
+ } else if (test != null && test.equals("true")
+ && (!crlIssuingPoint.isCRLCacheTestingEnabled())) {
header.addStringValue("crlUpdate", "testingNotEnabled");
} else {
try {
@@ -435,7 +437,8 @@ public class UpdateCRL extends CMSServlet {
long now1 = System.currentTimeMillis();
if (signatureAlgorithm != null) {
- crlIssuingPoint.updateCRLNow(signatureAlgorithm);
+ crlIssuingPoint
+ .updateCRLNow(signatureAlgorithm);
} else {
crlIssuingPoint.updateCRLNow();
}
@@ -448,60 +451,80 @@ public class UpdateCRL extends CMSServlet {
}
if (lpm != null && lpm.enabled()) {
- Enumeration rules = lpm.getRules(IPublisherProcessor.PROP_LOCAL_CRL);
+ Enumeration rules = lpm
+ .getRules(IPublisherProcessor.PROP_LOCAL_CRL);
if (rules != null && rules.hasMoreElements()) {
if (publishError != null) {
- header.addStringValue("crlPublished", "Failure");
- header.addStringValue("error", publishError.toString(locale));
+ header.addStringValue("crlPublished",
+ "Failure");
+ header.addStringValue("error",
+ publishError.toString(locale));
} else {
- header.addStringValue("crlPublished", "Success");
+ header.addStringValue("crlPublished",
+ "Success");
}
}
}
// for audit log
SessionContext sContext = SessionContext.getContext();
- String agentId = (String) sContext.get(SessionContext.USER_ID);
- IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN);
+ String agentId = (String) sContext
+ .get(SessionContext.USER_ID);
+ IAuthToken authToken = (IAuthToken) sContext
+ .get(SessionContext.AUTH_TOKEN);
String authMgr = AuditFormat.NOAUTH;
-
+
if (authToken != null) {
- authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
long endTime = CMS.getCurrentDate().getTime();
if (crlIssuingPoint.getNextUpdate() != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.CRLUPDATEFORMAT,
- new Object[] {
- AuditFormat.FROMAGENT + " agentID: " + agentId,
- authMgr,
- "completed",
- crlIssuingPoint.getId(),
- crlIssuingPoint.getCRLNumber(),
- crlIssuingPoint.getLastUpdate(),
- crlIssuingPoint.getNextUpdate(),
- Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
- );
- }else {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.CRLUPDATEFORMAT,
- new Object[] {
- AuditFormat.FROMAGENT + " agentID: " + agentId,
- authMgr,
- "completed",
- crlIssuingPoint.getId(),
- crlIssuingPoint.getCRLNumber(),
- crlIssuingPoint.getLastUpdate(),
- "not set",
- Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.CRLUPDATEFORMAT,
+ new Object[] {
+ AuditFormat.FROMAGENT
+ + " agentID: " + agentId,
+ authMgr,
+ "completed",
+ crlIssuingPoint.getId(),
+ crlIssuingPoint.getCRLNumber(),
+ crlIssuingPoint.getLastUpdate(),
+ crlIssuingPoint.getNextUpdate(),
+ Long.toString(crlIssuingPoint
+ .getCRLSize())
+ + " time: "
+ + (endTime - startTime) });
+ } else {
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.CRLUPDATEFORMAT,
+ new Object[] {
+ AuditFormat.FROMAGENT
+ + " agentID: " + agentId,
+ authMgr,
+ "completed",
+ crlIssuingPoint.getId(),
+ crlIssuingPoint.getCRLNumber(),
+ crlIssuingPoint.getLastUpdate(),
+ "not set",
+ Long.toString(crlIssuingPoint
+ .getCRLSize())
+ + " time: "
+ + (endTime - startTime) });
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString()));
- if ((lpm != null) && lpm.enabled() && (e instanceof ELdapException)) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL",
+ e.toString()));
+ if ((lpm != null) && lpm.enabled()
+ && (e instanceof ELdapException)) {
header.addStringValue("crlPublished", "Failure");
header.addStringValue("error", e.toString(locale));
} else {
@@ -510,12 +533,10 @@ public class UpdateCRL extends CMSServlet {
}
}
} else {
- if (crlIssuingPoint.isCRLIssuingPointInitialized()
- != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
+ if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
header.addStringValue("crlUpdate", "notInitialized");
- } else if (crlIssuingPoint.isCRLUpdateInProgress()
- != ICRLIssuingPoint.CRL_UPDATE_DONE ||
- crlIssuingPoint.isManualUpdateSet()) {
+ } else if (crlIssuingPoint.isCRLUpdateInProgress() != ICRLIssuingPoint.CRL_UPDATE_DONE
+ || crlIssuingPoint.isManualUpdateSet()) {
header.addStringValue("crlUpdate", "inProgress");
} else if (!crlIssuingPoint.isCRLGenerationEnabled()) {
header.addStringValue("crlUpdate", "Disabled");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
index ccba3362..8ea34b1b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Enumeration;
@@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Update the configured LDAP server with specified objects
- *
+ *
* @version $Revision$, $Date$
*/
public class UpdateDir extends CMSServlet {
@@ -85,12 +83,10 @@ public class UpdateDir extends CMSServlet {
private final static int REVOKED_FROM = 10;
private final static int REVOKED_TO = 11;
private final static int CHECK_FLAG = 12;
- private final static String[] updateName =
- {"updateAll", "updateCRL", "updateCA",
- "updateValid", "validFrom", "validTo",
- "updateExpired", "expiredFrom", "expiredTo",
- "updateRevoked", "revokedFrom", "revokedTo",
- "checkFlag"};
+ private final static String[] updateName = { "updateAll", "updateCRL",
+ "updateCA", "updateValid", "validFrom", "validTo", "updateExpired",
+ "expiredFrom", "expiredTo", "updateRevoked", "revokedFrom",
+ "revokedTo", "checkFlag" };
private String mFormPath = null;
private ICertificateAuthority mCA = null;
@@ -112,7 +108,7 @@ public class UpdateDir extends CMSServlet {
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
- if( mAuthority != null ) {
+ if (mAuthority != null) {
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
if (mAuthority instanceof ICertificateAuthority) {
mCA = (ICertificateAuthority) mAuthority;
@@ -129,8 +125,8 @@ public class UpdateDir extends CMSServlet {
}
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -142,14 +138,14 @@ public class UpdateDir extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "update");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "update");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -169,18 +165,19 @@ public class UpdateDir extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
String crlIssuingPointId = req.getParameter("crlIssuingPoint");
- if (mPublisherProcessor == null ||
- !mPublisherProcessor.enabled())
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE"));
+ if (mPublisherProcessor == null || !mPublisherProcessor.enabled())
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_PUB_MODULE"));
String[] updateValue = new String[updateName.length];
@@ -188,14 +185,17 @@ public class UpdateDir extends CMSServlet {
updateValue[i] = req.getParameter(updateName[i]);
}
- String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
- String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
- if (masterHost != null && masterHost.length() > 0 &&
- masterPort != null && masterPort.length() > 0) {
+ String masterHost = CMS.getConfigStore().getString(
+ "master.ca.agent.host", "");
+ String masterPort = CMS.getConfigStore().getString(
+ "master.ca.agent.port", "");
+ if (masterHost != null && masterHost.length() > 0
+ && masterPort != null && masterPort.length() > 0) {
mClonedCA = true;
}
- process(argSet, header, req, resp, crlIssuingPointId, updateValue, locale[0]);
+ process(argSet, header, req, resp, crlIssuingPointId, updateValue,
+ locale[0]);
} catch (EBaseException e) {
error = e;
}
@@ -206,29 +206,28 @@ public class UpdateDir extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
- private void updateCRLIssuingPoint(
- IArgBlock header,
- String crlIssuingPointId,
- ICRLIssuingPoint crlIssuingPoint,
- Locale locale) {
+ private void updateCRLIssuingPoint(IArgBlock header,
+ String crlIssuingPointId, ICRLIssuingPoint crlIssuingPoint,
+ Locale locale) {
SessionContext sc = SessionContext.getContext();
sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId);
@@ -237,53 +236,67 @@ public class UpdateDir extends CMSServlet {
try {
if (mCRLRepository != null) {
- crlRecord = (ICRLIssuingPointRecord)mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId);
+ crlRecord = (ICRLIssuingPointRecord) mCRLRepository
+ .readCRLIssuingPointRecord(crlIssuingPointId);
}
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString()));
}
if (crlRecord == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
header.addStringValue("crlPublished", "Failure");
- header.addStringValue("crlError",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+ header.addStringValue(
+ "crlError",
+ new ECMSGWException(CMS.getUserMessage(locale,
+ "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
} else {
- String publishDN = (crlIssuingPoint != null)? crlIssuingPoint.getPublishDN(): null;
+ String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint
+ .getPublishDN() : null;
byte[] crlbytes = crlRecord.getCRL();
if (crlbytes == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
header.addStringValue("crlPublished", "Failure");
- header.addStringValue("crlError",
- new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+ header.addStringValue(
+ "crlError",
+ new ECMSGWException(CMS.getUserMessage(locale,
+ "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
} else {
X509CRLImpl crl = null;
try {
crl = new X509CRLImpl(crlbytes);
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DECODE_CRL",
+ e.toString()));
}
if (crl == null) {
header.addStringValue("crlPublished", "Failure");
- header.addStringValue("crlError",
- new ECMSGWException(CMS.getUserMessage(locale,"CMS_GW_DECODE_CRL_FAILED")).toString());
+ header.addStringValue(
+ "crlError",
+ new ECMSGWException(CMS.getUserMessage(locale,
+ "CMS_GW_DECODE_CRL_FAILED")).toString());
} else {
try {
if (publishDN != null) {
mPublisherProcessor.publishCRL(publishDN, crl);
} else {
- mPublisherProcessor.publishCRL(crl,crlIssuingPointId);
+ mPublisherProcessor.publishCRL(crl,
+ crlIssuingPointId);
}
header.addStringValue("crlPublished", "Success");
} catch (ELdapException e) {
header.addStringValue("crlPublished", "Failure");
header.addStringValue("crlError", e.toString(locale));
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("LDAP_ERROR_PUBLISH_CRL",
+ e.toString()));
}
}
}
@@ -298,7 +311,9 @@ public class UpdateDir extends CMSServlet {
try {
deltaCrl = new X509CRLImpl(deltaCrlBytes);
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL",
+ e.toString()));
}
boolean goodDelta = false;
@@ -306,24 +321,26 @@ public class UpdateDir extends CMSServlet {
BigInteger crlNumber = crlRecord.getCRLNumber();
BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
Long deltaCRLSize = crlRecord.getDeltaCRLSize();
- if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 &&
- crlNumber != null && deltaNumber != null &&
- deltaNumber.compareTo(crlNumber) >= 0) {
+ if (deltaCRLSize != null && deltaCRLSize.longValue() > -1
+ && crlNumber != null && deltaNumber != null
+ && deltaNumber.compareTo(crlNumber) >= 0) {
goodDelta = true;
}
}
- if (deltaCrl != null && ((mClonedCA && goodDelta) ||
- (crlIssuingPoint != null &&
- crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) {
+ if (deltaCrl != null
+ && ((mClonedCA && goodDelta) || (crlIssuingPoint != null && crlIssuingPoint
+ .isThisCurrentDeltaCRL(deltaCrl)))) {
try {
if (publishDN != null) {
mPublisherProcessor.publishCRL(publishDN, deltaCrl);
} else {
- mPublisherProcessor.publishCRL(deltaCrl,crlIssuingPointId);
+ mPublisherProcessor.publishCRL(deltaCrl,
+ crlIssuingPointId);
}
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString()));
}
}
}
@@ -331,17 +348,14 @@ public class UpdateDir extends CMSServlet {
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- HttpServletRequest req,
- HttpServletResponse resp,
- String crlIssuingPointId,
- String[] updateValue,
- Locale locale)
- throws EBaseException {
+ HttpServletRequest req, HttpServletResponse resp,
+ String crlIssuingPointId, String[] updateValue, Locale locale)
+ throws EBaseException {
// all or crl
- if ((updateValue[UPDATE_ALL] != null &&
- updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_CRL] != null &&
- updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) {
+ if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL]
+ .equalsIgnoreCase("yes"))
+ || (updateValue[UPDATE_CRL] != null && updateValue[UPDATE_CRL]
+ .equalsIgnoreCase("yes"))) {
// check if received issuing point ID is known to the server
if (crlIssuingPointId != null) {
Enumeration ips = mCA.getCRLIssuingPoints();
@@ -352,7 +366,8 @@ public class UpdateDir extends CMSServlet {
if (crlIssuingPointId.equals(ip.getId())) {
break;
}
- if (!ips.hasMoreElements()) crlIssuingPointId = null;
+ if (!ips.hasMoreElements())
+ crlIssuingPointId = null;
}
}
if (crlIssuingPointId == null) {
@@ -361,7 +376,7 @@ public class UpdateDir extends CMSServlet {
Vector ipNames = mCRLRepository.getIssuingPointsNames();
if (ipNames != null && ipNames.size() > 0) {
for (int i = 0; i < ipNames.size(); i++) {
- String ipName = (String)ipNames.elementAt(i);
+ String ipName = (String) ipNames.elementAt(i);
updateCRLIssuingPoint(header, ipName, null, locale);
}
@@ -370,46 +385,49 @@ public class UpdateDir extends CMSServlet {
Enumeration oips = mCA.getCRLIssuingPoints();
while (oips.hasMoreElements()) {
- ICRLIssuingPoint oip = (ICRLIssuingPoint) oips.nextElement();
+ ICRLIssuingPoint oip = (ICRLIssuingPoint) oips
+ .nextElement();
updateCRLIssuingPoint(header, oip.getId(), oip, locale);
}
}
} else {
- ICRLIssuingPoint crlIssuingPoint =
- mCA.getCRLIssuingPoint(crlIssuingPointId);
+ ICRLIssuingPoint crlIssuingPoint = mCA
+ .getCRLIssuingPoint(crlIssuingPointId);
ICRLIssuingPointRecord crlRecord = null;
- updateCRLIssuingPoint(header, crlIssuingPointId,
- crlIssuingPoint, locale);
+ updateCRLIssuingPoint(header, crlIssuingPointId,
+ crlIssuingPoint, locale);
}
}
- ICertificateRepository certificateRepository = (ICertificateRepository) mCA.getCertificateRepository();
+ ICertificateRepository certificateRepository = (ICertificateRepository) mCA
+ .getCertificateRepository();
// all or ca
- if ((updateValue[UPDATE_ALL] != null &&
- updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_CA] != null &&
- updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) {
+ if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL]
+ .equalsIgnoreCase("yes"))
+ || (updateValue[UPDATE_CA] != null && updateValue[UPDATE_CA]
+ .equalsIgnoreCase("yes"))) {
X509CertImpl caCert = mCA.getSigningUnit().getCertImpl();
try {
mPublisherProcessor.publishCACert(caCert);
header.addStringValue("caCertPublished", "Success");
} catch (ELdapException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR_PUBLISH_CACERT_1",
- caCert.getSerialNumber().toString(16), e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LDAP_ERROR_PUBLISH_CACERT_1", caCert.getSerialNumber()
+ .toString(16), e.toString()));
header.addStringValue("caCertPublished", "Failure");
header.addStringValue("caCertError", e.toString(locale));
}
}
// all or valid
- if ((updateValue[UPDATE_ALL] != null &&
- updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_VALID] != null &&
- updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) {
+ if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL]
+ .equalsIgnoreCase("yes"))
+ || (updateValue[UPDATE_VALID] != null && updateValue[UPDATE_VALID]
+ .equalsIgnoreCase("yes"))) {
if (certificateRepository != null) {
if (updateValue[VALID_FROM].startsWith("0x")) {
updateValue[VALID_FROM] = hexToDecimal(updateValue[VALID_FROM]);
@@ -419,17 +437,15 @@ public class UpdateDir extends CMSServlet {
}
Enumeration validCerts = null;
- if (updateValue[CHECK_FLAG] != null &&
- updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
- validCerts =
- certificateRepository.getValidNotPublishedCertificates(
- updateValue[VALID_FROM],
- updateValue[VALID_TO]);
+ if (updateValue[CHECK_FLAG] != null
+ && updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+ validCerts = certificateRepository
+ .getValidNotPublishedCertificates(
+ updateValue[VALID_FROM],
+ updateValue[VALID_TO]);
} else {
- validCerts =
- certificateRepository.getValidCertificates(
- updateValue[VALID_FROM],
- updateValue[VALID_TO]);
+ validCerts = certificateRepository.getValidCertificates(
+ updateValue[VALID_FROM], updateValue[VALID_TO]);
}
int i = 0;
int l = 0;
@@ -437,9 +453,9 @@ public class UpdateDir extends CMSServlet {
if (validCerts != null) {
while (validCerts.hasMoreElements()) {
- ICertRecord certRecord =
- (ICertRecord) validCerts.nextElement();
- //X509CertImpl cert = certRecord.getCertificate();
+ ICertRecord certRecord = (ICertRecord) validCerts
+ .nextElement();
+ // X509CertImpl cert = certRecord.getCertificate();
X509CertImpl cert = null;
Object o = certRecord.getCertificate();
@@ -449,84 +465,92 @@ public class UpdateDir extends CMSServlet {
MetaInfo metaInfo = null;
String ridString = null;
- metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
+ metaInfo = (MetaInfo) certRecord
+ .get(ICertRecord.ATTR_META_INFO);
if (metaInfo == null) {
// ca's self signed signing cert and
// server cert has no related request and
// have no metaInfo
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
- cert.getSerialNumber().toString(16)));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAIL_GET_ICERT_RECORD", cert
+ .getSerialNumber().toString(16)));
} else {
- ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
+ ridString = (String) metaInfo
+ .get(ICertRecord.META_REQUEST_ID);
}
IRequest r = null;
if (ridString != null) {
RequestId rid = new RequestId(ridString);
-
+
r = mCA.getRequestQueue().findRequest(rid);
- }
+ }
try {
l++;
- SessionContext sc = SessionContext.getContext();
+ SessionContext sc = SessionContext.getContext();
if (r == null) {
if (CMS.isEncryptionCert(cert))
- sc.put((Object) "isEncryptionCert", (Object) "true");
- else
- sc.put((Object) "isEncryptionCert", (Object) "false");
+ sc.put((Object) "isEncryptionCert",
+ (Object) "true");
+ else
+ sc.put((Object) "isEncryptionCert",
+ (Object) "false");
mPublisherProcessor.publishCert(cert, null);
} else {
if (CMS.isEncryptionCert(cert))
r.setExtData("isEncryptionCert", "true");
- else
+ else
r.setExtData("isEncryptionCert", "false");
mPublisherProcessor.publishCert(cert, r);
}
i++;
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16),
- e.toString()));
- validCertsError +=
- "Failed to publish certificate: 0x" +
- certRecord.getSerialNumber().toString(16) +
- ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAIL_PUBLISH_CERT", certRecord
+ .getSerialNumber().toString(16), e
+ .toString()));
+ validCertsError += "Failed to publish certificate: 0x"
+ + certRecord.getSerialNumber().toString(16)
+ + ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
}
}
}
if (i > 0 && i == l) {
- header.addStringValue("validCertsPublished",
- "Success");
+ header.addStringValue("validCertsPublished", "Success");
if (i == 1)
- header.addStringValue("validCertsError", i +
- " valid certificate is published in the directory.");
+ header.addStringValue(
+ "validCertsError",
+ i
+ + " valid certificate is published in the directory.");
else
- header.addStringValue("validCertsError", i +
- " valid certificates are published in the directory.");
+ header.addStringValue(
+ "validCertsError",
+ i
+ + " valid certificates are published in the directory.");
} else {
if (l == 0) {
header.addStringValue("validCertsPublished", "No");
} else {
header.addStringValue("validCertsPublished", "Failure");
- header.addStringValue("validCertsError",
- validCertsError);
+ header.addStringValue("validCertsError",
+ validCertsError);
}
}
} else {
header.addStringValue("validCertsPublished", "Failure");
- header.addStringValue("validCertsError", "Certificate repository is unavailable.");
+ header.addStringValue("validCertsError",
+ "Certificate repository is unavailable.");
}
}
// all or expired
- if ((updateValue[UPDATE_ALL] != null &&
- updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_EXPIRED] != null &&
- updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) {
+ if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL]
+ .equalsIgnoreCase("yes"))
+ || (updateValue[UPDATE_EXPIRED] != null && updateValue[UPDATE_EXPIRED]
+ .equalsIgnoreCase("yes"))) {
if (certificateRepository != null) {
if (updateValue[EXPIRED_FROM].startsWith("0x")) {
updateValue[EXPIRED_FROM] = hexToDecimal(updateValue[EXPIRED_FROM]);
@@ -536,27 +560,26 @@ public class UpdateDir extends CMSServlet {
}
Enumeration expiredCerts = null;
- if (updateValue[CHECK_FLAG] != null &&
- updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
- expiredCerts =
- certificateRepository.getExpiredPublishedCertificates(
- updateValue[EXPIRED_FROM],
- updateValue[EXPIRED_TO]);
+ if (updateValue[CHECK_FLAG] != null
+ && updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+ expiredCerts = certificateRepository
+ .getExpiredPublishedCertificates(
+ updateValue[EXPIRED_FROM],
+ updateValue[EXPIRED_TO]);
} else {
- expiredCerts =
- certificateRepository.getExpiredCertificates(
- updateValue[EXPIRED_FROM],
- updateValue[EXPIRED_TO]);
+ expiredCerts = certificateRepository
+ .getExpiredCertificates(updateValue[EXPIRED_FROM],
+ updateValue[EXPIRED_TO]);
}
int i = 0;
int l = 0;
StringBuffer expiredCertsError = new StringBuffer();
- if (expiredCerts != null) {
+ if (expiredCerts != null) {
while (expiredCerts.hasMoreElements()) {
- ICertRecord certRecord =
- (ICertRecord) expiredCerts.nextElement();
- //X509CertImpl cert = certRecord.getCertificate();
+ ICertRecord certRecord = (ICertRecord) expiredCerts
+ .nextElement();
+ // X509CertImpl cert = certRecord.getCertificate();
X509CertImpl cert = null;
Object o = certRecord.getCertificate();
@@ -566,25 +589,27 @@ public class UpdateDir extends CMSServlet {
MetaInfo metaInfo = null;
String ridString = null;
- metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
+ metaInfo = (MetaInfo) certRecord
+ .get(ICertRecord.ATTR_META_INFO);
if (metaInfo == null) {
// ca's self signed signing cert and
// server cert has no related request and
// have no metaInfo
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
- cert.getSerialNumber().toString(16)));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAIL_GET_ICERT_RECORD", cert
+ .getSerialNumber().toString(16)));
} else {
- ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
+ ridString = (String) metaInfo
+ .get(ICertRecord.META_REQUEST_ID);
}
IRequest r = null;
if (ridString != null) {
RequestId rid = new RequestId(ridString);
-
+
r = mCA.getRequestQueue().findRequest(rid);
- }
+ }
try {
l++;
@@ -595,47 +620,53 @@ public class UpdateDir extends CMSServlet {
}
i++;
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
- certRecord.getSerialNumber().toString(16),
- e.toString()));
- expiredCertsError.append(
- "Failed to unpublish certificate: 0x");
- expiredCertsError.append(
- certRecord.getSerialNumber().toString(16));
- expiredCertsError.append(
- ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LDAP_ERROR_UNPUBLISH_CERT", certRecord
+ .getSerialNumber().toString(16), e
+ .toString()));
+ expiredCertsError
+ .append("Failed to unpublish certificate: 0x");
+ expiredCertsError.append(certRecord
+ .getSerialNumber().toString(16));
+ expiredCertsError
+ .append(".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;");
}
}
}
if (i > 0 && i == l) {
header.addStringValue("expiredCertsUnpublished", "Success");
if (i == 1)
- header.addStringValue("expiredCertsError", i +
- " expired certificate is unpublished in the directory.");
+ header.addStringValue(
+ "expiredCertsError",
+ i
+ + " expired certificate is unpublished in the directory.");
else
- header.addStringValue("expiredCertsError", i +
- " expired certificates are unpublished in the directory.");
+ header.addStringValue(
+ "expiredCertsError",
+ i
+ + " expired certificates are unpublished in the directory.");
} else {
if (l == 0) {
header.addStringValue("expiredCertsUnpublished", "No");
} else {
- header.addStringValue("expiredCertsUnpublished", "Failure");
- header.addStringValue("expiredCertsError",
- expiredCertsError.toString());
+ header.addStringValue("expiredCertsUnpublished",
+ "Failure");
+ header.addStringValue("expiredCertsError",
+ expiredCertsError.toString());
}
}
} else {
header.addStringValue("expiredCertsUnpublished", "Failure");
- header.addStringValue("expiredCertsError", "Certificate repository is unavailable.");
+ header.addStringValue("expiredCertsError",
+ "Certificate repository is unavailable.");
}
}
// all or revoked
- if ((updateValue[UPDATE_ALL] != null &&
- updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
- (updateValue[UPDATE_REVOKED] != null &&
- updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) {
+ if ((updateValue[UPDATE_ALL] != null && updateValue[UPDATE_ALL]
+ .equalsIgnoreCase("yes"))
+ || (updateValue[UPDATE_REVOKED] != null && updateValue[UPDATE_REVOKED]
+ .equalsIgnoreCase("yes"))) {
if (certificateRepository != null) {
if (updateValue[REVOKED_FROM].startsWith("0x")) {
updateValue[REVOKED_FROM] = hexToDecimal(updateValue[REVOKED_FROM]);
@@ -645,27 +676,26 @@ public class UpdateDir extends CMSServlet {
}
Enumeration revokedCerts = null;
- if (updateValue[CHECK_FLAG] != null &&
- updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
- revokedCerts =
- certificateRepository.getRevokedPublishedCertificates(
- updateValue[REVOKED_FROM],
- updateValue[REVOKED_TO]);
+ if (updateValue[CHECK_FLAG] != null
+ && updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+ revokedCerts = certificateRepository
+ .getRevokedPublishedCertificates(
+ updateValue[REVOKED_FROM],
+ updateValue[REVOKED_TO]);
} else {
- revokedCerts =
- certificateRepository.getRevokedCertificates(
- updateValue[REVOKED_FROM],
- updateValue[REVOKED_TO]);
+ revokedCerts = certificateRepository
+ .getRevokedCertificates(updateValue[REVOKED_FROM],
+ updateValue[REVOKED_TO]);
}
int i = 0;
int l = 0;
String revokedCertsError = "";
- if (revokedCerts != null) {
+ if (revokedCerts != null) {
while (revokedCerts.hasMoreElements()) {
- ICertRecord certRecord =
- (ICertRecord) revokedCerts.nextElement();
- //X509CertImpl cert = certRecord.getCertificate();
+ ICertRecord certRecord = (ICertRecord) revokedCerts
+ .nextElement();
+ // X509CertImpl cert = certRecord.getCertificate();
X509CertImpl cert = null;
Object o = certRecord.getCertificate();
@@ -675,25 +705,27 @@ public class UpdateDir extends CMSServlet {
MetaInfo metaInfo = null;
String ridString = null;
- metaInfo = (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
+ metaInfo = (MetaInfo) certRecord
+ .get(ICertRecord.ATTR_META_INFO);
if (metaInfo == null) {
// ca's self signed signing cert and
// server cert has no related request and
// have no metaInfo
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
- cert.getSerialNumber().toString(16)));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAIL_GET_ICERT_RECORD", cert
+ .getSerialNumber().toString(16)));
} else {
- ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
+ ridString = (String) metaInfo
+ .get(ICertRecord.META_REQUEST_ID);
}
IRequest r = null;
if (ridString != null) {
RequestId rid = new RequestId(ridString);
-
+
r = mCA.getRequestQueue().findRequest(rid);
- }
+ }
try {
l++;
@@ -704,37 +736,42 @@ public class UpdateDir extends CMSServlet {
}
i++;
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
- certRecord.getSerialNumber().toString(16),
- e.toString()));
- revokedCertsError +=
- "Failed to unpublish certificate: 0x" +
- certRecord.getSerialNumber().toString(16) +
- ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "LDAP_ERROR_UNPUBLISH_CERT", certRecord
+ .getSerialNumber().toString(16), e
+ .toString()));
+ revokedCertsError += "Failed to unpublish certificate: 0x"
+ + certRecord.getSerialNumber().toString(16)
+ + ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
}
}
}
if (i > 0 && i == l) {
header.addStringValue("revokedCertsUnpublished", "Success");
if (i == 1)
- header.addStringValue("revokedCertsError", i +
- " revoked certificate is unpublished in the directory.");
+ header.addStringValue(
+ "revokedCertsError",
+ i
+ + " revoked certificate is unpublished in the directory.");
else
- header.addStringValue("revokedCertsError", i +
- " revoked certificates are unpublished in the directory.");
+ header.addStringValue(
+ "revokedCertsError",
+ i
+ + " revoked certificates are unpublished in the directory.");
} else {
if (l == 0) {
header.addStringValue("revokedCertsUnpublished", "No");
} else {
- header.addStringValue("revokedCertsUnpublished", "Failure");
- header.addStringValue("revokedCertsError",
- revokedCertsError);
+ header.addStringValue("revokedCertsUnpublished",
+ "Failure");
+ header.addStringValue("revokedCertsError",
+ revokedCertsError);
}
}
} else {
header.addStringValue("revokedCertsUnpublished", "Failure");
- header.addStringValue("revokedCertsError", "Certificate repository is unavailable.");
+ header.addStringValue("revokedCertsError",
+ "Certificate repository is unavailable.");
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
index 79151072..fe2485a6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
@@ -123,298 +123,303 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.profile.SSLClientCertProvider;
import com.netscape.cmsutil.scep.CRSPKIMessage;
-
/**
- * This servlet deals with PKCS#10-based certificate requests from
- * CRS, now called SCEP, and defined at:
- * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt
+ * This servlet deals with PKCS#10-based certificate requests from CRS, now
+ * called SCEP, and defined at:
+ * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt
*
* The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe
- *
- * The HTTP parameters are 'operation' and 'message'
- * operation can be either 'GetCACert' or 'PKIOperation'
- *
+ *
+ * The HTTP parameters are 'operation' and 'message' operation can be either
+ * 'GetCACert' or 'PKIOperation'
+ *
* @version $Revision$, $Date$
*/
-public class CRSEnrollment extends HttpServlet
-{
- /**
+public class CRSEnrollment extends HttpServlet {
+ /**
*
*/
private static final long serialVersionUID = 8483002540957382369L;
-protected IProfileSubsystem mProfileSubsystem = null;
- protected String mProfileId = null;
- protected ICertAuthority mAuthority;
- protected IConfigStore mConfig = null;
- protected IAuthSubsystem mAuthSubsystem;
- protected String mAppendDN=null;
- protected String mEntryObjectclass=null;
- protected boolean mCreateEntry=false;
- protected boolean mFlattenDN=false;
-
- private String mAuthManagerName;
- private String mSubstoreName;
- private boolean mEnabled = false;
- private boolean mUseCA = true;
- private String mNickname = null;
- private String mTokenName = "";
- private String mHashAlgorithm = "SHA1";
- private String mHashAlgorithmList = null;
- private String[] mAllowedHashAlgorithm;
- private String mConfiguredEncryptionAlgorithm = "DES3";
- private String mEncryptionAlgorithm = "DES3";
- private String mEncryptionAlgorithmList = null;
- private String[] mAllowedEncryptionAlgorithm;
- private Random mRandom = null;
- private int mNonceSizeLimit = 0;
- protected ILogger mLogger = CMS.getLogger();
- private ICertificateAuthority ca;
- /* for hashing challenge password */
- protected MessageDigest mSHADigest = null;
-
- private static final String PROP_SUBSTORENAME = "substorename";
- private static final String PROP_AUTHORITY = "authority";
- private static final String PROP_CRS = "crs";
- private static final String PROP_CRSCA = "casubsystem";
- private static final String PROP_CRSAUTHMGR = "authName";
- private static final String PROP_APPENDDN = "appendDN";
- private static final String PROP_CREATEENTRY= "createEntry";
- private static final String PROP_FLATTENDN = "flattenDN";
- private static final String PROP_ENTRYOC = "entryObjectclass";
-
- // URL parameters
- private static final String URL_OPERATION = "operation";
- private static final String URL_MESSAGE = "message";
-
- // possible values for 'operation'
- private static final String OP_GETCACERT = "GetCACert";
- private static final String OP_PKIOPERATION = "PKIOperation";
-
- public static final String AUTH_PASSWORD = "pwd";
-
- public static final String AUTH_CREDS = "AuthCreds";
- public static final String AUTH_TOKEN = "AuthToken";
- public static final String AUTH_FAILED = "AuthFailed";
-
- public static final String SANE_DNSNAME = "DNSName";
- public static final String SANE_IPADDRESS = "IPAddress";
-
- public static final String CERTINFO = "CertInfo";
- public static final String SUBJECTNAME = "SubjectName";
-
-
- public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null;
- public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null;
- public static ObjectIdentifier OID_SERIALNUMBER = null;
-
- public CRSEnrollment(){}
-
- public static Hashtable toHashtable(HttpServletRequest req) {
- Hashtable httpReqHash = new Hashtable();
- Enumeration names = req.getParameterNames();
- while (names.hasMoreElements()) {
- String name = (String)names.nextElement();
- httpReqHash.put(name, req.getParameter(name));
- }
- return httpReqHash;
- }
-
- public void init(ServletConfig sc) {
- // Find the CertificateAuthority we should use for CRS.
- String crsCA = sc.getInitParameter(PROP_AUTHORITY);
- if (crsCA == null)
- crsCA = "ca";
- mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA);
- ca = (ICertificateAuthority)mAuthority;
-
- if (mAuthority == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY",crsCA));
- }
-
- try {
- if (mAuthority instanceof ISubsystem) {
- IConfigStore authorityConfig = ((ISubsystem)mAuthority).getConfigStore();
- IConfigStore scepConfig = authorityConfig.getSubStore("scep");
- mEnabled = scepConfig.getBoolean("enable", false);
- mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1");
- mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3");
- mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0);
- mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512");
- mAllowedHashAlgorithm = mHashAlgorithmList.split(",");
- mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3");
- mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(",");
- mNickname = scepConfig.getString("nickname", ca.getNickname());
- if (mNickname.equals(ca.getNickname())) {
- mTokenName = ca.getSigningUnit().getTokenName();
- } else {
- mTokenName = scepConfig.getString("tokenname", "");
- mUseCA = false;
- }
- if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
- mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
- mTokenName.length() == 0)) {
- int i = mNickname.indexOf(':');
- if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) {
- mNickname = mTokenName + ":" + mNickname;
- }
- }
- }
- } catch (EBaseException e) {
- CMS.debug("CRSEnrollment: init: EBaseException: "+e);
- }
- mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
- CMS.debug("CRSEnrollment: init: SCEP support is "+((mEnabled)?"enabled":"disabled")+".");
- CMS.debug("CRSEnrollment: init: SCEP nickname: "+mNickname);
- CMS.debug("CRSEnrollment: init: CA nickname: "+ca.getNickname());
- CMS.debug("CRSEnrollment: init: Token name: "+mTokenName);
- CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: "+mUseCA);
- CMS.debug("CRSEnrollment: init: mNonceSizeLimit: "+mNonceSizeLimit);
- CMS.debug("CRSEnrollment: init: mHashAlgorithm: "+mHashAlgorithm);
- CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "+mHashAlgorithmList);
- for (int i = 0; i < mAllowedHashAlgorithm.length; i++) {
- mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim();
- CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm["+i+"]="+mAllowedHashAlgorithm[i]);
- }
- CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "+mEncryptionAlgorithm);
- CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "+mEncryptionAlgorithmList);
- for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) {
- mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim();
- CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm["+i+"]="+mAllowedEncryptionAlgorithm[i]);
- }
-
- try {
- mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile");
- mProfileId = sc.getInitParameter("profileId");
- CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId);
-
- mAuthSubsystem = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
- mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR);
- mAppendDN = sc.getInitParameter(PROP_APPENDDN);
- String tmp = sc.getInitParameter(PROP_CREATEENTRY);
- if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
- mCreateEntry = true;
- else
- mCreateEntry = false;
- tmp = sc.getInitParameter(PROP_FLATTENDN);
- if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
- mFlattenDN = true;
- else
- mFlattenDN = false;
- mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC);
- if (mEntryObjectclass == null)
- mEntryObjectclass = "cep";
- mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME);
- if (mSubstoreName == null)
- mSubstoreName = "default";
- } catch (Exception e) {
- }
-
- OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME");
- OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS");
- OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER");
-
-
- try {
- mSHADigest = MessageDigest.getInstance("SHA1");
+ protected IProfileSubsystem mProfileSubsystem = null;
+ protected String mProfileId = null;
+ protected ICertAuthority mAuthority;
+ protected IConfigStore mConfig = null;
+ protected IAuthSubsystem mAuthSubsystem;
+ protected String mAppendDN = null;
+ protected String mEntryObjectclass = null;
+ protected boolean mCreateEntry = false;
+ protected boolean mFlattenDN = false;
+
+ private String mAuthManagerName;
+ private String mSubstoreName;
+ private boolean mEnabled = false;
+ private boolean mUseCA = true;
+ private String mNickname = null;
+ private String mTokenName = "";
+ private String mHashAlgorithm = "SHA1";
+ private String mHashAlgorithmList = null;
+ private String[] mAllowedHashAlgorithm;
+ private String mConfiguredEncryptionAlgorithm = "DES3";
+ private String mEncryptionAlgorithm = "DES3";
+ private String mEncryptionAlgorithmList = null;
+ private String[] mAllowedEncryptionAlgorithm;
+ private Random mRandom = null;
+ private int mNonceSizeLimit = 0;
+ protected ILogger mLogger = CMS.getLogger();
+ private ICertificateAuthority ca;
+ /* for hashing challenge password */
+ protected MessageDigest mSHADigest = null;
+
+ private static final String PROP_SUBSTORENAME = "substorename";
+ private static final String PROP_AUTHORITY = "authority";
+ private static final String PROP_CRS = "crs";
+ private static final String PROP_CRSCA = "casubsystem";
+ private static final String PROP_CRSAUTHMGR = "authName";
+ private static final String PROP_APPENDDN = "appendDN";
+ private static final String PROP_CREATEENTRY = "createEntry";
+ private static final String PROP_FLATTENDN = "flattenDN";
+ private static final String PROP_ENTRYOC = "entryObjectclass";
+
+ // URL parameters
+ private static final String URL_OPERATION = "operation";
+ private static final String URL_MESSAGE = "message";
+
+ // possible values for 'operation'
+ private static final String OP_GETCACERT = "GetCACert";
+ private static final String OP_PKIOPERATION = "PKIOperation";
+
+ public static final String AUTH_PASSWORD = "pwd";
+
+ public static final String AUTH_CREDS = "AuthCreds";
+ public static final String AUTH_TOKEN = "AuthToken";
+ public static final String AUTH_FAILED = "AuthFailed";
+
+ public static final String SANE_DNSNAME = "DNSName";
+ public static final String SANE_IPADDRESS = "IPAddress";
+
+ public static final String CERTINFO = "CertInfo";
+ public static final String SUBJECTNAME = "SubjectName";
+
+ public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null;
+ public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null;
+ public static ObjectIdentifier OID_SERIALNUMBER = null;
+
+ public CRSEnrollment() {
}
- catch (NoSuchAlgorithmException e) {
- }
-
- mRandom = new Random();
- }
-
-
- /**
- *
- * Service a CRS Request. It all starts here. This is where the message from the
- * router is processed
- *
- * @param httpReq The HttpServletRequest.
- * @param httpResp The HttpServletResponse.
- *
- */
- public void service(HttpServletRequest httpReq,
- HttpServletResponse httpResp)
- throws ServletException
- {
- boolean running_state = CMS.isInRunningState();
- if (!running_state)
- throw new ServletException(
- "CMS server is not ready to serve.");
+
+ public static Hashtable toHashtable(HttpServletRequest req) {
+ Hashtable httpReqHash = new Hashtable();
+ Enumeration names = req.getParameterNames();
+ while (names.hasMoreElements()) {
+ String name = (String) names.nextElement();
+ httpReqHash.put(name, req.getParameter(name));
+ }
+ return httpReqHash;
+ }
+
+ public void init(ServletConfig sc) {
+ // Find the CertificateAuthority we should use for CRS.
+ String crsCA = sc.getInitParameter(PROP_AUTHORITY);
+ if (crsCA == null)
+ crsCA = "ca";
+ mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA);
+ ca = (ICertificateAuthority) mAuthority;
+
+ if (mAuthority == null) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA));
+ }
+
+ try {
+ if (mAuthority instanceof ISubsystem) {
+ IConfigStore authorityConfig = ((ISubsystem) mAuthority)
+ .getConfigStore();
+ IConfigStore scepConfig = authorityConfig.getSubStore("scep");
+ mEnabled = scepConfig.getBoolean("enable", false);
+ mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1");
+ mConfiguredEncryptionAlgorithm = scepConfig.getString(
+ "encryptionAlgorithm", "DES3");
+ mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0);
+ mHashAlgorithmList = scepConfig.getString(
+ "allowedHashAlgorithms", "SHA1,SHA256,SHA512");
+ mAllowedHashAlgorithm = mHashAlgorithmList.split(",");
+ mEncryptionAlgorithmList = scepConfig.getString(
+ "allowedEncryptionAlgorithms", "DES3");
+ mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList
+ .split(",");
+ mNickname = scepConfig.getString("nickname", ca.getNickname());
+ if (mNickname.equals(ca.getNickname())) {
+ mTokenName = ca.getSigningUnit().getTokenName();
+ } else {
+ mTokenName = scepConfig.getString("tokenname", "");
+ mUseCA = false;
+ }
+ if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN)
+ || mTokenName
+ .equalsIgnoreCase("Internal Key Storage Token") || mTokenName
+ .length() == 0)) {
+ int i = mNickname.indexOf(':');
+ if (!((i > -1) && (mTokenName.length() == i) && (mNickname
+ .startsWith(mTokenName)))) {
+ mNickname = mTokenName + ":" + mNickname;
+ }
+ }
+ }
+ } catch (EBaseException e) {
+ CMS.debug("CRSEnrollment: init: EBaseException: " + e);
+ }
+ mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
+ CMS.debug("CRSEnrollment: init: SCEP support is "
+ + ((mEnabled) ? "enabled" : "disabled") + ".");
+ CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname);
+ CMS.debug("CRSEnrollment: init: CA nickname: " + ca.getNickname());
+ CMS.debug("CRSEnrollment: init: Token name: " + mTokenName);
+ CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA);
+ CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit);
+ CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm);
+ CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "
+ + mHashAlgorithmList);
+ for (int i = 0; i < mAllowedHashAlgorithm.length; i++) {
+ mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim();
+ CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]="
+ + mAllowedHashAlgorithm[i]);
+ }
+ CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "
+ + mEncryptionAlgorithm);
+ CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "
+ + mEncryptionAlgorithmList);
+ for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) {
+ mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i]
+ .trim();
+ CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i
+ + "]=" + mAllowedEncryptionAlgorithm[i]);
+ }
+
+ try {
+ mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile");
+ mProfileId = sc.getInitParameter("profileId");
+ CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId);
+
+ mAuthSubsystem = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
+ mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR);
+ mAppendDN = sc.getInitParameter(PROP_APPENDDN);
+ String tmp = sc.getInitParameter(PROP_CREATEENTRY);
+ if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
+ mCreateEntry = true;
+ else
+ mCreateEntry = false;
+ tmp = sc.getInitParameter(PROP_FLATTENDN);
+ if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
+ mFlattenDN = true;
+ else
+ mFlattenDN = false;
+ mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC);
+ if (mEntryObjectclass == null)
+ mEntryObjectclass = "cep";
+ mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME);
+ if (mSubstoreName == null)
+ mSubstoreName = "default";
+ } catch (Exception e) {
+ }
+
+ OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid(
+ "UNSTRUCTUREDNAME");
+ OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid(
+ "UNSTRUCTUREDADDRESS");
+ OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER");
+
+ try {
+ mSHADigest = MessageDigest.getInstance("SHA1");
+ } catch (NoSuchAlgorithmException e) {
+ }
+
+ mRandom = new Random();
+ }
+
+ /**
+ *
+ * Service a CRS Request. It all starts here. This is where the message from
+ * the router is processed
+ *
+ * @param httpReq The HttpServletRequest.
+ * @param httpResp The HttpServletResponse.
+ *
+ */
+ public void service(HttpServletRequest httpReq, HttpServletResponse httpResp)
+ throws ServletException {
+ boolean running_state = CMS.isInRunningState();
+ if (!running_state)
+ throw new ServletException("CMS server is not ready to serve.");
String operation = null;
- String message = null;
+ String message = null;
mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
-
-
+
// Parse the URL from the HTTP Request. Split it up into
// a structure which enables us to read the form elements
IArgBlock input = CMS.createArgBlock(toHashtable(httpReq));
-
- try {
+
+ try {
// Read in two form parameters - the router sets these
- operation = (String)input.get(URL_OPERATION);
+ operation = (String) input.get(URL_OPERATION);
CMS.debug("operation=" + operation);
- message = (String)input.get(URL_MESSAGE);
+ message = (String) input.get(URL_MESSAGE);
CMS.debug("message=" + message);
-
+
if (!mEnabled) {
CMS.debug("CRSEnrollment: SCEP support is disabled.");
throw new ServletException("SCEP support is disabled.");
}
if (operation == null) {
// 'operation' is mandatory.
- throw new ServletException("Bad request: operation missing from URL");
+ throw new ServletException(
+ "Bad request: operation missing from URL");
}
-
- /**
- * the router can make two kinds of requests
- * 1) simple request for CA cert
- * 2) encoded, signed, enveloped request for anything else (PKIOperation)
+
+ /**
+ * the router can make two kinds of requests 1) simple request for
+ * CA cert 2) encoded, signed, enveloped request for anything else
+ * (PKIOperation)
*/
-
+
if (operation.equals(OP_GETCACERT)) {
- handleGetCACert(httpReq, httpResp);
- }
- else if (operation.equals(OP_PKIOPERATION)) {
- String decodeMode = (String)input.get("decode");
+ handleGetCACert(httpReq, httpResp);
+ } else if (operation.equals(OP_PKIOPERATION)) {
+ String decodeMode = (String) input.get("decode");
if (decodeMode == null || decodeMode.equals("false")) {
- handlePKIOperation(httpReq, httpResp, message);
+ handlePKIOperation(httpReq, httpResp, message);
} else {
- decodePKIMessage(httpReq, httpResp, message);
+ decodePKIMessage(httpReq, httpResp, message);
}
- }
- else {
+ } else {
CMS.debug("Invalid operation " + operation);
- throw new ServletException("unknown operation requested: "+operation);
+ throw new ServletException("unknown operation requested: "
+ + operation);
}
-
- }
- catch (ServletException e)
- {
+
+ } catch (ServletException e) {
CMS.debug("ServletException " + e);
throw new ServletException(e.getMessage().toString());
+ } catch (Exception e) {
+ CMS.debug("Service exception " + e);
+ log(ILogger.LL_FAILURE, e.getMessage());
}
- catch (Exception e)
- {
- CMS.debug("Service exception " + e);
- log(ILogger.LL_FAILURE,e.getMessage());
- }
-
+
}
/**
- * Log a message to the system log
+ * Log a message to the system log
*/
-
private void log(int level, String msg) {
-
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
- level, "CEP Enrollment: "+msg);
+
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
+ "CEP Enrollment: " + msg);
}
- private boolean isAlgorithmAllowed (String[] allowedAlgorithm, String algorithm) {
+ private boolean isAlgorithmAllowed(String[] allowedAlgorithm,
+ String algorithm) {
boolean allowed = false;
if (algorithm != null && algorithm.length() > 0) {
@@ -428,8 +433,9 @@ protected IProfileSubsystem mProfileSubsystem = null;
return allowed;
}
- public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator,
- HttpServletRequest request) throws EBaseException {
+ public IAuthToken authenticate(AuthCredentials credentials,
+ IProfileAuthenticator authenticator, HttpServletRequest request)
+ throws EBaseException {
// build credential
Enumeration authNames = authenticator.getValueNames();
@@ -445,313 +451,319 @@ protected IProfileSubsystem mProfileSubsystem = null;
credentials.set("clientHost", request.getRemoteHost());
IAuthToken authToken = authenticator.authenticate(credentials);
if (authToken == null) {
- return null;
+ return null;
}
SessionContext sc = SessionContext.getContext();
if (sc != null) {
- sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
- String userid = authToken.getInString(IAuthToken.USER_ID);
- if (userid != null) {
- sc.put(SessionContext.USER_ID, userid);
- }
+ sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+ String userid = authToken.getInString(IAuthToken.USER_ID);
+ if (userid != null) {
+ sc.put(SessionContext.USER_ID, userid);
+ }
}
return authToken;
}
- /**
- * Return the CA certificate back to the requestor.
- * This needs to be changed so that if the CA has a certificate chain,
- * the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no
- * signerInfo)
- */
-
- public void handleGetCACert(HttpServletRequest httpReq,
- HttpServletResponse httpResp)
- throws ServletException {
- java.security.cert.X509Certificate[] chain = null;
-
- CertificateChain certChain = mAuthority.getCACertChain();
-
- try {
- if (certChain == null) {
- throw new ServletException("Internal Error: cannot get CA Cert");
- }
-
- chain = certChain.getChain();
-
- byte[] bytes = null;
-
- int i = 0;
- String message = (String)httpReq.getParameter(URL_MESSAGE);
- CMS.debug("handleGetCACert message=" + message);
- if (message != null) {
+ /**
+ * Return the CA certificate back to the requestor. This needs to be changed
+ * so that if the CA has a certificate chain, the whole thing should get
+ * packaged as a PKIMessage (degnerate PKCS7 - no signerInfo)
+ */
+
+ public void handleGetCACert(HttpServletRequest httpReq,
+ HttpServletResponse httpResp) throws ServletException {
+ java.security.cert.X509Certificate[] chain = null;
+
+ CertificateChain certChain = mAuthority.getCACertChain();
+
+ try {
+ if (certChain == null) {
+ throw new ServletException("Internal Error: cannot get CA Cert");
+ }
+
+ chain = certChain.getChain();
+
+ byte[] bytes = null;
+
+ int i = 0;
+ String message = (String) httpReq.getParameter(URL_MESSAGE);
+ CMS.debug("handleGetCACert message=" + message);
+ if (message != null) {
+ try {
+ int j = Integer.parseInt(message);
+ if (j < chain.length) {
+ i = j;
+ }
+ } catch (NumberFormatException e1) {
+ }
+ }
+ CMS.debug("handleGetCACert selected chain=" + i);
+
+ if (mUseCA) {
+ bytes = chain[i].getEncoded();
+ } else {
+ CryptoContext cx = new CryptoContext();
+ bytes = cx.getSigningCert().getEncoded();
+ }
+
+ httpResp.setContentType("application/x-x509-ca-cert");
+
+ // The following code may be used one day to encode
+ // the RA/CA cert chain for RA mode, but it will need some
+ // work.
+
+ /******
+ * SET certs = new SET(); for (int i=0; i<chain.length; i++) { ANY
+ * cert = new ANY(chain[i].getEncoded()); certs.addElement(cert); }
+ *
+ * SignedData crsd = new SignedData( new SET(), // empty set of
+ * digestAlgorithmID's new ContentInfo( new OBJECT_IDENTIFIER(new
+ * long[] {1,2,840,113549,1,7,1}), null), //empty content certs,
+ * null, // no CRL's new SET() // empty SignerInfos );
+ *
+ * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA,
+ * crsd);
+ *
+ * ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ * wrap.encode(baos);
+ *
+ * bytes = baos.toByteArray();
+ *
+ * httpResp.setContentType("application/x-x509-ca-ra-cert");
+ *****/
+
+ httpResp.setContentLength(bytes.length);
+ httpResp.getOutputStream().write(bytes);
+ httpResp.getOutputStream().flush();
+
+ CMS.debug("Output certificate chain:");
+ CMS.debug(bytes);
+ } catch (Exception e) {
+ CMS.debug("handleGetCACert exception " + e);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",
+ e.getMessage()));
+ throw new ServletException(
+ "Failed sending DER encoded version of CA cert to client");
+ }
+
+ }
+
+ public String getPasswordFromP10(PKCS10 p10) {
+ PKCS10Attributes p10atts = p10.getAttributes();
+ Enumeration e = p10atts.getElements();
+
+ try {
+ while (e.hasMoreElements()) {
+ PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+ CertAttrSet attr = p10a.getAttributeValue();
+
+ if (attr.getName().equals(ChallengePassword.NAME)) {
+ if (attr.get(ChallengePassword.PASSWORD) != null) {
+ return (String) attr.get(ChallengePassword.PASSWORD);
+ }
+ }
+ }
+ } catch (Exception e1) {
+ // do nothing
+ }
+ return null;
+ }
+
+ /**
+ * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a
+ * PKIMessage structure. We decode it to see what type message it is.
+ */
+
+ /**
+ * Decodes the PKI message and return information to RA.
+ */
+ public void decodePKIMessage(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, String msg) throws ServletException {
+
+ CryptoContext cx = null;
+
+ CRSPKIMessage req = null;
+
+ byte[] decodedPKIMessage;
+ byte[] response = null;
+ String responseData = "";
+
+ decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
+
+ try {
+ ByteArrayInputStream is = new ByteArrayInputStream(
+ decodedPKIMessage);
+
+ // We make two CRSPKIMessages. One of them, is the request, so we
+ // initialize
+ // it from the DER given to us from the router.
+ // The second is the response, and we'll fill this in as we go.
+
+ if (decodedPKIMessage.length < 50) {
+ throw new ServletException(
+ "CRS request is too small to be a real request ("
+ + decodedPKIMessage.length + " bytes)");
+ }
+ try {
+ req = new CRSPKIMessage(is);
+ String ea = req.getEncryptionAlgorithm();
+ if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
+ CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '"
+ + ea
+ + "' is not allowed ("
+ + mEncryptionAlgorithmList + ").");
+ throw new ServletException("Encryption algorithm '" + ea
+ + "' is not allowed (" + mEncryptionAlgorithmList
+ + ").");
+ }
+ String da = req.getDigestAlgorithmName();
+ if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
+ CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '"
+ + da
+ + "' is not allowed ("
+ + mHashAlgorithmList
+ + ").");
+ throw new ServletException("Hashing algorithm '" + da
+ + "' is not allowed (" + mHashAlgorithmList + ").");
+ }
+ if (ea != null) {
+ mEncryptionAlgorithm = ea;
+ }
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new ServletException("Could not decode the request.");
+ }
+
+ // Create a new crypto context for doing all the crypto operations
+ cx = new CryptoContext();
+
+ // Verify Signature on message (throws exception if sig bad)
+ verifyRequest(req, cx);
+ unwrapPKCS10(req, cx);
+
+ IProfile profile = mProfileSubsystem.getProfile(mProfileId);
+ if (profile == null) {
+ CMS.debug("Profile '" + mProfileId + "' not found.");
+ throw new ServletException("Profile '" + mProfileId
+ + "' not found.");
+ } else {
+ CMS.debug("Found profile '" + mProfileId + "'.");
+ }
+
+ IProfileAuthenticator authenticator = null;
try {
- int j = Integer.parseInt(message);
- if (j < chain.length) {
- i = j;
- }
- } catch (NumberFormatException e1) {
+ CMS.debug("Retrieving authenticator");
+ authenticator = profile.getAuthenticator();
+ if (authenticator == null) {
+ CMS.debug("Authenticator not found.");
+ throw new ServletException("Authenticator not found.");
+ } else {
+ CMS.debug("Got authenticator="
+ + authenticator.getClass().getName());
+ }
+ } catch (EProfileException e) {
+ throw new ServletException("Authenticator not found.");
}
- }
- CMS.debug("handleGetCACert selected chain=" + i);
-
- if (mUseCA) {
- bytes = chain[i].getEncoded();
- } else {
- CryptoContext cx = new CryptoContext();
- bytes = cx.getSigningCert().getEncoded();
- }
-
- httpResp.setContentType("application/x-x509-ca-cert");
-
-
-// The following code may be used one day to encode
-// the RA/CA cert chain for RA mode, but it will need some
-// work.
-
- /******
- SET certs = new SET();
- for (int i=0; i<chain.length; i++) {
- ANY cert = new ANY(chain[i].getEncoded());
- certs.addElement(cert);
- }
-
- SignedData crsd = new SignedData(
- new SET(), // empty set of digestAlgorithmID's
- new ContentInfo(
- new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}),
- null), //empty content
- certs,
- null, // no CRL's
- new SET() // empty SignerInfos
- );
-
- ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd);
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- wrap.encode(baos);
-
- bytes = baos.toByteArray();
-
- httpResp.setContentType("application/x-x509-ca-ra-cert");
- *****/
-
- httpResp.setContentLength(bytes.length);
- httpResp.getOutputStream().write(bytes);
- httpResp.getOutputStream().flush();
-
- CMS.debug("Output certificate chain:");
- CMS.debug(bytes);
- }
- catch (Exception e) {
- CMS.debug("handleGetCACert exception " + e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",e.getMessage()));
- throw new ServletException("Failed sending DER encoded version of CA cert to client");
- }
-
- }
-
- public String getPasswordFromP10(PKCS10 p10)
- {
- PKCS10Attributes p10atts = p10.getAttributes();
- Enumeration e = p10atts.getElements();
-
- try {
- while (e.hasMoreElements()) {
- PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
- CertAttrSet attr = p10a.getAttributeValue();
-
- if (attr.getName().equals(ChallengePassword.NAME)) {
- if (attr.get(ChallengePassword.PASSWORD) != null) {
- return (String)attr.get(ChallengePassword.PASSWORD);
- }
- }
- }
- } catch(Exception e1) {
- // do nothing
- }
- return null;
- }
-
- /**
- * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a
- * PKIMessage structure. We decode it to see what type message it is.
- */
-
- /**
- * Decodes the PKI message and return information to RA.
- */
- public void decodePKIMessage(HttpServletRequest httpReq,
- HttpServletResponse httpResp,
- String msg)
- throws ServletException {
-
- CryptoContext cx=null;
-
- CRSPKIMessage req=null;
-
- byte[] decodedPKIMessage;
- byte[] response=null;
- String responseData = "";
-
- decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
-
- try {
- ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
- // We make two CRSPKIMessages. One of them, is the request, so we initialize
- // it from the DER given to us from the router.
- // The second is the response, and we'll fill this in as we go.
-
- if (decodedPKIMessage.length < 50) {
- throw new ServletException("CRS request is too small to be a real request ("+
- decodedPKIMessage.length+" bytes)");
- }
- try {
- req = new CRSPKIMessage(is);
- String ea = req.getEncryptionAlgorithm();
- if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) {
- CMS.debug("CRSEnrollment: decodePKIMessage: Encryption algorithm '"+ea+
- "' is not allowed ("+mEncryptionAlgorithmList+").");
- throw new ServletException("Encryption algorithm '"+ea+
- "' is not allowed ("+mEncryptionAlgorithmList+").");
+ AuthCredentials credentials = new AuthCredentials();
+ IAuthToken authToken = null;
+ // for ssl authentication; pass in servlet for retrieving
+ // ssl client certificates
+ SessionContext context = SessionContext.getContext();
+
+ // insert profile context so that input parameter can be retrieved
+ context.put("sslClientCertProvider", new SSLClientCertProvider(
+ httpReq));
+
+ try {
+ authToken = authenticate(credentials, authenticator, httpReq);
+ } catch (Exception e) {
+ CMS.debug("Authentication failure: " + e.getMessage());
+ throw new ServletException("Authentication failure: "
+ + e.getMessage());
}
- String da = req.getDigestAlgorithmName();
- if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) {
- CMS.debug("CRSEnrollment: decodePKIMessage: Hashing algorithm '"+da+
- "' is not allowed ("+mHashAlgorithmList+").");
- throw new ServletException("Hashing algorithm '"+da+
- "' is not allowed ("+mHashAlgorithmList+").");
+ if (authToken == null) {
+ CMS.debug("Authentication failure.");
+ throw new ServletException("Authentication failure.");
}
- if (ea != null) {
- mEncryptionAlgorithm = ea;
- }
- }
- catch (Exception e) {
- CMS.debug(e);
- throw new ServletException("Could not decode the request.");
- }
-
- // Create a new crypto context for doing all the crypto operations
- cx = new CryptoContext();
-
- // Verify Signature on message (throws exception if sig bad)
- verifyRequest(req,cx);
- unwrapPKCS10(req,cx);
-
- IProfile profile = mProfileSubsystem.getProfile(mProfileId);
- if (profile == null) {
- CMS.debug("Profile '" + mProfileId + "' not found.");
- throw new ServletException("Profile '" + mProfileId + "' not found.");
- } else {
- CMS.debug("Found profile '" + mProfileId + "'.");
- }
-
- IProfileAuthenticator authenticator = null;
- try {
- CMS.debug("Retrieving authenticator");
- authenticator = profile.getAuthenticator();
- if (authenticator == null) {
- CMS.debug("Authenticator not found.");
- throw new ServletException("Authenticator not found.");
- } else {
- CMS.debug("Got authenticator=" + authenticator.getClass().getName());
- }
- } catch (EProfileException e) {
- throw new ServletException("Authenticator not found.");
- }
- AuthCredentials credentials = new AuthCredentials();
- IAuthToken authToken = null;
- // for ssl authentication; pass in servlet for retrieving
- // ssl client certificates
- SessionContext context = SessionContext.getContext();
-
- // insert profile context so that input parameter can be retrieved
- context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq));
-
- try {
- authToken = authenticate(credentials, authenticator, httpReq);
- } catch (Exception e) {
- CMS.debug("Authentication failure: "+ e.getMessage());
- throw new ServletException("Authentication failure: "+ e.getMessage());
- }
- if (authToken == null) {
- CMS.debug("Authentication failure.");
- throw new ServletException("Authentication failure.");
- }
-
- // Deal with Transaction ID
- String transactionID = req.getTransactionID();
- responseData = responseData +
- "<TransactionID>" + transactionID + "</TransactionID>";
-
- // End-User or RA's IP address
- responseData = responseData +
- "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>";
-
- responseData = responseData +
- "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>";
-
- // Deal with Nonces
- byte[] sn = req.getSenderNonce();
-
- // Deal with message type
- String mt = req.getMessageType();
- responseData = responseData +
- "<MessageType>" + mt + "</MessageType>";
-
- PKCS10 p10 = (PKCS10)req.getP10();
- X500Name p10subject = p10.getSubjectName();
- responseData = responseData +
- "<SubjectName>" + p10subject.toString() + "</SubjectName>";
-
- String pkcs10Attr = "";
- PKCS10Attributes p10atts = p10.getAttributes();
- Enumeration e = p10atts.getElements();
-
- while (e.hasMoreElements()) {
- PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
- CertAttrSet attr = p10a.getAttributeValue();
-
-
- if (attr.getName().equals(ChallengePassword.NAME)) {
- if (attr.get(ChallengePassword.PASSWORD) != null) {
- pkcs10Attr = pkcs10Attr +
- "<ChallengePassword><Password>" + (String)attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>";
- }
-
- }
- String extensionsStr = "";
- if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
- Enumeration exts = ((ExtensionsRequested)attr).getExtensions().elements();
- while (exts.hasMoreElements()) {
- Extension ext = (Extension) exts.nextElement();
-
- if (ext.getExtensionId().equals(
- OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) {
- DerOutputStream dos = new DerOutputStream();
- SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension(
- Boolean.valueOf(false), // noncritical
- ext.getExtensionValue());
-
-
- Vector v =
- (Vector) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME);
-
- Enumeration gne = v.elements();
- StringBuffer subjAltNameStr = new StringBuffer();
- while (gne.hasMoreElements()) {
- GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement();
- if (gni instanceof GeneralName) {
- GeneralName genName = (GeneralName) gni;
+ // Deal with Transaction ID
+ String transactionID = req.getTransactionID();
+ responseData = responseData + "<TransactionID>" + transactionID
+ + "</TransactionID>";
+
+ // End-User or RA's IP address
+ responseData = responseData + "<RemoteAddr>"
+ + httpReq.getRemoteAddr() + "</RemoteAddr>";
+
+ responseData = responseData + "<RemoteHost>"
+ + httpReq.getRemoteHost() + "</RemoteHost>";
+
+ // Deal with Nonces
+ byte[] sn = req.getSenderNonce();
+
+ // Deal with message type
+ String mt = req.getMessageType();
+ responseData = responseData + "<MessageType>" + mt
+ + "</MessageType>";
+
+ PKCS10 p10 = (PKCS10) req.getP10();
+ X500Name p10subject = p10.getSubjectName();
+ responseData = responseData + "<SubjectName>"
+ + p10subject.toString() + "</SubjectName>";
+
+ String pkcs10Attr = "";
+ PKCS10Attributes p10atts = p10.getAttributes();
+ Enumeration e = p10atts.getElements();
+
+ while (e.hasMoreElements()) {
+ PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+ CertAttrSet attr = p10a.getAttributeValue();
- String gn = genName.toString();
- int colon = gn.indexOf(':');
- String gnType = gn.substring(0,colon).trim();
- String gnValue = gn.substring(colon+1).trim();
+ if (attr.getName().equals(ChallengePassword.NAME)) {
+ if (attr.get(ChallengePassword.PASSWORD) != null) {
+ pkcs10Attr = pkcs10Attr
+ + "<ChallengePassword><Password>"
+ + (String) attr.get(ChallengePassword.PASSWORD)
+ + "</Password></ChallengePassword>";
+ }
+
+ }
+ String extensionsStr = "";
+ if (attr.getName().equals(ExtensionsRequested.NAME)) {
+
+ Enumeration exts = ((ExtensionsRequested) attr)
+ .getExtensions().elements();
+ while (exts.hasMoreElements()) {
+ Extension ext = (Extension) exts.nextElement();
+
+ if (ext.getExtensionId()
+ .equals(OIDMap
+ .getOID(SubjectAlternativeNameExtension.IDENT))) {
+ DerOutputStream dos = new DerOutputStream();
+ SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension(
+ Boolean.valueOf(false), // noncritical
+ ext.getExtensionValue());
+
+ Vector v = (Vector) sane
+ .get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+
+ Enumeration gne = v.elements();
+
+ StringBuffer subjAltNameStr = new StringBuffer();
+ while (gne.hasMoreElements()) {
+ GeneralNameInterface gni = (GeneralNameInterface) gne
+ .nextElement();
+ if (gni instanceof GeneralName) {
+ GeneralName genName = (GeneralName) gni;
+
+ String gn = genName.toString();
+ int colon = gn.indexOf(':');
+ String gnType = gn.substring(0, colon)
+ .trim();
+ String gnValue = gn.substring(colon + 1)
+ .trim();
subjAltNameStr.append("<");
subjAltNameStr.append(gnType);
@@ -760,1465 +772,1460 @@ protected IProfileSubsystem mProfileSubsystem = null;
subjAltNameStr.append("</");
subjAltNameStr.append(gnType);
subjAltNameStr.append(">");
- }
- } // while
- extensionsStr = "<SubjAltName>" +
- subjAltNameStr.toString() + "</SubjAltName>";
- } // if
- } // while
- pkcs10Attr = pkcs10Attr +
- "<Extensions>" + extensionsStr + "</Extensions>";
- } // if extensions
- } // while
- responseData = responseData +
- "<PKCS10>" + pkcs10Attr + "</PKCS10>";
-
- } catch (ServletException e) {
- throw new ServletException(e.getMessage().toString());
- } catch (CRSInvalidSignatureException e) {
- CMS.debug("handlePKIMessage exception " + e);
- CMS.debug(e);
- } catch (Exception e) {
- CMS.debug("handlePKIMessage exception " + e);
- CMS.debug(e);
- throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage());
- }
-
- // We have now processed the request, and need to make the response message
-
- try {
-
- responseData = "<XMLResponse>" + responseData + "</XMLResponse>";
- // Get the response coding
- response = responseData.getBytes();
-
- // Encode the httpResp into B64
- httpResp.setContentType("application/xml");
- httpResp.setContentLength(response.length);
- httpResp.getOutputStream().write(response);
- httpResp.getOutputStream().flush();
-
- int i1 = responseData.indexOf("<Password>");
- if (i1 > -1) {
- i1 += 10; // 10 is a length of "<Password>"
- int i2 = responseData.indexOf("</Password>", i1);
- if (i2 > -1) {
- responseData = responseData.substring(0, i1) + "********" +
- responseData.substring(i2, responseData.length());
- }
- }
-
- CMS.debug("Output (decoding) PKIOperation response:");
- CMS.debug(responseData);
- }
- catch (Exception e) {
- throw new ServletException("Failed to create response for CEP message"+e.getMessage());
- }
-
- }
-
-
- /**
- * finds a request with this transaction ID.
- * If could not find any request - return null
- * If could only find 'rejected' or 'cancelled' requests, return null
- * If found 'pending' or 'completed' request - return that request
- */
-
-
- public void handlePKIOperation(HttpServletRequest httpReq,
- HttpServletResponse httpResp,
- String msg)
- throws ServletException {
-
-
- CryptoContext cx=null;
-
- CRSPKIMessage req=null;
- CRSPKIMessage crsResp=null;
-
- byte[] decodedPKIMessage;
- byte[] response=null;
- X509CertImpl cert = null;
-
- decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
-
- try {
- ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
- // We make two CRSPKIMessages. One of them, is the request, so we initialize
- // it from the DER given to us from the router.
- // The second is the response, and we'll fill this in as we go.
-
- if (decodedPKIMessage.length < 50) {
- throw new ServletException("CRS request is too small to be a real request ("+
- decodedPKIMessage.length+" bytes)");
- }
- try {
- req = new CRSPKIMessage(is);
- String ea = req.getEncryptionAlgorithm();
- if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) {
- CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '"+ea+
- "' is not allowed ("+mEncryptionAlgorithmList+").");
- throw new ServletException("Encryption algorithm '"+ea+
- "' is not allowed ("+mEncryptionAlgorithmList+").");
+ }
+ } // while
+ extensionsStr = "<SubjAltName>"
+ + subjAltNameStr.toString()
+ + "</SubjAltName>";
+ } // if
+ } // while
+ pkcs10Attr = pkcs10Attr + "<Extensions>" + extensionsStr
+ + "</Extensions>";
+ } // if extensions
+ } // while
+ responseData = responseData + "<PKCS10>" + pkcs10Attr + "</PKCS10>";
+
+ } catch (ServletException e) {
+ throw new ServletException(e.getMessage().toString());
+ } catch (CRSInvalidSignatureException e) {
+ CMS.debug("handlePKIMessage exception " + e);
+ CMS.debug(e);
+ } catch (Exception e) {
+ CMS.debug("handlePKIMessage exception " + e);
+ CMS.debug(e);
+ throw new ServletException(
+ "Failed to process message in CEP servlet: "
+ + e.getMessage());
+ }
+
+ // We have now processed the request, and need to make the response
+ // message
+
+ try {
+
+ responseData = "<XMLResponse>" + responseData + "</XMLResponse>";
+ // Get the response coding
+ response = responseData.getBytes();
+
+ // Encode the httpResp into B64
+ httpResp.setContentType("application/xml");
+ httpResp.setContentLength(response.length);
+ httpResp.getOutputStream().write(response);
+ httpResp.getOutputStream().flush();
+
+ int i1 = responseData.indexOf("<Password>");
+ if (i1 > -1) {
+ i1 += 10; // 10 is a length of "<Password>"
+ int i2 = responseData.indexOf("</Password>", i1);
+ if (i2 > -1) {
+ responseData = responseData.substring(0, i1) + "********"
+ + responseData.substring(i2, responseData.length());
+ }
+ }
+
+ CMS.debug("Output (decoding) PKIOperation response:");
+ CMS.debug(responseData);
+ } catch (Exception e) {
+ throw new ServletException(
+ "Failed to create response for CEP message"
+ + e.getMessage());
+ }
+
+ }
+
+ /**
+ * finds a request with this transaction ID. If could not find any request -
+ * return null If could only find 'rejected' or 'cancelled' requests, return
+ * null If found 'pending' or 'completed' request - return that request
+ */
+
+ public void handlePKIOperation(HttpServletRequest httpReq,
+ HttpServletResponse httpResp, String msg) throws ServletException {
+
+ CryptoContext cx = null;
+
+ CRSPKIMessage req = null;
+ CRSPKIMessage crsResp = null;
+
+ byte[] decodedPKIMessage;
+ byte[] response = null;
+ X509CertImpl cert = null;
+
+ decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
+
+ try {
+ ByteArrayInputStream is = new ByteArrayInputStream(
+ decodedPKIMessage);
+
+ // We make two CRSPKIMessages. One of them, is the request, so we
+ // initialize
+ // it from the DER given to us from the router.
+ // The second is the response, and we'll fill this in as we go.
+
+ if (decodedPKIMessage.length < 50) {
+ throw new ServletException(
+ "CRS request is too small to be a real request ("
+ + decodedPKIMessage.length + " bytes)");
+ }
+ try {
+ req = new CRSPKIMessage(is);
+ String ea = req.getEncryptionAlgorithm();
+ if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
+ CMS.debug("CRSEnrollment: handlePKIOperation: Encryption algorithm '"
+ + ea
+ + "' is not allowed ("
+ + mEncryptionAlgorithmList + ").");
+ throw new ServletException("Encryption algorithm '" + ea
+ + "' is not allowed (" + mEncryptionAlgorithmList
+ + ").");
+ }
+ String da = req.getDigestAlgorithmName();
+ if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
+ CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '"
+ + da
+ + "' is not allowed ("
+ + mHashAlgorithmList
+ + ").");
+ throw new ServletException("Hashing algorithm '" + da
+ + "' is not allowed (" + mHashAlgorithmList + ").");
+ }
+ if (ea != null) {
+ mEncryptionAlgorithm = ea;
+ }
+ crsResp = new CRSPKIMessage();
+ } catch (ServletException e) {
+ throw new ServletException(e.getMessage().toString());
+ } catch (Exception e) {
+ CMS.debug(e);
+ throw new ServletException("Could not decode the request.");
+ }
+ crsResp.setMessageType(CRSPKIMessage.mType_CertRep);
+
+ // Create a new crypto context for doing all the crypto operations
+ cx = new CryptoContext();
+
+ // Verify Signature on message (throws exception if sig bad)
+ verifyRequest(req, cx);
+
+ // Deal with Transaction ID
+ String transactionID = req.getTransactionID();
+ if (transactionID == null) {
+ throw new ServletException(
+ "Error: malformed PKIMessage - missing transactionID");
+ } else {
+ crsResp.setTransactionID(transactionID);
+ }
+
+ // Deal with Nonces
+ byte[] sn = req.getSenderNonce();
+ if (sn == null) {
+ throw new ServletException(
+ "Error: malformed PKIMessage - missing sendernonce");
+ } else {
+ if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) {
+ byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit]
+ : null;
+ System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit);
+ crsResp.setRecipientNonce(snLimited);
+ } else {
+ crsResp.setRecipientNonce(sn);
+ }
+ byte[] serverNonce = new byte[16];
+ mRandom.nextBytes(serverNonce);
+ crsResp.setSenderNonce(serverNonce);
+ // crsResp.setSenderNonce(new byte[] {0});
+ }
+
+ // Deal with message type
+ String mt = req.getMessageType();
+ if (mt == null) {
+ throw new ServletException(
+ "Error: malformed PKIMessage - missing messageType");
}
- String da = req.getDigestAlgorithmName();
- if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) {
- CMS.debug("CRSEnrollment: handlePKIOperation: Hashing algorithm '"+da+
- "' is not allowed ("+mHashAlgorithmList+").");
- throw new ServletException("Hashing algorithm '"+da+
- "' is not allowed ("+mHashAlgorithmList+").");
+
+ // now run appropriate code, depending on message type
+ if (mt.equals(CRSPKIMessage.mType_PKCSReq)) {
+ CMS.debug("Processing PKCSReq");
+ try {
+ // Check if there is an existing request. If this returns
+ // non-null,
+ // then the request is 'active' (either pending or
+ // completed) in
+ // which case, we compare the hash of the new request to the
+ // hash of the
+ // one in the queue - if they are the same, I return the
+ // state of the
+ // original request - as if it was 'getCertInitial' message.
+ // If the hashes are different, then the user attempted to
+ // enroll
+ // for a new request with the same txid, which is not
+ // allowed -
+ // so we return 'failure'.
+
+ IRequest cmsRequest = findRequestByTransactionID(
+ req.getTransactionID(), true);
+
+ // If there was no request (with a cert) with this
+ // transaction ID,
+ // process it as a new request
+
+ cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx);
+
+ } catch (CRSFailureException e) {
+ throw new ServletException(
+ "Couldn't handle CEP request (PKCSReq) - "
+ + e.getMessage());
+ }
+ } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) {
+ CMS.debug("Processing GetCertInitial");
+ cert = handleGetCertInitial(req, crsResp);
+ } else {
+ CMS.debug("Invalid request type " + mt);
}
- if (ea != null) {
- mEncryptionAlgorithm = ea;
- }
- crsResp = new CRSPKIMessage();
- }
- catch (ServletException e) {
- throw new ServletException(e.getMessage().toString());
- }
- catch (Exception e) {
+ } catch (ServletException e) {
+ throw new ServletException(e.getMessage().toString());
+ } catch (CRSInvalidSignatureException e) {
+ CMS.debug("handlePKIMessage exception " + e);
CMS.debug(e);
- throw new ServletException("Could not decode the request.");
- }
- crsResp.setMessageType(CRSPKIMessage.mType_CertRep);
-
- // Create a new crypto context for doing all the crypto operations
- cx = new CryptoContext();
-
- // Verify Signature on message (throws exception if sig bad)
- verifyRequest(req,cx);
-
- // Deal with Transaction ID
- String transactionID = req.getTransactionID();
- if (transactionID == null) {
- throw new ServletException("Error: malformed PKIMessage - missing transactionID");
- }
- else {
- crsResp.setTransactionID(transactionID);
- }
-
- // Deal with Nonces
- byte[] sn = req.getSenderNonce();
- if (sn == null) {
- throw new ServletException("Error: malformed PKIMessage - missing sendernonce");
- }
- else {
- if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) {
- byte[] snLimited = (mNonceSizeLimit > 0)? new byte[mNonceSizeLimit]: null;
- System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit);
- crsResp.setRecipientNonce(snLimited);
- } else {
- crsResp.setRecipientNonce(sn);
- }
- byte[] serverNonce = new byte[16];
- mRandom.nextBytes(serverNonce);
- crsResp.setSenderNonce(serverNonce);
- // crsResp.setSenderNonce(new byte[] {0});
- }
-
- // Deal with message type
- String mt = req.getMessageType();
- if (mt == null) {
- throw new ServletException("Error: malformed PKIMessage - missing messageType");
- }
-
- // now run appropriate code, depending on message type
- if (mt.equals(CRSPKIMessage.mType_PKCSReq)) {
- CMS.debug("Processing PKCSReq");
- try {
- // Check if there is an existing request. If this returns non-null,
- // then the request is 'active' (either pending or completed) in
- // which case, we compare the hash of the new request to the hash of the
- // one in the queue - if they are the same, I return the state of the
- // original request - as if it was 'getCertInitial' message.
- // If the hashes are different, then the user attempted to enroll
- // for a new request with the same txid, which is not allowed -
- // so we return 'failure'.
-
- IRequest cmsRequest= findRequestByTransactionID(req.getTransactionID(),true);
-
- // If there was no request (with a cert) with this transaction ID,
- // process it as a new request
-
- cert = handlePKCSReq(httpReq, cmsRequest,req,crsResp,cx);
-
- }
- catch (CRSFailureException e) {
- throw new ServletException("Couldn't handle CEP request (PKCSReq) - "+e.getMessage());
- }
- }
- else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) {
- CMS.debug("Processing GetCertInitial");
- cert = handleGetCertInitial(req,crsResp);
- } else {
- CMS.debug("Invalid request type " + mt);
- }
- }
- catch (ServletException e) {
- throw new ServletException(e.getMessage().toString());
- }
- catch (CRSInvalidSignatureException e) {
- CMS.debug("handlePKIMessage exception " + e);
- CMS.debug(e);
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
- }
- catch (Exception e) {
- CMS.debug("handlePKIMessage exception " + e);
- CMS.debug(e);
- throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage());
- }
-
- // We have now processed the request, and need to make the response message
-
- try {
- // make the response
- processCertRep(cx, cert,crsResp, req);
-
- // Get the response coding
- response = crsResp.getResponse();
-
- // Encode the crsResp into B64
- httpResp.setContentType("application/x-pki-message");
- httpResp.setContentLength(response.length);
- httpResp.getOutputStream().write(response);
- httpResp.getOutputStream().flush();
-
- CMS.debug("Output PKIOperation response:");
- CMS.debug(CMS.BtoA(response));
- }
- catch (Exception e) {
- throw new ServletException("Failed to create response for CEP message"+e.getMessage());
- }
-
- }
-
-
- /**
- * finds a request with this transaction ID.
- * If could not find any request - return null
- * If could only find 'rejected' or 'cancelled' requests, return null
- * If found 'pending' or 'completed' request - return that request
- */
-
- public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected)
- throws EBaseException {
-
- /* Check if certificate request has been completed */
-
- IRequestQueue rq = ca.getRequestQueue();
- IRequest foundRequest = null;
-
- Enumeration rids = rq.findRequestsBySourceId(txid);
- if (rids == null) { return null; }
-
- int count=0;
- while (rids.hasMoreElements()) {
- RequestId rid = (RequestId) rids.nextElement();
- if (rid == null) {
- continue;
- }
-
- IRequest request = rq.findRequest(rid);
- if (request == null) {
- continue;
- }
- if ( !ignoreRejected ||
- request.getRequestStatus().equals(RequestStatus.PENDING) ||
- request.getRequestStatus().equals(RequestStatus.COMPLETE)) {
- if (foundRequest != null) {
- }
- foundRequest = request;
- }
- }
- return foundRequest;
- }
-
- /**
- * Called if the router is requesting us to send it its certificate
- * Examine request queue for a request matching the transaction ID.
- * Ignore any rejected or cancelled requests.
- *
- * If a request is found in the pending state, the response should be
- * 'pending'
- *
- * If a request is found in the completed state, the response should be
- * to return the certificate
- *
- * If no request is found, the response should be to return null
- *
- */
-
- public X509CertImpl handleGetCertInitial(CRSPKIMessage req,CRSPKIMessage resp)
- {
- IRequest foundRequest=null;
-
- // already done by handlePKIOperation
- // resp.setRecipientNonce(req.getSenderNonce());
- // resp.setSenderNonce(null);
-
- try {
- foundRequest = findRequestByTransactionID(req.getTransactionID(),false);
- } catch (EBaseException e) {
- }
-
- if (foundRequest == null) {
- resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId);
- resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- return null;
- }
-
- return makeResponseFromRequest(req,resp,foundRequest);
- }
-
-
- public void verifyRequest(CRSPKIMessage req, CryptoContext cx)
- throws CRSInvalidSignatureException {
-
- // Get Signed Data
-
- byte[] reqAAbytes = req.getAA();
- byte[] reqAAsig = req.getAADigest();
-
- }
-
-
- /**
- * Create an entry for this user in the publishing directory
- *
- */
-
- private boolean createEntry(String dn)
- {
- boolean result = false;
-
- IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor();
- if (ldapPub == null || !ldapPub.enabled()) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP"));
-
- return result;
- }
-
- ILdapConnFactory connFactory = ((IPublisherProcessor)ldapPub).getLdapConnModule().getLdapConnFactory();
- if (connFactory == null) {
- return result;
- }
-
- LDAPConnection connection=null;
- try {
- connection = connFactory.getConn();
- String[] objectclasses = { "top", mEntryObjectclass };
- LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",objectclasses);
-
- LDAPAttributeSet attrSet = new LDAPAttributeSet();
- attrSet.add(ocAttrs);
-
- LDAPEntry newEntry = new LDAPEntry(dn, attrSet);
- connection.add(newEntry);
- result=true;
- }
- catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS",dn));
- }
- finally {
- try {
- connFactory.returnConn(connection);
- }
- catch (Exception f) {}
- }
- return result;
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+ } catch (Exception e) {
+ CMS.debug("handlePKIMessage exception " + e);
+ CMS.debug(e);
+ throw new ServletException(
+ "Failed to process message in CEP servlet: "
+ + e.getMessage());
+ }
+
+ // We have now processed the request, and need to make the response
+ // message
+
+ try {
+ // make the response
+ processCertRep(cx, cert, crsResp, req);
+
+ // Get the response coding
+ response = crsResp.getResponse();
+
+ // Encode the crsResp into B64
+ httpResp.setContentType("application/x-pki-message");
+ httpResp.setContentLength(response.length);
+ httpResp.getOutputStream().write(response);
+ httpResp.getOutputStream().flush();
+
+ CMS.debug("Output PKIOperation response:");
+ CMS.debug(CMS.BtoA(response));
+ } catch (Exception e) {
+ throw new ServletException(
+ "Failed to create response for CEP message"
+ + e.getMessage());
+ }
+
}
+ /**
+ * finds a request with this transaction ID. If could not find any request -
+ * return null If could only find 'rejected' or 'cancelled' requests, return
+ * null If found 'pending' or 'completed' request - return that request
+ */
+
+ public IRequest findRequestByTransactionID(String txid,
+ boolean ignoreRejected) throws EBaseException {
+ /* Check if certificate request has been completed */
- /**
- * Here we decrypt the PKCS10 message from the client
- *
- */
-
- public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx)
- throws ServletException,
- CryptoManager.NotInitializedException,
- CryptoContext.CryptoContextException,
- CRSFailureException {
-
- byte[] decryptedP10bytes = null;
- SymmetricKey sk;
- SymmetricKey skinternal;
- SymmetricKey.Type skt;
- KeyWrapper kw;
- Cipher cip;
- EncryptionAlgorithm ea;
- boolean errorInRequest = false;
-
- // Unwrap the session key with the Cert server key
- try {
- kw = cx.getKeyWrapper();
-
- kw.initUnwrap(cx.getPrivateKey(),null);
-
- skt = SymmetricKey.Type.DES;
- ea = EncryptionAlgorithm.DES_CBC;
- if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
- skt = SymmetricKey.Type.DES3;
- ea = EncryptionAlgorithm.DES3_CBC;
- }
-
- sk = kw.unwrapSymmetric(req.getWrappedKey(),
- skt,
- SymmetricKey.Usage.DECRYPT,
- 0); // keylength is ignored
-
- skinternal = cx.getDESKeyGenerator().clone(sk);
-
- cip = skinternal.getOwningToken().getCipherContext(ea);
-
- cip.initDecrypt(skinternal,(new IVParameterSpec(req.getIV())));
-
- decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10());
- CMS.debug("decryptedP10bytes:");
- CMS.debug(decryptedP10bytes);
-
- req.setP10(new PKCS10(decryptedP10bytes));
- } catch (Exception e) {
- CMS.debug("failed to unwrap PKCS10 " + e);
- throw new CRSFailureException("Could not unwrap PKCS10 blob: "+e.getMessage());
- }
-
- }
-
-
-
-private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp)
- throws CRSFailureException {
-
- IRequest issueReq = null;
- X509CertImpl issuedCert=null;
- Vector extensionsRequested = null;
- SubjectAlternativeNameExtension sane = null;
- CertAttrSet requested_ext = null;
-
- try {
- PKCS10 p10 = (PKCS10)req.getP10();
-
- if (p10 == null) {
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- throw new CRSFailureException("Failed to decode pkcs10 from CEP request");
- }
-
- AuthCredentials authCreds = new AuthCredentials();
-
- String challengePassword = null;
- // Here, we make a new CertInfo - it's a new start for a certificate
-
- X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
-
- // get some stuff out of the request
- X509Key key = p10.getSubjectPublicKeyInfo();
- X500Name p10subject = p10.getSubjectName();
-
- X500Name subject=null;
-
- // The following code will copy all the attributes
- // into the AuthCredentials so they can be used for
- // authentication
- //
- // Optionally, you can re-map the subject name from:
- // one RDN, with many AVA's to
- // many RDN's with one AVA in each.
-
- Enumeration rdne = p10subject.getRDNs();
- Vector rdnv = new Vector();
-
- Hashtable sanehash = new Hashtable();
-
- X500NameAttrMap xnap = X500NameAttrMap.getDefault();
- while (rdne.hasMoreElements()) {
- RDN rdn = (RDN) rdne.nextElement();
- int i=0;
- AVA[] oldavas = rdn.getAssertion();
- for (i=0; i<rdn.getAssertionLength(); i++) {
- AVA[] newavas = new AVA[1];
- newavas[0] = oldavas[i];
-
- authCreds.set(xnap.getName(oldavas[i].getOid()),
- oldavas[i].getValue().getAsString());
-
- if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) {
-
- sanehash.put(SANE_DNSNAME,oldavas[i].getValue().getAsString());
- }
- if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) {
- sanehash.put(SANE_IPADDRESS,oldavas[i].getValue().getAsString());
- }
-
- RDN newrdn = new RDN(newavas);
- if (mFlattenDN) {
- rdnv.addElement(newrdn);
- }
- }
- }
-
- if (mFlattenDN) subject = new X500Name(rdnv);
- else subject = p10subject;
-
-
- // create default key usage extension
- KeyUsageExtension kue = new KeyUsageExtension();
- kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true));
- kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true));
-
-
- PKCS10Attributes p10atts = p10.getAttributes();
- Enumeration e = p10atts.getElements();
-
- while (e.hasMoreElements()) {
- PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
- CertAttrSet attr = p10a.getAttributeValue();
-
-
- if (attr.getName().equals(ChallengePassword.NAME)) {
- if (attr.get(ChallengePassword.PASSWORD) != null) {
- req.put(AUTH_PASSWORD,
- (String)attr.get(ChallengePassword.PASSWORD));
- req.put(ChallengePassword.NAME,
- hashPassword(
- (String)attr.get(ChallengePassword.PASSWORD)));
- }
- }
-
- if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
- Enumeration exts = ((ExtensionsRequested)attr).getExtensions().elements();
- while (exts.hasMoreElements()) {
- Extension ext = (Extension) exts.nextElement();
-
- if (ext.getExtensionId().equals(
- OIDMap.getOID(KeyUsageExtension.IDENT)) ) {
-
- kue = new KeyUsageExtension(
- new Boolean(false), // noncritical
- ext.getExtensionValue());
- }
-
- if (ext.getExtensionId().equals(
- OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) {
- DerOutputStream dos = new DerOutputStream();
- sane = new SubjectAlternativeNameExtension(
- new Boolean(false), // noncritical
- ext.getExtensionValue());
-
-
- Vector v =
- (Vector) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME);
-
- Enumeration gne = v.elements();
-
- while (gne.hasMoreElements()) {
- GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement();
- if (gni instanceof GeneralName) {
- GeneralName genName = (GeneralName) gni;
-
- String gn = genName.toString();
- int colon = gn.indexOf(':');
- String gnType = gn.substring(0,colon).trim();
- String gnValue = gn.substring(colon+1).trim();
-
- authCreds.set(gnType,gnValue);
- }
- }
- }
- }
- }
- }
-
- if (authCreds != null) req.put(AUTH_CREDS,authCreds);
-
- try {
- if (sane == null) sane = makeDefaultSubjectAltName(sanehash);
- } catch (Exception sane_e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
- sane_e.getMessage()));
- }
-
-
-
- try {
- if (mAppendDN != null && ! mAppendDN.equals("")) {
-
- X500Name newSubject = new X500Name(subject.toString());
- subject = new X500Name( subject.toString().concat(","+mAppendDN));
- }
-
- } catch (Exception sne) {
- log(ILogger.LL_INFO, "Unable to use appendDN parameter: "+mAppendDN+". Error is "+sne.getMessage()+" Using unmodified subjectname");
- }
-
- if (subject != null) req.put(SUBJECTNAME, subject);
-
- if (key == null || subject == null) {
- // log
- //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10);
- }
-
-
-
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
-
- certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subject));
-
- certInfo.set(X509CertInfo.KEY,
- new CertificateX509Key(key));
-
- CertificateExtensions ext = new CertificateExtensions();
-
- if (kue != null) {
- ext.set(KeyUsageExtension.NAME, kue);
- }
-
- // add subjectAltName extension, if present
- if (sane != null) {
- ext.set(SubjectAlternativeNameExtension.NAME, sane);
- }
-
- certInfo.set(X509CertInfo.EXTENSIONS,ext);
-
- req.put(CERTINFO, certInfo);
- } catch (Exception e) {
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- return ;
- } // NEED TO FIX
- }
-
-
- private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable ht) {
-
- // if no subjectaltname extension was requested, we try to make it up
- // from some of the elements of the subject name
-
- int itemCount = ht.size();
- GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()];
-
- itemCount = 0;
- Enumeration en = ht.keys();
- while (en.hasMoreElements()) {
- String key = (String) en.nextElement();
- if (key.equals(SANE_DNSNAME)) {
- gn[itemCount++] = new DNSName((String)ht.get(key));
- }
- if (key.equals(SANE_IPADDRESS)) {
- gn[itemCount++] = new IPAddressName((String)ht.get(key));
+ IRequestQueue rq = ca.getRequestQueue();
+ IRequest foundRequest = null;
+
+ Enumeration rids = rq.findRequestsBySourceId(txid);
+ if (rids == null) {
+ return null;
+ }
+
+ int count = 0;
+ while (rids.hasMoreElements()) {
+ RequestId rid = (RequestId) rids.nextElement();
+ if (rid == null) {
+ continue;
+ }
+
+ IRequest request = rq.findRequest(rid);
+ if (request == null) {
+ continue;
+ }
+ if (!ignoreRejected
+ || request.getRequestStatus().equals(RequestStatus.PENDING)
+ || request.getRequestStatus()
+ .equals(RequestStatus.COMPLETE)) {
+ if (foundRequest != null) {
+ }
+ foundRequest = request;
+ }
}
+ return foundRequest;
}
- try {
- return new SubjectAlternativeNameExtension( new GeneralNames(gn) );
- } catch (Exception e) {
- log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
- e.getMessage()));
- return null;
- }
- }
-
-
-
- // Perform authentication
-
- /*
- * if the authentication is set up for CEP, and the user provides
- * some credential, an attempt is made to authenticate the user
- * If this fails, this method will return true
- * If it is sucessful, this method will return true and
- * an authtoken will be in the request
- *
- * If authentication is not configured, this method will
- * return false. The request will be processed in the usual
- * way, but no authtoken will be in the request.
- *
- * In other word, this method returns true if the request
- * should be aborted, false otherwise.
- */
-
- private boolean authenticateUser(CRSPKIMessage req) {
- boolean authenticationFailed = true;
-
- if (mAuthManagerName == null) {
- return false;
- }
-
- String password = (String)req.get(AUTH_PASSWORD);
-
- AuthCredentials authCreds = (AuthCredentials)req.get(AUTH_CREDS);
-
- if (authCreds == null) {
- authCreds = new AuthCredentials();
- }
-
- // authtoken starts as null
- AuthToken token = null;
-
- if (password != null && !password.equals("")) {
- try {
- authCreds.set(AUTH_PASSWORD,password);
- } catch (Exception e) {}
- }
-
+ /**
+ * Called if the router is requesting us to send it its certificate Examine
+ * request queue for a request matching the transaction ID. Ignore any
+ * rejected or cancelled requests.
+ *
+ * If a request is found in the pending state, the response should be
+ * 'pending'
+ *
+ * If a request is found in the completed state, the response should be to
+ * return the certificate
+ *
+ * If no request is found, the response should be to return null
+ *
+ */
+
+ public X509CertImpl handleGetCertInitial(CRSPKIMessage req,
+ CRSPKIMessage resp) {
+ IRequest foundRequest = null;
+
+ // already done by handlePKIOperation
+ // resp.setRecipientNonce(req.getSenderNonce());
+ // resp.setSenderNonce(null);
+
+ try {
+ foundRequest = findRequestByTransactionID(req.getTransactionID(),
+ false);
+ } catch (EBaseException e) {
+ }
+
+ if (foundRequest == null) {
+ resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId);
+ resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ return null;
+ }
+
+ return makeResponseFromRequest(req, resp, foundRequest);
+ }
+
+ public void verifyRequest(CRSPKIMessage req, CryptoContext cx)
+ throws CRSInvalidSignatureException {
+
+ // Get Signed Data
+
+ byte[] reqAAbytes = req.getAA();
+ byte[] reqAAsig = req.getAADigest();
+
+ }
+
+ /**
+ * Create an entry for this user in the publishing directory
+ *
+ */
+
+ private boolean createEntry(String dn) {
+ boolean result = false;
+
+ IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor();
+ if (ldapPub == null || !ldapPub.enabled()) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP"));
+
+ return result;
+ }
+
+ ILdapConnFactory connFactory = ((IPublisherProcessor) ldapPub)
+ .getLdapConnModule().getLdapConnFactory();
+ if (connFactory == null) {
+ return result;
+ }
+
+ LDAPConnection connection = null;
+ try {
+ connection = connFactory.getConn();
+ String[] objectclasses = { "top", mEntryObjectclass };
+ LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",
+ objectclasses);
+
+ LDAPAttributeSet attrSet = new LDAPAttributeSet();
+ attrSet.add(ocAttrs);
+
+ LDAPEntry newEntry = new LDAPEntry(dn, attrSet);
+ connection.add(newEntry);
+ result = true;
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn));
+ } finally {
+ try {
+ connFactory.returnConn(connection);
+ } catch (Exception f) {
+ }
+ }
+ return result;
+ }
+
+ /**
+ * Here we decrypt the PKCS10 message from the client
+ *
+ */
+
+ public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx)
+ throws ServletException, CryptoManager.NotInitializedException,
+ CryptoContext.CryptoContextException, CRSFailureException {
+
+ byte[] decryptedP10bytes = null;
+ SymmetricKey sk;
+ SymmetricKey skinternal;
+ SymmetricKey.Type skt;
+ KeyWrapper kw;
+ Cipher cip;
+ EncryptionAlgorithm ea;
+ boolean errorInRequest = false;
+
+ // Unwrap the session key with the Cert server key
+ try {
+ kw = cx.getKeyWrapper();
+
+ kw.initUnwrap(cx.getPrivateKey(), null);
+
+ skt = SymmetricKey.Type.DES;
+ ea = EncryptionAlgorithm.DES_CBC;
+ if (mEncryptionAlgorithm != null
+ && mEncryptionAlgorithm.equals("DES3")) {
+ skt = SymmetricKey.Type.DES3;
+ ea = EncryptionAlgorithm.DES3_CBC;
+ }
+
+ sk = kw.unwrapSymmetric(req.getWrappedKey(), skt,
+ SymmetricKey.Usage.DECRYPT, 0); // keylength is ignored
+
+ skinternal = cx.getDESKeyGenerator().clone(sk);
+
+ cip = skinternal.getOwningToken().getCipherContext(ea);
+
+ cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV())));
+
+ decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10());
+ CMS.debug("decryptedP10bytes:");
+ CMS.debug(decryptedP10bytes);
+
+ req.setP10(new PKCS10(decryptedP10bytes));
+ } catch (Exception e) {
+ CMS.debug("failed to unwrap PKCS10 " + e);
+ throw new CRSFailureException("Could not unwrap PKCS10 blob: "
+ + e.getMessage());
+ }
+
+ }
+
+ private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp)
+ throws CRSFailureException {
+
+ IRequest issueReq = null;
+ X509CertImpl issuedCert = null;
+ Vector extensionsRequested = null;
+ SubjectAlternativeNameExtension sane = null;
+ CertAttrSet requested_ext = null;
+
+ try {
+ PKCS10 p10 = (PKCS10) req.getP10();
+
+ if (p10 == null) {
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ throw new CRSFailureException(
+ "Failed to decode pkcs10 from CEP request");
+ }
+
+ AuthCredentials authCreds = new AuthCredentials();
+
+ String challengePassword = null;
+ // Here, we make a new CertInfo - it's a new start for a certificate
+
+ X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
+
+ // get some stuff out of the request
+ X509Key key = p10.getSubjectPublicKeyInfo();
+ X500Name p10subject = p10.getSubjectName();
+
+ X500Name subject = null;
+
+ // The following code will copy all the attributes
+ // into the AuthCredentials so they can be used for
+ // authentication
+ //
+ // Optionally, you can re-map the subject name from:
+ // one RDN, with many AVA's to
+ // many RDN's with one AVA in each.
+
+ Enumeration rdne = p10subject.getRDNs();
+ Vector rdnv = new Vector();
+
+ Hashtable sanehash = new Hashtable();
+
+ X500NameAttrMap xnap = X500NameAttrMap.getDefault();
+ while (rdne.hasMoreElements()) {
+ RDN rdn = (RDN) rdne.nextElement();
+ int i = 0;
+ AVA[] oldavas = rdn.getAssertion();
+ for (i = 0; i < rdn.getAssertionLength(); i++) {
+ AVA[] newavas = new AVA[1];
+ newavas[0] = oldavas[i];
+
+ authCreds.set(xnap.getName(oldavas[i].getOid()), oldavas[i]
+ .getValue().getAsString());
+
+ if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) {
+
+ sanehash.put(SANE_DNSNAME, oldavas[i].getValue()
+ .getAsString());
+ }
+ if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) {
+ sanehash.put(SANE_IPADDRESS, oldavas[i].getValue()
+ .getAsString());
+ }
+
+ RDN newrdn = new RDN(newavas);
+ if (mFlattenDN) {
+ rdnv.addElement(newrdn);
+ }
+ }
+ }
+
+ if (mFlattenDN)
+ subject = new X500Name(rdnv);
+ else
+ subject = p10subject;
+
+ // create default key usage extension
+ KeyUsageExtension kue = new KeyUsageExtension();
+ kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true));
+ kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true));
+
+ PKCS10Attributes p10atts = p10.getAttributes();
+ Enumeration e = p10atts.getElements();
+
+ while (e.hasMoreElements()) {
+ PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+ CertAttrSet attr = p10a.getAttributeValue();
+
+ if (attr.getName().equals(ChallengePassword.NAME)) {
+ if (attr.get(ChallengePassword.PASSWORD) != null) {
+ req.put(AUTH_PASSWORD,
+ (String) attr.get(ChallengePassword.PASSWORD));
+ req.put(ChallengePassword.NAME,
+ hashPassword((String) attr
+ .get(ChallengePassword.PASSWORD)));
+ }
+ }
+
+ if (attr.getName().equals(ExtensionsRequested.NAME)) {
+
+ Enumeration exts = ((ExtensionsRequested) attr)
+ .getExtensions().elements();
+ while (exts.hasMoreElements()) {
+ Extension ext = (Extension) exts.nextElement();
+
+ if (ext.getExtensionId().equals(
+ OIDMap.getOID(KeyUsageExtension.IDENT))) {
+
+ kue = new KeyUsageExtension(new Boolean(false), // noncritical
+ ext.getExtensionValue());
+ }
+
+ if (ext.getExtensionId()
+ .equals(OIDMap
+ .getOID(SubjectAlternativeNameExtension.IDENT))) {
+ DerOutputStream dos = new DerOutputStream();
+ sane = new SubjectAlternativeNameExtension(
+ new Boolean(false), // noncritical
+ ext.getExtensionValue());
+
+ Vector v = (Vector) sane
+ .get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+
+ Enumeration gne = v.elements();
+
+ while (gne.hasMoreElements()) {
+ GeneralNameInterface gni = (GeneralNameInterface) gne
+ .nextElement();
+ if (gni instanceof GeneralName) {
+ GeneralName genName = (GeneralName) gni;
+
+ String gn = genName.toString();
+ int colon = gn.indexOf(':');
+ String gnType = gn.substring(0, colon)
+ .trim();
+ String gnValue = gn.substring(colon + 1)
+ .trim();
+
+ authCreds.set(gnType, gnValue);
+ }
+ }
+ }
+ }
+ }
+ }
+
+ if (authCreds != null)
+ req.put(AUTH_CREDS, authCreds);
+
+ try {
+ if (sane == null)
+ sane = makeDefaultSubjectAltName(sanehash);
+ } catch (Exception sane_e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
+ sane_e.getMessage()));
+ }
+
+ try {
+ if (mAppendDN != null && !mAppendDN.equals("")) {
+
+ X500Name newSubject = new X500Name(subject.toString());
+ subject = new X500Name(subject.toString().concat(
+ "," + mAppendDN));
+ }
+
+ } catch (Exception sne) {
+ log(ILogger.LL_INFO, "Unable to use appendDN parameter: "
+ + mAppendDN + ". Error is " + sne.getMessage()
+ + " Using unmodified subjectname");
+ }
+
+ if (subject != null)
+ req.put(SUBJECTNAME, subject);
+
+ if (key == null || subject == null) {
+ // log
+ // throw new
+ // ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10);
+ }
+
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
+
+ certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ subject));
+
+ certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
+
+ CertificateExtensions ext = new CertificateExtensions();
+
+ if (kue != null) {
+ ext.set(KeyUsageExtension.NAME, kue);
+ }
+
+ // add subjectAltName extension, if present
+ if (sane != null) {
+ ext.set(SubjectAlternativeNameExtension.NAME, sane);
+ }
+
+ certInfo.set(X509CertInfo.EXTENSIONS, ext);
+
+ req.put(CERTINFO, certInfo);
+ } catch (Exception e) {
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ return;
+ } // NEED TO FIX
+ }
+
+ private SubjectAlternativeNameExtension makeDefaultSubjectAltName(
+ Hashtable ht) {
+
+ // if no subjectaltname extension was requested, we try to make it up
+ // from some of the elements of the subject name
+
+ int itemCount = ht.size();
+ GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()];
+
+ itemCount = 0;
+ Enumeration en = ht.keys();
+ while (en.hasMoreElements()) {
+ String key = (String) en.nextElement();
+ if (key.equals(SANE_DNSNAME)) {
+ gn[itemCount++] = new DNSName((String) ht.get(key));
+ }
+ if (key.equals(SANE_IPADDRESS)) {
+ gn[itemCount++] = new IPAddressName((String) ht.get(key));
+ }
+ }
+
+ try {
+ return new SubjectAlternativeNameExtension(new GeneralNames(gn));
+ } catch (Exception e) {
+ log(ILogger.LL_INFO,
+ CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
+ e.getMessage()));
+ return null;
+ }
+ }
+
+ // Perform authentication
+
+ /*
+ * if the authentication is set up for CEP, and the user provides some
+ * credential, an attempt is made to authenticate the user If this fails,
+ * this method will return true If it is sucessful, this method will return
+ * true and an authtoken will be in the request
+ *
+ * If authentication is not configured, this method will return false. The
+ * request will be processed in the usual way, but no authtoken will be in
+ * the request.
+ *
+ * In other word, this method returns true if the request should be aborted,
+ * false otherwise.
+ */
+
+ private boolean authenticateUser(CRSPKIMessage req) {
+ boolean authenticationFailed = true;
+
+ if (mAuthManagerName == null) {
+ return false;
+ }
+
+ String password = (String) req.get(AUTH_PASSWORD);
+
+ AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS);
+
+ if (authCreds == null) {
+ authCreds = new AuthCredentials();
+ }
+
+ // authtoken starts as null
+ AuthToken token = null;
+
+ if (password != null && !password.equals("")) {
+ try {
+ authCreds.set(AUTH_PASSWORD, password);
+ } catch (Exception e) {
+ }
+ }
+
+ try {
+ token = (AuthToken) mAuthSubsystem.authenticate(authCreds,
+ mAuthManagerName);
+ authCreds.delete(AUTH_PASSWORD);
+ // if we got here, the authenticate call must not have thrown
+ // an exception
+ authenticationFailed = false;
+ } catch (EInvalidCredentials ex) {
+ // Invalid credentials - we must reject the request
+ authenticationFailed = true;
+ } catch (EMissingCredential mc) {
+ // Misssing credential - we'll log, and process manually
+ authenticationFailed = false;
+ } catch (EBaseException ex) {
+ // If there's some other error, we'll reject
+ // So, we just continue on, - AUTH_TOKEN will not be set.
+ }
+
+ if (token != null) {
+ req.put(AUTH_TOKEN, token);
+ }
+
+ return authenticationFailed;
+ }
+
+ private boolean areFingerprintsEqual(IRequest req, Hashtable fingerprints) {
+
+ Hashtable old_fprints = req
+ .getExtDataInHashtable(IRequest.FINGERPRINTS);
+ if (old_fprints == null) {
+ return false;
+ }
+
+ byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5"));
+ byte[] new_md5 = (byte[]) fingerprints.get("MD5");
+
+ if (old_md5.length != new_md5.length)
+ return false;
+
+ for (int i = 0; i < old_md5.length; i++) {
+ if (old_md5[i] != new_md5[i])
+ return false;
+ }
+ return true;
+ }
+
+ public X509CertImpl handlePKCSReq(HttpServletRequest httpReq,
+ IRequest cmsRequest, CRSPKIMessage req, CRSPKIMessage crsResp,
+ CryptoContext cx) throws ServletException,
+ CryptoManager.NotInitializedException, CRSFailureException {
+
+ try {
+ unwrapPKCS10(req, cx);
+ Hashtable fingerprints = makeFingerPrints(req);
+
+ if (cmsRequest != null) {
+ if (areFingerprintsEqual(cmsRequest, fingerprints)) {
+ CMS.debug("created response from request");
+ return makeResponseFromRequest(req, crsResp, cmsRequest);
+ } else {
+ CMS.debug("duplicated transaction id");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID"));
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ return null;
+ }
+ }
+
+ getDetailFromRequest(req, crsResp);
+ boolean authFailed = authenticateUser(req);
+
+ if (authFailed) {
+ CMS.debug("authentication failed");
+ log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH"));
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+
+ // perform audit log
+ String auditMessage = CMS.getLogMessage(
+ "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5",
+ httpReq.getRemoteAddr(), ILogger.FAILURE,
+ req.getTransactionID(), "CRSEnrollment",
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ ILogger signedAuditLogger = CMS.getSignedAuditLogger();
+ if (signedAuditLogger != null) {
+ signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY,
+ auditMessage);
+ }
+
+ return null;
+ } else {
+ IRequest ireq = postRequest(httpReq, req, crsResp);
+
+ CMS.debug("created response");
+ return makeResponseFromRequest(req, crsResp, ireq);
+ }
+ } catch (CryptoContext.CryptoContextException e) {
+ CMS.debug("failed to decrypt the request " + e);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10",
+ e.getMessage()));
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ } catch (EBaseException e) {
+ CMS.debug("operation failure - " + e);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED", e.getMessage()));
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError);
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ }
+ return null;
+ }
+
+ // //// post the request
+
+ /*
+ * needed:
+ *
+ * token (authtoken) certInfo fingerprints x req.transactionID crsResp
+ */
+
+ private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req,
+ CRSPKIMessage crsResp) throws EBaseException {
+ X500Name subject = (X500Name) req.get(SUBJECTNAME);
+
+ if (mCreateEntry) {
+ if (subject == null) {
+ CMS.debug("CRSEnrollment::postRequest() - subject is null!");
+ return null;
+ }
+ createEntry(subject.toString());
+ }
+
+ // use profile framework to handle SCEP
+ if (mProfileId != null) {
+ PKCS10 pkcs10data = (PKCS10) req.getP10();
+ String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray());
+
+ // XXX authentication handling
+ CMS.debug("Found profile=" + mProfileId);
+ IProfile profile = mProfileSubsystem.getProfile(mProfileId);
+ if (profile == null) {
+ CMS.debug("profile " + mProfileId + " not found");
+ return null;
+ }
+ IProfileContext ctx = profile.createContext();
+
+ IProfileAuthenticator authenticator = null;
+ try {
+ CMS.debug("Retrieving authenticator");
+ authenticator = profile.getAuthenticator();
+ if (authenticator == null) {
+ CMS.debug("No authenticator Found");
+ } else {
+ CMS.debug("Got authenticator="
+ + authenticator.getClass().getName());
+ }
+ } catch (EProfileException e) {
+ // authenticator not installed correctly
+ }
+
+ IAuthToken authToken = null;
+
+ // for ssl authentication; pass in servlet for retrieving
+ // ssl client certificates
+ SessionContext context = SessionContext.getContext();
+
+ // insert profile context so that input parameter can be retrieved
+ context.put("profileContext", ctx);
+ context.put("sslClientCertProvider", new SSLClientCertProvider(
+ httpReq));
+
+ String p10Password = getPasswordFromP10(pkcs10data);
+ AuthCredentials credentials = new AuthCredentials();
+ credentials.set("UID", httpReq.getRemoteAddr());
+ credentials.set("PWD", p10Password);
- try {
- token = (AuthToken)mAuthSubsystem.authenticate(authCreds,mAuthManagerName);
- authCreds.delete(AUTH_PASSWORD);
- // if we got here, the authenticate call must not have thrown
- // an exception
- authenticationFailed = false;
- }
- catch (EInvalidCredentials ex) {
- // Invalid credentials - we must reject the request
- authenticationFailed = true;
- }
- catch (EMissingCredential mc) {
- // Misssing credential - we'll log, and process manually
- authenticationFailed = false;
- }
- catch (EBaseException ex) {
- // If there's some other error, we'll reject
- // So, we just continue on, - AUTH_TOKEN will not be set.
- }
-
- if (token != null) {
- req.put(AUTH_TOKEN,token);
- }
-
- return authenticationFailed;
- }
-
- private boolean areFingerprintsEqual(IRequest req, Hashtable fingerprints)
- {
-
- Hashtable old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS);
- if (old_fprints == null) { return false; }
-
- byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5"));
- byte[] new_md5 = (byte[]) fingerprints.get("MD5");
-
- if (old_md5.length != new_md5.length) return false;
-
- for (int i=0;i<old_md5.length; i++) {
- if (old_md5[i] != new_md5[i]) return false;
- }
- return true;
- }
-
- public X509CertImpl handlePKCSReq(HttpServletRequest httpReq,
- IRequest cmsRequest, CRSPKIMessage req,
- CRSPKIMessage crsResp, CryptoContext cx)
- throws ServletException,
- CryptoManager.NotInitializedException,
- CRSFailureException {
-
- try {
- unwrapPKCS10(req,cx);
- Hashtable fingerprints = makeFingerPrints(req);
-
- if (cmsRequest != null) {
- if (areFingerprintsEqual(cmsRequest, fingerprints)) {
- CMS.debug("created response from request");
- return makeResponseFromRequest(req,crsResp,cmsRequest);
- }
- else {
- CMS.debug("duplicated transaction id");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID"));
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- return null;
- }
- }
-
- getDetailFromRequest(req,crsResp);
- boolean authFailed = authenticateUser(req);
-
- if (authFailed) {
- CMS.debug("authentication failed");
- log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH"));
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-
-
- // perform audit log
- String auditMessage = CMS.getLogMessage(
- "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5",
- httpReq.getRemoteAddr(),
- ILogger.FAILURE,
- req.getTransactionID(),
- "CRSEnrollment",
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
- ILogger signedAuditLogger = CMS.getSignedAuditLogger();
- if (signedAuditLogger != null) {
- signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null, ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY, auditMessage);
- }
-
- return null;
- }
- else {
- IRequest ireq = postRequest(httpReq, req,crsResp);
-
-
- CMS.debug("created response");
- return makeResponseFromRequest(req,crsResp, ireq);
- }
- } catch (CryptoContext.CryptoContextException e) {
- CMS.debug("failed to decrypt the request " + e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10",
- e.getMessage()));
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- } catch (EBaseException e) {
- CMS.debug("operation failure - " + e);
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED",
- e.getMessage()));
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError);
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- }
- return null;
- }
-
-
-////// post the request
-
-/*
- needed:
-
- token (authtoken)
- certInfo
- fingerprints x
- req.transactionID
- crsResp
-*/
-
-private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp)
-throws EBaseException {
- X500Name subject = (X500Name)req.get(SUBJECTNAME);
-
- if (mCreateEntry) {
- if (subject == null) {
- CMS.debug( "CRSEnrollment::postRequest() - subject is null!" );
- return null;
- }
- createEntry(subject.toString());
- }
-
- // use profile framework to handle SCEP
- if (mProfileId != null) {
- PKCS10 pkcs10data = (PKCS10)req.getP10();
- String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray());
-
- // XXX authentication handling
- CMS.debug("Found profile=" + mProfileId);
- IProfile profile = mProfileSubsystem.getProfile(mProfileId);
- if (profile == null) {
- CMS.debug("profile " + mProfileId + " not found");
- return null;
- }
- IProfileContext ctx = profile.createContext();
-
- IProfileAuthenticator authenticator = null;
- try {
- CMS.debug("Retrieving authenticator");
- authenticator = profile.getAuthenticator();
if (authenticator == null) {
- CMS.debug("No authenticator Found");
+ // XXX - to help caRouterCert to work, we need to
+ // add authentication to caRouterCert
+ authToken = new AuthToken(null);
+ } else {
+ authToken = authenticate(credentials, authenticator, httpReq);
+ }
+
+ IRequest reqs[] = null;
+ CMS.debug("CRSEnrollment: Creating profile requests");
+ ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10");
+ ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
+ Locale locale = Locale.getDefault();
+ reqs = profile.createRequests(ctx, locale);
+ if (reqs == null) {
+ CMS.debug("CRSEnrollment: No request has been created");
+ return null;
} else {
- CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+ CMS.debug("CRSEnrollment: Request (" + reqs.length
+ + ") have been created");
+ }
+ // set transaction id
+ reqs[0].setSourceId(req.getTransactionID());
+ reqs[0].setExtData("profile", "true");
+ reqs[0].setExtData("profileId", mProfileId);
+ reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE,
+ IEnrollProfile.REQ_TYPE_PKCS10);
+ reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
+ reqs[0].setExtData("requestor_name", "");
+ reqs[0].setExtData("requestor_email", "");
+ reqs[0].setExtData("requestor_phone", "");
+ reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost());
+ reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr());
+ reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy());
+
+ CMS.debug("CRSEnrollment: Populating inputs");
+ profile.populateInput(ctx, reqs[0]);
+ CMS.debug("CRSEnrollment: Populating requests");
+ profile.populate(reqs[0]);
+
+ CMS.debug("CRSEnrollment: Submitting request");
+ profile.submit(authToken, reqs[0]);
+ CMS.debug("CRSEnrollment: Done submitting request");
+ profile.getRequestQueue().markAsServiced(reqs[0]);
+ CMS.debug("CRSEnrollment: Request marked as serviced");
+
+ return reqs[0];
+
+ }
+
+ IRequestQueue rq = ca.getRequestQueue();
+ IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST);
+
+ AuthToken token = (AuthToken) req.get(AUTH_TOKEN);
+ if (token != null) {
+ pkiReq.setExtData(IRequest.AUTH_TOKEN, token);
+ }
+
+ pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE,
+ IRequest.CEP_CERT);
+ X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO);
+ pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo });
+ pkiReq.setExtData("cepsubstore", mSubstoreName);
+
+ try {
+ String chpwd = (String) req.get(ChallengePassword.NAME);
+ if (chpwd != null) {
+ pkiReq.setExtData("challengePhrase", chpwd);
+ }
+ } catch (Exception pwex) {
+ }
+
+ Hashtable fingerprints = (Hashtable) req.get(IRequest.FINGERPRINTS);
+ if (fingerprints.size() > 0) {
+ Hashtable encodedPrints = new Hashtable(fingerprints.size());
+ Enumeration e = fingerprints.keys();
+ while (e.hasMoreElements()) {
+ String key = (String) e.nextElement();
+ byte[] value = (byte[]) fingerprints.get(key);
+ encodedPrints.put(key, CMS.BtoA(value));
}
- } catch (EProfileException e) {
- // authenticator not installed correctly
- }
-
- IAuthToken authToken = null;
-
- // for ssl authentication; pass in servlet for retrieving
- // ssl client certificates
- SessionContext context = SessionContext.getContext();
-
-
- // insert profile context so that input parameter can be retrieved
- context.put("profileContext", ctx);
- context.put("sslClientCertProvider",
- new SSLClientCertProvider(httpReq));
-
- String p10Password = getPasswordFromP10(pkcs10data);
- AuthCredentials credentials = new AuthCredentials();
- credentials.set("UID", httpReq.getRemoteAddr());
- credentials.set("PWD", p10Password);
-
- if (authenticator == null) {
- // XXX - to help caRouterCert to work, we need to
- // add authentication to caRouterCert
- authToken = new AuthToken(null);
- } else {
- authToken = authenticate(credentials, authenticator, httpReq);
- }
-
- IRequest reqs[] = null;
- CMS.debug("CRSEnrollment: Creating profile requests");
- ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10");
- ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
- Locale locale = Locale.getDefault();
- reqs = profile.createRequests(ctx, locale);
- if (reqs == null) {
- CMS.debug("CRSEnrollment: No request has been created");
- return null;
- } else {
- CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created");
- }
- // set transaction id
- reqs[0].setSourceId(req.getTransactionID());
- reqs[0].setExtData("profile", "true");
- reqs[0].setExtData("profileId", mProfileId);
- reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10);
- reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
- reqs[0].setExtData("requestor_name", "");
- reqs[0].setExtData("requestor_email", "");
- reqs[0].setExtData("requestor_phone", "");
- reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost());
- reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr());
- reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy());
-
- CMS.debug("CRSEnrollment: Populating inputs");
- profile.populateInput(ctx, reqs[0]);
- CMS.debug("CRSEnrollment: Populating requests");
- profile.populate(reqs[0]);
-
- CMS.debug("CRSEnrollment: Submitting request");
- profile.submit(authToken, reqs[0]);
- CMS.debug("CRSEnrollment: Done submitting request");
- profile.getRequestQueue().markAsServiced(reqs[0]);
- CMS.debug("CRSEnrollment: Request marked as serviced");
-
- return reqs[0];
-
- }
-
- IRequestQueue rq = ca.getRequestQueue();
- IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST);
-
- AuthToken token = (AuthToken) req.get(AUTH_TOKEN);
- if (token != null) {
- pkiReq.setExtData(IRequest.AUTH_TOKEN,token);
- }
-
- pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT);
- X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO);
- pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo } );
- pkiReq.setExtData("cepsubstore", mSubstoreName);
-
- try {
- String chpwd = (String)req.get(ChallengePassword.NAME);
- if (chpwd != null) {
- pkiReq.setExtData("challengePhrase",
- chpwd );
- }
- } catch (Exception pwex) {
- }
-
- Hashtable fingerprints = (Hashtable)req.get(IRequest.FINGERPRINTS);
- if (fingerprints.size() > 0) {
- Hashtable encodedPrints = new Hashtable(fingerprints.size());
- Enumeration e = fingerprints.keys();
- while (e.hasMoreElements()) {
- String key = (String)e.nextElement();
- byte[] value = (byte[])fingerprints.get(key);
- encodedPrints.put(key, CMS.BtoA(value));
- }
- pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints);
- }
-
- pkiReq.setSourceId(req.getTransactionID());
-
- rq.processRequest(pkiReq);
-
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.ENROLLMENTFORMAT,
- new Object[] {
- pkiReq.getRequestId(),
- AuditFormat.FROMROUTER,
- mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName,
- "pending",
- subject ,
- ""}
- );
-
- return pkiReq;
- }
-
-
-
- public Hashtable makeFingerPrints(CRSPKIMessage req) {
+ pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints);
+ }
+
+ pkiReq.setSourceId(req.getTransactionID());
+
+ rq.processRequest(pkiReq);
+
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
+
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
+ AuditFormat.ENROLLMENTFORMAT,
+ new Object[] {
+ pkiReq.getRequestId(),
+ AuditFormat.FROMROUTER,
+ mAuthManagerName == null ? AuditFormat.NOAUTH
+ : mAuthManagerName, "pending", subject, "" });
+
+ return pkiReq;
+ }
+
+ public Hashtable makeFingerPrints(CRSPKIMessage req) {
Hashtable fingerprints = new Hashtable();
MessageDigest md;
- String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"};
- PKCS10 p10 = (PKCS10)req.getP10();
+ String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256",
+ "SHA512" };
+ PKCS10 p10 = (PKCS10) req.getP10();
- for (int i=0;i<hashes.length;i++) {
- try {
- md = MessageDigest.getInstance(hashes[i]);
- md.update(p10.getCertRequestInfo());
- fingerprints.put(hashes[i],md.digest());
- }
- catch (NoSuchAlgorithmException nsa) {}
+ for (int i = 0; i < hashes.length; i++) {
+ try {
+ md = MessageDigest.getInstance(hashes[i]);
+ md.update(p10.getCertRequestInfo());
+ fingerprints.put(hashes[i], md.digest());
+ } catch (NoSuchAlgorithmException nsa) {
+ }
}
- if (fingerprints != null) {
- req.put(IRequest.FINGERPRINTS,fingerprints);
- }
- return fingerprints;
- }
-
-
- // Take a look to see if the request was successful, and fill
- // in the response message
+ if (fingerprints != null) {
+ req.put(IRequest.FINGERPRINTS, fingerprints);
+ }
+ return fingerprints;
+ }
+ // Take a look to see if the request was successful, and fill
+ // in the response message
- private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp,
- IRequest pkiReq)
- {
+ private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq,
+ CRSPKIMessage crsResp, IRequest pkiReq) {
- X509CertImpl issuedCert=null;
+ X509CertImpl issuedCert = null;
RequestStatus status = pkiReq.getRequestStatus();
String profileId = pkiReq.getExtDataInString("profileId");
if (profileId != null) {
- CMS.debug("CRSEnrollment: Found profile request");
- X509CertImpl cert =
- pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- if (cert == null) {
- CMS.debug("CRSEnrollment: No certificate has been found");
- } else {
- CMS.debug("CRSEnrollment: Found certificate");
- }
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
- return cert;
+ CMS.debug("CRSEnrollment: Found profile request");
+ X509CertImpl cert = pkiReq
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+ if (cert == null) {
+ CMS.debug("CRSEnrollment: No certificate has been found");
+ } else {
+ CMS.debug("CRSEnrollment: Found certificate");
+ }
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
+ return cert;
}
-
- if ( status.equals(RequestStatus.COMPLETE)) {
+ if (status.equals(RequestStatus.COMPLETE)) {
Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT);
-
if (success.equals(IRequest.RES_SUCCESS)) {
// The cert was issued, lets send it back to the router
- X509CertImpl[] issuedCertBuf =
- pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ X509CertImpl[] issuedCertBuf = pkiReq
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (issuedCertBuf == null || issuedCertBuf.length == 0) {
- // writeError("Internal Error: Bad operation",httpReq,httpResp);
- CMS.debug( "CRSEnrollment::makeResponseFromRequest() - " +
- "Bad operation" );
+ // writeError("Internal Error: Bad operation",httpReq,httpResp);
+ CMS.debug("CRSEnrollment::makeResponseFromRequest() - "
+ + "Bad operation");
return null;
}
issuedCert = issuedCertBuf[0];
crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-
- }
- else { // status is not 'success' - there must've been a problem
-
+
+ } else { // status is not 'success' - there must've been a problem
+
crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg);
}
- }
- else if (status.equals(RequestStatus.REJECTED_STRING) ||
- status.equals(RequestStatus.CANCELED_STRING)) {
- crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
- crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
- }
- else { // not complete
+ } else if (status.equals(RequestStatus.REJECTED_STRING)
+ || status.equals(RequestStatus.CANCELED_STRING)) {
+ crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+ crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
+ } else { // not complete
crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING);
}
return issuedCert;
}
+ /**
+ * This needs to be re-written to log the messages to the system log, since
+ * there will be no visual webpage feedback for the user. (he's using a
+ * router)
+ */
+
+ private void writeError(String errMsg, HttpServletRequest httpReq,
+ HttpServletResponse httpResp) throws IOException {
+ }
+
+ protected String hashPassword(String pwd) {
+ String salt = "lala123";
+ byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes());
+ String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest);
+ return "{SHA}" + b64E;
+ }
+ /**
+ * Make the CRSPKIMESSAGE response
+ */
+ private void processCertRep(CryptoContext cx, X509CertImpl issuedCert,
+ CRSPKIMessage crsResp, CRSPKIMessage crsReq)
+ throws CRSFailureException {
+ byte[] msgdigest = null;
+ byte[] encryptedDesKey = null;
+ try {
+ if (issuedCert != null) {
+ SymmetricKey sk;
+ SymmetricKey skinternal;
- /**
- * This needs to be re-written to log the messages to the system log, since there
- * will be no visual webpage feedback for the user. (he's using a router)
- */
+ KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
+ EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC;
+ if (mEncryptionAlgorithm != null
+ && mEncryptionAlgorithm.equals("DES3")) {
+ kga = KeyGenAlgorithm.DES3;
+ ea = EncryptionAlgorithm.DES3_CBC;
+ }
- private void writeError(String errMsg, HttpServletRequest httpReq,
- HttpServletResponse httpResp)
- throws IOException
- {
- }
+ // 1. Make the Degenerated PKCS7 with the recipient's
+ // certificate in it
+ byte toBeEncrypted[] = crsResp.makeSignedRep(1, // version
+ issuedCert.getEncoded());
- protected String hashPassword(String pwd) {
- String salt = "lala123";
- byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes());
- String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest);
- return "{SHA}"+b64E;
- }
+ // 2. Encrypt the above byte array with a new random DES key
+
+ sk = cx.getDESKeyGenerator().generate();
+
+ skinternal = cx.getInternalToken().getKeyGenerator(kga)
+ .clone(sk);
+
+ byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize());
+
+ // This should be changed to generate proper DES IV.
+
+ Cipher cipher = cx.getInternalToken().getCipherContext(ea);
+ IVParameterSpec desIV = new IVParameterSpec(new byte[] {
+ (byte) 0xff, (byte) 0x00, (byte) 0xff, (byte) 0x00,
+ (byte) 0xff, (byte) 0x00, (byte) 0xff, (byte) 0x00 });
+
+ cipher.initEncrypt(sk, desIV);
+ byte[] encryptedData = cipher.doFinal(padded);
+
+ crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData,
+ mEncryptionAlgorithm);
+
+ // 3. Extract the recipient's public key
+
+ PublicKey rcpPK = crsReq.getSignerPublicKey();
+
+ // 4. Encrypt the DES key with the public key
+
+ // we have to move the key onto the interal token.
+ // skinternal = cx.getInternalKeyStorageToken().cloneKey(sk);
+ skinternal = cx.getInternalToken().cloneKey(sk);
+
+ KeyWrapper kw = cx.getInternalKeyWrapper();
+ kw.initWrap(rcpPK, null);
+ encryptedDesKey = kw.wrap(skinternal);
+
+ crsResp.setRcpIssuerAndSerialNumber(crsReq
+ .getSgnIssuerAndSerialNumber());
+ crsResp.makeRecipientInfo(0, encryptedDesKey);
+
+ }
+
+ byte[] ed = crsResp.makeEnvelopedData(0);
+
+ // 7. Make Digest of SignedData Content
+ MessageDigest md = MessageDigest.getInstance(mHashAlgorithm);
+ msgdigest = md.digest(ed);
+
+ crsResp.setMsgDigest(msgdigest);
+
+ }
+
+ catch (Exception e) {
+ throw new CRSFailureException(
+ "Failed to create inner response to CEP message: "
+ + e.getMessage());
+ }
+
+ // 5. Make a RecipientInfo
+
+ // The issuer name & serial number here, should be that of
+ // the EE's self-signed Certificate
+ // [I can get it from the req blob, but later, I should
+ // store the recipient's self-signed certificate with the request
+ // so I can get at it later. I need to do this to support
+ // 'PENDING']
+
+ try {
+
+ // 8. Make Authenticated Attributes
+ // we can just pull the transaction ID out of the request.
+ // Later, we will have to put it out of the Request queue,
+ // so we can support PENDING
+ crsResp.setTransactionID(crsReq.getTransactionID());
+ // recipientNonce and SenderNonce have already been set
+
+ crsResp.makeAuthenticatedAttributes();
+ // crsResp.makeAuthenticatedAttributes_old();
+
+ // now package up the rest of the SignerInfo
+ {
+ byte[] signingcertbytes = cx.getSigningCert().getEncoded();
+
+ Certificate.Template sgncert_t = new Certificate.Template();
+ Certificate sgncert = (Certificate) sgncert_t
+ .decode(new ByteArrayInputStream(signingcertbytes));
+
+ IssuerAndSerialNumber sgniasn = new IssuerAndSerialNumber(
+ sgncert.getInfo().getIssuer(), sgncert.getInfo()
+ .getSerialNumber());
+ crsResp.setSgnIssuerAndSerialNumber(sgniasn);
+ // 10. Make SignerInfo
+ crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm);
+ // 11. Make SignedData
+ crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm);
- /**
- * Make the CRSPKIMESSAGE response
- */
-
-
- private void processCertRep(CryptoContext cx,
- X509CertImpl issuedCert,
- CRSPKIMessage crsResp,
- CRSPKIMessage crsReq)
- throws CRSFailureException {
- byte[] msgdigest = null;
- byte[] encryptedDesKey = null;
-
- try {
- if (issuedCert != null) {
-
- SymmetricKey sk;
- SymmetricKey skinternal;
-
- KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
- EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC;
- if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
- kga = KeyGenAlgorithm.DES3;
- ea = EncryptionAlgorithm.DES3_CBC;
- }
-
- // 1. Make the Degenerated PKCS7 with the recipient's certificate in it
-
- byte toBeEncrypted[] =
- crsResp.makeSignedRep(1, // version
- issuedCert.getEncoded()
- );
-
- // 2. Encrypt the above byte array with a new random DES key
-
- sk = cx.getDESKeyGenerator().generate();
-
- skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk);
-
- byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize());
-
-
- // This should be changed to generate proper DES IV.
-
- Cipher cipher = cx.getInternalToken().getCipherContext(ea);
- IVParameterSpec desIV =
- new IVParameterSpec(new byte[]{
- (byte)0xff, (byte)0x00,
- (byte)0xff, (byte)0x00,
- (byte)0xff, (byte)0x00,
- (byte)0xff, (byte)0x00 } );
-
- cipher.initEncrypt(sk,desIV);
- byte[] encryptedData = cipher.doFinal(padded);
-
- crsResp.makeEncryptedContentInfo(desIV.getIV(),encryptedData, mEncryptionAlgorithm);
-
- // 3. Extract the recipient's public key
-
- PublicKey rcpPK = crsReq.getSignerPublicKey();
-
-
- // 4. Encrypt the DES key with the public key
-
- // we have to move the key onto the interal token.
- //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk);
- skinternal = cx.getInternalToken().cloneKey(sk);
-
- KeyWrapper kw = cx.getInternalKeyWrapper();
- kw.initWrap(rcpPK, null);
- encryptedDesKey = kw.wrap(skinternal);
-
- crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber());
- crsResp.makeRecipientInfo(0, encryptedDesKey );
-
- }
-
-
- byte[] ed = crsResp.makeEnvelopedData(0);
-
- // 7. Make Digest of SignedData Content
- MessageDigest md = MessageDigest.getInstance(mHashAlgorithm);
- msgdigest = md.digest(ed);
-
- crsResp.setMsgDigest(msgdigest);
-
- }
-
- catch (Exception e) {
- throw new CRSFailureException("Failed to create inner response to CEP message: "+e.getMessage());
- }
-
-
- // 5. Make a RecipientInfo
-
- // The issuer name & serial number here, should be that of
- // the EE's self-signed Certificate
- // [I can get it from the req blob, but later, I should
- // store the recipient's self-signed certificate with the request
- // so I can get at it later. I need to do this to support
- // 'PENDING']
-
-
- try {
-
- // 8. Make Authenticated Attributes
- // we can just pull the transaction ID out of the request.
- // Later, we will have to put it out of the Request queue,
- // so we can support PENDING
- crsResp.setTransactionID(crsReq.getTransactionID());
- // recipientNonce and SenderNonce have already been set
-
- crsResp.makeAuthenticatedAttributes();
- // crsResp.makeAuthenticatedAttributes_old();
-
-
-
- // now package up the rest of the SignerInfo
- {
- byte[] signingcertbytes = cx.getSigningCert().getEncoded();
-
-
- Certificate.Template sgncert_t = new Certificate.Template();
- Certificate sgncert =
- (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes));
-
- IssuerAndSerialNumber sgniasn =
- new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(),
- sgncert.getInfo().getSerialNumber());
-
- crsResp.setSgnIssuerAndSerialNumber(sgniasn);
-
- // 10. Make SignerInfo
- crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm);
-
- // 11. Make SignedData
- crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm);
-
- crsResp.debug();
- }
- }
- catch (Exception e) {
- throw new CRSFailureException("Failed to create outer response to CEP request: "+e.getMessage());
- }
-
-
- // if debugging, dump out the response into a file
-
- }
-
-
-
- class CryptoContext {
- private CryptoManager cm;
- private CryptoToken internalToken;
- private CryptoToken keyStorageToken;
- private CryptoToken internalKeyStorageToken;
- private KeyGenerator DESkg;
- private Enumeration externalTokens = null;
- private org.mozilla.jss.crypto.X509Certificate signingCert;
- private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey;
- private int signingCertKeySize = 0;
-
-
- class CryptoContextException extends Exception {
- /**
+ crsResp.debug();
+ }
+ } catch (Exception e) {
+ throw new CRSFailureException(
+ "Failed to create outer response to CEP request: "
+ + e.getMessage());
+ }
+
+ // if debugging, dump out the response into a file
+
+ }
+
+ class CryptoContext {
+ private CryptoManager cm;
+ private CryptoToken internalToken;
+ private CryptoToken keyStorageToken;
+ private CryptoToken internalKeyStorageToken;
+ private KeyGenerator DESkg;
+ private Enumeration externalTokens = null;
+ private org.mozilla.jss.crypto.X509Certificate signingCert;
+ private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey;
+ private int signingCertKeySize = 0;
+
+ class CryptoContextException extends Exception {
+ /**
*
*/
- private static final long serialVersionUID = -1124116326126256475L;
- public CryptoContextException() { super(); }
- public CryptoContextException(String s) { super(s); }
- }
+ private static final long serialVersionUID = -1124116326126256475L;
- public CryptoContext()
- throws CryptoContextException
- {
- try {
- KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
- if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
- kga = KeyGenAlgorithm.DES3;
- }
- cm = CryptoManager.getInstance();
- internalToken = cm.getInternalCryptoToken();
- DESkg = internalToken.getKeyGenerator(kga);
- if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
- mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
- mTokenName.length() == 0) {
- keyStorageToken = cm.getInternalKeyStorageToken();
- internalKeyStorageToken = keyStorageToken;
- CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"+mTokenName+"'");
- } else {
- keyStorageToken = cm.getTokenByName(mTokenName);
- internalKeyStorageToken = null;
- }
- if (!mUseCA && internalKeyStorageToken == null) {
- PasswordCallback cb = CMS.getPasswordCallback();
- keyStorageToken.login(cb); // ONE_TIME by default.
- }
- signingCert = cm.findCertByNickname(mNickname);
- signingCertPrivKey = cm.findPrivKeyByCert(signingCert);
- byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded();
- SEQUENCE.Template outer = SEQUENCE.getTemplate();
- outer.addElement( ANY.getTemplate() ); // algid
- outer.addElement( BIT_STRING.getTemplate() );
- SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo);
- BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1);
- byte[] encPubKey = bs.getBits();
- if( bs.getPadCount() != 0) {
- throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes.");
- }
- SEQUENCE.Template inner = new SEQUENCE.Template();
- inner.addElement( INTEGER.getTemplate());
- inner.addElement( INTEGER.getTemplate());
- SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey);
- INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0);
- signingCertKeySize = modulus.bitLength();
-
- try {
- FileOutputStream fos = new FileOutputStream("pubkey.der");
- fos.write(signingCert.getPublicKey().getEncoded());
- fos.close();
- } catch (Exception e) {}
-
- }
- catch (InvalidBERException e) {
- throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate");
- }
- catch (CryptoManager.NotInitializedException e) {
- throw new CryptoContextException("Crypto Manager not initialized");
- }
- catch (NoSuchAlgorithmException e) {
- throw new CryptoContextException("Cannot create DES key generator");
- }
- catch (ObjectNotFoundException e) {
- throw new CryptoContextException("Certificate not found: "+ca.getNickname());
- }
- catch (TokenException e) {
- throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
- }
- catch (NoSuchTokenException e) {
- throw new CryptoContextException("Crypto Token not found: "+e.getMessage());
- }
- catch (IncorrectPasswordException e) {
- throw new CryptoContextException("Incorrect Password.");
- }
- }
-
-
- public KeyGenerator getDESKeyGenerator() {
- return DESkg;
- }
+ public CryptoContextException() {
+ super();
+ }
- public CryptoToken getInternalToken() {
- return internalToken;
- }
+ public CryptoContextException(String s) {
+ super(s);
+ }
+ }
- public void setExternalTokens( Enumeration tokens ) {
- externalTokens = tokens;
- }
+ public CryptoContext() throws CryptoContextException {
+ try {
+ KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
+ if (mEncryptionAlgorithm != null
+ && mEncryptionAlgorithm.equals("DES3")) {
+ kga = KeyGenAlgorithm.DES3;
+ }
+ cm = CryptoManager.getInstance();
+ internalToken = cm.getInternalCryptoToken();
+ DESkg = internalToken.getKeyGenerator(kga);
+ if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN)
+ || mTokenName
+ .equalsIgnoreCase("Internal Key Storage Token")
+ || mTokenName.length() == 0) {
+ keyStorageToken = cm.getInternalKeyStorageToken();
+ internalKeyStorageToken = keyStorageToken;
+ CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"
+ + mTokenName + "'");
+ } else {
+ keyStorageToken = cm.getTokenByName(mTokenName);
+ internalKeyStorageToken = null;
+ }
+ if (!mUseCA && internalKeyStorageToken == null) {
+ PasswordCallback cb = CMS.getPasswordCallback();
+ keyStorageToken.login(cb); // ONE_TIME by default.
+ }
+ signingCert = cm.findCertByNickname(mNickname);
+ signingCertPrivKey = cm.findPrivKeyByCert(signingCert);
+ byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded();
+ SEQUENCE.Template outer = SEQUENCE.getTemplate();
+ outer.addElement(ANY.getTemplate()); // algid
+ outer.addElement(BIT_STRING.getTemplate());
+ SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer,
+ encPubKeyInfo);
+ BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1);
+ byte[] encPubKey = bs.getBits();
+ if (bs.getPadCount() != 0) {
+ throw new CryptoContextException(
+ "Internal error: Invalid Public key. Not an integral number of bytes.");
+ }
+ SEQUENCE.Template inner = new SEQUENCE.Template();
+ inner.addElement(INTEGER.getTemplate());
+ inner.addElement(INTEGER.getTemplate());
+ SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner,
+ encPubKey);
+ INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0);
+ signingCertKeySize = modulus.bitLength();
- public Enumeration getExternalTokens() {
- return externalTokens;
- }
+ try {
+ FileOutputStream fos = new FileOutputStream("pubkey.der");
+ fos.write(signingCert.getPublicKey().getEncoded());
+ fos.close();
+ } catch (Exception e) {
+ }
- public CryptoToken getInternalKeyStorageToken() {
- return internalKeyStorageToken;
- }
+ } catch (InvalidBERException e) {
+ throw new CryptoContextException(
+ "Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate");
+ } catch (CryptoManager.NotInitializedException e) {
+ throw new CryptoContextException(
+ "Crypto Manager not initialized");
+ } catch (NoSuchAlgorithmException e) {
+ throw new CryptoContextException(
+ "Cannot create DES key generator");
+ } catch (ObjectNotFoundException e) {
+ throw new CryptoContextException("Certificate not found: "
+ + ca.getNickname());
+ } catch (TokenException e) {
+ throw new CryptoContextException("Problem with Crypto Token: "
+ + e.getMessage());
+ } catch (NoSuchTokenException e) {
+ throw new CryptoContextException("Crypto Token not found: "
+ + e.getMessage());
+ } catch (IncorrectPasswordException e) {
+ throw new CryptoContextException("Incorrect Password.");
+ }
+ }
- public CryptoToken getKeyStorageToken() {
- return keyStorageToken;
- }
+ public KeyGenerator getDESKeyGenerator() {
+ return DESkg;
+ }
- public CryptoManager getCryptoManager() {
- return cm;
- }
+ public CryptoToken getInternalToken() {
+ return internalToken;
+ }
- public KeyWrapper getKeyWrapper()
- throws CryptoContextException {
- try {
- return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+ public void setExternalTokens(Enumeration tokens) {
+ externalTokens = tokens;
}
- catch (TokenException e) {
- throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
+
+ public Enumeration getExternalTokens() {
+ return externalTokens;
}
- catch (NoSuchAlgorithmException e) {
- throw new CryptoContextException(e.getMessage());
+
+ public CryptoToken getInternalKeyStorageToken() {
+ return internalKeyStorageToken;
}
- }
- public KeyWrapper getInternalKeyWrapper()
- throws CryptoContextException {
- try {
- return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+ public CryptoToken getKeyStorageToken() {
+ return keyStorageToken;
}
- catch (TokenException e) {
- throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
+
+ public CryptoManager getCryptoManager() {
+ return cm;
}
- catch (NoSuchAlgorithmException e) {
- throw new CryptoContextException(e.getMessage());
+
+ public KeyWrapper getKeyWrapper() throws CryptoContextException {
+ try {
+ return signingCertPrivKey.getOwningToken().getKeyWrapper(
+ KeyWrapAlgorithm.RSA);
+ } catch (TokenException e) {
+ throw new CryptoContextException("Problem with Crypto Token: "
+ + e.getMessage());
+ } catch (NoSuchAlgorithmException e) {
+ throw new CryptoContextException(e.getMessage());
+ }
}
- }
- public org.mozilla.jss.crypto.PrivateKey getPrivateKey() {
- return signingCertPrivKey;
- }
+ public KeyWrapper getInternalKeyWrapper() throws CryptoContextException {
+ try {
+ return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+ } catch (TokenException e) {
+ throw new CryptoContextException("Problem with Crypto Token: "
+ + e.getMessage());
+ } catch (NoSuchAlgorithmException e) {
+ throw new CryptoContextException(e.getMessage());
+ }
+ }
- public org.mozilla.jss.crypto.X509Certificate getSigningCert() {
- return signingCert;
- }
-
- }
+ public org.mozilla.jss.crypto.PrivateKey getPrivateKey() {
+ return signingCertPrivKey;
+ }
+ public org.mozilla.jss.crypto.X509Certificate getSigningCert() {
+ return signingCert;
+ }
- /* General failure. The request/response cannot be processed. */
+ }
+ /* General failure. The request/response cannot be processed. */
- class CRSFailureException extends Exception {
- /**
+ class CRSFailureException extends Exception {
+ /**
*
*/
- private static final long serialVersionUID = 1962741611501549051L;
- public CRSFailureException() { super(); }
- public CRSFailureException(String s) { super(s); }
- }
+ private static final long serialVersionUID = 1962741611501549051L;
- class CRSInvalidSignatureException extends Exception {
- /**
+ public CRSFailureException() {
+ super();
+ }
+
+ public CRSFailureException(String s) {
+ super(s);
+ }
+ }
+
+ class CRSInvalidSignatureException extends Exception {
+ /**
*
*/
- private static final long serialVersionUID = 9096408193567657944L;
- public CRSInvalidSignatureException() { super(); }
- public CRSInvalidSignatureException(String s) { super(s); }
- }
+ private static final long serialVersionUID = 9096408193567657944L;
+
+ public CRSInvalidSignatureException() {
+ super();
+ }
-
+ public CRSInvalidSignatureException(String s) {
+ super(s);
+ }
+ }
- class CRSPolicyException extends Exception {
- /**
+ class CRSPolicyException extends Exception {
+ /**
*
*/
- private static final long serialVersionUID = 5846593800658787396L;
- public CRSPolicyException() { super(); }
- public CRSPolicyException(String s) { super(s); }
- }
+ private static final long serialVersionUID = 5846593800658787396L;
-}
+ public CRSPolicyException() {
+ super();
+ }
+ public CRSPolicyException(String s) {
+ super(s);
+ }
+ }
+
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
index b449a8bd..0456071f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
@@ -29,115 +29,109 @@ import netscape.security.util.DerValue;
import netscape.security.x509.CertAttrSet;
/**
- * Class for handling the decoding of a SCEP Challenge Password
- * object. Currently this class cannot be used for encoding
- * thus some fo the methods are unimplemented
+ * Class for handling the decoding of a SCEP Challenge Password object.
+ * Currently this class cannot be used for encoding thus some fo the methods are
+ * unimplemented
*/
public class ChallengePassword implements CertAttrSet {
- public static final String NAME = "ChallengePassword";
- public static final String PASSWORD = "password";
-
- private String cpw;
-
-
- /**
- * Get the password marshalled in this object
- * @return the challenge password
- */
- public String toString() {
- return cpw;
- }
-
- /**
- * Create a ChallengePassword object
- * @param stuff (must be of type byte[]) a DER-encoded by array following
- * The ASN.1 template for ChallenegePassword specified in the SCEP
- * documentation
- * @throws IOException if the DER encoded byt array was malformed, or if it
- * did not match the template
- */
-
- public ChallengePassword(Object stuff)
- throws IOException {
-
- ByteArrayInputStream is = new ByteArrayInputStream((byte[])stuff);
- try {
- decode(is);
- } catch (Exception e) {
- throw new IOException(e.getMessage());
- }
-
- }
-
- /**
- * Currently Unimplemented
- */
- public void encode(OutputStream out)
- throws CertificateException, IOException
- { }
-
- public void decode(InputStream in)
- throws CertificateException, IOException
- {
+ public static final String NAME = "ChallengePassword";
+ public static final String PASSWORD = "password";
+
+ private String cpw;
+
+ /**
+ * Get the password marshalled in this object
+ *
+ * @return the challenge password
+ */
+ public String toString() {
+ return cpw;
+ }
+
+ /**
+ * Create a ChallengePassword object
+ *
+ * @param stuff (must be of type byte[]) a DER-encoded by array following
+ * The ASN.1 template for ChallenegePassword specified in the
+ * SCEP documentation
+ * @throws IOException if the DER encoded byt array was malformed, or if it
+ * did not match the template
+ */
+
+ public ChallengePassword(Object stuff) throws IOException {
+
+ ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
+ try {
+ decode(is);
+ } catch (Exception e) {
+ throw new IOException(e.getMessage());
+ }
+
+ }
+
+ /**
+ * Currently Unimplemented
+ */
+ public void encode(OutputStream out) throws CertificateException,
+ IOException {
+ }
+
+ public void decode(InputStream in) throws CertificateException, IOException {
DerValue derVal = new DerValue(in);
construct(derVal);
-
+
+ }
+
+ private void construct(DerValue derVal) throws IOException {
+ try {
+ cpw = derVal.getPrintableString();
+ } catch (NullPointerException e) {
+ cpw = "";
+ }
+ }
+
+ /**
+ * Currently Unimplemented
+ */
+ public void set(String name, Object obj) throws CertificateException,
+ IOException {
}
- private void construct(DerValue derVal) throws IOException {
- try {
- cpw = derVal.getPrintableString();
- }
- catch (NullPointerException e) {
- cpw = "";
- }
- }
-
-
- /**
- * Currently Unimplemented
- */
- public void set(String name, Object obj)
- throws CertificateException, IOException
- { }
-
- /**
- * Get an attribute of this object.
- * @param name the name of the attribute of this object to get. The only
- * supported attribute is "password"
- */
- public Object get(String name)
- throws CertificateException, IOException
- {
+ /**
+ * Get an attribute of this object.
+ *
+ * @param name the name of the attribute of this object to get. The only
+ * supported attribute is "password"
+ */
+ public Object get(String name) throws CertificateException, IOException {
if (name.equalsIgnoreCase(PASSWORD)) {
return cpw;
+ } else {
+ throw new IOException("Attribute name not recognized by "
+ + "CertAttrSet: ChallengePassword");
}
- else {
- throw new IOException("Attribute name not recognized by "+
- "CertAttrSet: ChallengePassword");
- }
}
-
- /**
- * Currently Unimplemented
- */
- public void delete(String name)
- throws CertificateException, IOException
- { }
-
- /**
- * @return an empty set of elements
- */
- public Enumeration getElements()
- { return (new Hashtable()).elements();}
-
- /**
- * @return the String "ChallengePassword"
- */
- public String getName()
- { return NAME;}
-
-
+
+ /**
+ * Currently Unimplemented
+ */
+ public void delete(String name) throws CertificateException, IOException {
+ }
+
+ /**
+ * @return an empty set of elements
+ */
+ public Enumeration getElements() {
+ return (new Hashtable()).elements();
+ }
+
+ /**
+ * @return the String "ChallengePassword"
+ */
+ public String getName() {
+ return NAME;
+ }
+
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
index a8757e74..e0c0c347 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
@@ -31,51 +31,44 @@ import netscape.security.util.DerValue;
import netscape.security.x509.CertAttrSet;
import netscape.security.x509.Extension;
-
public class ExtensionsRequested implements CertAttrSet {
+ public static final String NAME = "EXTENSIONS_REQUESTED";
- public static final String NAME = "EXTENSIONS_REQUESTED";
-
public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature";
- public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment";
+ public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment";
private String kue_digital_signature = "false";
- private String kue_key_encipherment = "false";
-
+ private String kue_key_encipherment = "false";
+
private Vector exts = new Vector();
public ExtensionsRequested(Object stuff) throws IOException {
ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
-
+
try {
decode(is);
- }
- catch (Exception e) {
+ } catch (Exception e) {
e.printStackTrace();
throw new IOException(e.getMessage());
}
}
-
- public void encode(OutputStream out)
- throws CertificateException, IOException
- { }
-
- public void decode(InputStream in)
- throws CertificateException, IOException
- {
+
+ public void encode(OutputStream out) throws CertificateException,
+ IOException {
+ }
+
+ public void decode(InputStream in) throws CertificateException, IOException {
DerValue derVal = new DerValue(in);
-
+
construct(derVal);
}
-
- public void set(String name, Object obj)
- throws CertificateException, IOException
- { }
-
- public Object get(String name)
- throws CertificateException, IOException
- {
+
+ public void set(String name, Object obj) throws CertificateException,
+ IOException {
+ }
+
+ public Object get(String name) throws CertificateException, IOException {
if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) {
return kue_digital_signature;
}
@@ -85,107 +78,82 @@ public class ExtensionsRequested implements CertAttrSet {
throw new IOException("Unsupported attribute queried");
}
-
- public void delete(String name)
- throws CertificateException, IOException
- {
+
+ public void delete(String name) throws CertificateException, IOException {
+ }
+
+ public Enumeration getElements() {
+ return (new Hashtable()).elements();
+ }
+
+ public String getName() {
+ return NAME;
}
- public Enumeration getElements()
- { return (new Hashtable()).elements();}
-
- public String getName()
- { return NAME;}
-
-
-
-/**
- construct - expects this in the inputstream (from the router):
-
- 211 30 31: SEQUENCE {
- 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
- 225 31 17: SET {
- 227 04 15: OCTET STRING, encapsulates {
- 229 30 13: SEQUENCE {
- 231 30 11: SEQUENCE {
- 233 06 3: OBJECT IDENTIFIER keyUsage (2 5 29 15)
- 238 04 4: OCTET STRING
- : 03 02 05 A0
- : }
- : }
- : }
-
- or this (from IRE client):
-
- 262 30 51: SEQUENCE {
- 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
- 275 31 38: SET {
- 277 30 36: SEQUENCE {
- 279 30 34: SEQUENCE {
- 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17)
- 286 04 27: OCTET STRING
- : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
- : 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
- : }
- : }
- : }
- : }
-
-
- */
+ /**
+ * construct - expects this in the inputstream (from the router):
+ *
+ * 211 30 31: SEQUENCE { 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9
+ * 8' 225 31 17: SET { 227 04 15: OCTET STRING, encapsulates { 229 30 13:
+ * SEQUENCE { 231 30 11: SEQUENCE { 233 06 3: OBJECT IDENTIFIER keyUsage (2
+ * 5 29 15) 238 04 4: OCTET STRING : 03 02 05 A0 : } : } : }
+ *
+ * or this (from IRE client):
+ *
+ * 262 30 51: SEQUENCE { 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840
+ * 113549 1 9 14) 275 31 38: SET { 277 30 36: SEQUENCE { 279 30 34: SEQUENCE
+ * { 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 286 04 27: OCTET
+ * STRING : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 : 61 61 2E 6D 63
+ * 6F 6D 2E 63 6F 6D : } : } : } : }
+ */
private void construct(DerValue dv) throws IOException {
- DerInputStream stream = null;
- DerValue[] dvs;
+ DerInputStream stream = null;
+ DerValue[] dvs;
- try { // try decoding as sequence first
+ try { // try decoding as sequence first
- stream = dv.toDerInputStream();
+ stream = dv.toDerInputStream();
- DerValue stream_dv = stream.getDerValue();
- stream.reset();
-
+ DerValue stream_dv = stream.getDerValue();
+ stream.reset();
- dvs = stream.getSequence(2);
- }
- catch (IOException ioe) {
- // if it failed, the outer sequence may be
- // encapsulated in an octet string, as in the first
- // example above
+ dvs = stream.getSequence(2);
+ } catch (IOException ioe) {
+ // if it failed, the outer sequence may be
+ // encapsulated in an octet string, as in the first
+ // example above
- byte[] octet_string = dv.getOctetString();
+ byte[] octet_string = dv.getOctetString();
- // Make a new input stream from the byte array,
- // and re-parse it as a sequence.
+ // Make a new input stream from the byte array,
+ // and re-parse it as a sequence.
- dv = new DerValue(octet_string);
+ dv = new DerValue(octet_string);
- stream = dv.toDerInputStream();
- dvs = stream.getSequence(2);
- }
+ stream = dv.toDerInputStream();
+ dvs = stream.getSequence(2);
+ }
- // now, the stream will be in the correct format
- stream.reset();
+ // now, the stream will be in the correct format
+ stream.reset();
- while (true) {
- DerValue ext_dv=null;
- try {
- ext_dv = stream.getDerValue();
- }
- catch (IOException ex) {
- break;
- }
+ while (true) {
+ DerValue ext_dv = null;
+ try {
+ ext_dv = stream.getDerValue();
+ } catch (IOException ex) {
+ break;
+ }
- Extension ext = new Extension(ext_dv);
- exts.addElement(ext);
- }
+ Extension ext = new Extension(ext_dv);
+ exts.addElement(ext);
+ }
}
- public Vector getExtensions() {
- return exts;
- }
+ public Vector getExtensions() {
+ return exts;
+ }
}
-
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
index 759238d9..3d0f788e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Enumeration;
import java.util.Hashtable;
@@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
-
/**
* Authentication Credentials as input to the authMgr
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class AuthCredentials implements IAuthCredentials {
@@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials {
*/
private static final long serialVersionUID = -5995164231849154265L;
private Hashtable authCreds = null;
- // Inserted by bskim
+ // Inserted by bskim
private IArgBlock argblk = null;
+
// Insert end
-
+
public AuthCredentials() {
authCreds = new Hashtable();
}
/**
* sets a credential with credential name and the credential
+ *
* @param name credential name
* @param cred credential
* @exception com.netscape.certsrv.base.EBaseException NullPointerException
*/
- public void set(String name, Object cred)throws EBaseException {
+ public void set(String name, Object cred) throws EBaseException {
if (cred == null) {
throw new EBaseException("AuthCredentials.set()");
}
@@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials {
/**
* returns the credential to which the specified name is mapped in this
- * credential set
+ * credential set
+ *
* @param name credential name
* @return the named authentication credential
*/
@@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials {
}
/**
- * removes the name and its corresponding credential from this
- * credential set. This method does nothing if the named
- * credential is not in the credential set.
+ * removes the name and its corresponding credential from this credential
+ * set. This method does nothing if the named credential is not in the
+ * credential set.
+ *
* @param name credential name
*/
public void delete(String name) {
@@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials {
}
/**
- * returns an enumeration of the credentials in this credential
- * set. Use the Enumeration methods on the returned object to
- * fetch the elements sequentially.
+ * returns an enumeration of the credentials in this credential set. Use the
+ * Enumeration methods on the returned object to fetch the elements
+ * sequentially.
+ *
* @return an enumeration of the values in this credential set
* @see java.util.Enumeration
*/
public Enumeration getElements() {
return (authCreds.elements());
}
-
+
// Inserted by bskim
public void setArgBlock(IArgBlock blk) {
argblk = blk;
return;
- }
+ }
// Insert end
-
+
public IArgBlock getArgBlock() {
return argblk;
- }
+ }
// Insert end
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
index 03cb83f6..1eabe780 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -94,33 +93,31 @@ import com.netscape.certsrv.request.RequestStatus;
/**
* Utility CMCOutputTemplate
- *
+ *
* @version $ $, $Date$
*/
public class CMCOutputTemplate {
public CMCOutputTemplate() {
}
- public void createFullResponseWithFailedStatus(HttpServletResponse resp,
- SEQUENCE bpids, int code, UTF8String s) {
+ public void createFullResponseWithFailedStatus(HttpServletResponse resp,
+ SEQUENCE bpids, int code, UTF8String s) {
SEQUENCE controlSeq = new SEQUENCE();
SEQUENCE cmsSeq = new SEQUENCE();
SEQUENCE otherMsgSeq = new SEQUENCE();
int bpid = 1;
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(code), null);
- CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
- new INTEGER(CMCStatusInfo.FAILED),
- bpids, s, otherInfo);
- TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(code),
+ null);
+ CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(new INTEGER(
+ CMCStatusInfo.FAILED), bpids, s, otherInfo);
+ TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
try {
- ResponseBody respBody = new ResponseBody(controlSeq,
- cmsSeq, otherMsgSeq);
+ ResponseBody respBody = new ResponseBody(controlSeq, cmsSeq,
+ otherMsgSeq);
SET certs = new SET();
ContentInfo contentInfo = getContentInfo(respBody, certs);
@@ -137,13 +134,14 @@ public class CMCOutputTemplate {
os.write(contentBytes);
os.flush();
} catch (Exception e) {
- CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "
+ + e.toString());
return;
}
}
- public void createFullResponse(HttpServletResponse resp, IRequest []reqs,
- String cert_request_type, int[] error_codes) {
+ public void createFullResponse(HttpServletResponse resp, IRequest[] reqs,
+ String cert_request_type, int[] error_codes) {
SEQUENCE controlSeq = new SEQUENCE();
SEQUENCE cmsSeq = new SEQUENCE();
@@ -156,113 +154,106 @@ public class CMCOutputTemplate {
SEQUENCE pending_bpids = null;
SEQUENCE success_bpids = null;
SEQUENCE failed_bpids = null;
- if (cert_request_type.equals("crmf") ||
- cert_request_type.equals("pkcs10")) {
+ if (cert_request_type.equals("crmf")
+ || cert_request_type.equals("pkcs10")) {
String reqId = reqs[0].getRequestId().toString();
OtherInfo otherInfo = null;
if (error_codes[0] == 2) {
PendInfo pendInfo = new PendInfo(reqId, new Date());
- otherInfo = new OtherInfo(OtherInfo.PEND, null,
- pendInfo);
+ otherInfo = new OtherInfo(OtherInfo.PEND, null, pendInfo);
} else {
- otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_REQUEST), null);
+ otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(
+ OtherInfo.BAD_REQUEST), null);
}
-
+
SEQUENCE bpids = new SEQUENCE();
bpids.addElement(new INTEGER(1));
- CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
- bpids, (String)null, otherInfo);
- TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.PENDING, bpids, (String) null, otherInfo);
+ TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
} else if (cert_request_type.equals("cmc")) {
pending_bpids = new SEQUENCE();
success_bpids = new SEQUENCE();
failed_bpids = new SEQUENCE();
if (reqs != null) {
- for (int i=0; i<reqs.length; i++) {
+ for (int i = 0; i < reqs.length; i++) {
if (error_codes[i] == 0) {
- success_bpids.addElement(new INTEGER(
- reqs[i].getExtDataInBigInteger("bodyPartId")));
+ success_bpids.addElement(new INTEGER(reqs[i]
+ .getExtDataInBigInteger("bodyPartId")));
} else if (error_codes[i] == 2) {
- pending_bpids.addElement(new INTEGER(
- reqs[i].getExtDataInBigInteger("bodyPartId")));
+ pending_bpids.addElement(new INTEGER(reqs[i]
+ .getExtDataInBigInteger("bodyPartId")));
} else {
- failed_bpids.addElement(new INTEGER(
- reqs[i].getExtDataInBigInteger("bodyPartId")));
- }
+ failed_bpids.addElement(new INTEGER(reqs[i]
+ .getExtDataInBigInteger("bodyPartId")));
+ }
}
}
TaggedAttribute tagattr = null;
CMCStatusInfo cmcStatusInfo = null;
- SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof");
+ SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof");
if (identityBpids != null && identityBpids.size() > 0) {
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_IDENTITY), null);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_IDENTITY), null);
cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
- identityBpids, (String)null, otherInfo);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ identityBpids, (String) null, otherInfo);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
}
- SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness");
+ SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context
+ .get("POPLinkWitness");
if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) {
OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_REQUEST), null);
+ new INTEGER(OtherInfo.BAD_REQUEST), null);
cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
- POPLinkWitnessBpids, (String)null, otherInfo);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ POPLinkWitnessBpids, (String) null, otherInfo);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(tagattr);
}
if (pending_bpids.size() > 0) {
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
- pending_bpids, (String)null, null);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
- controlSeq.addElement(tagattr);
- }
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
+ pending_bpids, (String) null, null);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ controlSeq.addElement(tagattr);
+ }
if (success_bpids.size() > 0) {
boolean confirmRequired = false;
try {
- confirmRequired =
- CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired",
- false);
- } catch (Exception e) {
+ confirmRequired = CMS.getConfigStore().getBoolean(
+ "cmc.cert.confirmRequired", false);
+ } catch (Exception e) {
}
if (confirmRequired) {
CMS.debug("CMCOutputTemplate: confirmRequired in the request");
- cmcStatusInfo =
- new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED,
- success_bpids, (String)null, null);
+ cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.CONFIRM_REQUIRED, success_bpids,
+ (String) null, null);
} else {
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
- success_bpids, (String)null, null);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
+ success_bpids, (String) null, null);
}
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
- controlSeq.addElement(tagattr);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ controlSeq.addElement(tagattr);
}
if (failed_bpids.size() > 0) {
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_REQUEST), null);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
- failed_bpids, (String)null, otherInfo);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
- controlSeq.addElement(tagattr);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_REQUEST), null);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+ failed_bpids, (String) null, otherInfo);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ controlSeq.addElement(tagattr);
}
}
@@ -270,80 +261,80 @@ public class CMCOutputTemplate {
try {
// deal with controls
- Integer nums = (Integer)(context.get("numOfControls"));
+ Integer nums = (Integer) (context.get("numOfControls"));
if (nums != null && nums.intValue() > 0) {
- TaggedAttribute attr =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+ TaggedAttribute attr = (TaggedAttribute) (context
+ .get(OBJECT_IDENTIFIER.id_cmc_getCert));
if (attr != null) {
try {
processGetCertControl(attr, certs);
} catch (EBaseException ee) {
- CMS.debug("CMCOutputTemplate: "+ee.toString());
+ CMS.debug("CMCOutputTemplate: " + ee.toString());
OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_CERT_ID), null);
+ new INTEGER(OtherInfo.BAD_CERT_ID), null);
SEQUENCE bpids1 = new SEQUENCE();
bpids1.addElement(attr.getBodyPartID());
CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo(
- new INTEGER(CMCStatusInfo.FAILED),
- bpids1, null, otherInfo1);
+ new INTEGER(CMCStatusInfo.FAILED), bpids1,
+ null, otherInfo1);
TaggedAttribute tagattr1 = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo1);
controlSeq.addElement(tagattr1);
}
}
- attr =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn));
+ attr = (TaggedAttribute) (context
+ .get(OBJECT_IDENTIFIER.id_cmc_dataReturn));
if (attr != null)
bpid = processDataReturnControl(attr, controlSeq, bpid);
- attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId);
+ attr = (TaggedAttribute) context
+ .get(OBJECT_IDENTIFIER.id_cmc_transactionId);
if (attr != null)
bpid = processTransactionControl(attr, controlSeq, bpid);
- attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce);
+ attr = (TaggedAttribute) context
+ .get(OBJECT_IDENTIFIER.id_cmc_senderNonce);
if (attr != null)
bpid = processSenderNonceControl(attr, controlSeq, bpid);
- attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending);
+ attr = (TaggedAttribute) context
+ .get(OBJECT_IDENTIFIER.id_cmc_QueryPending);
if (attr != null)
- bpid = processQueryPendingControl(attr, controlSeq, bpid);
+ bpid = processQueryPendingControl(attr, controlSeq, bpid);
- attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance);
+ attr = (TaggedAttribute) context
+ .get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance);
- if (attr != null)
- bpid = processConfirmCertAcceptanceControl(attr, controlSeq,
- bpid);
+ if (attr != null)
+ bpid = processConfirmCertAcceptanceControl(attr,
+ controlSeq, bpid);
- attr =
- (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest);
+ attr = (TaggedAttribute) context
+ .get(OBJECT_IDENTIFIER.id_cmc_revokeRequest);
- if (attr != null)
- bpid = processRevokeRequestControl(attr, controlSeq,
- bpid);
+ if (attr != null)
+ bpid = processRevokeRequestControl(attr, controlSeq, bpid);
}
if (success_bpids != null && success_bpids.size() > 0) {
- for (int i=0; i<reqs.length; i++) {
+ for (int i = 0; i < reqs.length; i++) {
if (error_codes[i] == 0) {
- X509CertImpl impl =
- (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
+ X509CertImpl impl = (reqs[i]
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
byte[] bin = impl.getEncoded();
Certificate.Template certTemplate = new Certificate.Template();
- Certificate cert = (Certificate)certTemplate.decode(
- new ByteArrayInputStream(bin));
+ Certificate cert = (Certificate) certTemplate
+ .decode(new ByteArrayInputStream(bin));
certs.addElement(cert);
}
}
}
- ResponseBody respBody = new ResponseBody(controlSeq,
- cmsSeq, otherMsgSeq);
+ ResponseBody respBody = new ResponseBody(controlSeq, cmsSeq,
+ otherMsgSeq);
ContentInfo contentInfo = getContentInfo(respBody, certs);
ByteArrayOutputStream fos = new ByteArrayOutputStream();
@@ -354,16 +345,16 @@ public class CMCOutputTemplate {
resp.setContentType("application/pkcs7-mime");
resp.setContentLength(contentBytes.length);
OutputStream os = resp.getOutputStream();
- os.write(contentBytes);
+ os.write(contentBytes);
os.flush();
} catch (java.security.cert.CertificateEncodingException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (InvalidBERException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (IOException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (Exception e) {
- CMS.debug("Exception: "+e.toString());
+ CMS.debug("Exception: " + e.toString());
}
}
@@ -371,48 +362,46 @@ public class CMCOutputTemplate {
try {
ICertificateAuthority ca = null;
// add CA cert chain
- ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ca = (ICertificateAuthority) CMS.getSubsystem("ca");
CertificateChain certchains = ca.getCACertChain();
java.security.cert.X509Certificate[] chains = certchains.getChain();
- for (int i=0; i<chains.length; i++) {
+ for (int i = 0; i < chains.length; i++) {
Certificate.Template certTemplate = new Certificate.Template();
- Certificate cert = (Certificate)certTemplate.decode(
- new ByteArrayInputStream(chains[i].getEncoded()));
+ Certificate cert = (Certificate) certTemplate
+ .decode(new ByteArrayInputStream(chains[i].getEncoded()));
certs.addElement(cert);
}
-
+
EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(
- OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody);
+ OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody);
org.mozilla.jss.crypto.X509Certificate x509CAcert = null;
x509CAcert = ca.getCaX509Cert();
X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded());
- X500Name issuerName = (X500Name)caimpl.getIssuerDN();
+ X500Name issuerName = (X500Name) caimpl.getIssuerDN();
byte[] issuerByte = issuerName.getEncoded();
- ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte);
+ ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte);
Name issuer = (Name) Name.getTemplate().decode(istream);
- IssuerAndSerialNumber ias = new IssuerAndSerialNumber(
- issuer, new INTEGER(x509CAcert.getSerialNumber().toString()));
+ IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer,
+ new INTEGER(x509CAcert.getSerialNumber().toString()));
SignerIdentifier si = new SignerIdentifier(
- SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+ SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
// use CA instance's default signature and digest algorithm
SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm();
- org.mozilla.jss.crypto.PrivateKey privKey =
- CryptoManager.getInstance().findPrivKeyByCert(x509CAcert);
-/*
- org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
- if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
- signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
- } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
- signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
- } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) {
- signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest;
- } else {
- CMS.debug( "CMCOutputTemplate::getContentInfo() - "
- + "signAlg is unsupported!" );
- return null;
- }
-*/
+ org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager
+ .getInstance().findPrivKeyByCert(x509CAcert);
+ /*
+ * org.mozilla.jss.crypto.PrivateKey.Type keyType =
+ * privKey.getType(); if( keyType.equals(
+ * org.mozilla.jss.crypto.PrivateKey.RSA ) ) { signAlg =
+ * SignatureAlgorithm.RSASignatureWithSHA1Digest; } else if(
+ * keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
+ * signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else
+ * if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) {
+ * signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; } else {
+ * CMS.debug( "CMCOutputTemplate::getContentInfo() - " +
+ * "signAlg is unsupported!" ); return null; }
+ */
DigestAlgorithm digestAlg = signAlg.getDigestAlg();
MessageDigest msgDigest = null;
byte[] digest = null;
@@ -424,10 +413,9 @@ public class CMCOutputTemplate {
respBody.encode((OutputStream) ostream);
digest = msgDigest.digest(ostream.toByteArray());
- SignerInfo signInfo = new
- SignerInfo(si, null, null,
- OBJECT_IDENTIFIER.id_cct_PKIResponse,
- digest, signAlg, privKey);
+ SignerInfo signInfo = new SignerInfo(si, null, null,
+ OBJECT_IDENTIFIER.id_cct_PKIResponse, digest, signAlg,
+ privKey);
SET signInfos = new SET();
signInfos.addElement(signInfo);
@@ -435,31 +423,32 @@ public class CMCOutputTemplate {
SET digestAlgs = new SET();
if (digestAlg != null) {
- AlgorithmIdentifier ai = new
- AlgorithmIdentifier(digestAlg.toOID(), null);
-
+ AlgorithmIdentifier ai = new AlgorithmIdentifier(
+ digestAlg.toOID(), null);
+
digestAlgs.addElement(ai);
}
- SignedData signedData = new SignedData(digestAlgs,
- enContentInfo, certs, null, signInfos);
+ SignedData signedData = new SignedData(digestAlgs, enContentInfo,
+ certs, null, signInfos);
ContentInfo contentInfo = new ContentInfo(signedData);
CMS.debug("CMCOutputTemplate::getContentInfo() - done");
return contentInfo;
} catch (Exception e) {
- CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "
+ + e.toString());
}
- return null;
+ return null;
}
- public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) {
+ public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) {
SET certs = new SET();
SessionContext context = SessionContext.getContext();
try {
- TaggedAttribute attr =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+ TaggedAttribute attr = (TaggedAttribute) (context
+ .get(OBJECT_IDENTIFIER.id_cmc_getCert));
processGetCertControl(attr, certs);
- } catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("CMCOutputTemplate: No certificate is found.");
}
@@ -468,38 +457,42 @@ public class CMCOutputTemplate {
// oid for id-data
OBJECT_IDENTIFIER oid = new OBJECT_IDENTIFIER("1.2.840.113549.1.7.1");
- EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(oid, null);
+ EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(
+ oid, null);
try {
if (reqs != null) {
- for (int i=0; i<reqs.length; i++) {
- X509CertImpl impl =
- (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
+ for (int i = 0; i < reqs.length; i++) {
+ X509CertImpl impl = (reqs[i]
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
byte[] bin = impl.getEncoded();
Certificate.Template certTemplate = new Certificate.Template();
- Certificate cert =
- (Certificate)certTemplate.decode(new ByteArrayInputStream(bin));
+ Certificate cert = (Certificate) certTemplate
+ .decode(new ByteArrayInputStream(bin));
certs.addElement(cert);
}
// Get CA certs
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
CertificateChain certchains = ca.getCACertChain();
- java.security.cert.X509Certificate[] chains = certchains.getChain();
+ java.security.cert.X509Certificate[] chains = certchains
+ .getChain();
- for (int i=0; i<chains.length; i++) {
+ for (int i = 0; i < chains.length; i++) {
Certificate.Template certTemplate = new Certificate.Template();
- Certificate cert = (Certificate)certTemplate.decode(
- new ByteArrayInputStream(chains[i].getEncoded()));
+ Certificate cert = (Certificate) certTemplate
+ .decode(new ByteArrayInputStream(chains[i]
+ .getEncoded()));
certs.addElement(cert);
}
}
-
+
if (certs.size() == 0)
return;
SignedData signedData = new SignedData(digestAlgorithms,
- enContentInfo, certs, null, signedInfos);
+ enContentInfo, certs, null, signedInfos);
ContentInfo contentInfo = new ContentInfo(signedData);
ByteArrayOutputStream fos = new ByteArrayOutputStream();
@@ -510,48 +503,47 @@ public class CMCOutputTemplate {
resp.setContentType("application/pkcs7-mime");
resp.setContentLength(contentBytes.length);
OutputStream os = resp.getOutputStream();
- os.write(contentBytes);
+ os.write(contentBytes);
os.flush();
} catch (java.security.cert.CertificateEncodingException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (InvalidBERException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
} catch (IOException e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
}
}
- private int processConfirmCertAcceptanceControl(
- TaggedAttribute attr, SEQUENCE controlSeq, int bpid) {
+ private int processConfirmCertAcceptanceControl(TaggedAttribute attr,
+ SEQUENCE controlSeq, int bpid) {
if (attr != null) {
INTEGER bodyId = attr.getBodyPartID();
SEQUENCE seq = new SEQUENCE();
- seq.addElement(bodyId);
+ seq.addElement(bodyId);
SET values = attr.getValues();
if (values != null && values.size() > 0) {
try {
- CMCCertId cmcCertId =
- (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(),
- ASN1Util.encode(values.elementAt(0))));
- BigInteger serialno = (BigInteger)(cmcCertId.getSerial());
- SEQUENCE issuers = cmcCertId.getIssuer();
- //ANY issuer = (ANY)issuers.elementAt(0);
- ANY issuer =
- (ANY)(ASN1Util.decode(ANY.getTemplate(),
- ASN1Util.encode(issuers.elementAt(0))));
+ CMCCertId cmcCertId = (CMCCertId) (ASN1Util.decode(
+ CMCCertId.getTemplate(),
+ ASN1Util.encode(values.elementAt(0))));
+ BigInteger serialno = (BigInteger) (cmcCertId.getSerial());
+ SEQUENCE issuers = cmcCertId.getIssuer();
+ // ANY issuer = (ANY)issuers.elementAt(0);
+ ANY issuer = (ANY) (ASN1Util.decode(ANY.getTemplate(),
+ ASN1Util.encode(issuers.elementAt(0))));
byte[] b = issuer.getEncoded();
X500Name n = new X500Name(b);
ICertificateAuthority ca = null;
- ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ca = (ICertificateAuthority) CMS.getSubsystem("ca");
X500Name caName = ca.getX500Name();
boolean confirmAccepted = false;
if (n.toString().equalsIgnoreCase(caName.toString())) {
CMS.debug("CMCOutputTemplate: Issuer names are equal");
- ICertificateRepository repository =
- (ICertificateRepository)ca.getCertificateRepository();
+ ICertificateRepository repository = (ICertificateRepository) ca
+ .getCertificateRepository();
X509CertImpl impl = null;
try {
- repository.getX509Certificate(serialno);
+ repository.getX509Certificate(serialno);
} catch (EBaseException ee) {
CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found");
}
@@ -559,81 +551,85 @@ public class CMCOutputTemplate {
CMCStatusInfo cmcStatusInfo = null;
if (confirmAccepted) {
CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository.");
- cmcStatusInfo =
- new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq,
- (String)null, null);
+ cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.SUCCESS, seq, (String) null, null);
} else {
CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository.");
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
- new INTEGER(OtherInfo.BAD_CERT_ID), null);
- cmcStatusInfo =
- new CMCStatusInfo(CMCStatusInfo.FAILED, seq,
- (String)null, otherInfo);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_CERT_ID), null);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+ seq, (String) null, otherInfo);
}
TaggedAttribute statustagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
- controlSeq.addElement(statustagattr);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
+ controlSeq.addElement(statustagattr);
} catch (Exception e) {
- CMS.debug("CMCOutputTemplate exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate exception: " + e.toString());
}
- }
+ }
}
return bpid;
}
private void processGetCertControl(TaggedAttribute attr, SET certs)
- throws InvalidBERException, java.security.cert.CertificateEncodingException,
- IOException, EBaseException {
+ throws InvalidBERException,
+ java.security.cert.CertificateEncodingException, IOException,
+ EBaseException {
if (attr != null) {
SET vals = attr.getValues();
if (vals.size() == 1) {
- GetCert getCert =
- (GetCert)(ASN1Util.decode(GetCert.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
- BigInteger serialno = (BigInteger)(getCert.getSerialNumber());
- ANY issuer = (ANY)getCert.getIssuer();
+ GetCert getCert = (GetCert) (ASN1Util.decode(
+ GetCert.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
+ BigInteger serialno = (BigInteger) (getCert.getSerialNumber());
+ ANY issuer = (ANY) getCert.getIssuer();
byte b[] = issuer.getEncoded();
X500Name n = new X500Name(b);
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
X500Name caName = ca.getX500Name();
if (!n.toString().equalsIgnoreCase(caName.toString())) {
CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control");
throw new EBaseException("Certificate is not found");
}
- ICertificateRepository repository =
- (ICertificateRepository)ca.getCertificateRepository();
+ ICertificateRepository repository = (ICertificateRepository) ca
+ .getCertificateRepository();
X509CertImpl impl = repository.getX509Certificate(serialno);
byte[] bin = impl.getEncoded();
Certificate.Template certTemplate = new Certificate.Template();
- Certificate cert =
- (Certificate)certTemplate.decode(new ByteArrayInputStream(bin));
+ Certificate cert = (Certificate) certTemplate
+ .decode(new ByteArrayInputStream(bin));
certs.addElement(cert);
}
}
}
-
+
private int processQueryPendingControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) {
+ SEQUENCE controlSeq, int bpid) {
if (attr != null) {
SET values = attr.getValues();
- if (values != null && values.size() > 0) {
+ if (values != null && values.size() > 0) {
SEQUENCE pending_bpids = new SEQUENCE();
SEQUENCE success_bpids = new SEQUENCE();
SEQUENCE failed_bpids = new SEQUENCE();
- for (int i=0; i<values.size(); i++) {
+ for (int i = 0; i < values.size(); i++) {
try {
- INTEGER reqId = (INTEGER)
- ASN1Util.decode(INTEGER.getTemplate(),
- ASN1Util.encode(values.elementAt(i)));
+ INTEGER reqId = (INTEGER) ASN1Util.decode(
+ INTEGER.getTemplate(),
+ ASN1Util.encode(values.elementAt(i)));
String requestId = new String(reqId.toByteArray());
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
IRequestQueue queue = ca.getRequestQueue();
- IRequest r = queue.findRequest(new RequestId(requestId));
+ IRequest r = queue
+ .findRequest(new RequestId(requestId));
if (r != null) {
- Integer result = r.getExtDataInInteger(IRequest.RESULT);
+ Integer result = r
+ .getExtDataInInteger(IRequest.RESULT);
RequestStatus status = r.getRequestStatus();
if (status.equals(RequestStatus.PENDING)) {
pending_bpids.addElement(reqId);
@@ -648,44 +644,47 @@ public class CMCOutputTemplate {
}
if (pending_bpids.size() > 0) {
- CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
- pending_bpids, (String)null, null);
- TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.PENDING, pending_bpids,
+ (String) null, null);
+ TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(
+ bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
}
if (success_bpids.size() > 0) {
- CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
- pending_bpids, (String)null, null);
- TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.SUCCESS, pending_bpids,
+ (String) null, null);
+ TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(
+ bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
}
if (failed_bpids.size() > 0) {
- CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
- pending_bpids, (String)null, null);
- TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.FAILED, pending_bpids, (String) null,
+ null);
+ TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(
+ bpid++), OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
}
- }
+ }
}
return bpid;
}
- private int processTransactionControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) {
+ private int processTransactionControl(TaggedAttribute attr,
+ SEQUENCE controlSeq, int bpid) {
if (attr != null) {
SET transIds = attr.getValues();
if (transIds != null) {
- TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId,
- transIds);
+ TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(
+ bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId,
+ transIds);
controlSeq.addElement(tagattr);
}
}
@@ -694,28 +693,29 @@ public class CMCOutputTemplate {
}
private int processSenderNonceControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) {
+ SEQUENCE controlSeq, int bpid) {
if (attr != null) {
SET sNonce = attr.getValues();
if (sNonce != null) {
- TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce,
- sNonce);
+ TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(
+ bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce,
+ sNonce);
controlSeq.addElement(tagattr);
Date date = new Date();
- String salt = "lala123"+date.toString();
+ String salt = "lala123" + date.toString();
byte[] dig;
try {
- MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
+ MessageDigest SHA1Digest = MessageDigest
+ .getInstance("SHA1");
dig = SHA1Digest.digest(salt.getBytes());
} catch (NoSuchAlgorithmException ex) {
dig = salt.getBytes();
}
String b64E = CMS.BtoA(dig);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce,
- new OCTET_STRING(b64E.getBytes()));
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING(
+ b64E.getBytes()));
controlSeq.addElement(tagattr);
}
}
@@ -723,29 +723,28 @@ public class CMCOutputTemplate {
return bpid;
}
- private int processDataReturnControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) throws InvalidBERException {
+ private int processDataReturnControl(TaggedAttribute attr,
+ SEQUENCE controlSeq, int bpid) throws InvalidBERException {
if (attr != null) {
SET vals = attr.getValues();
-
+
if (vals.size() > 0) {
- OCTET_STRING str =
- (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
- TaggedAttribute tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_dataReturn, str);
- controlSeq.addElement(tagattr);
+ OCTET_STRING str = (OCTET_STRING) (ASN1Util.decode(
+ OCTET_STRING.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
+ TaggedAttribute tagattr = new TaggedAttribute(new INTEGER(
+ bpid++), OBJECT_IDENTIFIER.id_cmc_dataReturn, str);
+ controlSeq.addElement(tagattr);
}
- }
+ }
return bpid;
}
- private int processRevokeRequestControl(TaggedAttribute attr,
- SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException,
- IOException {
+ private int processRevokeRequestControl(TaggedAttribute attr,
+ SEQUENCE controlSeq, int bpid) throws InvalidBERException,
+ EBaseException, IOException {
boolean revoke = false;
SessionContext context = SessionContext.getContext();
if (attr != null) {
@@ -753,39 +752,49 @@ public class CMCOutputTemplate {
CMCStatusInfo cmcStatusInfo = null;
SET vals = attr.getValues();
if (vals.size() > 0) {
- RevRequest revRequest =
- (RevRequest)(ASN1Util.decode(new RevRequest.Template(),
- ASN1Util.encode(vals.elementAt(0))));
+ RevRequest revRequest = (RevRequest) (ASN1Util.decode(
+ new RevRequest.Template(),
+ ASN1Util.encode(vals.elementAt(0))));
OCTET_STRING str = revRequest.getSharedSecret();
- INTEGER pid = attr.getBodyPartID();
+ INTEGER pid = attr.getBodyPartID();
TaggedAttribute tagattr = null;
INTEGER revokeCertSerial = revRequest.getSerialNumber();
- BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray());
+ BigInteger revokeSerial = new BigInteger(
+ revokeCertSerial.toByteArray());
if (str == null) {
boolean needVerify = true;
try {
- needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true);
+ needVerify = CMS.getConfigStore().getBoolean(
+ "cmc.revokeCert.verify", true);
} catch (Exception e) {
}
-
+
if (needVerify) {
- Integer num1 = (Integer)context.get("numOfOtherMsgs");
+ Integer num1 = (Integer) context.get("numOfOtherMsgs");
int num = num1.intValue();
- for (int i=0; i<num; i++) {
- OtherMsg data = (OtherMsg)context.get("otherMsg"+i);
- INTEGER dpid = data.getBodyPartID();
+ for (int i = 0; i < num; i++) {
+ OtherMsg data = (OtherMsg) context.get("otherMsg"
+ + i);
+ INTEGER dpid = data.getBodyPartID();
if (pid.longValue() == dpid.longValue()) {
- ANY msgValue = data.getOtherMsgValue();
- SignedData msgData =
- (SignedData)msgValue.decodeWith(SignedData.getTemplate());
+ ANY msgValue = data.getOtherMsgValue();
+ SignedData msgData = (SignedData) msgValue
+ .decodeWith(SignedData.getTemplate());
if (!verifyRevRequestSignature(msgData)) {
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
+ OtherInfo otherInfo = new OtherInfo(
+ OtherInfo.FAIL,
+ new INTEGER(
+ OtherInfo.BAD_MESSAGE_CHECK),
+ null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+ cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.FAILED, failed_bpids,
+ (String) null, otherInfo);
tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -794,13 +803,14 @@ public class CMCOutputTemplate {
}
revoke = true;
- // check shared secret
+ // check shared secret
} else {
ISharedToken tokenClass = null;
boolean sharedSecretFound = true;
String name = null;
try {
- name = CMS.getConfigStore().getString("cmc.revokeCert.sharedSecret.class");
+ name = CMS.getConfigStore().getString(
+ "cmc.revokeCert.sharedSecret.class");
} catch (EPropertyNotFound e) {
CMS.debug("EnrollProfile: Failed to find the token class in the configuration file.");
sharedSecretFound = false;
@@ -810,27 +820,32 @@ public class CMCOutputTemplate {
}
try {
- tokenClass = (ISharedToken)Class.forName(name).newInstance();
+ tokenClass = (ISharedToken) Class.forName(name)
+ .newInstance();
} catch (ClassNotFoundException e) {
- CMS.debug("EnrollProfile: Failed to find class name: "+name);
+ CMS.debug("EnrollProfile: Failed to find class name: "
+ + name);
sharedSecretFound = false;
} catch (InstantiationException e) {
- CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+ CMS.debug("EnrollProfile: Failed to instantiate class: "
+ + name);
sharedSecretFound = false;
} catch (IllegalAccessException e) {
- CMS.debug("EnrollProfile: Illegal access: "+name);
+ CMS.debug("EnrollProfile: Illegal access: " + name);
sharedSecretFound = false;
}
if (!sharedSecretFound) {
CMS.debug("CMCOutputTemplate: class for shared secret was not found.");
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+ failed_bpids, (String) null, otherInfo);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -843,13 +858,15 @@ public class CMCOutputTemplate {
if (sharedSecret == null) {
CMS.debug("CMCOutputTemplate: class for shared secret was not found.");
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+ failed_bpids, (String) null, otherInfo);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -861,37 +878,44 @@ public class CMCOutputTemplate {
revoke = true;
} else {
CMS.debug("CMCOutputTemplate: Both client and server shared secret are not the same, cant revoke certificate.");
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+ failed_bpids, (String) null, otherInfo);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
- }
+ }
if (revoke) {
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
- ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository();
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
+ ICertificateRepository repository = (ICertificateRepository) ca
+ .getCertificateRepository();
ICertRecord record = null;
try {
record = repository.readCertificateRecord(revokeSerial);
} catch (EBaseException ee) {
- CMS.debug("CMCOutputTemplate: Exception: "+ee.toString());
+ CMS.debug("CMCOutputTemplate: Exception: "
+ + ee.toString());
}
if (record == null) {
CMS.debug("CMCOutputTemplate: The certificate is not found");
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_CERT_ID), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+ failed_bpids, (String) null, otherInfo);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -900,11 +924,12 @@ public class CMCOutputTemplate {
CMS.debug("CMCOutputTemplate: The certificate is already revoked.");
SEQUENCE success_bpids = new SEQUENCE();
success_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
- success_bpids, (String)null, null);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.SUCCESS, success_bpids,
+ (String) null, null);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -913,45 +938,58 @@ public class CMCOutputTemplate {
impls[0] = impl;
ENUMERATED n = revRequest.getReason();
RevocationReason reason = toRevocationReason(n);
- CRLReasonExtension crlReasonExtn = new CRLReasonExtension(reason);
+ CRLReasonExtension crlReasonExtn = new CRLReasonExtension(
+ reason);
CRLExtensions entryExtn = new CRLExtensions();
GeneralizedTime t = revRequest.getInvalidityDate();
InvalidityDateExtension invalidityDateExtn = null;
if (t != null) {
- invalidityDateExtn = new InvalidityDateExtension(t.toDate());
- entryExtn.set(invalidityDateExtn.getName(), invalidityDateExtn);
+ invalidityDateExtn = new InvalidityDateExtension(
+ t.toDate());
+ entryExtn.set(invalidityDateExtn.getName(),
+ invalidityDateExtn);
}
if (crlReasonExtn != null) {
entryExtn.set(crlReasonExtn.getName(), crlReasonExtn);
}
- RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn);
+ RevokedCertImpl revCertImpl = new RevokedCertImpl(
+ impl.getSerialNumber(), CMS.getCurrentDate(),
+ entryExtn);
RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1];
revCertImpls[0] = revCertImpl;
- IRequestQueue queue = ca.getRequestQueue();
- IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST);
+ IRequestQueue queue = ca.getRequestQueue();
+ IRequest revReq = queue
+ .newRequest(IRequest.REVOCATION_REQUEST);
revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
revReq.setExtData(IRequest.REVOKED_REASON,
Integer.valueOf(reason.toInt()));
UTF8String utfstr = revRequest.getComment();
if (utfstr != null)
- revReq.setExtData(IRequest.REQUESTOR_COMMENTS, utfstr.toString());
- revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
+ revReq.setExtData(IRequest.REQUESTOR_COMMENTS,
+ utfstr.toString());
+ revReq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_AGENT);
queue.processRequest(revReq);
RequestStatus stat = revReq.getRequestStatus();
if (stat == RequestStatus.COMPLETE) {
- Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
- CMS.debug("CMCOutputTemplate: revReq result = "+result);
+ Integer result = revReq
+ .getExtDataInInteger(IRequest.RESULT);
+ CMS.debug("CMCOutputTemplate: revReq result = "
+ + result);
if (result.equals(IRequest.RES_ERROR)) {
- CMS.debug("CMCOutputTemplate: revReq exception: " +
- revReq.getExtDataInString(IRequest.ERROR));
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null);
+ CMS.debug("CMCOutputTemplate: revReq exception: "
+ + revReq.getExtDataInString(IRequest.ERROR));
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_REQUEST), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.FAILED, failed_bpids,
+ (String) null, otherInfo);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
@@ -959,37 +997,42 @@ public class CMCOutputTemplate {
ILogger logger = CMS.getLogger();
String initiative = AuditFormat.FROMUSER;
- logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT, new Object[] {
- revReq.getRequestId(), initiative, "completed",
- impl.getSubjectDN(),
- impl.getSerialNumber().toString(16),
- reason.toString()});
+ logger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] { revReq.getRequestId(), initiative,
+ "completed", impl.getSubjectDN(),
+ impl.getSerialNumber().toString(16),
+ reason.toString() });
CMS.debug("CMCOutputTemplate: Certificate get revoked.");
SEQUENCE success_bpids = new SEQUENCE();
success_bpids.addElement(attrbpid);
cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
- success_bpids, (String)null, null);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ success_bpids, (String) null, null);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
} else {
- OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+ new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
SEQUENCE failed_bpids = new SEQUENCE();
failed_bpids.addElement(attrbpid);
- cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
- tagattr = new TaggedAttribute(
- new INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+ cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+ failed_bpids, (String) null, otherInfo);
+ tagattr = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
+ cmcStatusInfo);
controlSeq.addElement(tagattr);
return bpid;
}
}
}
- return bpid;
+ return bpid;
}
private RevocationReason toRevocationReason(ENUMERATED n) {
@@ -998,7 +1041,7 @@ public class CMCOutputTemplate {
return RevocationReason.UNSPECIFIED;
else if (code == RevRequest.affiliationChanged.getValue())
return RevocationReason.AFFILIATION_CHANGED;
- else if (code == RevRequest.cACompromise.getValue())
+ else if (code == RevRequest.cACompromise.getValue())
return RevocationReason.CA_COMPROMISE;
else if (code == RevRequest.certificateHold.getValue())
return RevocationReason.CERTIFICATE_HOLD;
@@ -1021,34 +1064,34 @@ public class CMCOutputTemplate {
try {
EncapsulatedContentInfo ci = msgData.getContentInfo();
OCTET_STRING content = ci.getContent();
- ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
- TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s);
+ ByteArrayInputStream s = new ByteArrayInputStream(
+ content.toByteArray());
+ TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template())
+ .decode(s);
SET values = tattr.getValues();
RevRequest revRequest = null;
if (values != null && values.size() > 0)
- revRequest =
- (RevRequest)(ASN1Util.decode(new RevRequest.Template(),
- ASN1Util.encode(values.elementAt(0))));
+ revRequest = (RevRequest) (ASN1Util.decode(
+ new RevRequest.Template(),
+ ASN1Util.encode(values.elementAt(0))));
SET dias = msgData.getDigestAlgorithmIdentifiers();
int numDig = dias.size();
Hashtable digs = new Hashtable();
- for (int i=0; i<numDig; i++) {
- AlgorithmIdentifier dai =
- (AlgorithmIdentifier) dias.elementAt(i);
- String name =
- DigestAlgorithm.fromOID(dai.getOID()).toString();
- MessageDigest md =
- MessageDigest.getInstance(name);
+ for (int i = 0; i < numDig; i++) {
+ AlgorithmIdentifier dai = (AlgorithmIdentifier) dias
+ .elementAt(i);
+ String name = DigestAlgorithm.fromOID(dai.getOID()).toString();
+ MessageDigest md = MessageDigest.getInstance(name);
byte[] digest = md.digest(content.toByteArray());
digs.put(name, digest);
}
SET sis = msgData.getSignerInfos();
- int numSis = sis.size();
- for (int i=0; i<numSis; i++) {
- org.mozilla.jss.pkix.cms.SignerInfo si =
- (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i);
+ int numSis = sis.size();
+ for (int i = 0; i < numSis; i++) {
+ org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis
+ .elementAt(i);
String name = si.getDigestAlgorithm().toString();
byte[] digest = (byte[]) digs.get(name);
if (digest == null) {
@@ -1058,23 +1101,30 @@ public class CMCOutputTemplate {
digest = md.digest(ostream.toByteArray());
}
SignerIdentifier sid = si.getSignerIdentifier();
- if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
- org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber =
- sid.getIssuerAndSerialNumber();
+ if (sid.getType().equals(
+ SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
+ org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber = sid
+ .getIssuerAndSerialNumber();
java.security.cert.X509Certificate cert = null;
if (msgData.hasCertificates()) {
SET certs = msgData.getCertificates();
int numCerts = certs.size();
- for (int j=0; j<numCerts; j++) {
- org.mozilla.jss.pkix.cert.Certificate certJss =
- (Certificate) certs.elementAt(j);
- org.mozilla.jss.pkix.cert.CertificateInfo certI =
- certJss.getInfo();
+ for (int j = 0; j < numCerts; j++) {
+ org.mozilla.jss.pkix.cert.Certificate certJss = (Certificate) certs
+ .elementAt(j);
+ org.mozilla.jss.pkix.cert.CertificateInfo certI = certJss
+ .getInfo();
Name issuer = certI.getIssuer();
byte[] issuerB = ASN1Util.encode(issuer);
INTEGER sn = certI.getSerialNumber();
- if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) &&
- sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
+ if (new String(issuerB)
+ .equalsIgnoreCase(new String(ASN1Util
+ .encode(issuerAndSerialNumber
+ .getIssuer())))
+ && sn.toString().equals(
+ issuerAndSerialNumber
+ .getSerialNumber()
+ .toString())) {
ByteArrayOutputStream os = new ByteArrayOutputStream();
certJss.encode(os);
cert = new X509CertImpl(os.toByteArray());
@@ -1082,23 +1132,25 @@ public class CMCOutputTemplate {
}
}
}
-
+
if (cert != null) {
PublicKey pbKey = cert.getPublicKey();
- String type = ((X509Key)pbKey).getAlgorithm();
+ String type = ((X509Key) pbKey).getAlgorithm();
PrivateKey.Type kType = PrivateKey.RSA;
if (type.equals("DSA"))
kType = PrivateKey.DSA;
- PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey());
+ PK11PubKey pubK = PK11PubKey.fromRaw(kType,
+ ((X509Key) pbKey).getKey());
si.verify(digest, ci.getContentType(), pubK);
return true;
}
- }
- }
-
+ }
+ }
+
return false;
} catch (Exception e) {
- CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString());
+ CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "
+ + e.toString());
return false;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
index 7f89297c..746a7c32 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.logging.ILogger;
-
/**
* CMSFile represents a file from the filesystem cached in memory
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSFile {
@@ -87,7 +85,8 @@ public class CMSFile {
}
protected void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, level, ILogger.S_OTHER, "CMSgateway:" + msg);
+ mLogger.log(ILogger.EV_SYSTEM, level, ILogger.S_OTHER, "CMSgateway:"
+ + msg);
}
public String toString() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
index bf4c3cf6..0d3fea99 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.File;
import java.io.IOException;
import java.util.Enumeration;
@@ -26,10 +25,9 @@ import java.util.Hashtable;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
-
/**
* CMSFileLoader - file cache.
- *
+ *
* @version $Revision$, $Date$
*/
@@ -45,14 +43,14 @@ public class CMSFileLoader {
// property to cache templates only
public final String PROP_CACHE_TEMPLATES_ONLY = "cacheTemplatesOnly";
- // hash of files to their content.
+ // hash of files to their content.
private Hashtable mLoadedFiles = new Hashtable();
- // max number of files
+ // max number of files
private int mMaxSize = MAX_SIZE;
// number of files to clear when max is reached.
- private int mClearSize = CLEAR_SIZE;
+ private int mClearSize = CLEAR_SIZE;
// whether to cache templates and forms only.
private boolean mCacheTemplatesOnly = true;
@@ -63,16 +61,17 @@ public class CMSFileLoader {
public void init(IConfigStore config) throws EBaseException {
mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE);
mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE);
- mCacheTemplatesOnly =
- config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true);
+ mCacheTemplatesOnly = config
+ .getBoolean(PROP_CACHE_TEMPLATES_ONLY, true);
}
// Changed by bskim
- //public byte[] get(String absPath) throws EBaseException, IOException {
- // File file = new File(absPath);
- // return get(file);
- //}
- public byte[] get(String absPath, String enc) throws EBaseException, IOException {
+ // public byte[] get(String absPath) throws EBaseException, IOException {
+ // File file = new File(absPath);
+ // return get(file);
+ // }
+ public byte[] get(String absPath, String enc) throws EBaseException,
+ IOException {
File file = new File(absPath);
return get(file, enc);
@@ -81,19 +80,20 @@ public class CMSFileLoader {
// Change end
// Changed by bskim
- //public byte[] get(File file) throws EBaseException, IOException {
- // CMSFile cmsFile = getCMSFile(file);
+ // public byte[] get(File file) throws EBaseException, IOException {
+ // CMSFile cmsFile = getCMSFile(file);
public byte[] get(File file, String enc) throws EBaseException, IOException {
CMSFile cmsFile = getCMSFile(file, enc);
- // Change end
+ // Change end
return cmsFile.getContent();
}
// Changed by bskim
- //public CMSFile getCMSFile(File file) throws EBaseException, IOException {
- public CMSFile getCMSFile(File file, String enc) throws EBaseException, IOException {
- // Change end
+ // public CMSFile getCMSFile(File file) throws EBaseException, IOException {
+ public CMSFile getCMSFile(File file, String enc) throws EBaseException,
+ IOException {
+ // Change end
String absPath = file.getAbsolutePath();
long modified = file.lastModified();
CMSFile cmsFile = (CMSFile) mLoadedFiles.get(absPath);
@@ -102,8 +102,8 @@ public class CMSFileLoader {
// new file.
if (cmsFile == null || modified != lastModified) {
// Changed by bskim
- //cmsFile = updateFile(absPath, file);
- cmsFile = updateFile(absPath, file, enc);
+ // cmsFile = updateFile(absPath, file);
+ cmsFile = updateFile(absPath, file, enc);
// Change end
}
cmsFile.setLastAccess(System.currentTimeMillis());
@@ -111,10 +111,10 @@ public class CMSFileLoader {
}
// Changed by bskim
- //private CMSFile updateFile(String absPath, File file)
- private CMSFile updateFile(String absPath, File file, String enc)
- // Change end
- throws EBaseException, IOException {
+ // private CMSFile updateFile(String absPath, File file)
+ private CMSFile updateFile(String absPath, File file, String enc)
+ // Change end
+ throws EBaseException, IOException {
// clear if cache size exceeded.
if (mLoadedFiles.size() >= mMaxSize) {
clearSomeFiles();
@@ -125,24 +125,24 @@ public class CMSFileLoader {
// check if file is a js template or plain template by its first String
if (absPath.endsWith(CMSTemplate.SUFFIX)) {
// Changed by bskim
- //cmsFile = new CMSTemplate(file);
+ // cmsFile = new CMSTemplate(file);
cmsFile = new CMSTemplate(file, enc);
// End of Change
} else {
cmsFile = new CMSFile(file);
}
- mLoadedFiles.put(absPath, cmsFile); // replace old one if any.
+ mLoadedFiles.put(absPath, cmsFile); // replace old one if any.
return cmsFile;
}
private synchronized void clearSomeFiles() {
// recheck this in case some other thread has cleared it.
- if (mLoadedFiles.size() < mMaxSize)
+ if (mLoadedFiles.size() < mMaxSize)
return;
- // remove the LRU files.
- // XXX could be optimized more.
+ // remove the LRU files.
+ // XXX could be optimized more.
Enumeration elements = mLoadedFiles.elements();
for (int i = mClearSize; i > 0; i--) {
@@ -160,4 +160,3 @@ public class CMSFileLoader {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
index a76b1c75..c3854935 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
@@ -17,14 +17,12 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.ListResourceBundle;
-
/**
* A class represents a resource bundle for cms gateway.
* <P>
- *
+ *
* @version $Revision$, $Date$
* @see java.util.ListResourceBundle
*/
@@ -38,8 +36,7 @@ public class CMSGWResources extends ListResourceBundle {
}
/*
- * Constants. The suffix represents the number of
- * possible parameters.
+ * Constants. The suffix represents the number of possible parameters.
*/
static final Object[][] contents = {};
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
index b5c6e3c7..48e53c10 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.File;
import java.io.IOException;
import java.security.cert.X509Certificate;
@@ -41,10 +40,9 @@ import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.logging.ILogger;
-
/**
* This class is to hold some general method for servlets.
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSGateway {
@@ -52,8 +50,7 @@ public class CMSGateway {
private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll";
private final static String PROP_SERVER_XML = "server.xml";
- public static final String CERT_ATTR =
- "javax.servlet.request.X509Certificate";
+ public static final String CERT_ATTR = "javax.servlet.request.X509Certificate";
protected static CMSFileLoader mFileLoader = new CMSFileLoader();
@@ -68,11 +65,11 @@ public class CMSGateway {
mEnableFileServing = true;
mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY);
try {
- mEnableAdminEnroll =
- mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false);
+ mEnableAdminEnroll = mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL,
+ false);
} catch (EBaseException e) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM"));
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM"));
}
}
@@ -88,7 +85,7 @@ public class CMSGateway {
httpReqHash.put(name, req.getParameter(name));
}
-
+
String ip = req.getRemoteAddr();
if (ip != null)
httpReqHash.put("clientHost", ip);
@@ -99,11 +96,11 @@ public class CMSGateway {
return mEnableAdminEnroll;
}
- public static void setEnableAdminEnroll(boolean enableAdminEnroll)
- throws EBaseException {
+ public static void setEnableAdminEnroll(boolean enableAdminEnroll)
+ throws EBaseException {
IConfigStore mainConfig = CMS.getConfigStore();
- //!!! Is it thread safe? xxxx
+ // !!! Is it thread safe? xxxx
mEnableAdminEnroll = enableAdminEnroll;
mConfig.putBoolean(PROP_ENABLE_ADMIN_ENROLL, enableAdminEnroll);
mainConfig.commit(true);
@@ -112,9 +109,9 @@ public class CMSGateway {
public static void disableAdminEnroll() throws EBaseException {
setEnableAdminEnroll(false);
- /* need to do this in web.xml and restart ws
- removeServlet("/ca/adminEnroll", "AdminEnroll");
- initGateway();
+ /*
+ * need to do this in web.xml and restart ws
+ * removeServlet("/ca/adminEnroll", "AdminEnroll"); initGateway();
*/
}
@@ -122,18 +119,19 @@ public class CMSGateway {
* construct a authentication credentials to pass into authentication
* manager.
*/
- public static AuthCredentials getAuthCreds(
- IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
- throws EBaseException {
+ public static AuthCredentials getAuthCreds(IAuthManager authMgr,
+ IArgBlock argBlock, X509Certificate clientCert)
+ throws EBaseException {
// get credentials from http parameters.
if (authMgr == null)
- return null;
+ return null;
String[] reqCreds = authMgr.getRequiredCreds();
AuthCredentials creds = new AuthCredentials();
-
+
if (clientCert instanceof java.security.cert.X509Certificate) {
try {
- clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded());
+ clientCert = new netscape.security.x509.X509CertImpl(
+ clientCert.getEncoded());
} catch (Exception e) {
CMS.debug("CMSGateway: getAuthCreds " + e.toString());
}
@@ -144,8 +142,7 @@ public class CMSGateway {
if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
// cert could be null;
- creds.set(reqCred, new X509Certificate[] { clientCert}
- );
+ creds.set(reqCred, new X509Certificate[] { clientCert });
} else {
String value = argBlock.getValueAsString(reqCred);
@@ -162,62 +159,57 @@ public class CMSGateway {
protected final static String AUTHMGR_PARAM = "authenticator";
- public static AuthToken checkAuthManager(
- HttpServletRequest httpReq, IArgBlock httpParams,
- X509Certificate cert, String authMgrName)
- throws EBaseException {
+ public static AuthToken checkAuthManager(HttpServletRequest httpReq,
+ IArgBlock httpParams, X509Certificate cert, String authMgrName)
+ throws EBaseException {
IArgBlock httpArgs = httpParams;
if (httpArgs == null)
httpArgs = CMS.createArgBlock(toHashtable(httpReq));
- IAuthSubsystem authSub = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+ IAuthSubsystem authSub = (IAuthSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_AUTH);
- String authMgr_http = httpArgs.getValueAsString(
- AUTHMGR_PARAM, null);
+ String authMgr_http = httpArgs.getValueAsString(AUTHMGR_PARAM, null);
if (authMgr_http != null) {
authMgrName = authMgr_http;
}
if (authMgrName == null || authMgrName.length() == 0) {
- throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1",
- CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED")));
+ throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1",
+ CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED")));
}
-
- IAuthManager authMgr =
- authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
+
+ IAuthManager authMgr = authSub
+ .getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
authMgr = authSub.getAuthManager(authMgrName);
if (authMgr == null)
return null;
- IAuthCredentials creds =
- getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert);
+ IAuthCredentials creds = getAuthCreds(authMgr,
+ CMS.createArgBlock(toHashtable(httpReq)), cert);
AuthToken authToken = null;
try {
- authToken = (AuthToken) authMgr.authenticate(creds);
+ authToken = (AuthToken) authMgr.authenticate(creds);
} catch (EBaseException e) {
throw e;
} catch (Exception e) {
CMS.debug("CMSGateway: " + e);
// catch all errors from authentication manager.
- throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2",
- e.toString(), e.getMessage()));
+ throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2",
+ e.toString(), e.getMessage()));
}
return authToken;
}
- public static void renderTemplate(
- String templateName,
- HttpServletRequest req,
- HttpServletResponse resp,
- ServletConfig servletConfig,
- CMSFileLoader fileLoader)
- throws EBaseException, IOException {
- CMSTemplate template =
- getTemplate(templateName, req,
- servletConfig, fileLoader, new Locale[1]);
+ public static void renderTemplate(String templateName,
+ HttpServletRequest req, HttpServletResponse resp,
+ ServletConfig servletConfig, CMSFileLoader fileLoader)
+ throws EBaseException, IOException {
+ CMSTemplate template = getTemplate(templateName, req, servletConfig,
+ fileLoader, new Locale[1]);
ServletOutputStream out = resp.getOutputStream();
template.renderOutput(out, new CMSTemplateParams(null, null));
@@ -239,9 +231,8 @@ public class CMSGateway {
* @param realpathFile the file to get.
* @param locale array of at least one to be filled with locale found.
*/
- public static File getLangFile(
- HttpServletRequest req, File realpathFile, Locale[] locale)
- throws IOException {
+ public static File getLangFile(HttpServletRequest req, File realpathFile,
+ Locale[] locale) throws IOException {
File file = null;
String acceptLang = req.getHeader("accept-language");
@@ -258,7 +249,7 @@ public class CMSGateway {
}
String name = realpathFile.getName();
- if (name == null) { // filename should never be null.
+ if (name == null) { // filename should never be null.
throw new IOException("file has no name");
}
int i;
@@ -286,9 +277,8 @@ public class CMSGateway {
break;
}
- String langfilepath =
- parent + File.separatorChar +
- lang + File.separatorChar + name;
+ String langfilepath = parent + File.separatorChar + lang
+ + File.separatorChar + name;
file = new File(langfilepath);
if (file.exists()) {
@@ -311,54 +301,52 @@ public class CMSGateway {
}
/**
- * get a template
+ * get a template
*/
- protected static CMSTemplate getTemplate(
- String templateName,
- HttpServletRequest httpReq,
- ServletConfig servletConfig,
- CMSFileLoader fileLoader,
- Locale[] locale)
- throws EBaseException, IOException {
+ protected static CMSTemplate getTemplate(String templateName,
+ HttpServletRequest httpReq, ServletConfig servletConfig,
+ CMSFileLoader fileLoader, Locale[] locale) throws EBaseException,
+ IOException {
// this converts to system dependent file seperator char.
if (servletConfig == null) {
- CMS.debug( "CMSGateway:getTemplate() - servletConfig is null!" );
+ CMS.debug("CMSGateway:getTemplate() - servletConfig is null!");
return null;
}
if (servletConfig.getServletContext() == null) {
}
if (templateName == null) {
}
- String realpath =
- servletConfig.getServletContext().getRealPath("/" + templateName);
+ String realpath = servletConfig.getServletContext().getRealPath(
+ "/" + templateName);
File realpathFile = new File(realpath);
- File templateFile =
- getLangFile(httpReq, realpathFile, locale);
- CMSTemplate template =
- //(CMSTemplate)fileLoader.getCMSFile(templateFile);
- (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding());
+ File templateFile = getLangFile(httpReq, realpathFile, locale);
+ CMSTemplate template =
+ // (CMSTemplate)fileLoader.getCMSFile(templateFile);
+ (CMSTemplate) fileLoader.getCMSFile(templateFile,
+ httpReq.getCharacterEncoding());
return template;
}
/**
- * Get the If-Modified-Since header and compare it to the millisecond
- * epoch value passed in. If there is no header, or there is a problem
- * parsing the value, or if the file has been modified this will return
- * true, indicating the file has changed.
- *
+ * Get the If-Modified-Since header and compare it to the millisecond epoch
+ * value passed in. If there is no header, or there is a problem parsing the
+ * value, or if the file has been modified this will return true, indicating
+ * the file has changed.
+ *
* @param lastModified The time value in milliseconds past the epoch to
- * compare the If-Modified-Since header to.
+ * compare the If-Modified-Since header to.
*/
- public static boolean modifiedSince(HttpServletRequest req, long lastModified) {
+ public static boolean modifiedSince(HttpServletRequest req,
+ long lastModified) {
long ifModSinceStr;
try {
ifModSinceStr = req.getDateHeader("If-Modified-Since");
- }catch (IllegalArgumentException e) {
+ } catch (IllegalArgumentException e) {
return true;
}
-
+
if (ifModSinceStr < 0) {
return true;
}
@@ -371,4 +359,3 @@ public class CMSGateway {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
index ca5abf03..b409bc63 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
@@ -17,12 +17,9 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
-
-
/**
- * handy class containing cms templates to load & fill.
- *
+ * handy class containing cms templates to load & fill.
+ *
* @version $Revision$, $Date$
*/
public class CMSLoadTemplate {
@@ -34,10 +31,9 @@ public class CMSLoadTemplate {
public CMSLoadTemplate() {
}
- public CMSLoadTemplate(
- String propName, String fillerPropName,
- String templateName, ICMSTemplateFiller filler) {
-
+ public CMSLoadTemplate(String propName, String fillerPropName,
+ String templateName, ICMSTemplateFiller filler) {
+
mPropName = propName;
mFillerPropName = fillerPropName;
mTemplateName = templateName;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
index 27f1d3a5..6968ccc5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Hashtable;
import java.util.Vector;
@@ -35,7 +34,7 @@ import com.netscape.certsrv.request.RequestStatus;
/**
* This represents a user request.
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSRequest {
@@ -46,7 +45,8 @@ public class CMSRequest {
public static final Integer SVC_PENDING = Integer.valueOf(4);
public static final Integer REJECTED = Integer.valueOf(5);
public static final Integer ERROR = Integer.valueOf(6);
- public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected error.
+ public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected
+ // error.
private static final String RESULT = "cmsRequestResult";
@@ -59,7 +59,7 @@ public class CMSRequest {
// http headers & other info.
private HttpServletRequest mHttpReq = null;
- // http response.
+ // http response.
private HttpServletResponse mHttpResp = null;
// http servlet config.
@@ -68,11 +68,11 @@ public class CMSRequest {
// http servlet context.
private ServletContext mServletContext = null;
- // permanent request in request queue.
+ // permanent request in request queue.
private IRequest mRequest = null;
// whether request processed successfully
- private Integer mStatus = SUCCESS;
+ private Integer mStatus = SUCCESS;
// exception message containing error that occured.
// note exception could also be thrown seperately.
@@ -85,13 +85,13 @@ public class CMSRequest {
Object mResult = null;
Hashtable mResults = new Hashtable();
- /**
+ /**
* Constructor
*/
public CMSRequest() {
}
- // set methods use by servlets.
+ // set methods use by servlets.
/**
* set the HTTP parameters
@@ -115,47 +115,45 @@ public class CMSRequest {
}
/**
- * set the HTTP Response object which is used to create the
- * HTTP response which is sent back to the user
+ * set the HTTP Response object which is used to create the HTTP response
+ * which is sent back to the user
*/
public void setHttpResp(HttpServletResponse httpResp) {
mHttpResp = httpResp;
}
/**
- * set the servlet configuration. The servlet configuration is
- * read from the WEB-APPS/web.xml file under the &lt;servlet&gt;
- * XML definition. The parameters are delimited by init-param
- * param-name/param-value options as described in the servlet
- * documentation.
+ * set the servlet configuration. The servlet configuration is read from the
+ * WEB-APPS/web.xml file under the &lt;servlet&gt; XML definition. The
+ * parameters are delimited by init-param param-name/param-value options as
+ * described in the servlet documentation.
*/
public void setServletConfig(ServletConfig servletConfig) {
mServletConfig = servletConfig;
}
- /*
- * set the servlet context. the servletcontext has detail
- * about the currently running request
+ /*
+ * set the servlet context. the servletcontext has detail about the
+ * currently running request
*/
public void setServletContext(ServletContext servletContext) {
mServletContext = servletContext;
}
- /**
- * Set request status.
- * @param status request status. Allowed values are
- * UNAUTHORIZED, SUCCESS, REJECTED, PENDING, ERROR, SVC_PENDING
+ /**
+ * Set request status.
+ *
+ * @param status request status. Allowed values are UNAUTHORIZED, SUCCESS,
+ * REJECTED, PENDING, ERROR, SVC_PENDING
* @throws IllegalArgumentException if status is not one of the above values
*/
public void setStatus(Integer status) {
- if ( !status.equals( UNAUTHORIZED ) &&
- !status.equals( SUCCESS ) &&
- !status.equals( REJECTED ) &&
- !status.equals( PENDING ) &&
- !status.equals( ERROR ) &&
- !status.equals( SVC_PENDING ) &&
- !status.equals( EXCEPTION ) ) {
- throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS"));
+ if (!status.equals(UNAUTHORIZED) && !status.equals(SUCCESS)
+ && !status.equals(REJECTED) && !status.equals(PENDING)
+ && !status.equals(ERROR) && !status.equals(SVC_PENDING)
+ && !status.equals(EXCEPTION)) {
+ throw new IllegalArgumentException(
+ CMS.getLogMessage("CMSGW_BAD_REQ_STATUS"));
}
mStatus = status;
}
@@ -169,9 +167,9 @@ public class CMSRequest {
}
public void setErrorDescription(String descr) {
- if (mErrorDescr == null)
+ if (mErrorDescr == null)
mErrorDescr = new Vector();
- mErrorDescr.addElement(descr);
+ mErrorDescr.addElement(descr);
}
public void setResult(Object result) {
@@ -235,7 +233,7 @@ public class CMSRequest {
return reason;
}
- // handy routines for IRequest.
+ // handy routines for IRequest.
public void setExtData(String type, String value) {
if (mRequest != null) {
@@ -251,7 +249,7 @@ public class CMSRequest {
}
}
- // policy errors; set on rejection or possibly deferral.
+ // policy errors; set on rejection or possibly deferral.
public Vector getPolicyMessages() {
if (mRequest != null) {
return mRequest.getExtDataInStringVector(IRequest.ERRORS);
@@ -259,13 +257,13 @@ public class CMSRequest {
return null;
}
- /**
- * set default CMS status according to IRequest status.
+ /**
+ * set default CMS status according to IRequest status.
*/
public void setIRequestStatus() throws EBaseException {
if (mRequest == null) {
- EBaseException e =
- new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST"));
+ EBaseException e = new ECMSGWException(
+ CMS.getLogMessage("CMSGW_MISSING_REQUEST"));
throw e;
}
@@ -277,11 +275,11 @@ public class CMSRequest {
mStatus = CMSRequest.SUCCESS;
return;
}
- // unexpected resulting request status.
+ // unexpected resulting request status.
if (status == RequestStatus.REJECTED) {
mStatus = CMSRequest.REJECTED;
return;
- } // pending or service pending.
+ } // pending or service pending.
else if (status == RequestStatus.PENDING) {
mStatus = CMSRequest.PENDING;
return;
@@ -291,9 +289,9 @@ public class CMSRequest {
} else {
RequestId reqId = mRequest.getRequestId();
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2",
- status.toString(), reqId.toString()));
+ throw new ECMSGWException(CMS.getLogMessage(
+ "CMSGW_UNEXPECTED_REQUEST_STATUS_2", status.toString(),
+ reqId.toString()));
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
index 4528ea7e..c6af2fe6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
@@ -39,23 +38,21 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.logging.ILogger;
-
/**
- * File templates. This implementation will take
- * an HTML file with a special customer tag
- * &lt;CMS_TEMPLATE&gt; and replace the tag with
- * a series of javascript variable definitions
- * (depending on the servlet)
- *
+ * File templates. This implementation will take an HTML file with a special
+ * customer tag &lt;CMS_TEMPLATE&gt; and replace the tag with a series of
+ * javascript variable definitions (depending on the servlet)
+ *
* @version $Revision$, $Date$
*/
public class CMSTemplate extends CMSFile {
public static final String SUFFIX = ".template";
- /*==========================================================
- * variables
- *==========================================================*/
+ /*
+ * ========================================================== variables
+ * ==========================================================
+ */
/* private variables */
private String mTemplateFileName = "";
@@ -68,29 +65,33 @@ public class CMSTemplate extends CMSFile {
public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>";
/* Character set for i18n */
-
+
/* Will be set by CMSServlet.getTemplate() */
private String mCharset = null;
- /*==========================================================
- * constructors
- *==========================================================*/
+ /*
+ * ========================================================== constructors
+ * ==========================================================
+ */
/**
* Constructor
+ *
* @param file template file to load
* @param charset character set
- * @throws IOException if the there was an error opening the file
+ * @throws IOException if the there was an error opening the file
*/
- public CMSTemplate(File file, String charset) throws IOException, EBaseException {
+ public CMSTemplate(File file, String charset) throws IOException,
+ EBaseException {
mCharset = charset;
mAbsPath = file.getAbsolutePath();
mLastModified = file.lastModified();
try {
init(file);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath,
+ e.toString()));
throw new ECMSGWException(
CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE"));
}
@@ -99,16 +100,17 @@ public class CMSTemplate extends CMSFile {
mContent = content.getBytes(mCharset);
}
- /*==========================================================
- * public methods
- *==========================================================*/
+ /*
+ * ========================================================== public methods
+ * ==========================================================
+ */
/* *
- * Load the form from the file and setup the
- * pre/post output buffer if it is a template
- * file. Otherwise, only post output buffer is
- * filled.
+ * Load the form from the file and setup the pre/post output buffer if it is
+ * a template file. Otherwise, only post output buffer is filled.
+ *
* @param template the template file to load
+ *
* @return true if successful
*/
public boolean init(File template) throws EBaseException, IOException {
@@ -118,9 +120,10 @@ public class CMSTemplate extends CMSFile {
String content = loadFile(template);
if (content == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMPLATE_EMPTY", mAbsPath));
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_TEMPLATE_NO_CONTENT_1", mAbsPath));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_TEMPLATE_EMPTY", mAbsPath));
+ throw new ECMSGWException(CMS.getLogMessage(
+ "CMSGW_TEMPLATE_NO_CONTENT_1", mAbsPath));
}
/* time stamp */
@@ -128,17 +131,17 @@ public class CMSTemplate extends CMSFile {
mTimeStamp = now.getTime();
- /* if template file, find template tag substring and set
- * pre/post output string
+ /*
+ * if template file, find template tag substring and set pre/post output
+ * string
*/
int location = content.indexOf(TEMPLATE_TAG);
if (location == -1) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage(
- "CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG));
- throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2",
- TEMPLATE_TAG, mAbsPath));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_TEMPLATE_MISSING",
+ mAbsPath, TEMPLATE_TAG));
+ throw new ECMSGWException(CMS.getLogMessage(
+ "CMSGW_MISSING_TEMPLATE_TAG_2", TEMPLATE_TAG, mAbsPath));
}
mPreOutput = content.substring(0, location);
mPostOutput = content.substring(TEMPLATE_TAG.length() + location);
@@ -146,14 +149,15 @@ public class CMSTemplate extends CMSFile {
return true;
}
- /**
- * Write a javascript representation of 'input'
- * surrounded by SCRIPT tags to the outputstream
+ /**
+ * Write a javascript representation of 'input' surrounded by SCRIPT tags to
+ * the outputstream
+ *
* @param rout the outputstream to write to
* @param input the parameters to write
*/
public void renderOutput(OutputStream rout, CMSTemplateParams input)
- throws IOException {
+ throws IOException {
Enumeration e = null, q = null;
IArgBlock r = null;
boolean headerBlock = false, fixedBlock = false, queryBlock = false;
@@ -164,7 +168,7 @@ public class CMSTemplate extends CMSFile {
http_out = new HTTPOutputStreamWriter(rout);
else
http_out = new HTTPOutputStreamWriter(rout, mCharset);
-
+
try {
templateLine out = new templateLine();
@@ -178,7 +182,7 @@ public class CMSTemplate extends CMSFile {
out.println("var recordSet = new Array;");
out.println("var result = new Object();");
- // hack
+ // hack
out.println("var httpParamsCount = 0;");
out.println("var httpHeadersCount = 0;");
out.println("var authTokenCount = 0;");
@@ -240,11 +244,11 @@ public class CMSTemplate extends CMSFile {
out.println("record.recordSet = recordSet;");
}
- //if (headerBlock)
+ // if (headerBlock)
out.println("result.header = header;");
- //if (fixedBlock)
+ // if (fixedBlock)
out.println("result.fixed = fixed;");
- //if (queryBlock)
+ // if (queryBlock)
out.println("result.recordSet = recordSet;");
out.println("</SCRIPT>");
out.println(mPostOutput);
@@ -256,15 +260,14 @@ public class CMSTemplate extends CMSFile {
}
/**
- * Ouput the pre-amble HTML Header including
- * the pre-output buffer.
- *
+ * Ouput the pre-amble HTML Header including the pre-output buffer.
+ *
* @param out output stream specified
* @return success or error
*/
public boolean outputProlog(PrintWriter out) {
- //Debug.trace("FormCache:outputProlog");
+ // Debug.trace("FormCache:outputProlog");
/* output pre-output buffer */
out.print(mPreOutput);
@@ -278,9 +281,8 @@ public class CMSTemplate extends CMSFile {
}
/**
- * Output the post HTML tags and post-output
- * buffer.
- *
+ * Output the post HTML tags and post-output buffer.
+ *
* @param out output stream specified
* @return success or error
*/
@@ -299,11 +301,12 @@ public class CMSTemplate extends CMSFile {
return mAbsPath;
}
- // inherit getabspath, getContent, get last access and set last access
+ // inherit getabspath, getContent, get last access and set last access
- /*==========================================================
- * private methods
- *==========================================================*/
+ /*
+ * ========================================================== private
+ * methods==========================================================
+ */
/* load file into string */
private String loadFile(File template) throws IOException {
@@ -312,7 +315,8 @@ public class CMSTemplate extends CMSFile {
/* create input stream, can throw IOException */
FileInputStream inStream = new FileInputStream(template);
- InputStreamReader inReader = new InputStreamReader(inStream, mCharset);;
+ InputStreamReader inReader = new InputStreamReader(inStream, mCharset);
+ ;
BufferedReader in = new BufferedReader(inReader);
StringBuffer buf = new StringBuffer();
String line;
@@ -325,8 +329,9 @@ public class CMSTemplate extends CMSFile {
in.close();
inStream.close();
} catch (IOException e) {
- log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage()));
+ log(ILogger.LL_WARN,
+ CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath,
+ e.getMessage()));
}
return buf.toString();
}
@@ -353,8 +358,8 @@ public class CMSTemplate extends CMSFile {
}
} else if (v instanceof BigInteger) {
s = ((BigInteger) v).toString(10);
- } else if (v instanceof Character &&
- ((Character) v).equals(Character.valueOf((char) 0))) {
+ } else if (v instanceof Character
+ && ((Character) v).equals(Character.valueOf((char) 0))) {
s = "null";
} else {
s = "\"" + v.toString() + "\"";
@@ -364,10 +369,10 @@ public class CMSTemplate extends CMSFile {
}
/**
- * Escape the contents of src string in preparation to be enclosed in
- * double quotes as a JavaScript String Literal within an <script>
- * portion of an HTML document.
- * stevep - performance improvements - about 4 times faster than before.
+ * Escape the contents of src string in preparation to be enclosed in double
+ * quotes as a JavaScript String Literal within an <script> portion of an
+ * HTML document. stevep - performance improvements - about 4 times faster
+ * than before.
*/
public static String escapeJavaScriptString(String v) {
int l = v.length();
@@ -380,25 +385,27 @@ public class CMSTemplate extends CMSFile {
for (int i = 0; i < l; i++) {
char c = in[i];
- if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) {
+ if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
out[j++] = c;
continue;
}
- if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
- in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
- in[i+1] == '<' || in[i+1] == '>' ||
- in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
- if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
- (in[i+3] == 'c' || in[i+3] == 'e')) {
+ if ((c == 0x5c)
+ && ((i + 1) < l)
+ && (in[i + 1] == 'n' || in[i + 1] == 'r'
+ || in[i + 1] == 'f' || in[i + 1] == 't'
+ || in[i + 1] == '<' || in[i + 1] == '>'
+ || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+ if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3'
+ && (in[i + 3] == 'c' || in[i + 3] == 'e')) {
out[j++] = '\\';
- out[j++] = in[i+1];
- out[j++] = in[i+2];
- out[j++] = in[i+3];
+ out[j++] = in[i + 1];
+ out[j++] = in[i + 2];
+ out[j++] = in[i + 3];
i += 3;
- } else {
+ } else {
out[j++] = '\\';
- out[j++] = in[i+1];
+ out[j++] = in[i + 1];
i++;
}
continue;
@@ -456,9 +463,9 @@ public class CMSTemplate extends CMSFile {
return new String(out, 0, j);
}
- /**
- * Like escapeJavaScriptString(String s) but also escape '[' for
- * HTML processing.
+ /**
+ * Like escapeJavaScriptString(String s) but also escape '[' for HTML
+ * processing.
*/
public static String escapeJavaScriptStringHTML(String v) {
int l = v.length();
@@ -476,20 +483,22 @@ public class CMSTemplate extends CMSFile {
continue;
}
- if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
- in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
- in[i+1] == '<' || in[i+1] == '>' ||
- in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
- if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
- (in[i+3] == 'c' || in[i+3] == 'e')) {
+ if ((c == 0x5c)
+ && ((i + 1) < l)
+ && (in[i + 1] == 'n' || in[i + 1] == 'r'
+ || in[i + 1] == 'f' || in[i + 1] == 't'
+ || in[i + 1] == '<' || in[i + 1] == '>'
+ || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+ if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3'
+ && (in[i + 3] == 'c' || in[i + 3] == 'e')) {
out[j++] = '\\';
- out[j++] = in[i+1];
- out[j++] = in[i+2];
- out[j++] = in[i+3];
+ out[j++] = in[i + 1];
+ out[j++] = in[i + 2];
+ out[j++] = in[i + 3];
i += 3;
- } else {
+ } else {
out[j++] = '\\';
- out[j++] = in[i+1];
+ out[j++] = in[i + 1];
i++;
}
continue;
@@ -549,32 +558,30 @@ public class CMSTemplate extends CMSFile {
/**
* for debugging, return contents that would've been outputed.
*/
- public String getOutput(CMSTemplateParams input)
- throws IOException {
+ public String getOutput(CMSTemplateParams input) throws IOException {
debugOutputStream out = new debugOutputStream();
renderOutput(out, input);
return out.toString();
}
- private
- class HTTPOutputStreamWriter extends OutputStreamWriter {
+ private class HTTPOutputStreamWriter extends OutputStreamWriter {
public HTTPOutputStreamWriter(OutputStream out)
- throws UnsupportedEncodingException {
+ throws UnsupportedEncodingException {
super(out);
}
-
+
public HTTPOutputStreamWriter(OutputStream out, String enc)
- throws UnsupportedEncodingException {
+ throws UnsupportedEncodingException {
super(out, enc);
}
-
+
public void print(String s) throws IOException {
write(s, 0, s.length());
flush();
return;
}
-
+
public void println(String s) throws IOException {
print(s);
write('\n');
@@ -583,9 +590,9 @@ public class CMSTemplate extends CMSFile {
}
}
-
private class templateLine {
private StringBuffer s = new StringBuffer();
+
void templateLine() {
}
@@ -604,7 +611,6 @@ public class CMSTemplate extends CMSFile {
}
-
private static class debugOutputStream extends ServletOutputStream {
private StringWriter mStringWriter = new StringWriter();
@@ -613,7 +619,7 @@ public class CMSTemplate extends CMSFile {
}
public void write(int b) throws IOException {
- mStringWriter.write(b);
+ mStringWriter.write(b);
}
public String toString() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
index ced37b93..e14546bb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
@@ -17,16 +17,14 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Enumeration;
import java.util.Vector;
import com.netscape.certsrv.base.IArgBlock;
-
/**
* Holds template parameters
- *
+ *
* @version $Revision$, $Date$
*/
public class CMSTemplateParams {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
index 0cd1102d..f15aadc7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
@@ -17,14 +17,12 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import com.netscape.certsrv.base.EBaseException;
-
/**
* A class represents a CMS gateway exception.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class ECMSGWException extends EBaseException {
@@ -36,7 +34,8 @@ public class ECMSGWException extends EBaseException {
/**
* CA resource class name.
*/
- private static final String CMSGW_RESOURCES = CMSGWResources.class.getName();
+ private static final String CMSGW_RESOURCES = CMSGWResources.class
+ .getName();
/**
* Constructs a CMS Gateway exception.
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
index 6debd2c7..fda80023 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
-
/**
- * Default error template filler
- *
+ * Default error template filler
+ *
* @version $Revision$, $Date$
*/
public class GenErrorTemplateFiller implements ICMSTemplateFiller {
@@ -38,14 +36,15 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq the CMS Request.
* @param authority the authority
* @param locale the locale of template.
* @param e unexpected error. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -53,31 +52,33 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
if (cmsReq != null) {
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
} else {
- CMS.debug( "GenErrorTemplateFiller::getTemplateParams() - " +
- "cmsReq is null!" );
+ CMS.debug("GenErrorTemplateFiller::getTemplateParams() - "
+ + "cmsReq is null!");
return null;
}
-
- // error
+
+ // error
String ex = cmsReq.getError();
// Changed by beomsuk
- /*if (ex == null)
- ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
- fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale));
+ /*
+ * if (ex == null) ex = new
+ * EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
+ * fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale));
*/
if ((ex == null) && (cmsReq.getReason() == null))
- ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")).toString();
+ ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"))
+ .toString();
else if (ex != null)
fixed.set(ICMSTemplateFiller.ERROR, ex);
else if (cmsReq.getReason() != null)
fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason());
- // Change end
-
- // error description if any.
+ // Change end
+
+ // error description if any.
Vector descr = cmsReq.getErrorDescr();
if (descr != null) {
@@ -85,20 +86,17 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
while (num.hasMoreElements()) {
String elem = (String) num.nextElement();
- //System.out.println("Setting description "+elem.toString());
+ // System.out.println("Setting description "+elem.toString());
IArgBlock argBlock = CMS.createArgBlock();
- argBlock.set(ICMSTemplateFiller.ERROR_DESCR,
- elem);
+ argBlock.set(ICMSTemplateFiller.ERROR_DESCR, elem);
params.addRepeatRecord(argBlock);
}
}
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
index 15456865..ced36b94 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
@@ -59,10 +58,9 @@ import com.netscape.certsrv.ra.IRegistrationAuthority;
import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.RequestId;
-
/**
- * default Pending template filler
- *
+ * default Pending template filler
+ *
* @version $Revision$, $Date$
*/
public class GenPendingTemplateFiller implements ICMSTemplateFiller {
@@ -72,28 +70,29 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
- if( cmsReq == null ) {
+ if (cmsReq == null) {
return null;
}
// request status if any.
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
- // request id
+ // request id
IRequest req = cmsReq.getIRequest();
if (req != null) {
@@ -106,52 +105,46 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
if (doFullResponse(httpParams)) {
SEQUENCE controlSeq = new SEQUENCE();
int bpid = 1;
- PendInfo pendInfo = new PendInfo(reqId.toString(), new
- Date());
- OtherInfo otherInfo = new
- OtherInfo(OtherInfo.PEND, null, pendInfo);
+ PendInfo pendInfo = new PendInfo(reqId.toString(), new Date());
+ OtherInfo otherInfo = new OtherInfo(OtherInfo.PEND, null,
+ pendInfo);
SEQUENCE bpids = new SEQUENCE();
- String[] reqIdArray =
- req.getExtDataInStringArray(IRequest.CMC_REQIDS);
+ String[] reqIdArray = req
+ .getExtDataInStringArray(IRequest.CMC_REQIDS);
for (int i = 0; i < reqIdArray.length; i++) {
bpids.addElement(new INTEGER(reqIdArray[i]));
}
- CMCStatusInfo cmcStatusInfo = new
- CMCStatusInfo(CMCStatusInfo.PENDING, bpids,
- (String) null, otherInfo);
- TaggedAttribute ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
- cmcStatusInfo);
+ CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.PENDING, bpids, (String) null, otherInfo);
+ TaggedAttribute ta = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
controlSeq.addElement(ta);
// copy transactionID, senderNonce,
// create recipientNonce
// create responseInfo if regInfo exist
- String[] transIds =
- req.getExtDataInStringArray(IRequest.CMC_TRANSID);
+ String[] transIds = req
+ .getExtDataInStringArray(IRequest.CMC_TRANSID);
SET ids = new SET();
for (int i = 0; i < transIds.length; i++) {
ids.addElement(new INTEGER(transIds[i]));
}
- ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_transactionId,
- ids);
+ ta = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_transactionId, ids);
controlSeq.addElement(ta);
- String[] senderNonce = req.getExtDataInStringArray(IRequest.CMC_SENDERNONCE);
+ String[] senderNonce = req
+ .getExtDataInStringArray(IRequest.CMC_SENDERNONCE);
SET nonces = new SET();
for (int i = 0; i < senderNonce.length; i++) {
- nonces.addElement(new OCTET_STRING(senderNonce[i].getBytes()));
+ nonces.addElement(new OCTET_STRING(senderNonce[i]
+ .getBytes()));
}
- ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_recipientNonce,
- nonces);
+ ta = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_recipientNonce, nonces);
controlSeq.addElement(ta);
req.setExtData(IRequest.CMC_RECIPIENTNONCE, senderNonce);
@@ -160,61 +153,65 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
byte[] dig;
try {
- MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
+ MessageDigest SHA1Digest = MessageDigest
+ .getInstance("SHA1");
dig = SHA1Digest.digest(salt.getBytes());
} catch (NoSuchAlgorithmException ex) {
dig = salt.getBytes();
}
String b64E = CMS.BtoA(dig);
- String[] newNonce = {b64E};
+ String[] newNonce = { b64E };
- ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_senderNonce,
- new OCTET_STRING(newNonce[0].getBytes()));
+ ta = new TaggedAttribute(new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING(
+ newNonce[0].getBytes()));
controlSeq.addElement(ta);
req.setExtData(IRequest.CMC_SENDERNONCE, newNonce);
- ResponseBody rb = new ResponseBody(controlSeq, new
- SEQUENCE(), new
- SEQUENCE());
- EncapsulatedContentInfo ci = new
- EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
- rb);
+ ResponseBody rb = new ResponseBody(controlSeq, new SEQUENCE(),
+ new SEQUENCE());
+ EncapsulatedContentInfo ci = new EncapsulatedContentInfo(
+ OBJECT_IDENTIFIER.id_cct_PKIResponse, rb);
org.mozilla.jss.crypto.X509Certificate x509cert = null;
if (authority instanceof ICertificateAuthority) {
- x509cert = ((ICertificateAuthority) authority).getCaX509Cert();
- }else if (authority instanceof IRegistrationAuthority) {
+ x509cert = ((ICertificateAuthority) authority)
+ .getCaX509Cert();
+ } else if (authority instanceof IRegistrationAuthority) {
x509cert = ((IRegistrationAuthority) authority).getRACert();
}
if (x509cert == null)
return params;
try {
X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
- ByteArrayInputStream issuer1 = new
- ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
+ ByteArrayInputStream issuer1 = new ByteArrayInputStream(
+ ((X500Name) cert.getIssuerDN()).getEncoded());
Name issuer = (Name) Name.getTemplate().decode(issuer1);
- IssuerAndSerialNumber ias = new
- IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
- SignerIdentifier si = new
- SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+ IssuerAndSerialNumber ias = new IssuerAndSerialNumber(
+ issuer, new INTEGER(cert.getSerialNumber()
+ .toString()));
+ SignerIdentifier si = new SignerIdentifier(
+ SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
// SHA1 is the default digest Alg for now.
DigestAlgorithm digestAlg = null;
SignatureAlgorithm signAlg = null;
- org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert);
- org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
+ org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager
+ .getInstance().findPrivKeyByCert(x509cert);
+ org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey
+ .getType();
- if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
+ if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) {
signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
- } else if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
+ } else if (keyType
+ .equals(org.mozilla.jss.crypto.PrivateKey.DSA)) {
signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
} else {
- CMS.debug( "GenPendingTemplateFiller::getTemplateParams() - "
- + "keyType " + keyType.toString()
- + " is unsupported!" );
+ CMS.debug("GenPendingTemplateFiller::getTemplateParams() - "
+ + "keyType "
+ + keyType.toString()
+ + " is unsupported!");
return null;
}
@@ -224,41 +221,36 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
try {
SHADigest = MessageDigest.getInstance("SHA1");
digestAlg = DigestAlgorithm.SHA1;
-
+
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
rb.encode((OutputStream) ostream);
digest = SHADigest.digest(ostream.toByteArray());
} catch (NoSuchAlgorithmException ex) {
- //log("digest fail");
+ // log("digest fail");
}
- SignerInfo signInfo = new
- SignerInfo(si, null, null,
- OBJECT_IDENTIFIER.id_cct_PKIResponse,
- digest, signAlg,
- privKey);
+ SignerInfo signInfo = new SignerInfo(si, null, null,
+ OBJECT_IDENTIFIER.id_cct_PKIResponse, digest,
+ signAlg, privKey);
SET signInfos = new SET();
signInfos.addElement(signInfo);
-
+
SET digestAlgs = new SET();
if (digestAlg != null) {
- AlgorithmIdentifier ai = new
- AlgorithmIdentifier(digestAlg.toOID(),
- null);
+ AlgorithmIdentifier ai = new AlgorithmIdentifier(
+ digestAlg.toOID(), null);
digestAlgs.addElement(ai);
}
-
- SignedData fResponse = new
- SignedData(digestAlgs, ci,
- null, null, signInfos);
- ContentInfo fullResponse = new
- ContentInfo(ContentInfo.SIGNED_DATA, fResponse);
- ByteArrayOutputStream ostream = new
- ByteArrayOutputStream();
+
+ SignedData fResponse = new SignedData(digestAlgs, ci, null,
+ null, signInfos);
+ ContentInfo fullResponse = new ContentInfo(
+ ContentInfo.SIGNED_DATA, fResponse);
+ ByteArrayOutputStream ostream = new ByteArrayOutputStream();
fullResponse.encode((OutputStream) ostream);
byte[] fr = ostream.toByteArray();
@@ -270,9 +262,8 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
}
}
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName());
return params;
}
@@ -286,4 +277,3 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
return false;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
index 798b7f0d..dbeae0f2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.request.IRequest;
-
/**
- * default Service Pending template filler
- *
+ * default Service Pending template filler
+ *
* @version $Revision$, $Date$
*/
public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
@@ -45,8 +43,8 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -54,15 +52,15 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
if (cmsReq != null) {
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
} else {
- CMS.debug( "GenRejectedTemplateFiller::getTemplateParams() - " +
- "cmsReq is null!" );
+ CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - "
+ + "cmsReq is null!");
return null;
}
- // request id
+ // request id
IRequest req = cmsReq.getIRequest();
if (req != null) {
@@ -76,7 +74,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
while (msgs.hasMoreElements()) {
String ex = (String) msgs.nextElement();
- IArgBlock messageArgBlock = CMS.createArgBlock();
+ IArgBlock messageArgBlock = CMS.createArgBlock();
messageArgBlock.set(POLICY_MESSAGE, ex);
params.addRepeatRecord(messageArgBlock);
@@ -86,10 +84,8 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
index ff3d4f8c..6702e30d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
@@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.IArgBlock;
-
/**
- * default Success template filler
- *
+ * default Success template filler
+ *
* @version $Revision$, $Date$
*/
public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
@@ -36,14 +34,15 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -51,15 +50,13 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
if (cmsReq != null) {
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
}
- // this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ // this authority
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
index d08b83a8..aec29028 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
@@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.request.IRequest;
-
/**
- * default Service Pending template filler
- *
+ * default Service Pending template filler
+ *
* @version $Revision$, $Date$
*/
public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
@@ -38,14 +36,15 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -63,8 +62,8 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
fixed.set(ICMSTemplateFiller.REQUEST_ID, req.getRequestId());
// remote authority we're waiting for
- String remoteAuthority =
- req.getExtDataInString(IRequest.REMOTE_SERVICE_AUTHORITY);
+ String remoteAuthority = req
+ .getExtDataInString(IRequest.REMOTE_SERVICE_AUTHORITY);
if (remoteAuthority != null)
fixed.set(REMOTE_AUTHORITY, remoteAuthority);
@@ -72,10 +71,8 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
}
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
index befacf83..65bca22e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
@@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.IArgBlock;
-
/**
- * default Unauthorized template filler
- *
+ * default Unauthorized template filler
+ *
* @version $Revision$, $Date$
*/
public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
@@ -36,14 +34,15 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
@@ -51,19 +50,17 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
if (cmsReq != null) {
Integer sts = cmsReq.getStatus();
- if (sts != null)
+ if (sts != null)
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
}
// set unauthorized error
- fixed.set(ICMSTemplateFiller.ERROR,
- new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")));
+ fixed.set(ICMSTemplateFiller.ERROR,
+ new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")));
- // this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ // this authority
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
index 1ae6ee45..1ce7f0f9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
@@ -16,7 +16,6 @@
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
@@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
-
/**
- * default unexpected error template filler
- *
+ * default unexpected error template filler
+ *
* @version $Revision$, $Date$
*/
public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller {
@@ -37,41 +35,41 @@ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller {
}
/**
- * fill error details and description if any.
+ * fill error details and description if any.
+ *
* @param cmsReq CMS Request
* @param authority this authority
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) {
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-
+
// When an exception occurs the exit is non-local which probably
// will leave the requestStatus value set to something other
- // than CMSRequest.EXCEPTION, so force the requestStatus to
- // EXCEPTION since it must be that if we're here.
+ // than CMSRequest.EXCEPTION, so force the requestStatus to
+ // EXCEPTION since it must be that if we're here.
Integer sts = CMSRequest.EXCEPTION;
- if (cmsReq != null) cmsReq.setStatus(sts);
+ if (cmsReq != null)
+ cmsReq.setStatus(sts);
fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
// the unexpected error (exception)
- if (e == null)
+ if (e == null)
e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
String errMsg = null;
- if (e instanceof EBaseException)
+ if (e instanceof EBaseException)
errMsg = ((EBaseException) e).toString(locale);
- else
+ else
errMsg = e.toString();
fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg);
// this authority
- if (authority != null)
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- authority.getOfficialName());
+ if (authority != null)
+ fixed.set(ICMSTemplateFiller.AUTHORITY, authority.getOfficialName());
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
index ddd6f0a1..6633eb97 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
@@ -17,35 +17,32 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
import com.netscape.certsrv.authority.IAuthority;
-
/**
* This interface represents a template filler.
- *
+ *
* @version $Revision$, $Date$
*/
public interface ICMSTemplateFiller {
- // common template variables.
+ // common template variables.
public final static String ERROR = "errorDetails";
public final static String ERROR_DESCR = "errorDescription";
public final static String EXCEPTION = "unexpectedError";
- public static final String HOST = "host";
- public static final String PORT = "port";
- public static final String SCHEME = "scheme";
+ public static final String HOST = "host";
+ public static final String PORT = "port";
+ public static final String SCHEME = "scheme";
- public static final String AUTHORITY = "authorityName";
+ public static final String AUTHORITY = "authorityName";
- public static final String REQUEST_STATUS = "requestStatus";
+ public static final String REQUEST_STATUS = "requestStatus";
- public static final String KEYREC_ID = "keyrecId";
- public static final String REQUEST_ID = "requestId";
+ public static final String KEYREC_ID = "keyrecId";
+ public static final String REQUEST_ID = "requestId";
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e)
- throws Exception;
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority mAuthority, Locale locale, Exception e) throws Exception;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
index 27ea5ec1..827f24f1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
@@ -17,10 +17,9 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
/**
* This represents raw JS parameters.
- *
+ *
* @version $Revision$, $Date$
*/
public interface IRawJS {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
index ce1a5082..ac6fee86 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.Locale;
import com.netscape.certsrv.apps.CMS;
@@ -26,15 +25,13 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.base.ISubsystem;
-
/**
- * A class represents a certificate server kernel. This
- * kernel contains a list of resident subsystems such
- * as logging, security, remote administration. Additional
- * subsystems can be loaded into this kernel by specifying
- * parameters in the configuration store.
+ * A class represents a certificate server kernel. This kernel contains a list
+ * of resident subsystems such as logging, security, remote administration.
+ * Additional subsystems can be loaded into this kernel by specifying parameters
+ * in the configuration store.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class IndexTemplateFiller implements ICMSTemplateFiller {
@@ -52,8 +49,8 @@ public class IndexTemplateFiller implements ICMSTemplateFiller {
public IndexTemplateFiller() {
}
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority mAuthority, Locale locale, Exception e) {
IArgBlock header = CMS.createArgBlock();
IArgBlock ctx = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(header, ctx);
@@ -103,11 +100,11 @@ public class IndexTemplateFiller implements ICMSTemplateFiller {
count++;
}
// information about what is selected is provided
- // from the caller. This parameter (selected) is used
+ // from the caller. This parameter (selected) is used
// by header servlet
try {
- header.addStringValue("selected",
- cmsReq.getHttpParams().getValueAsString("selected"));
+ header.addStringValue("selected", cmsReq.getHttpParams()
+ .getValueAsString("selected"));
} catch (EBaseException ex) {
}
header.addIntegerValue(OUT_TOTAL_COUNT, count);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
index fb31fec1..f936e075 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
@@ -17,10 +17,9 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
/**
* This represents raw JS parameters.
- *
+ *
* @version $Revision$, $Date$
*/
public class RawJS implements IRawJS {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
index 580909cb..f9951f05 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.common;
-
import java.util.StringTokenizer;
import javax.servlet.ServletConfig;
@@ -28,10 +27,9 @@ import com.netscape.certsrv.authorization.IAuthzSubsystem;
import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
-
/**
* Utility class
- *
+ *
* @version $Revision$, $Date$
*/
public class Utils {
@@ -45,13 +43,13 @@ public class Utils {
public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
- public static String initializeAuthz(ServletConfig sc,
- IAuthzSubsystem authz, String id) throws ServletException {
+ public static String initializeAuthz(ServletConfig sc,
+ IAuthzSubsystem authz, String id) throws ServletException {
String srcType = AUTHZ_SRC_LDAP;
try {
- IConfigStore authzConfig =
- CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE);
+ IConfigStore authzConfig = CMS.getConfigStore().getSubStore(
+ AUTHZ_CONFIG_STORE);
srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP);
} catch (EBaseException e) {
@@ -63,8 +61,8 @@ public class Utils {
if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) {
CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR);
- if (aclMethod != null &&
- aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
+ if (aclMethod != null
+ && aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
String aclInfo = sc.getInitParameter(PROP_ACL);
if (aclInfo != null) {
@@ -75,8 +73,8 @@ public class Utils {
"failed to init authz info from xml config file");
}
- CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE",
- id));
+ CMS.debug(CMS.getLogMessage(
+ "ADMIN_SRVLT_AUTHZ_MGR_INIT_DONE", id));
} else {
CMS.debug(CMS.getLogMessage(
"ADMIN_SRVLT_PROP_ACL_NOT_SPEC", PROP_ACL, id,
@@ -95,7 +93,7 @@ public class Utils {
}
public static void addACLInfo(IAuthzSubsystem authz, String aclMethod,
- String aclInfo) throws EBaseException {
+ String aclInfo) throws EBaseException {
StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
index b3809579..7f8b0953 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.connector;
-
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
@@ -58,12 +57,10 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
- * Clone servlet - part of the Clone Authority (CLA)
- * processes Revoked certs from its dependant clone CAs
- * service request and return status.
- *
+ * Clone servlet - part of the Clone Authority (CLA) processes Revoked certs
+ * from its dependant clone CAs service request and return status.
+ *
* @version $Revision$, $Date$
*/
public class CloneServlet extends CMSServlet {
@@ -88,19 +85,17 @@ public class CloneServlet extends CMSServlet {
String authority = sc.getInitParameter(PROP_AUTHORITY);
if (authority != null)
- mAuthority = (IAuthority)
- CMS.getSubsystem(authority);
+ mAuthority = (IAuthority) CMS.getSubsystem(authority);
mReqEncoder = CMS.getHttpRequestEncoder();
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
- public void service(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException, IOException {
+ public void service(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
- throw new IOException(
- "CMS server is not ready to serve.");
+ throw new IOException("CMS server is not ready to serve.");
ServletContext servletContext = mConfig.getServletContext();
@@ -130,14 +125,14 @@ public class CloneServlet extends CMSServlet {
IRequest r = null;
IRequest reply = null;
- // NOTE must read all bufer before redoing handshake for
+ // NOTE must read all bufer before redoing handshake for
// ssl client auth for client auth to work.
// get request method
- method = req.getMethod();
+ method = req.getMethod();
// get content length
- len = req.getContentLength();
+ len = req.getContentLength();
// get content, a base 64 encoded serialized request.
if (len > 0) {
@@ -159,16 +154,16 @@ public class CloneServlet extends CMSServlet {
// force client auth handshake, validate clone CA (CCA)
// and get CCA's Id.
- // NOTE must do this after all contents are read for ssl
- // redohandshake to work
+ // NOTE must do this after all contents are read for ssl
+ // redohandshake to work
X509Certificate peerCert;
try {
peerCert = getPeerCert(req);
- }catch (EBaseException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+ } catch (EBaseException e) {
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
@@ -190,7 +185,7 @@ public class CloneServlet extends CMSServlet {
CMS.debug("CloneServlet: about to authenticate");
token = authenticate(peerCert);
// cfu maybe don't need CCA_Id, because the above check
- // was good enough
+ // was good enough
CCAUserId = token.getInString("userid");
CCA_Id = (String) peerCert.getSubjectDN().toString();
} catch (EInvalidCredentials e) {
@@ -203,15 +198,17 @@ public class CloneServlet extends CMSServlet {
return;
}
- mAuthority.log(ILogger.LL_INFO,
- "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
+ mAuthority.log(
+ ILogger.LL_INFO,
+ "Clone Certificate Authority authenticated: "
+ + peerCert.getSubjectDN());
// authorize, any authenticated user are authorized
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, token,
- mAuthzResourceName, "submit");
+ authzToken = authorize(mAclMethod, token, mAuthzResourceName,
+ "submit");
} catch (Exception e) {
// do nothing for now
}
@@ -232,29 +229,34 @@ public class CloneServlet extends CMSServlet {
}
// now process CCA request - should just be posting revoked
- // certs for now
+ // certs for now
try {
// decode request.
- CMS.debug("Cloneservlet: before decoding request, encodedreq= " + encodedreq);
+ CMS.debug("Cloneservlet: before decoding request, encodedreq= "
+ + encodedreq);
msg = (IPKIMessage) mReqEncoder.decode(encodedreq);
- // process request
+ // process request
CMS.debug("Cloneservlet: decoded request");
replymsg = processRequest(CCA_Id, CCAUserId, msg, token);
} catch (IOException e) {
e.printStackTrace();
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
+ e.toString()));
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
} catch (EBaseException e) {
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
+ e.toString()));
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
}
- // encode reply
+ // encode reply
String encodedrep = mReqEncoder.encode(replymsg);
resp.setStatus(HttpServletResponse.SC_OK);
@@ -271,46 +273,47 @@ public class CloneServlet extends CMSServlet {
out.flush();
}
- //cfu ++change this to just check the subject and signer
- protected IAuthToken authenticate(
- X509Certificate peerCert)
- throws EBaseException {
+ // cfu ++change this to just check the subject and signer
+ protected IAuthToken authenticate(X509Certificate peerCert)
+ throws EBaseException {
try {
- // XXX using agent authentication now since we're only
- // verifying that the cert belongs to a user in the db.
- // XXX change this to ACL in the future.
+ // XXX using agent authentication now since we're only
+ // verifying that the cert belongs to a user in the db.
+ // XXX change this to ACL in the future.
// build JAVA X509Certificate from peerCert.
X509CertImpl cert = new X509CertImpl(peerCert.getEncoded());
AuthCredentials creds = new AuthCredentials();
- creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
- new X509Certificate[] {cert}
- );
+ creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
+ new X509Certificate[] { cert });
- IAuthToken token = mAuthSubsystem.authenticate(creds,
+ IAuthToken token = mAuthSubsystem.authenticate(creds,
IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
return token;
} catch (CertificateException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
+ mAuthority.log(ILogger.LL_SECURITY, CMS.getLogMessage(
+ "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert
+ .getSubjectDN().toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", e.toString()));
} catch (EInvalidCredentials e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_SECURITY, CMS.getLogMessage(
+ "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert
+ .getSubjectDN().toString()));
throw e;
} catch (EBaseException e) {
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+ mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert
+ .getSubjectDN().toString()));
throw e;
}
}
- protected IPKIMessage processRequest(
- String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
- throws EBaseException {
+ protected IPKIMessage processRequest(String source, String sourceUserId,
+ IPKIMessage msg, IAuthToken token) throws EBaseException {
IPKIMessage replymsg = null;
IRequest r = null;
IRequestQueue queue = mAuthority.getRequestQueue();
@@ -326,13 +329,14 @@ public class CloneServlet extends CMSServlet {
thisreq = queue.findRequest(thisreqid);
if (thisreq == null) {
// strange case.
- String errormsg = "Cannot find request in request queue " + thisreqid;
+ String errormsg = "Cannot find request in request queue "
+ + thisreqid;
mAuthority.log(ILogger.LL_FAILURE, errormsg);
throw new EBaseException(errormsg);
} else {
- mAuthority.log(ILogger.LL_INFO,
- "Found request " + thisreqid + " for " + srcid);
+ mAuthority.log(ILogger.LL_INFO, "Found request " + thisreqid
+ + " for " + srcid);
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
return replymsg;
@@ -347,8 +351,7 @@ public class CloneServlet extends CMSServlet {
// setting requestor type must come after copy contents. because
// requestor is a regular attribute.
- thisreq.setExtData(IRequest.REQUESTOR_TYPE,
- IRequest.REQUESTOR_RA);
+ thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_RA);
mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid);
// Set this so that request's updateBy is recorded
@@ -362,55 +365,47 @@ public class CloneServlet extends CMSServlet {
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
- //for audit log
+ // for audit log
String agentID = sourceUserId;
- String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
- agentID + " remote reqID " + msg.getReqId();
+ String initiative = AuditFormat.FROMRA + " trustedManagerID: "
+ + agentID + " remote reqID " + msg.getReqId();
String authMgr = AuditFormat.NOAUTH;
if (token != null) {
- authMgr =
- token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
-
+
// Get the certificate info from the request
- X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = thisreq
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
try {
if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus(),
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL, AuditFormat.FORMAT,
+ new Object[] { thisreq.getRequestType(),
+ thisreq.getRequestId(), initiative,
+ authMgr, thisreq.getRequestStatus(),
+ certInfo[i].get(X509CertInfo.SUBJECT),
+ "" });
}
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] { thisreq.getRequestType(),
+ thisreq.getRequestId(), initiative,
+ authMgr, thisreq.getRequestStatus() });
}
} else {
- if
- (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
- Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
+ if (thisreq.getRequestType().equals(
+ IRequest.CLA_CERT4CRL_REQUEST)) {
+ Integer result = thisreq
+ .getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
CMS.debug("CloneServlet: error in CLA_CERT4CRL_REQUEST");
@@ -420,155 +415,83 @@ public class CloneServlet extends CMSServlet {
}
}
- /* cfu ---
- if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
- // XXX make the repeat record.
- // Get the certificate(s) from the request
- X509CertImpl issuedCerts[] =
- (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
- // return potentially more than one certificates.
- if (issuedCerts != null) {
- for (int i = 0; i < issuedCerts.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId() ,
- initiative ,
- authMgr ,
- "completed",
- issuedCerts[i].getSubjectDN() ,
- "cert issued serial number: 0x" +
- issuedCerts[i].getSerialNumber().toString(16)}
- );
- }
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId() ,
- initiative ,
- authMgr ,
- "completed"}
- );
- }
- } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
- X509CertImpl[] certs = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
- X509CertImpl old_cert = certs[0];
- certs = (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
- X509CertImpl renewed_cert = certs[0];
- if (old_cert != null && renewed_cert != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative ,
- authMgr ,
- "completed",
- old_cert.getSubjectDN() ,
- old_cert.getSerialNumber().toString(16) ,
- "new serial number: 0x" +
- renewed_cert.getSerialNumber().toString(16)}
- );
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId() ,
- initiative ,
- authMgr ,
- "completed with error"}
- );
- }
- } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
- X509CertImpl[] oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
- RevokedCertImpl crlentries[] =
- (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS);
- CRLExtensions crlExts = crlentries[0].getExtensions();
- int reason = 0;
- if (crlExts != null) {
- Enumeration enum = crlExts.getElements();
- while(enum.hasMoreElements()){
- Extension ext = (Extension) enum.nextElement();
- if (ext instanceof CRLReasonExtension) {
- reason = ((CRLReasonExtension)ext).getReason().toInt
- ();
- break;
- }
- }
- }
-
- int count = oldCerts.length;
- Integer result = (Integer)thisreq.get(IRequest.RESULT);
- if (result.equals(IRequest.RES_ERROR)) {
- EBaseException ex = (EBaseException)thisreq.get(IRequest.ERROR);
- EBaseException[] svcErrors =
- (EBaseException[])thisreq.get(IRequest.SVCERRORS);
- if (svcErrors != null && svcErrors.length > 0) {
- for (int i = 0; i < svcErrors.length; i++) {
- EBaseException err = svcErrors[i];
- if (err != null) {
- for (int j = 0; j < count; j++) {
- if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative ,
- "completed with error: " +
- err.toString() ,
- oldCerts[j].getSubjectDN() ,
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
- }
- }
- }
- }
- }
- } else {
- // the success.
- for (int j = 0; j < count; j++) {
- if (oldCerts[j] != null) {
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative ,
- "completed" ,
- oldCerts[j].getSubjectDN() ,
- oldCerts[j].getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
- }
- }
- }
- } else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId() ,
- initiative ,
- authMgr ,
- "completed"}
- );
- }
- cfu */
+ /*
+ * cfu --- if
+ * (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST
+ * )) { // XXX make the repeat record. // Get the certificate(s)
+ * from the request X509CertImpl issuedCerts[] =
+ * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); // return
+ * potentially more than one certificates. if (issuedCerts !=
+ * null) { for (int i = 0; i < issuedCerts.length; i++) {
+ * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ * AuditFormat.LEVEL, AuditFormat.FORMAT, new Object[] {
+ * thisreq.getRequestType(), thisreq.getRequestId() , initiative
+ * , authMgr , "completed", issuedCerts[i].getSubjectDN() ,
+ * "cert issued serial number: 0x" +
+ * issuedCerts[i].getSerialNumber().toString(16)} ); } } else {
+ * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] {
+ * thisreq.getRequestType(), thisreq.getRequestId() , initiative
+ * , authMgr , "completed"} ); } } else if
+ * (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
+ * X509CertImpl[] certs =
+ * (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); X509CertImpl
+ * old_cert = certs[0]; certs =
+ * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
+ * X509CertImpl renewed_cert = certs[0]; if (old_cert != null &&
+ * renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT,
+ * ILogger.S_OTHER, AuditFormat.LEVEL,
+ * AuditFormat.RENEWALFORMAT, new Object[] {
+ * thisreq.getRequestId(), initiative , authMgr , "completed",
+ * old_cert.getSubjectDN() ,
+ * old_cert.getSerialNumber().toString(16) ,
+ * "new serial number: 0x" +
+ * renewed_cert.getSerialNumber().toString(16)} ); } else {
+ * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] {
+ * thisreq.getRequestType(), thisreq.getRequestId() , initiative
+ * , authMgr , "completed with error"} ); } } else if
+ * (thisreq.getRequestType
+ * ().equals(IRequest.REVOCATION_REQUEST)) { X509CertImpl[]
+ * oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
+ * RevokedCertImpl crlentries[] =
+ * (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS);
+ * CRLExtensions crlExts = crlentries[0].getExtensions(); int
+ * reason = 0; if (crlExts != null) { Enumeration enum =
+ * crlExts.getElements(); while(enum.hasMoreElements()){
+ * Extension ext = (Extension) enum.nextElement(); if (ext
+ * instanceof CRLReasonExtension) { reason =
+ * ((CRLReasonExtension)ext).getReason().toInt (); break; } } }
+ *
+ * int count = oldCerts.length; Integer result =
+ * (Integer)thisreq.get(IRequest.RESULT); if
+ * (result.equals(IRequest.RES_ERROR)) { EBaseException ex =
+ * (EBaseException)thisreq.get(IRequest.ERROR); EBaseException[]
+ * svcErrors =
+ * (EBaseException[])thisreq.get(IRequest.SVCERRORS); if
+ * (svcErrors != null && svcErrors.length > 0) { for (int i = 0;
+ * i < svcErrors.length; i++) { EBaseException err =
+ * svcErrors[i]; if (err != null) { for (int j = 0; j < count;
+ * j++) { if (oldCerts[j] != null) {
+ * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ * AuditFormat.LEVEL, AuditFormat.DOREVOKEFORMAT, new Object[] {
+ * thisreq.getRequestId(), initiative , "completed with error: "
+ * + err.toString() , oldCerts[j].getSubjectDN() ,
+ * oldCerts[j].getSerialNumber().toString(16),
+ * RevocationReason.fromInt(reason).toString()} ); } } } } } }
+ * else { // the success. for (int j = 0; j < count; j++) { if
+ * (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT,
+ * ILogger.S_OTHER, AuditFormat.LEVEL,
+ * AuditFormat.DOREVOKEFORMAT, new Object[] {
+ * thisreq.getRequestId(), initiative , "completed" ,
+ * oldCerts[j].getSubjectDN() ,
+ * oldCerts[j].getSerialNumber().toString(16),
+ * RevocationReason.fromInt(reason).toString()} ); } } } } else
+ * { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] {
+ * thisreq.getRequestType(), thisreq.getRequestId() , initiative
+ * , authMgr , "completed"} ); } cfu
+ */
}
} catch (IOException e) {
} catch (CertificateException e) {
@@ -577,8 +500,8 @@ public class CloneServlet extends CMSServlet {
return replymsg;
}
- protected X509Certificate
- getPeerCert(HttpServletRequest req) throws EBaseException {
+ protected X509Certificate getPeerCert(HttpServletRequest req)
+ throws EBaseException {
return getSSLClientCertificate(req);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
index ad48d18d..0681baca 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
@@ -72,12 +72,10 @@ import com.netscape.certsrv.request.RequestStatus;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
- * Connector servlet
- * process requests from remote authority -
- * service request or return status.
- *
+ * Connector servlet process requests from remote authority - service request or
+ * return status.
+ *
* @version $Revision$, $Date$
*/
public class ConnectorServlet extends CMSServlet {
@@ -95,14 +93,10 @@ public class ConnectorServlet extends CMSServlet {
protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl";
- private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN =
- "unknown";
- private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS =
- "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
- private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
- "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
- private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN = "unknown";
+ private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS = "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
+ private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
private final static byte EOL[] = { Character.LINE_SEPARATOR };
@@ -115,22 +109,19 @@ public class ConnectorServlet extends CMSServlet {
String authority = sc.getInitParameter(PROP_AUTHORITY);
if (authority != null)
- mAuthority = (IAuthority)
- CMS.getSubsystem(authority);
+ mAuthority = (IAuthority) CMS.getSubsystem(authority);
mReqEncoder = CMS.getHttpRequestEncoder();
-
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
- public void service(HttpServletRequest request,
- HttpServletResponse response)
- throws ServletException, IOException {
+ public void service(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
boolean running_state = CMS.isInRunningState();
if (!running_state)
- throw new IOException(
- "CMS server is not ready to serve.");
+ throw new IOException("CMS server is not ready to serve.");
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse resp = (HttpServletResponse) response;
@@ -163,14 +154,14 @@ public class ConnectorServlet extends CMSServlet {
IRequest r = null;
IRequest reply = null;
- // NOTE must read all bufer before redoing handshake for
+ // NOTE must read all bufer before redoing handshake for
// ssl client auth for client auth to work.
// get request method
- method = req.getMethod();
+ method = req.getMethod();
// get content length
- len = request.getContentLength();
+ len = request.getContentLength();
// get content, a base 64 encoded serialized request.
if (len > 0) {
@@ -191,16 +182,16 @@ public class ConnectorServlet extends CMSServlet {
}
// force client auth handshake, validate RA and get RA's Id.
- // NOTE must do this after all contents are read for ssl
- // redohandshake to work
+ // NOTE must do this after all contents are read for ssl
+ // redohandshake to work
X509Certificate peerCert;
try {
peerCert = getPeerCert(req);
- }catch (EBaseException e) {
- mAuthority.log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+ } catch (EBaseException e) {
+ mAuthority.log(ILogger.LL_SECURITY,
+ CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
@@ -211,7 +202,7 @@ public class ConnectorServlet extends CMSServlet {
return;
}
- // authenticate RA
+ // authenticate RA
String RA_Id = null;
String raUserId = null;
@@ -231,15 +222,15 @@ public class ConnectorServlet extends CMSServlet {
return;
}
- mAuthority.log(ILogger.LL_INFO,
- "Remote Authority authenticated: " + peerCert.getSubjectDN());
+ mAuthority.log(ILogger.LL_INFO, "Remote Authority authenticated: "
+ + peerCert.getSubjectDN());
// authorize
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, token,
- mAuthzResourceName, "submit");
+ authzToken = authorize(mAclMethod, token, mAuthzResourceName,
+ "submit");
} catch (Exception e) {
// do nothing for now
}
@@ -265,20 +256,24 @@ public class ConnectorServlet extends CMSServlet {
try {
// decode request.
msg = (IPKIMessage) mReqEncoder.decode(encodedreq);
- // process request
+ // process request
replymsg = processRequest(RA_Id, raUserId, msg, token);
} catch (IOException e) {
CMS.debug("ConnectorServlet: service " + e.toString());
CMS.debug(e);
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
+ e.toString()));
resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
return;
} catch (EBaseException e) {
CMS.debug("ConnectorServlet: service " + e.toString());
CMS.debug(e);
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ mAuthority.log(
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
+ e.toString()));
resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
return;
} catch (Exception e) {
@@ -288,7 +283,7 @@ public class ConnectorServlet extends CMSServlet {
CMS.debug("ConnectorServlet: done processRequest");
- // encode reply
+ // encode reply
try {
String encodedrep = mReqEncoder.encode(replymsg);
@@ -326,10 +321,12 @@ public class ConnectorServlet extends CMSServlet {
ByteArrayOutputStream byteStream;
try {
- info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+ info = request
+ .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
- // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
- CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY);
+ // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
+ CertificateX509Key certKey = (CertificateX509Key) info
+ .get(X509CertInfo.KEY);
if (certKey != null) {
byteStream = new ByteArrayOutputStream();
certKey.encode(byteStream);
@@ -337,15 +334,15 @@ public class ConnectorServlet extends CMSServlet {
byteStream.toByteArray());
}
- CertificateSubjectName certSubject = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ CertificateSubjectName certSubject = (CertificateSubjectName) info
+ .get(X509CertInfo.SUBJECT);
if (certSubject != null) {
request.setExtData(IEnrollProfile.REQUEST_SUBJECT_NAME,
certSubject);
}
- CertificateValidity certValidity = (CertificateValidity)
- info.get(X509CertInfo.VALIDITY);
+ CertificateValidity certValidity = (CertificateValidity) info
+ .get(X509CertInfo.VALIDITY);
if (certValidity != null) {
byteStream = new ByteArrayOutputStream();
certValidity.encode(byteStream);
@@ -353,15 +350,15 @@ public class ConnectorServlet extends CMSServlet {
byteStream.toByteArray());
}
- CertificateExtensions extensions = (CertificateExtensions)
- info.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) info
+ .get(X509CertInfo.EXTENSIONS);
if (extensions != null) {
request.setExtData(IEnrollProfile.REQUEST_EXTENSIONS,
extensions);
}
- CertificateAlgorithmId certAlg = (CertificateAlgorithmId)
- info.get(X509CertInfo.ALGORITHM_ID);
+ CertificateAlgorithmId certAlg = (CertificateAlgorithmId) info
+ .get(X509CertInfo.ALGORITHM_ID);
if (certAlg != null) {
ByteArrayOutputStream certAlgOut = new ByteArrayOutputStream();
certAlg.encode(certAlgOut);
@@ -369,16 +366,14 @@ public class ConnectorServlet extends CMSServlet {
certAlgOut.toByteArray());
}
} catch (Exception e) {
- CMS.debug("ConnectorServlet: profile normalization " +
- e.toString());
+ CMS.debug("ConnectorServlet: profile normalization " + e.toString());
}
String profileId = request.getExtDataInString("profileId");
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem("profile");
+ IProfileSubsystem ps = (IProfileSubsystem) CMS.getSubsystem("profile");
IEnrollProfile profile = null;
- // profile subsystem may not be available. In case of KRA for
+ // profile subsystem may not be available. In case of KRA for
// example
if (ps == null) {
CMS.debug("ConnectorServlet: Profile Subsystem not found ");
@@ -388,7 +383,8 @@ public class ConnectorServlet extends CMSServlet {
profile = (IEnrollProfile) (ps.getProfile(profileId));
profile.setDefaultCertInfo(request);
} catch (EProfileException e) {
- CMS.debug("ConnectorServlet: normalizeProfileRequest Exception: " + e.toString());
+ CMS.debug("ConnectorServlet: normalizeProfileRequest Exception: "
+ + e.toString());
}
if (profile == null) {
CMS.debug("ConnectorServlet: Profile not found " + profileId);
@@ -399,15 +395,15 @@ public class ConnectorServlet extends CMSServlet {
/**
* Process request
* <P>
- *
+ *
* (Certificate Request - all "agent" profile cert requests made through a
- * connector)
+ * connector)
* <P>
- *
- * (Certificate Request Processed - all automated "agent" profile based
- * cert acceptance made through a connector)
+ *
+ * (Certificate Request Processed - all automated "agent" profile based cert
+ * acceptance made through a connector)
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a
* profile cert request is made (before approval process)
@@ -417,6 +413,7 @@ public class ConnectorServlet extends CMSServlet {
* inter-CIMC_Boundary data transfer is successful (this is used when data
* does not need to be captured)
* </ul>
+ *
* @param source string containing source
* @param sourceUserId string containing source user ID
* @param msg PKI message
@@ -424,9 +421,8 @@ public class ConnectorServlet extends CMSServlet {
* @exception EBaseException an error has occurred
* @return PKI message
*/
- protected IPKIMessage processRequest(
- String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
- throws EBaseException {
+ protected IPKIMessage processRequest(String source, String sourceUserId,
+ IPKIMessage msg, IAuthToken token) throws EBaseException {
String auditMessage = null;
String auditSubjectID = sourceUserId;
String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL;
@@ -476,50 +472,45 @@ public class ConnectorServlet extends CMSServlet {
thisreq = queue.findRequest(thisreqid);
if (thisreq == null) {
// strange case.
- String errormsg = "Cannot find request in request queue " +
- thisreqid;
+ String errormsg = "Cannot find request in request queue "
+ + thisreqid;
- mAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage(
+ mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage(
"CMSGW_REQUEST_ID_NOT_FOUND_1",
thisreqid.toString()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
- auditSubjectID,
- ILogger.FAILURE,
- auditProtectionMethod,
- auditRequestType,
- auditRequesterID);
+ LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
+ auditSubjectID, ILogger.FAILURE,
+ auditProtectionMethod, auditRequestType,
+ auditRequesterID);
audit(auditMessage);
- // NOTE: The signed audit event
- // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
- // does not yet matter at this point!
+ // NOTE: The signed audit event
+ // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+ // does not yet matter at this point!
throw new EBaseException(errormsg);
} else {
- mAuthority.log(ILogger.LL_INFO,
- "Found request " + thisreqid + " for " + srcid);
+ mAuthority.log(ILogger.LL_INFO, "Found request "
+ + thisreqid + " for " + srcid);
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
- auditSubjectID,
- ILogger.SUCCESS,
- auditProtectionMethod,
- auditRequestType,
- auditRequesterID);
+ LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
+ auditSubjectID, ILogger.SUCCESS,
+ auditProtectionMethod, auditRequestType,
+ auditRequesterID);
audit(auditMessage);
- // NOTE: The signed audit event
- // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
- // does not yet matter at this point!
+ // NOTE: The signed audit event
+ // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+ // does not yet matter at this point!
return replymsg;
}
@@ -527,77 +518,67 @@ public class ConnectorServlet extends CMSServlet {
// if not found process request.
thisreq = queue.newRequest(msg.getReqType());
- CMS.debug("ConnectorServlet: created requestId=" +
- thisreq.getRequestId().toString());
+ CMS.debug("ConnectorServlet: created requestId="
+ + thisreq.getRequestId().toString());
thisreq.setSourceId(srcid);
- // NOTE: For the following signed audit message, since we only
- // care about the "msg.toRequest( thisreq );" command, and
- // since this command does not throw an EBaseException
- // (which is the only exception designated by this method),
- // then this code does NOT need to be contained within its
- // own special try/catch block.
- msg.toRequest( thisreq );
+ // NOTE: For the following signed audit message, since we only
+ // care about the "msg.toRequest( thisreq );" command, and
+ // since this command does not throw an EBaseException
+ // (which is the only exception designated by this method),
+ // then this code does NOT need to be contained within its
+ // own special try/catch block.
+ msg.toRequest(thisreq);
- if( isProfileRequest( thisreq ) ) {
- X509CertInfo info =
- thisreq.getExtDataInCertInfo(
- IEnrollProfile.REQUEST_CERTINFO );
+ if (isProfileRequest(thisreq)) {
+ X509CertInfo info = thisreq
+ .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
try {
- CertificateSubjectName sn = ( CertificateSubjectName )
- info.get( X509CertInfo.SUBJECT );
+ CertificateSubjectName sn = (CertificateSubjectName) info
+ .get(X509CertInfo.SUBJECT);
// if the cert subject name is NOT MISSING, retrieve the
// actual "auditCertificateSubjectName" and "normalize"
// it
- if( sn != null ) {
+ if (sn != null) {
subject = sn.toString();
- if( subject != null ) {
- // NOTE: This is ok even if the cert subject
- // name is "" (empty)!
+ if (subject != null) {
+ // NOTE: This is ok even if the cert subject
+ // name is "" (empty)!
auditCertificateSubjectName = subject.trim();
}
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditProfileID(),
- auditCertificateSubjectName );
-
- audit( auditMessage );
- } catch( CertificateException e ) {
- CMS.debug( "ConnectorServlet: processRequest "
- + e.toString() );
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditProfileID(), auditCertificateSubjectName);
+
+ audit(auditMessage);
+ } catch (CertificateException e) {
+ CMS.debug("ConnectorServlet: processRequest "
+ + e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditProfileID(),
- auditCertificateSubjectName );
-
- audit( auditMessage );
- } catch( IOException e ) {
- CMS.debug( "ConnectorServlet: processRequest "
- + e.toString() );
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditProfileID(), auditCertificateSubjectName);
+
+ audit(auditMessage);
+ } catch (IOException e) {
+ CMS.debug("ConnectorServlet: processRequest "
+ + e.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditProfileID(),
- auditCertificateSubjectName );
-
- audit( auditMessage );
+ LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditProfileID(), auditCertificateSubjectName);
+
+ audit(auditMessage);
}
}
@@ -605,10 +586,9 @@ public class ConnectorServlet extends CMSServlet {
// setting requestor type must come after copy contents. because
// requestor is a regular attribute.
- thisreq.setExtData(IRequest.REQUESTOR_TYPE,
- IRequest.REQUESTOR_RA);
- mAuthority.log(ILogger.LL_INFO, "Processing remote request " +
- srcid);
+ thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_RA);
+ mAuthority.log(ILogger.LL_INFO, "Processing remote request "
+ + srcid);
// Set this so that request's updateBy is recorded
SessionContext s = SessionContext.getContext();
@@ -621,53 +601,53 @@ public class ConnectorServlet extends CMSServlet {
s.put(SessionContext.REQUESTER_ID, msg.getReqId());
}
- CMS.debug("ConnectorServlet: calling processRequest instance=" +
- thisreq);
+ CMS.debug("ConnectorServlet: calling processRequest instance="
+ + thisreq);
if (isProfileRequest(thisreq)) {
normalizeProfileRequest(thisreq);
}
try {
- queue.processRequest( thisreq );
+ queue.processRequest(thisreq);
- if( isProfileRequest( thisreq ) ) {
+ if (isProfileRequest(thisreq)) {
// reset the "auditInfoCertValue"
- auditInfoCertValue = auditInfoCertValue( thisreq );
+ auditInfoCertValue = auditInfoCertValue(thisreq);
- if( auditInfoCertValue != null ) {
- if( !( auditInfoCertValue.equals(
- ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+ if (auditInfoCertValue != null) {
+ if (!(auditInfoCertValue
+ .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue );
-
- audit( auditMessage );
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue);
+
+ audit(auditMessage);
}
}
}
- } catch( EBaseException eAudit1 ) {
- if( isProfileRequest( thisreq ) ) {
+ } catch (EBaseException eAudit1) {
+ if (isProfileRequest(thisreq)) {
// reset the "auditInfoCertValue"
- auditInfoCertValue = auditInfoCertValue( thisreq );
+ auditInfoCertValue = auditInfoCertValue(thisreq);
- if( auditInfoCertValue != null ) {
- if( !( auditInfoCertValue.equals(
- ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+ if (auditInfoCertValue != null) {
+ if (!(auditInfoCertValue
+ .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue );
-
- audit( auditMessage );
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue);
+
+ audit(auditMessage);
}
}
}
@@ -680,158 +660,146 @@ public class ConnectorServlet extends CMSServlet {
replymsg = CMS.getHttpPKIMessage();
replymsg.fromRequest(thisreq);
- CMS.debug("ConnectorServlet: replymsg.reqStatus=" +
- replymsg.getReqStatus());
+ CMS.debug("ConnectorServlet: replymsg.reqStatus="
+ + replymsg.getReqStatus());
- //for audit log
+ // for audit log
String agentID = sourceUserId;
- String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
- agentID + " remote reqID " + msg.getReqId();
+ String initiative = AuditFormat.FROMRA + " trustedManagerID: "
+ + agentID + " remote reqID " + msg.getReqId();
String authMgr = AuditFormat.NOAUTH;
if (token != null) {
- authMgr =
- token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
if (isProfileRequest(thisreq)) {
// XXX audit log
- CMS.debug("ConnectorServlet: done requestId=" +
- thisreq.getRequestId().toString());
+ CMS.debug("ConnectorServlet: done requestId="
+ + thisreq.getRequestId().toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
- auditSubjectID,
- ILogger.SUCCESS,
- auditProtectionMethod,
- auditRequestType,
- auditRequesterID);
+ LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
+ auditSubjectID, ILogger.SUCCESS, auditProtectionMethod,
+ auditRequestType, auditRequesterID);
audit(auditMessage);
- // NOTE: The signed audit event
- // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
- // has already been logged at this point!
+ // NOTE: The signed audit event
+ // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+ // has already been logged at this point!
return replymsg;
}
// Get the certificate info from the request
- X509CertInfo x509Info[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo x509Info[] = thisreq
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
try {
if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
if (x509Info != null) {
for (int i = 0; i < x509Info.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus(),
- x509Info[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ thisreq.getRequestStatus(),
+ x509Info[i]
+ .get(X509CertInfo.SUBJECT),
+ "" });
}
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- thisreq.getRequestStatus()}
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL, AuditFormat.NODNFORMAT,
+ new Object[] { thisreq.getRequestType(),
+ thisreq.getRequestId(), initiative,
+ authMgr, thisreq.getRequestStatus() });
}
} else {
- if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
+ if (thisreq.getRequestType().equals(
+ IRequest.ENROLLMENT_REQUEST)) {
// XXX make the repeat record.
// Get the certificate(s) from the request
X509CertImpl x509Certs[] = null;
if (x509Info != null)
- x509Certs =
- thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ x509Certs = thisreq
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
- // return potentially more than one certificates.
+ // return potentially more than one certificates.
if (x509Certs != null) {
for (int i = 0; i < x509Certs.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed",
- x509Certs[i].getSubjectDN(),
- "cert issued serial number: 0x" +
- x509Certs[i].getSerialNumber().toString(16)}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ thisreq.getRequestType(),
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ x509Certs[i].getSubjectDN(),
+ "cert issued serial number: 0x"
+ + x509Certs[i]
+ .getSerialNumber()
+ .toString(16) });
}
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed"}
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL, AuditFormat.NODNFORMAT,
+ new Object[] { thisreq.getRequestType(),
+ thisreq.getRequestId(), initiative,
+ authMgr, "completed" });
}
- } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
- X509CertImpl[] certs =
- thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
+ } else if (thisreq.getRequestType().equals(
+ IRequest.RENEWAL_REQUEST)) {
+ X509CertImpl[] certs = thisreq
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
X509CertImpl old_cert = certs[0];
- certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ certs = thisreq
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
X509CertImpl renewed_cert = certs[0];
if (old_cert != null && renewed_cert != null) {
mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.RENEWALFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed",
- old_cert.getSubjectDN(),
- old_cert.getSerialNumber().toString(16),
- "new serial number: 0x" +
- renewed_cert.getSerialNumber().toString(16)}
- );
+ AuditFormat.LEVEL,
+ AuditFormat.RENEWALFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ old_cert.getSubjectDN(),
+ old_cert.getSerialNumber()
+ .toString(16),
+ "new serial number: 0x"
+ + renewed_cert
+ .getSerialNumber()
+ .toString(16) });
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed with error"}
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL, AuditFormat.NODNFORMAT,
+ new Object[] { thisreq.getRequestType(),
+ thisreq.getRequestId(), initiative,
+ authMgr, "completed with error" });
}
- } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
- Certificate[] oldCerts =
- thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
- RevokedCertImpl crlentries[] =
- thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
+ } else if (thisreq.getRequestType().equals(
+ IRequest.REVOCATION_REQUEST)) {
+ Certificate[] oldCerts = thisreq
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
+ RevokedCertImpl crlentries[] = thisreq
+ .getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
CRLExtensions crlExts = crlentries[0].getExtensions();
int reason = 0;
@@ -842,18 +810,20 @@ public class ConnectorServlet extends CMSServlet {
Extension ext = (Extension) enum1.nextElement();
if (ext instanceof CRLReasonExtension) {
- reason = ((CRLReasonExtension) ext).getReason().toInt();
+ reason = ((CRLReasonExtension) ext)
+ .getReason().toInt();
break;
}
}
}
int count = oldCerts.length;
- Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
+ Integer result = thisreq
+ .getExtDataInInteger(IRequest.RESULT);
if (result.equals(IRequest.RES_ERROR)) {
- String[] svcErrors =
- thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
+ String[] svcErrors = thisreq
+ .getExtDataInStringArray(IRequest.SVCERRORS);
if (svcErrors != null && svcErrors.length > 0) {
for (int i = 0; i < svcErrors.length; i++) {
@@ -865,19 +835,24 @@ public class ConnectorServlet extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative,
- "completed with error: " +
- err,
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative,
+ "completed with error: "
+ + err,
+ cert.getSubjectDN(),
+ cert.getSerialNumber()
+ .toString(
+ 16),
+ RevocationReason
+ .fromInt(
+ reason)
+ .toString() });
}
}
}
@@ -891,44 +866,39 @@ public class ConnectorServlet extends CMSServlet {
if (oldCerts[j] instanceof X509CertImpl) {
X509CertImpl cert = (X509CertImpl) oldCerts[j];
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.DOREVOKEFORMAT,
- new Object[] {
- thisreq.getRequestId(),
- initiative,
- "completed",
- cert.getSubjectDN(),
- cert.getSerialNumber().toString(16),
- RevocationReason.fromInt(reason).toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.DOREVOKEFORMAT,
+ new Object[] {
+ thisreq.getRequestId(),
+ initiative,
+ "completed",
+ cert.getSubjectDN(),
+ cert.getSerialNumber()
+ .toString(16),
+ RevocationReason
+ .fromInt(reason)
+ .toString() });
}
}
}
}
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- thisreq.getRequestType(),
- thisreq.getRequestId(),
- initiative,
- authMgr,
- "completed"}
- );
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+ AuditFormat.LEVEL, AuditFormat.NODNFORMAT,
+ new Object[] { thisreq.getRequestType(),
+ thisreq.getRequestId(), initiative,
+ authMgr, "completed" });
}
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
- auditSubjectID,
- ILogger.SUCCESS,
- auditProtectionMethod,
- auditRequestType,
- auditRequesterID);
+ LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
+ auditSubjectID, ILogger.SUCCESS, auditProtectionMethod,
+ auditRequestType, auditRequesterID);
audit(auditMessage);
} catch (IOException e) {
@@ -936,12 +906,9 @@ public class ConnectorServlet extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
- auditSubjectID,
- ILogger.FAILURE,
- auditProtectionMethod,
- auditRequestType,
- auditRequesterID);
+ LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
+ auditSubjectID, ILogger.FAILURE, auditProtectionMethod,
+ auditRequestType, auditRequesterID);
audit(auditMessage);
} catch (CertificateException e) {
@@ -949,12 +916,9 @@ public class ConnectorServlet extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
- auditSubjectID,
- ILogger.FAILURE,
- auditProtectionMethod,
- auditRequestType,
- auditRequesterID);
+ LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
+ auditSubjectID, ILogger.FAILURE, auditProtectionMethod,
+ auditRequestType, auditRequesterID);
audit(auditMessage);
} catch (Exception e) {
@@ -962,46 +926,40 @@ public class ConnectorServlet extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
- auditSubjectID,
- ILogger.FAILURE,
- auditProtectionMethod,
- auditRequestType,
- auditRequesterID);
+ LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
+ auditSubjectID, ILogger.FAILURE, auditProtectionMethod,
+ auditRequestType, auditRequesterID);
audit(auditMessage);
} finally {
SessionContext.releaseContext();
}
- // NOTE: The signed audit event
- // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
- // has already been logged at this point!
+ // NOTE: The signed audit event
+ // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+ // has already been logged at this point!
return replymsg;
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
- auditSubjectID,
- ILogger.FAILURE,
- auditProtectionMethod,
- auditRequestType,
- auditRequesterID);
+ LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS,
+ auditSubjectID, ILogger.FAILURE, auditProtectionMethod,
+ auditRequestType, auditRequesterID);
audit(auditMessage);
- // NOTE: The signed audit event
- // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
- // has either already been logged, or
- // does not yet matter at this point!
+ // NOTE: The signed audit event
+ // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+ // has either already been logged, or
+ // does not yet matter at this point!
return replymsg;
}
}
- protected X509Certificate
- getPeerCert(HttpServletRequest req) throws EBaseException {
+ protected X509Certificate getPeerCert(HttpServletRequest req)
+ throws EBaseException {
return getSSLClientCertificate(req);
}
@@ -1011,11 +969,11 @@ public class ConnectorServlet extends CMSServlet {
/**
* Signed Audit Log
- *
- * This method is inherited by all extended "CMSServlet"s,
- * and is called to store messages to the signed audit log.
+ *
+ * This method is inherited by all extended "CMSServlet"s, and is called to
+ * store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -1026,21 +984,17 @@ public class ConnectorServlet extends CMSServlet {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
/**
* Signed Audit Log Profile ID
- *
- * This method is inherited by all extended "EnrollProfile"s,
- * and is called to obtain the "ProfileID" for
- * a signed audit log message.
+ *
+ * This method is inherited by all extended "EnrollProfile"s, and is called
+ * to obtain the "ProfileID" for a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message ProfileID
*/
protected String auditProfileID() {
@@ -1062,11 +1016,11 @@ public class ConnectorServlet extends CMSServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param request a Request containing an X509CertImpl
* @return cert string containing the certificate
*/
@@ -1076,8 +1030,8 @@ public class ConnectorServlet extends CMSServlet {
return null;
}
- X509CertImpl x509cert = request.getExtDataInCert(
- IEnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl x509cert = request
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
if (x509cert == null) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -1122,4 +1076,3 @@ public class ConnectorServlet extends CMSServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
index 2a024c3a..27b5200b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
@@ -40,17 +40,14 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
-
/**
- * GenerateKeyPairServlet
- * handles "server-side key pair generation" requests from the
- * netkey RA.
- *
+ * GenerateKeyPairServlet handles "server-side key pair generation" requests
+ * from the netkey RA.
+ *
* @author Christina Fu (cfu)
* @version $Revision$, $Date$
*/
-//XXX add auditing later
+// XXX add auditing later
public class GenerateKeyPairServlet extends CMSServlet {
/**
@@ -68,7 +65,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
/**
* Constructs GenerateKeyPair servlet.
- *
+ *
*/
public GenerateKeyPairServlet() {
super();
@@ -80,37 +77,30 @@ public class GenerateKeyPairServlet extends CMSServlet {
String authority = config.getInitParameter(PROP_AUTHORITY);
if (authority != null)
- mAuthority = (IAuthority)
- CMS.getSubsystem(authority);
-
+ mAuthority = (IAuthority) CMS.getSubsystem(authority);
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/*
- * processServerSideKeyGen -
- * handles netkey DRM serverside keygen.
- * netkey operations:
- * 1. generate keypair (archive user priv key)
- * 2. unwrap des key with transport key, then url decode it
- * 3. wrap user priv key with des key
- * 4. send the following to RA:
- * * des key wrapped(user priv key)
- * * user public key
- * (note: RA should have kek-wrapped des key from TKS)
- * * recovery blob (used for recovery)
+ * processServerSideKeyGen - handles netkey DRM serverside keygen. netkey
+ * operations: 1. generate keypair (archive user priv key) 2. unwrap des key
+ * with transport key, then url decode it 3. wrap user priv key with des key
+ * 4. send the following to RA: * des key wrapped(user priv key) * user
+ * public key (note: RA should have kek-wrapped des key from TKS) * recovery
+ * blob (used for recovery)
*/
private void processServerSideKeyGen(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
+ HttpServletResponse resp) throws EBaseException {
IRequestQueue queue = mAuthority.getRequestQueue();
IRequest thisreq = null;
@@ -123,8 +113,8 @@ public class GenerateKeyPairServlet extends CMSServlet {
String rCUID = req.getParameter("CUID");
String rUserid = req.getParameter("userid");
String rdesKeyString = req.getParameter("drm_trans_desKey");
- String rArchive = req.getParameter("archive");
- String rKeysize = req.getParameter("keysize");
+ String rArchive = req.getParameter("archive");
+ String rKeysize = req.getParameter("keysize");
if ((rCUID == null) || (rCUID.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID");
@@ -136,19 +126,18 @@ public class GenerateKeyPairServlet extends CMSServlet {
missingParam = true;
}
- if ((rKeysize == null) || (rKeysize.equals(""))) {
- rKeysize = "1024"; // default to 1024
- }
+ if ((rKeysize == null) || (rKeysize.equals(""))) {
+ rKeysize = "1024"; // default to 1024
+ }
- if ((rdesKeyString == null) ||
- (rdesKeyString.equals(""))) {
+ if ((rdesKeyString == null) || (rdesKeyString.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key");
missingParam = true;
}
if ((rArchive == null) || (rArchive.equals(""))) {
CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true");
- rArchive = "true";
+ rArchive = "true";
}
String selectedToken = null;
@@ -156,21 +145,23 @@ public class GenerateKeyPairServlet extends CMSServlet {
if (!missingParam) {
thisreq = queue.newRequest(IRequest.NETKEY_KEYGEN_REQUEST);
- thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA);
+ thisreq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_NETKEY_RA);
thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID);
thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid);
- thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
- thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
- thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY,
+ rdesKeyString);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
- queue.processRequest( thisreq );
+ queue.processRequest(thisreq);
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result != null) {
- // sighs! tps thinks 0 is good, and DRM thinks 1 is good
- if (result.intValue() == 1)
- status = "0";
- else
- status = result.toString();
+ // sighs! tps thinks 0 is good, and DRM thinks 1 is good
+ if (result.intValue() == 1)
+ status = "0";
+ else
+ status = result.toString();
} else
status = "7";
@@ -184,40 +175,40 @@ public class GenerateKeyPairServlet extends CMSServlet {
String wrappedPrivKeyString = "";
String publicKeyString = "";
- if( thisreq == null ) {
- CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - "
- + "thisreq is null!" );
- throw new EBaseException( "thisreq is null" );
+ if (thisreq == null) {
+ CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - "
+ + "thisreq is null!");
+ throw new EBaseException("thisreq is null");
}
publicKeyString = thisreq.getExtDataInString("public_key");
wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate");
- String ivString = thisreq.getExtDataInString("iv_s");
+ String ivString = thisreq.getExtDataInString("iv_s");
/*
- if (selectedToken == null)
- status = "4";
- */
- if (!status.equals("0"))
- value = "status="+status;
+ * if (selectedToken == null) status = "4";
+ */
+ if (!status.equals("0"))
+ value = "status=" + status;
else {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
- sb.append("wrapped_priv_key=");
- sb.append(wrappedPrivKeyString);
- sb.append("&iv_param=");
- sb.append(ivString);
+ sb.append("wrapped_priv_key=");
+ sb.append(wrappedPrivKeyString);
+ sb.append("&iv_param=");
+ sb.append(ivString);
sb.append("&public_key=");
- sb.append(publicKeyString);
+ sb.append(publicKeyString);
value = sb.toString();
}
- CMS.debug("processServerSideKeyGen:outputString.encode " +value);
+ CMS.debug("processServerSideKeyGen:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length());
+ CMS.debug("GenerateKeyPairServlet:outputString.length "
+ + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -227,20 +218,14 @@ public class GenerateKeyPairServlet extends CMSServlet {
}
}
-
- /*
-
- * For GenerateKeyPair:
- *
- * input:
- * CUID=value0
- * trans-wrapped-desKey=value1
- *
- * output:
- * status=value0
- * publicKey=value1
- * desKey-wrapped-userPrivateKey=value2
- * proofOfArchival=value3
+ /*
+ *
+ * For GenerateKeyPair:
+ *
+ * input: CUID=value0 trans-wrapped-desKey=value1
+ *
+ * output: status=value0 publicKey=value1
+ * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -251,14 +236,14 @@ public class GenerateKeyPairServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "execute");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "execute");
} catch (Exception e) {
}
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("GenerateKeyPairServlet: Unauthorized");
@@ -268,7 +253,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("GenerateKeyPairServlet: " + e.toString());
}
@@ -277,28 +262,28 @@ public class GenerateKeyPairServlet extends CMSServlet {
}
// begin Netkey serverSideKeyGen and archival
- CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
- processServerSideKeyGen(req, resp);
- return;
+ CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
+ processServerSideKeyGen(req, resp);
+ return;
// end Netkey functions
}
- /** XXX remember tocheck peer SSL cert and get RA id later
- *
+ /**
+ * XXX remember tocheck peer SSL cert and get RA id later
+ *
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
- super.service(req, resp);
+ super.service(req, resp);
-
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
index fa454bd6..0c67eaf1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
@@ -39,16 +39,14 @@ import com.netscape.certsrv.request.IRequestQueue;
import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
- * TokenKeyRecoveryServlet
- * handles "key recovery service" requests from the
+ * TokenKeyRecoveryServlet handles "key recovery service" requests from the
* netkey TPS
- *
+ *
* @author Christina Fu (cfu)
* @version $Revision$, $Date$
*/
-//XXX add auditing later
+// XXX add auditing later
public class TokenKeyRecoveryServlet extends CMSServlet {
/**
@@ -65,7 +63,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
/**
* Constructs TokenKeyRecovery servlet.
- *
+ *
*/
public TokenKeyRecoveryServlet() {
super();
@@ -77,27 +75,26 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
String authority = config.getInitParameter(PROP_AUTHORITY);
if (authority != null)
- mAuthority = (IAuthority)
- CMS.getSubsystem(authority);
-
+ mAuthority = (IAuthority) CMS.getSubsystem(authority);
+
mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
}
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
- /**
+ /**
* Process the HTTP request.
- *
+ *
* @param s The URL to decode
*/
- protected String URLdecode(String s) {
+ protected String URLdecode(String s) {
if (s == null)
return null;
ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -117,39 +114,30 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
} // end for
return out.toString();
- }
+ }
/*
- * processTokenKeyRecovery
- * handles netkey key recovery requests
- * input params are:
- * CUID - the CUID of the old token where the keys/certs were initially for
- * userid - the userid that belongs to both the old token and the new token
- * drm_trans_desKey - the des key generated for the NEW token
- * wrapped with DRM transport key
- * cert - the user cert corresponding to the key to be recovered
- *
- * operations:
- * 1. unwrap des key with transport key, then url decode it
- * 2. retrieve user private key
- * 3. wrap user priv key with des key
- * 4. send the following to RA:
- * * des key wrapped(user priv key)
- * (note: RA should have kek-wrapped des key from TKS)
- * * recovery blob (used for recovery)
- *
- * output params are:
- * status=value0
- * publicKey=value1
- * desKey-wrapped-userPrivateKey=value2
+ * processTokenKeyRecovery handles netkey key recovery requests input params
+ * are: CUID - the CUID of the old token where the keys/certs were initially
+ * for userid - the userid that belongs to both the old token and the new
+ * token drm_trans_desKey - the des key generated for the NEW token wrapped
+ * with DRM transport key cert - the user cert corresponding to the key to
+ * be recovered
+ *
+ * operations: 1. unwrap des key with transport key, then url decode it 2.
+ * retrieve user private key 3. wrap user priv key with des key 4. send the
+ * following to RA: * des key wrapped(user priv key) (note: RA should have
+ * kek-wrapped des key from TKS) * recovery blob (used for recovery)
+ *
+ * output params are: status=value0 publicKey=value1
+ * desKey-wrapped-userPrivateKey=value2
*/
private void processTokenKeyRecovery(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
+ HttpServletResponse resp) throws EBaseException {
IRequestQueue queue = mAuthority.getRequestQueue();
IRequest thisreq = null;
-
- // IConfigStore sconfig = CMS.getConfigStore();
+
+ // IConfigStore sconfig = CMS.getConfigStore();
boolean missingParam = false;
String status = "0";
@@ -158,7 +146,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
String rCUID = req.getParameter("CUID");
String rUserid = req.getParameter("userid");
String rdesKeyString = req.getParameter("drm_trans_desKey");
- String rCert = req.getParameter("cert");
+ String rCert = req.getParameter("cert");
if ((rCUID == null) || (rCUID.equals(""))) {
CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID");
@@ -170,8 +158,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
missingParam = true;
}
- if ((rdesKeyString == null) ||
- (rdesKeyString.equals(""))) {
+ if ((rdesKeyString == null) || (rdesKeyString.equals(""))) {
CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key");
missingParam = true;
}
@@ -186,24 +173,26 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
if (!missingParam) {
thisreq = queue.newRequest(IRequest.NETKEY_KEYRECOVERY_REQUEST);
- thisreq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_NETKEY_RA);
+ thisreq.setExtData(IRequest.REQUESTOR_TYPE,
+ IRequest.REQUESTOR_NETKEY_RA);
thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID);
thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid);
- thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
+ thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY,
+ rdesKeyString);
thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert);
- //XXX auto process for netkey
- queue.processRequest( thisreq );
- // IService svc = (IService) new TokenKeyRecoveryService(kra);
- // svc.serviceRequest(thisreq);
+ // XXX auto process for netkey
+ queue.processRequest(thisreq);
+ // IService svc = (IService) new TokenKeyRecoveryService(kra);
+ // svc.serviceRequest(thisreq);
Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
if (result != null) {
- // sighs! tps thinks 0 is good, and drm thinks 1 is good
- if (result.intValue() == 1)
- status ="0";
- else
- status = result.toString();
+ // sighs! tps thinks 0 is good, and drm thinks 1 is good
+ if (result.intValue() == 1)
+ status = "0";
+ else
+ status = result.toString();
} else
status = "7";
@@ -218,25 +207,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
String wrappedPrivKeyString = "";
String publicKeyString = "";
String ivString = "";
- /* if is RECOVERY_PROTOTYPE
- String recoveryBlobString = "";
-
- IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord");
- byte publicKey_b[] = kr.getPublicKeyData();
-
- BigInteger serialNo = kr.getSerialNumber();
-
- String serialNumberString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray());
-
- recoveryBlobString = (String)
- thisreq.get("recoveryBlob");
- */
-
- if( thisreq == null ) {
- CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
- + "thisreq is null!" );
- throw new EBaseException( "thisreq is null" );
+ /*
+ * if is RECOVERY_PROTOTYPE String recoveryBlobString = "";
+ *
+ * IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); byte
+ * publicKey_b[] = kr.getPublicKeyData();
+ *
+ * BigInteger serialNo = kr.getSerialNumber();
+ *
+ * String serialNumberString =
+ * com.netscape.cmsutil.util.Utils.SpecialEncode
+ * (serialNo.toByteArray());
+ *
+ * recoveryBlobString = (String) thisreq.get("recoveryBlob");
+ */
+
+ if (thisreq == null) {
+ CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
+ + "thisreq is null!");
+ throw new EBaseException("thisreq is null");
}
publicKeyString = thisreq.getExtDataInString("public_key");
@@ -244,11 +233,10 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
ivString = thisreq.getExtDataInString("iv_s");
/*
- if (selectedToken == null)
- status = "4";
- */
- if (!status.equals("0"))
- value = "status="+status;
+ * if (selectedToken == null) status = "4";
+ */
+ if (!status.equals("0"))
+ value = "status=" + status;
else {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
@@ -259,13 +247,14 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
sb.append("&iv_param=");
sb.append(ivString);
value = sb.toString();
-
+
}
- CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value);
+ CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length());
+ CMS.debug("TokenKeyRecoveryServlet:outputString.length "
+ + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -275,19 +264,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
}
-
- /*
- * For TokenKeyRecovery
- *
- * input:
- * CUID=value0
- * trans-wrapped-desKey=value1
- *
- * output:
- * status=value0
- * publicKey=value1
- * desKey-wrapped-userPrivateKey=value2
- * proofOfArchival=value3
+ /*
+ * For TokenKeyRecovery
+ *
+ * input: CUID=value0 trans-wrapped-desKey=value1
+ *
+ * output: status=value0 publicKey=value1
+ * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -298,14 +281,14 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "submit");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "submit");
} catch (Exception e) {
}
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("TokenKeyRecoveryServlet: Unauthorized");
@@ -315,7 +298,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("TokenKeyRecoveryServlet: " + e.toString());
}
@@ -324,28 +307,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
}
// begin Netkey serverSideKeyGen and archival
- CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
- processTokenKeyRecovery(req, resp);
- return;
+ CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
+ processTokenKeyRecovery(req, resp);
+ return;
// end Netkey functions
}
- /** XXX remember to check peer SSL cert and get RA id later
- *
+ /**
+ * XXX remember to check peer SSL cert and get RA id later
+ *
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
- super.service(req, resp);
+ super.service(req, resp);
-
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
index a2509287..4bb96f14 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.StringTokenizer;
@@ -41,19 +40,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class AdminAuthenticatePanel extends WizardPanelBase {
- public AdminAuthenticatePanel() {}
+ public AdminAuthenticatePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Admin Authentication");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Admin Authentication");
setId(id);
@@ -62,24 +61,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
public boolean isSubPanel() {
return true;
}
-
+
/**
* Should we skip this panel for the configuration.
*/
public boolean shouldSkip() {
CMS.debug("AdminAuthenticatePanel: should skip");
-
+
IConfigStore cs = CMS.getConfigStore();
// if we are root, no need to get the certificate chain.
-
+
try {
- String select = cs.getString("preop.subsystem.select","");
+ String select = cs.getString("preop.subsystem.select", "");
if (select.equals("new")) {
return true;
}
} catch (EBaseException e) {
}
-
+
return false;
}
@@ -103,15 +102,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -119,18 +119,17 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Admin Authentication");
IConfigStore config = CMS.getConfigStore();
if (isPanelDone()) {
-
+
try {
String s = config.getString("preop.master.admin.uid", "");
String type = config.getString("preop.subsystem.select", "");
if (type.equals("clone"))
- context.put("uid", s);
+ context.put("uid", s);
else
context.put("uid", "");
} catch (Exception e) {
@@ -149,16 +148,14 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
String subsystemtype = "";
String cstype = "";
@@ -170,7 +167,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
cstype = toLowerCaseSubsystemType(cstype);
if (subsystemtype.equals("clone")) {
- CMS.debug("AdminAuthenticatePanel: this is the clone subsystem");
+ CMS.debug("AdminAuthenticatePanel: this is the clone subsystem");
String uid = HttpInput.getUID(request, "uid");
if (uid == null) {
context.put("errorString", "Uid is empty");
@@ -185,7 +182,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
try {
host = config.getString("preop.master.hostname");
} catch (Exception e) {
- CMS.debug("AdminAuthenticatePanel update: "+e.toString());
+ CMS.debug("AdminAuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing hostname for master");
throw new IOException("Missing hostname");
}
@@ -193,7 +190,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
try {
httpsport = config.getInteger("preop.master.httpsadminport");
} catch (Exception e) {
- CMS.debug("AdminAuthenticatePanel update: "+e.toString());
+ CMS.debug("AdminAuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing port for master");
throw new IOException("Missing port");
}
@@ -235,10 +232,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
c1.append("cloning.");
c1.append(t1);
c1.append(".pubkey.encoded");
-
- if (s1.length()!=0)
+
+ if (s1.length() != 0)
s1.append(",");
-
+
s1.append(cstype);
s1.append(".");
s1.append(t1);
@@ -248,11 +245,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type");
}
- String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString();
+ String content = "uid="
+ + uid
+ + "&pwd="
+ + pwd
+ + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"
+ + c1.toString() + "&substores=" + s1.toString();
- boolean success = updateConfigEntries(host, httpsport, true,
- "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config,
- response);
+ boolean success = updateConfigEntries(host, httpsport, true, "/"
+ + cstype + "/admin/" + cstype + "/getConfigEntries",
+ content, config, response);
try {
config.commit(false);
@@ -260,13 +262,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
}
if (!success) {
- context.put("errorString", "Failed to get configuration entries from the master");
- throw new IOException("Failed to get configuration entries from the master");
+ context.put("errorString",
+ "Failed to get configuration entries from the master");
+ throw new IOException(
+ "Failed to get configuration entries from the master");
} else {
boolean cloneReady = isCertdbCloned(request, context);
if (!cloneReady) {
CMS.debug("AdminAuthenticatePanel update: clone does not have all the certificates.");
- context.put("errorString", "Make sure you have copied the certificate database over to the clone");
+ context.put("errorString",
+ "Make sure you have copied the certificate database over to the clone");
throw new IOException("Clone is not ready");
}
}
@@ -285,16 +290,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response, Context context) {
context.put("title", "Admin Authentication");
context.put("password", "");
context.put("panel", "admin/console/config/adminauthenticatepanel.vm");
}
- private boolean isCertdbCloned(HttpServletRequest request,
- Context context) {
+ private boolean isCertdbCloned(HttpServletRequest request, Context context) {
IConfigStore config = CMS.getConfigStore();
String certList = "";
try {
@@ -306,13 +308,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
String tokenname = config.getString("preop.module.token", "");
CryptoToken tok = cm.getTokenByName(tokenname);
CryptoStore store = tok.getCryptoStore();
- String name1 = "preop.master."+token+".nickname";
+ String name1 = "preop.master." + token + ".nickname";
String nickname = config.getString(name1, "");
- if (!tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal"))
- nickname = tokenname+":"+nickname;
+ if (!tokenname.equals("Internal Key Storage Token")
+ && !tokenname.equals("internal"))
+ nickname = tokenname + ":" + nickname;
- CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname);
+ CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname);
X509Certificate cert = cm.findCertByNickname(nickname);
if (cert == null)
return false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
index 78bb9485..1265fb87 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -70,18 +69,19 @@ public class AdminPanel extends WizardPanelBase {
private static final String ADMIN_UID = "admin";
private final static String CERT_TAG = "admin";
- public AdminPanel() {}
+ public AdminPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Administrator");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) {
setPanelNo(panelno);
setName("Administrator");
setId(id);
@@ -101,29 +101,39 @@ public class AdminPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
- Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
- "Email address for an administrator");
+
+ Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameter */
+ "Email address for an administrator");
set.add("admin_email", emailDesc);
- Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
- "Administrator's password");
+ Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameter */
+ "Administrator's password");
set.add("pwd", pwdDesc);
- Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
- "Administrator's password again");
+ Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameter */
+ "Administrator's password again");
set.add("admin_password_again", pwdAgainDesc);
return set;
@@ -133,8 +143,7 @@ public class AdminPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("AdminPanel: display");
IConfigStore cs = CMS.getConfigStore();
@@ -152,7 +161,8 @@ public class AdminPanel extends WizardPanelBase {
try {
type = cs.getString("preop.ca.type", "");
subsystemtype = cs.getString("cs.type", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (isPanelDone()) {
try {
@@ -161,11 +171,14 @@ public class AdminPanel extends WizardPanelBase {
context.put("admin_pwd", "");
context.put("admin_pwd_again", "");
context.put("admin_uid", cs.getString("preop.admin.uid"));
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
} else {
String def_admin_name = "";
try {
- def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId");
+ def_admin_name = cs.getString("cs.type")
+ + " Administrator of Instance "
+ + cs.getString("instanceId");
} catch (EBaseException e) {
}
context.put("admin_name", def_admin_name);
@@ -176,7 +189,7 @@ public class AdminPanel extends WizardPanelBase {
}
ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
- if (ca == null) {
+ if (ca == null) {
context.put("ca", "false");
} else {
context.put("ca", "true");
@@ -186,24 +199,24 @@ public class AdminPanel extends WizardPanelBase {
String domainname = "";
try {
domainname = cs.getString("securitydomain.name", "");
- } catch (EBaseException e1) {}
+ } catch (EBaseException e1) {
+ }
context.put("securityDomain", domainname);
context.put("title", "Administrator");
context.put("panel", "admin/console/config/adminpanel.vm");
context.put("errorString", "");
context.put("info", info);
-
+
}
/**
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException
- {
+ HttpServletResponse response, Context context) throws IOException {
String pwd = HttpInput.getPassword(request, "__pwd");
- String pwd_again = HttpInput.getPassword(request, "__admin_password_again");
+ String pwd_again = HttpInput.getPassword(request,
+ "__admin_password_again");
String email = HttpInput.getEmail(request, "email");
String name = HttpInput.getName(request, "name");
String uid = HttpInput.getUID(request, "uid");
@@ -230,7 +243,8 @@ public class AdminPanel extends WizardPanelBase {
if (!pwd.equals(pwd_again)) {
context.put("updateStatus", "validate-failure");
- throw new IOException("Password and password again are not the same.");
+ throw new IOException(
+ "Password and password again are not the same.");
}
if (email == null || email.length() == 0) {
@@ -243,8 +257,7 @@ public class AdminPanel extends WizardPanelBase {
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
context.put("info", "");
context.put("import", "true");
@@ -256,13 +269,15 @@ public class AdminPanel extends WizardPanelBase {
try {
type = config.getString(PRE_CA_TYPE, "");
subsystemtype = config.getString("cs.type", "");
- security_domain_type = config.getString("securitydomain.select","");
+ security_domain_type = config
+ .getString("securitydomain.select", "");
selected_hierarchy = config.getString("preop.hierarchy.select", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
- if (ca == null) {
+ if (ca == null) {
context.put("ca", "false");
} else {
context.put("ca", "true");
@@ -286,14 +301,12 @@ public class AdminPanel extends WizardPanelBase {
throw e;
}
- // REMINDER: This panel is NOT used by "clones"
- if( ca != null ) {
- if( selected_hierarchy.equals( "root" ) ) {
- CMS.debug( "AdminPanel update: "
- + "Root CA subsystem");
+ // REMINDER: This panel is NOT used by "clones"
+ if (ca != null) {
+ if (selected_hierarchy.equals("root")) {
+ CMS.debug("AdminPanel update: " + "Root CA subsystem");
} else {
- CMS.debug( "AdminPanel update: "
- + "Subordinate CA subsystem");
+ CMS.debug("AdminPanel update: " + "Subordinate CA subsystem");
}
try {
@@ -309,10 +322,8 @@ public class AdminPanel extends WizardPanelBase {
String ca_hostname = null;
int ca_port = -1;
- // REMINDER: This panel is NOT used by "clones"
- CMS.debug( "AdminPanel update: "
- + subsystemtype
- + " subsystem" );
+ // REMINDER: This panel is NOT used by "clones"
+ CMS.debug("AdminPanel update: " + subsystemtype + " subsystem");
if (type.equals("sdca")) {
try {
@@ -339,10 +350,11 @@ public class AdminPanel extends WizardPanelBase {
try {
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
context.put("updateStatus", "success");
-
+
}
private void createAdmin(HttpServletRequest request) throws IOException {
@@ -402,7 +414,8 @@ public class AdminPanel extends WizardPanelBase {
String select = config.getString("securitydomain.select", "");
if (select.equals("new")) {
- group = system.getGroupFromName("Security Domain Administrators");
+ group = system
+ .getGroupFromName("Security Domain Administrators");
if (!group.isMember(uid)) {
group.addMemberName(uid);
system.modifyGroup(group);
@@ -414,7 +427,8 @@ public class AdminPanel extends WizardPanelBase {
system.modifyGroup(group);
}
- group = system.getGroupFromName("Enterprise KRA Administrators");
+ group = system
+ .getGroupFromName("Enterprise KRA Administrators");
if (!group.isMember(uid)) {
group.addMemberName(uid);
system.modifyGroup(group);
@@ -426,19 +440,22 @@ public class AdminPanel extends WizardPanelBase {
system.modifyGroup(group);
}
- group = system.getGroupFromName("Enterprise TKS Administrators");
+ group = system
+ .getGroupFromName("Enterprise TKS Administrators");
if (!group.isMember(uid)) {
group.addMemberName(uid);
system.modifyGroup(group);
}
- group = system.getGroupFromName("Enterprise OCSP Administrators");
+ group = system
+ .getGroupFromName("Enterprise OCSP Administrators");
if (!group.isMember(uid)) {
group.addMemberName(uid);
system.modifyGroup(group);
}
- group = system.getGroupFromName("Enterprise TPS Administrators");
+ group = system
+ .getGroupFromName("Enterprise TPS Administrators");
if (!group.isMember(uid)) {
group.addMemberName(uid);
system.modifyGroup(group);
@@ -450,8 +467,9 @@ public class AdminPanel extends WizardPanelBase {
}
}
- private void submitRequest(String ca_hostname, int ca_port, HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
+ private void submitRequest(String ca_hostname, int ca_port,
+ HttpServletRequest request, HttpServletResponse response,
+ Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
String sd_hostname = null;
int sd_port = -1;
@@ -459,22 +477,29 @@ public class AdminPanel extends WizardPanelBase {
try {
sd_hostname = config.getString("securitydomain.host", "");
sd_port = config.getInteger("securitydomain.httpseeport");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
String profileId = HttpInput.getID(request, "profileId");
if (profileId == null) {
try {
- profileId = config.getString("preop.admincert.profile", "caAdminCert");
- } catch (Exception e) {}
+ profileId = config.getString("preop.admincert.profile",
+ "caAdminCert");
+ } catch (Exception e) {
+ }
}
- String cert_request_type = HttpInput.getID(request, "cert_request_type");
+ String cert_request_type = HttpInput
+ .getID(request, "cert_request_type");
String cert_request = HttpInput.getCertRequest(request, "cert_request");
cert_request = URLEncoder.encode(cert_request, "UTF-8");
String session_id = CMS.getConfigSDSessionId();
String subjectDN = HttpInput.getString(request, "subject");
- String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN;
+ String content = "profileId=" + profileId + "&cert_request_type="
+ + cert_request_type + "&cert_request=" + cert_request
+ + "&xmlOutput=true&sessionID=" + session_id + "&subject="
+ + subjectDN;
HttpClient httpclient = new HttpClient();
String c = null;
@@ -497,7 +522,7 @@ public class AdminPanel extends WizardPanelBase {
c = httpresponse.getContent();
CMS.debug("AdminPanel submitRequest: content=" + c);
-
+
// retrieve the request Id ad admin certificate
if (c != null) {
try {
@@ -508,15 +533,15 @@ public class AdminPanel extends WizardPanelBase {
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "AdminPanel::submitRequest() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("AdminPanel::submitRequest() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
CMS.debug("AdminPanel update: status=" + status);
if (status.equals("2")) {
- //relogin to the security domain
+ // relogin to the security domain
reloginSecurityDomain(response);
return;
} else if (!status.equals("0")) {
@@ -525,7 +550,7 @@ public class AdminPanel extends WizardPanelBase {
context.put("errorString", error);
throw new IOException(error);
}
-
+
IConfigStore cs = CMS.getConfigStore();
String id = parser.getValue("Id");
@@ -539,7 +564,7 @@ public class AdminPanel extends WizardPanelBase {
+ File.separator + "admin.b64";
cs.putString("preop.admincert.b64", dir);
- PrintStream ps = new PrintStream(new FileOutputStream(dir));
+ PrintStream ps = new PrintStream(new FileOutputStream(dir));
ps.println(b64);
ps.flush();
@@ -561,12 +586,13 @@ public class AdminPanel extends WizardPanelBase {
HttpServletResponse response, Context context) throws IOException {
String cert_request = HttpInput.getCertRequest(request, "cert_request");
- String cert_request_type = HttpInput.getID(request, "cert_request_type");
+ String cert_request_type = HttpInput
+ .getID(request, "cert_request_type");
IConfigStore cs = CMS.getConfigStore();
- if( cs == null ) {
- CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" );
- throw new IOException( "cs is null" );
+ if (cs == null) {
+ CMS.debug("AdminPanel::createAdminCertificate() - cs is null!");
+ throw new IOException("cs is null");
}
String subject = "";
@@ -578,14 +604,13 @@ public class AdminPanel extends WizardPanelBase {
subject = CryptoUtil.getSubjectName(crmfMsgs);
x509key = CryptoUtil.getX509KeyFromCRMFMsgs(crmfMsgs);
} catch (Exception e) {
- CMS.debug(
- "AdminPanel createAdminCertificate: Exception="
- + e.toString());
+ CMS.debug("AdminPanel createAdminCertificate: Exception="
+ + e.toString());
}
- // this request is from IE. The VBScript has problem of generating
- // certificate request if the subject name has E and UID components.
- // For now, we always hardcoded the subject DN to be cn=NAME in
- // the IE browser.
+ // this request is from IE. The VBScript has problem of generating
+ // certificate request if the subject name has E and UID components.
+ // For now, we always hardcoded the subject DN to be cn=NAME in
+ // the IE browser.
} else if (cert_request_type.equals("pkcs10")) {
try {
byte[] b = CMS.AtoB(cert_request);
@@ -594,33 +619,35 @@ public class AdminPanel extends WizardPanelBase {
x509key = pkcs10.getSubjectPublicKeyInfo();
} catch (Exception e) {
CMS.debug("AdminPanel createAdminCertificate: Exception="
- + e.toString());
+ + e.toString());
}
}
- if( x509key == null ) {
- CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" );
- throw new IOException( "x509key is null" );
+ if (x509key == null) {
+ CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!");
+ throw new IOException("x509key is null");
}
try {
cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject);
- String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local");
+ String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type",
+ "local");
X509CertImpl impl = CertUtil.createLocalCert(cs, x509key,
- PCERT_PREFIX, CERT_TAG, caType, context);
+ PCERT_PREFIX, CERT_TAG, caType, context);
// update the locally created request for renewal
- CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject);
+ CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,
+ cert_request_type, subject);
ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
if (ca != null) {
createPKCS7(impl);
}
- cs.putString("preop.admincert.serialno.0",
- impl.getSerialNumber().toString(16));
+ cs.putString("preop.admincert.serialno.0", impl.getSerialNumber()
+ .toString(16));
} catch (Exception e) {
CMS.debug("AdminPanel createAdminCertificate: Exception="
- + e.toString());
+ + e.toString());
}
}
@@ -628,8 +655,7 @@ public class AdminPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Administrator");
context.put("panel", "admin/console/config/adminpanel.vm");
@@ -640,8 +666,9 @@ public class AdminPanel extends WizardPanelBase {
try {
type = cs.getString("preop.ca.type", "");
- } catch (Exception e) {}
- if (ca == null && type.equals("otherca")) {
+ } catch (Exception e) {
+ }
+ if (ca == null && type.equals("otherca")) {
info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically.";
}
context.put("info", info);
@@ -655,7 +682,7 @@ public class AdminPanel extends WizardPanelBase {
public boolean shouldSkip() {
try {
IConfigStore c = CMS.getConfigStore();
- String s = c.getString("preop.subsystem.select",null);
+ String s = c.getString("preop.subsystem.select", null);
if (s != null && s.equals("clone")) {
return true;
}
@@ -665,11 +692,11 @@ public class AdminPanel extends WizardPanelBase {
return false;
}
-
private void createPKCS7(X509CertImpl cert) {
try {
IConfigStore cs = CMS.getConfigStore();
- ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
CertificateChain cachain = ca.getCACertChain();
X509Certificate[] cacerts = cachain.getChain();
X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
@@ -680,16 +707,18 @@ public class AdminPanel extends WizardPanelBase {
}
userChain[0] = cert;
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
+ new byte[0]), userChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
p7.encodeSignedData(bos);
byte[] p7Bytes = bos.toByteArray();
String p7Str = CMS.BtoA(p7Bytes);
- cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str));
+ cs.putString("preop.admincert.pkcs7",
+ CryptoUtil.normalizeCertStr(p7Str));
} catch (Exception e) {
- CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString());
+ CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "
+ + e.toString());
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
index a62b22b7..b5f74fd0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class AgentAuthenticatePanel extends WizardPanelBase {
- public AgentAuthenticatePanel() {}
+ public AgentAuthenticatePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Agent Authentication");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Agent Authentication");
setId(id);
@@ -57,18 +56,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
public boolean isSubPanel() {
return true;
}
-
+
/**
* Should we skip this panel for the configuration.
*/
public boolean shouldSkip() {
CMS.debug("DisplayCertChainPanel: should skip");
-
+
IConfigStore cs = CMS.getConfigStore();
// if we are root, no need to get the certificate chain.
-
+
try {
- String select = cs.getString("securitydomain.select","");
+ String select = cs.getString("securitydomain.select", "");
if (select.equals("new")) {
return true;
}
@@ -78,7 +77,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
return true;
} catch (EBaseException e) {
}
-
+
return false;
}
@@ -96,15 +95,16 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -112,20 +112,19 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Agent Authentication");
IConfigStore config = CMS.getConfigStore();
if (isPanelDone()) {
-
+
try {
String s = config.getString("preop.ca.agent.uid", "");
String type = config.getString("preop.hierarchy.select", "");
if (type.equals("root"))
context.put("uid", "");
else
- context.put("uid", s);
+ context.put("uid", s);
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -142,17 +141,14 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException
- {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
context.put("panel", "admin/console/config/agentauthenticatepanel.vm");
context.put("title", "Agent Authentication");
@@ -182,34 +178,34 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
try {
host = config.getString("preop.ca.hostname");
} catch (Exception e) {
- CMS.debug("AgentAuthenticatePanel update: "+e.toString());
+ CMS.debug("AgentAuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing hostname");
throw new IOException("Missing hostname");
}
-
+
try {
httpsport = config.getInteger("preop.ca.httpsport");
} catch (Exception e) {
- CMS.debug("AgentAuthenticatePanel update: "+e.toString());
+ CMS.debug("AgentAuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing port");
throw new IOException("Missing port");
}
-/*
- // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from
- // web.xml as part of CC interface review
- boolean authenticated = authenticate(host, httpsport, true,
- "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd);
-
- if (!authenticated) {
- context.put("errorString", "Wrong user id or password");
- throw new IOException("Wrong user id or password");
- }
-*/
+ /*
+ * // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed
+ * from // web.xml as part of CC interface review boolean
+ * authenticated = authenticate(host, httpsport, true,
+ * "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd);
+ *
+ * if (!authenticated) { context.put("errorString",
+ * "Wrong user id or password"); throw new
+ * IOException("Wrong user id or password"); }
+ */
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
}
@@ -217,9 +213,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response, Context context) {
context.put("password", "");
context.put("title", "Agent Authentication");
context.put("panel", "admin/console/config/agentauthenticatepanel.vm");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
index ceab1d8d..b4f29a43 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class AuthenticatePanel extends WizardPanelBase {
- public AuthenticatePanel() {}
+ public AuthenticatePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Authentication");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Authentication");
setId(id);
@@ -62,21 +61,22 @@ public class AuthenticatePanel extends WizardPanelBase {
public boolean isPanelDone() {
IConfigStore cs = CMS.getConfigStore();
try {
- String s = cs.getString("preop.ca.agent.uid","");
+ String s = cs.getString("preop.ca.agent.uid", "");
if (s == null || s.equals("")) {
return false;
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -84,20 +84,19 @@ public class AuthenticatePanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Authentication");
IConfigStore config = CMS.getConfigStore();
if (isPanelDone()) {
-
+
try {
String s = config.getString("preop.ca.agent.uid", "");
String type = config.getString("preop.hierarchy.select", "");
if (type.equals("root"))
context.put("uid", "");
else
- context.put("uid", s);
+ context.put("uid", s);
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -114,16 +113,14 @@ public class AuthenticatePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
String type = "";
String catype = "";
@@ -151,30 +148,31 @@ public class AuthenticatePanel extends WizardPanelBase {
try {
host = config.getString("preop.ca.hostname");
} catch (Exception e) {
- CMS.debug("AuthenticatePanel update: "+e.toString());
+ CMS.debug("AuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing hostname");
throw new IOException("Missing hostname");
}
-
+
try {
httpsport = config.getInteger("preop.ca.httpsport");
} catch (Exception e) {
- CMS.debug("AuthenticatePanel update: "+e.toString());
+ CMS.debug("AuthenticatePanel update: " + e.toString());
context.put("errorString", "Missing port");
throw new IOException("Missing port");
}
- boolean authenticated = authenticate(host, httpsport, true,
- "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd);
+ boolean authenticated = authenticate(host, httpsport, true,
+ "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd);
- if (!authenticated) {
- context.put("errorString", "Wrong user id or password");
- throw new IOException("Wrong user id or password");
- }
+ if (!authenticated) {
+ context.put("errorString", "Wrong user id or password");
+ throw new IOException("Wrong user id or password");
+ }
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
}
@@ -182,9 +180,7 @@ public class AuthenticatePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response, Context context) {
context.put("password", "");
context.put("panel", "admin/console/config/authenticatepanel.vm");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
index 77977808..38bbbc64 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayOutputStream;
import java.io.CharConversionException;
import java.io.IOException;
@@ -71,19 +70,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
public class BackupKeyCertPanel extends WizardPanelBase {
- public BackupKeyCertPanel() {}
+ public BackupKeyCertPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Export Keys and Certificates");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Export Keys and Certificates");
setId(id);
@@ -105,11 +104,11 @@ public class BackupKeyCertPanel extends WizardPanelBase {
try {
String s = cs.getString("preop.module.token", "");
- if (s.equals("Internal Key Storage Token"))
+ if (s.equals("Internal Key Storage Token"))
return false;
} catch (Exception e) {
}
-
+
return true;
}
@@ -122,15 +121,16 @@ public class BackupKeyCertPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -138,8 +138,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Export Keys and Certificates");
IConfigStore config = CMS.getConfigStore();
@@ -170,12 +169,13 @@ public class BackupKeyCertPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
String select = HttpInput.getID(request, "choice");
if (select.equals("backupkey")) {
String pwd = request.getParameter("__pwd");
String pwdAgain = request.getParameter("__pwdagain");
- if (pwd == null || pwdAgain == null || pwd.equals("") || pwdAgain.equals("")) {
+ if (pwd == null || pwdAgain == null || pwd.equals("")
+ || pwdAgain.equals("")) {
CMS.debug("BackupKeyCertPanel validate: Password is null");
context.put("updateStatus", "validate-failure");
throw new IOException("PK12 password is empty.");
@@ -184,7 +184,8 @@ public class BackupKeyCertPanel extends WizardPanelBase {
if (!pwd.equals(pwdAgain)) {
CMS.debug("BackupKeyCertPanel validate: Password and password again are not the same.");
context.put("updateStatus", "validate-failure");
- throw new IOException("PK12 password is different from the PK12 password again.");
+ throw new IOException(
+ "PK12 password is different from the PK12 password again.");
}
}
}
@@ -193,8 +194,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
String select = HttpInput.getID(request, "choice");
@@ -219,9 +219,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response, Context context) {
String select = "";
try {
select = HttpInput.getID(request, "choice");
@@ -242,8 +240,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
context.put("panel", "admin/console/config/backupkeycertpanel.vm");
}
- public void backupKeysCerts(HttpServletRequest request)
- throws IOException {
+ public void backupKeysCerts(HttpServletRequest request) throws IOException {
CMS.debug("BackupKeyCertPanel backupKeysCerts: start");
IConfigStore cs = CMS.getConfigStore();
String certlist = "";
@@ -257,9 +254,9 @@ public class BackupKeyCertPanel extends WizardPanelBase {
try {
cm = CryptoManager.getInstance();
} catch (Exception e) {
- CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("BackupKeyCertPanel::backupKeysCerts() - " + "Exception="
+ + e.toString());
+ throw new IOException(e.toString());
}
String pwd = request.getParameter("__pwd");
@@ -273,12 +270,12 @@ public class BackupKeyCertPanel extends WizardPanelBase {
String nickname = "";
String modname = "";
try {
- nickname = cs.getString("preop.cert."+t+".nickname");
+ nickname = cs.getString("preop.cert." + t + ".nickname");
modname = cs.getString("preop.module.token");
} catch (Exception e) {
}
if (!modname.equals("Internal Key Storage Token"))
- nickname = modname+":"+nickname;
+ nickname = modname + ":" + nickname;
X509Certificate x509cert = null;
byte localKeyId[] = null;
@@ -288,7 +285,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
} catch (IOException e) {
throw e;
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
throw new IOException("Failed to create pkcs12 file.");
}
@@ -296,22 +293,24 @@ public class BackupKeyCertPanel extends WizardPanelBase {
PrivateKey pkey = cm.findPrivKeyByCert(x509cert);
addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents);
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
throw new IOException("Failed to create pkcs12 file.");
}
- } //while loop
-
+ } // while loop
+
X509Certificate[] cacerts = cm.getCACerts();
- for (int i=0; i<cacerts.length; i++) {
- //String nickname = cacerts[i].getSubjectDN().toString();
+ for (int i = 0; i < cacerts.length; i++) {
+ // String nickname = cacerts[i].getSubjectDN().toString();
String nickname = null;
try {
- byte[] localKeyId = addCertBag(cacerts[i], nickname, safeContents);
+ byte[] localKeyId = addCertBag(cacerts[i], nickname,
+ safeContents);
} catch (IOException e) {
throw e;
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="
+ + e.toString());
throw new IOException("Failed to create pkcs12 file.");
}
}
@@ -319,9 +318,9 @@ public class BackupKeyCertPanel extends WizardPanelBase {
try {
AuthenticatedSafes authSafes = new AuthenticatedSafes();
authSafes.addSafeContents(safeContents);
- authSafes.addSafeContents(encSafeContents);
+ authSafes.addSafeContents(encSafeContents);
PFX pfx = new PFX(authSafes);
- pfx.computeMacData(pass, null, 5);
+ pfx.computeMacData(pass, null, 5);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
pfx.encode(bos);
byte[] output = bos.toByteArray();
@@ -329,13 +328,14 @@ public class BackupKeyCertPanel extends WizardPanelBase {
pass.clear();
cs.commit(false);
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="
+ + e.toString());
}
}
private void addKeyBag(PrivateKey pkey, X509Certificate x509cert,
- Password pass, byte[] localKeyId, SEQUENCE safeContents)
- throws IOException {
+ Password pass, byte[] localKeyId, SEQUENCE safeContents)
+ throws IOException {
try {
PasswordConverter passConverter = new PasswordConverter();
@@ -343,24 +343,24 @@ public class BackupKeyCertPanel extends WizardPanelBase {
byte salt[] = random.generateSeed(4); // 4 bytes salt
byte[] priData = getEncodedKey(pkey);
- PrivateKeyInfo pki = (PrivateKeyInfo)
- ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
+ PrivateKeyInfo pki = (PrivateKeyInfo) ASN1Util.decode(
+ PrivateKeyInfo.getTemplate(), priData);
ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
- PBEAlgorithm.PBE_SHA1_DES3_CBC,
- pass, salt, 1, passConverter, pki);
- SET keyAttrs = createBagAttrs(
- x509cert.getSubjectDN().toString(), localKeyId);
- SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG,
- key, keyAttrs);
+ PBEAlgorithm.PBE_SHA1_DES3_CBC, pass, salt, 1,
+ passConverter, pki);
+ SET keyAttrs = createBagAttrs(x509cert.getSubjectDN().toString(),
+ localKeyId);
+ SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, key,
+ keyAttrs);
safeContents.addElement(keyBag);
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString());
throw new IOException("Failed to create pk12 file.");
}
}
- private byte[] addCertBag(X509Certificate x509cert, String nickname,
- SEQUENCE safeContents) throws IOException {
+ private byte[] addCertBag(X509Certificate x509cert, String nickname,
+ SEQUENCE safeContents) throws IOException {
byte[] localKeyId = null;
try {
ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
@@ -368,11 +368,11 @@ public class BackupKeyCertPanel extends WizardPanelBase {
SET certAttrs = null;
if (nickname != null)
certAttrs = createBagAttrs(nickname, localKeyId);
- SafeBag certBag = new SafeBag(SafeBag.CERT_BAG,
- new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
+ SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, new CertBag(
+ CertBag.X509_CERT_TYPE, cert), certAttrs);
safeContents.addElement(certBag);
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString());
+ CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString());
throw new IOException("Failed to create pk12 file.");
}
@@ -385,8 +385,9 @@ public class BackupKeyCertPanel extends WizardPanelBase {
CryptoToken token = cm.getInternalKeyStorageToken();
KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey sk = kg.generate();
- KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
- byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+ KeyWrapper wrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
+ byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
IVParameterSpec param = new IVParameterSpec(iv);
wrapper.initWrap(sk, param);
byte[] enckey = wrapper.wrap(pkey);
@@ -395,14 +396,14 @@ public class BackupKeyCertPanel extends WizardPanelBase {
byte[] recovered = c.doFinal(enckey);
return recovered;
} catch (Exception e) {
- CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="
+ + e.toString());
}
return null;
}
- private byte[] createLocalKeyId(X509Certificate cert)
- throws IOException {
+ private byte[] createLocalKeyId(X509Certificate cert) throws IOException {
try {
// SHA1 hash of the X509Cert der encoding
byte certDer[] = cert.getEncoded();
@@ -412,16 +413,18 @@ public class BackupKeyCertPanel extends WizardPanelBase {
md.update(certDer);
return md.digest();
} catch (CertificateEncodingException e) {
- CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString());
+ CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "
+ + e.toString());
throw new IOException("Failed to encode certificate.");
} catch (NoSuchAlgorithmException e) {
- CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString());
+ CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "
+ + e.toString());
throw new IOException("No such algorithm supported.");
}
}
private SET createBagAttrs(String nickName, byte localKeyId[])
- throws IOException {
+ throws IOException {
try {
SET attrs = new SET();
SEQUENCE nickNameAttr = new SEQUENCE();
@@ -442,7 +445,8 @@ public class BackupKeyCertPanel extends WizardPanelBase {
attrs.addElement(localKeyAttr);
return attrs;
} catch (CharConversionException e) {
- CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString());
+ CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="
+ + e.toString());
throw new IOException("Failed to create PKCS12 file.");
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
index 01d06631..74961c49 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Enumeration;
@@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet;
import com.netscape.certsrv.apps.CMS;
-
public class BaseServlet extends VelocityServlet {
/**
@@ -46,14 +44,14 @@ public class BaseServlet extends VelocityServlet {
}
public boolean authenticate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
String pin = (String) request.getSession().getAttribute("pin");
if (pin == null) {
try {
response.sendRedirect("login");
- } catch (IOException e) {}
+ } catch (IOException e) {
+ }
return false;
}
return true;
@@ -66,29 +64,26 @@ public class BaseServlet extends VelocityServlet {
while (paramNames.hasMoreElements()) {
String pn = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
- // all sensitive parameters should be prefixed with
+ // all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("BaseServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") || pn.endsWith("password")
+ || pn.endsWith("passwd") || pn.endsWith("pwd")
+ || pn.equalsIgnoreCase("admin_password_again")
+ || pn.equalsIgnoreCase("directoryManagerPwd")
+ || pn.equalsIgnoreCase("bindpassword")
+ || pn.equalsIgnoreCase("bindpwd")
+ || pn.equalsIgnoreCase("passwd")
+ || pn.equalsIgnoreCase("password")
+ || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd")
+ || pn.equalsIgnoreCase("pwdagain")
+ || pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("BaseServlet::service() param name='" + pn
+ + "' value='(sensitive)'");
} else {
- CMS.debug("BaseServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("BaseServlet::service() param name='" + pn
+ + "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
@@ -97,14 +92,12 @@ public class BaseServlet extends VelocityServlet {
* Processes request.
*/
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
return null;
}
public Template handleRequest(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
if (CMS.debugOn()) {
outputHttpParameters(request);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
index 33a0ff69..5e4c015e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.net.URL;
import java.util.StringTokenizer;
@@ -39,19 +38,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class CAInfoPanel extends WizardPanelBase {
- public CAInfoPanel() {}
+ public CAInfoPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("CA Information");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("CA Information");
setId(id);
@@ -82,14 +81,15 @@ public class CAInfoPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
return set;
}
@@ -97,8 +97,7 @@ public class CAInfoPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("CAInfoPanel: display");
IConfigStore cs = CMS.getConfigStore();
@@ -118,15 +117,18 @@ public class CAInfoPanel extends WizardPanelBase {
try {
hostname = cs.getString("preop.ca.hostname");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
try {
httpport = cs.getString("preop.ca.httpport");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
try {
httpsport = cs.getString("preop.ca.httpsport");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (type.equals("sdca")) {
context.put("check_sdca", "checked");
@@ -143,12 +145,11 @@ public class CAInfoPanel extends WizardPanelBase {
String cstype = "CA";
String portType = "SecurePort";
-/*
- try {
- cstype = cs.getString("cs.type", "");
- } catch (EBaseException e) {}
-*/
-
+ /*
+ * try { cstype = cs.getString("cs.type", ""); } catch (EBaseException
+ * e) {}
+ */
+
CMS.debug("CAInfoPanel: Ready to get url");
Vector v = getUrlListFromSecurityDomain(cs, cstype, portType);
v.addElement("External CA");
@@ -163,12 +164,13 @@ public class CAInfoPanel extends WizardPanelBase {
list.append(",");
}
}
-
+
try {
cs.putString("preop.ca.list", list.toString());
cs.commit(false);
- } catch (Exception e) {}
-
+ } catch (Exception e) {
+ }
+
context.put("urls", v);
context.put("sdcaHostname", hostname);
@@ -183,8 +185,7 @@ public class CAInfoPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
}
@@ -192,20 +193,18 @@ public class CAInfoPanel extends WizardPanelBase {
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
/*
- String select = request.getParameter("choice");
- if (select == null) {
- CMS.debug("CAInfoPanel: choice not found");
- throw new IOException("choice not found");
- }
+ * String select = request.getParameter("choice"); if (select == null) {
+ * CMS.debug("CAInfoPanel: choice not found"); throw new
+ * IOException("choice not found"); }
*/
IConfigStore config = CMS.getConfigStore();
try {
- String subsystemselect = config.getString("preop.subsystem.select", "");
+ String subsystemselect = config.getString("preop.subsystem.select",
+ "");
if (subsystemselect.equals("clone"))
return;
} catch (Exception e) {
@@ -213,25 +212,26 @@ public class CAInfoPanel extends WizardPanelBase {
String select = null;
String index = request.getParameter("urls");
- String url = "";
+ String url = "";
if (index.startsWith("http")) {
- // user may submit url directlry
- url = index;
+ // user may submit url directlry
+ url = index;
} else {
- try {
- int x = Integer.parseInt(index);
- String list = config.getString("preop.ca.list", "");
- StringTokenizer tokenizer = new StringTokenizer(list, ",");
- int counter = 0;
-
- while (tokenizer.hasMoreTokens()) {
- url = tokenizer.nextToken();
- if (counter == x) {
- break;
+ try {
+ int x = Integer.parseInt(index);
+ String list = config.getString("preop.ca.list", "");
+ StringTokenizer tokenizer = new StringTokenizer(list, ",");
+ int counter = 0;
+
+ while (tokenizer.hasMoreTokens()) {
+ url = tokenizer.nextToken();
+ if (counter == x) {
+ break;
+ }
+ counter++;
}
- counter++;
+ } catch (Exception e) {
}
- } catch (Exception e) {}
}
URL urlx = null;
@@ -240,7 +240,7 @@ public class CAInfoPanel extends WizardPanelBase {
select = "otherca";
config.putString("preop.ca.pkcs7", "");
config.putInteger("preop.ca.certchain.size", 0);
- } else {
+ } else {
select = "sdca";
// parse URL (CA1 - https://...)
@@ -272,10 +272,12 @@ public class CAInfoPanel extends WizardPanelBase {
try {
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
- private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
+ private void sdca(HttpServletRequest request, Context context,
+ String hostname, String httpsPortStr) throws IOException {
CMS.debug("CAInfoPanel update: this is the CA in the security domain.");
IConfigStore config = CMS.getConfigStore();
@@ -292,26 +294,23 @@ public class CAInfoPanel extends WizardPanelBase {
try {
httpsport = Integer.parseInt(httpsPortStr);
} catch (Exception e) {
- CMS.debug(
- "CAInfoPanel update: Https port is not valid. Exception: "
- + e.toString());
+ CMS.debug("CAInfoPanel update: Https port is not valid. Exception: "
+ + e.toString());
throw new IOException("Http Port is not valid.");
}
config.putString("preop.ca.hostname", hostname);
config.putString("preop.ca.httpsport", httpsPortStr);
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChainUsingSecureEEPort( config, "ca", hostname,
- httpsport, true, context,
- certApprovalCallback );
+ updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport,
+ true, context, certApprovalCallback);
}
/**
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
/* This should never be called */
context.put("title", "CA Information");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
index fb8c2d9c..0aedded8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
@@ -17,9 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
-
-
public class Cert {
private String mNickname = "";
private String mTokenname = "";
@@ -116,8 +113,8 @@ public class Cert {
}
public String escapeForHTML(String s) {
- s = s.replaceAll("\"", "&quot;");
- return s;
+ s = s.replaceAll("\"", "&quot;");
+ return s;
}
public String getEscapedDN() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
index 30bcc78d..15059d08 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
import java.util.StringTokenizer;
@@ -42,19 +41,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
public class CertPrettyPrintPanel extends WizardPanelBase {
private Vector mCerts = null;
- public CertPrettyPrintPanel() {}
+ public CertPrettyPrintPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Certificates");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Certificates");
setId(id);
@@ -63,7 +62,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
public PropertySet getUsage() {
// expects no input from client
PropertySet set = new PropertySet();
-
+
return set;
}
@@ -75,15 +74,15 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
public boolean isPanelDone() {
IConfigStore cs = CMS.getConfigStore();
try {
- boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done",
- false);
+ boolean s = cs.getBoolean("preop.CertPrettyPrintPanel.done", false);
if (s != true) {
return false;
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -93,8 +92,10 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
CMS.debug("CertPrettyPrintPanel: in getCert()");
try {
// String cert = config.getString(CONF_CA_CERT);
- String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
- String certs = config.getString(subsystem + "." + certTag + ".cert");
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
+ String certs = config
+ .getString(subsystem + "." + certTag + ".cert");
byte[] certb = CryptoUtil.base64Decode(certs);
if (cert != null) {
@@ -116,8 +117,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("CertPrettyPrintPanel: display()");
context.put("title", "Certificates Pretty Print");
@@ -134,32 +134,30 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
String certTag = st.nextToken();
try {
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
- String nickname = config.getString(
- subsystem + "." + certTag + ".nickname");
- String tokenname = config.getString(
- subsystem + "." + certTag + ".tokenname");
+ String nickname = config.getString(subsystem + "."
+ + certTag + ".nickname");
+ String tokenname = config.getString(subsystem + "."
+ + certTag + ".tokenname");
Cert c = new Cert(tokenname, nickname, certTag);
- String type = config.getString(
- PCERT_PREFIX + certTag + ".type");
+ String type = config.getString(PCERT_PREFIX + certTag
+ + ".type");
c.setType(type);
getCert(request, config, context, certTag, c);
mCerts.addElement(c);
} catch (Exception e) {
- CMS.debug(
- "CertPrettyPrintPanel: display() certTag " + certTag
- + " Exception caught: " + e.toString());
+ CMS.debug("CertPrettyPrintPanel: display() certTag "
+ + certTag + " Exception caught: " + e.toString());
}
}
} catch (Exception e) {
- CMS.debug(
- "CertPrettyPrintPanel:display() Exception caught: "
- + e.toString());
+ CMS.debug("CertPrettyPrintPanel:display() Exception caught: "
+ + e.toString());
System.err.println("Exception caught: " + e.toString());
} // try
@@ -175,25 +173,22 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
CMS.debug("CertPrettyPrintPanel: in update()");
IConfigStore config = CMS.getConfigStore();
config.putBoolean("preop.CertPrettyPrintPanel.done", true);
try {
config.commit(false);
} catch (EBaseException e) {
- CMS.debug(
- "CertPrettyPrintPanel: update() Exception caught at config commit: "
- + e.toString());
+ CMS.debug("CertPrettyPrintPanel: update() Exception caught at config commit: "
+ + e.toString());
}
}
@@ -201,8 +196,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Certificates Pretty Print");
context.put("panel", "admin/console/config/certprettyprintpanel.vm");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
index 5e783b1a..962c9080 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.Principal;
@@ -58,35 +57,38 @@ public class CertRequestPanel extends WizardPanelBase {
private Vector mCerts = null;
private WizardServlet mServlet = null;
- public CertRequestPanel() {}
+ public CertRequestPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Requests & Certificates");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Requests and Certificates");
mServlet = servlet;
setId(id);
}
- // XXX how do you do this? There could be multiple certs.
+ // XXX how do you do this? There could be multiple certs.
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
- Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameters */
- null);
+
+ Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameters */
+ null);
set.add("cert", certDesc);
-
+
return set;
}
@@ -95,13 +97,13 @@ public class CertRequestPanel extends WizardPanelBase {
*/
public boolean showApplyButton() {
if (isPanelDone())
- return false;
+ return false;
else
- return true;
+ return true;
}
- private boolean findCertificate(String tokenname, String nickname)
- throws IOException {
+ private boolean findCertificate(String tokenname, String nickname)
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
CryptoManager cm = null;
try {
@@ -112,9 +114,10 @@ public class CertRequestPanel extends WizardPanelBase {
String fullnickname = nickname;
boolean hardware = false;
- if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
+ if (!tokenname.equals("internal")
+ && !tokenname.equals("Internal Key Storage Token")) {
hardware = true;
- fullnickname = tokenname+":"+nickname;
+ fullnickname = tokenname + ":" + nickname;
}
try {
@@ -126,16 +129,23 @@ public class CertRequestPanel extends WizardPanelBase {
return true;
} catch (Exception ee) {
if (hardware) {
- CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding.");
- throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding.");
+ CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "
+ + fullnickname
+ + " has been found on HSM. Please remove it before proceeding.");
+ throw new IOException(
+ "The certificate with the same nickname: "
+ + fullnickname
+ + " has been found on HSM. Please remove it before proceeding.");
}
return true;
}
} catch (IOException e) {
- CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString());
+ CMS.debug("CertRequestPanel findCertificate: throw exception:"
+ + e.toString());
throw e;
} catch (Exception e) {
- CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString());
+ CMS.debug("CertRequestPanel findCertificate: Exception="
+ + e.toString());
return false;
}
}
@@ -148,13 +158,13 @@ public class CertRequestPanel extends WizardPanelBase {
try {
select = cs.getString("preop.subsystem.select", "");
list = cs.getString("preop.cert.list", "");
- tokenname = cs.getString("preop.module.token", "");
+ tokenname = cs.getString("preop.module.token", "");
} catch (Exception e) {
}
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
- ICertificateAuthority.ID);
-
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(ICertificateAuthority.ID);
+
if (ca != null) {
CMS.debug("CertRequestPanel cleanup: get certificate repository");
BigInteger beginS = null;
@@ -176,27 +186,28 @@ public class CertRequestPanel extends WizardPanelBase {
try {
cr.removeCertRecords(beginS, endS);
} catch (Exception e) {
- CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString());
+ CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "
+ + e.toString());
}
-
+
try {
- cr.resetSerialNumber(new BigInteger(beginNum,16));
+ cr.resetSerialNumber(new BigInteger(beginNum, 16));
} catch (Exception e) {
- CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString());
+ CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "
+ + e.toString());
}
}
}
-
StringTokenizer st = new StringTokenizer(list, ",");
String nickname = "";
boolean enable = false;
while (st.hasMoreTokens()) {
String t = st.nextToken();
-
+
try {
- enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true);
- nickname = cs.getString(PCERT_PREFIX +t+".nickname", "");
+ enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true);
+ nickname = cs.getString(PCERT_PREFIX + t + ".nickname", "");
} catch (Exception e) {
}
@@ -208,10 +219,12 @@ public class CertRequestPanel extends WizardPanelBase {
if (findCertificate(tokenname, nickname)) {
try {
- CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+").");
- deleteCert(tokenname, nickname);
+ CMS.debug("CertRequestPanel cleanup: deleting certificate ("
+ + nickname + ").");
+ deleteCert(tokenname, nickname);
} catch (Exception e) {
- CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString());
+ CMS.debug("CertRequestPanel cleanup: failed to delete certificate ("
+ + nickname + "). Exception: " + e.toString());
}
}
}
@@ -227,50 +240,50 @@ public class CertRequestPanel extends WizardPanelBase {
public boolean isPanelDone() {
IConfigStore cs = CMS.getConfigStore();
try {
- boolean s = cs.getBoolean("preop.CertRequestPanel.done",
- false);
+ boolean s = cs.getBoolean("preop.CertRequestPanel.done", false);
if (s != true) {
return false;
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
- public void getCert(IConfigStore config,
- Context context, String certTag, Cert cert) {
+ public void getCert(IConfigStore config, Context context, String certTag,
+ Cert cert) {
try {
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
- String certs = config.getString(subsystem + "." + certTag + ".cert", "");
+ String certs = config.getString(
+ subsystem + "." + certTag + ".cert", "");
if (cert != null) {
String certf = certs;
- CMS.debug(
- "CertRequestPanel getCert: certTag=" + certTag
+ CMS.debug("CertRequestPanel getCert: certTag=" + certTag
+ " cert=" + certs);
- //get and set formated cert
- if (!certs.startsWith("...")) {
+ // get and set formated cert
+ if (!certs.startsWith("...")) {
certf = CryptoUtil.certFormat(certs);
}
cert.setCert(certf);
- //get and set cert pretty print
+ // get and set cert pretty print
byte[] certb = CryptoUtil.base64Decode(certs);
CertPrettyPrint pp = new CertPrettyPrint(certb);
cert.setCertpp(pp.toString(Locale.getDefault()));
} else {
- CMS.debug( "CertRequestPanel::getCert() - cert is null!" );
+ CMS.debug("CertRequestPanel::getCert() - cert is null!");
return;
}
- String userfriendlyname = config.getString(
- PCERT_PREFIX + certTag + ".userfriendlyname");
+ String userfriendlyname = config.getString(PCERT_PREFIX + certTag
+ + ".userfriendlyname");
cert.setUserFriendlyName(userfriendlyname);
String type = config.getString(PCERT_PREFIX + certTag + ".type");
@@ -285,46 +298,45 @@ public class CertRequestPanel extends WizardPanelBase {
}
public X509Key getECCX509Key(IConfigStore config, String certTag)
- throws Exception
- {
+ throws Exception {
X509Key pubk = null;
- String pubKeyEncoded = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.encoded");
- pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
+ String pubKeyEncoded = config.getString(PCERT_PREFIX + certTag
+ + ".pubkey.encoded");
+ pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil
+ .string2byte(pubKeyEncoded));
return pubk;
}
public X509Key getRSAX509Key(IConfigStore config, String certTag)
- throws Exception
- {
+ throws Exception {
X509Key pubk = null;
- String pubKeyModulus = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.modulus");
- String pubKeyPublicExponent = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.exponent");
+ String pubKeyModulus = config.getString(PCERT_PREFIX + certTag
+ + ".pubkey.modulus");
+ String pubKeyPublicExponent = config.getString(PCERT_PREFIX + certTag
+ + ".pubkey.exponent");
pubk = CryptoUtil.getPublicX509Key(
- CryptoUtil.string2byte(pubKeyModulus),
- CryptoUtil.string2byte(pubKeyPublicExponent));
+ CryptoUtil.string2byte(pubKeyModulus),
+ CryptoUtil.string2byte(pubKeyPublicExponent));
return pubk;
}
- public void handleCertRequest(IConfigStore config,
- Context context, String certTag, Cert cert) {
+ public void handleCertRequest(IConfigStore config, Context context,
+ String certTag, Cert cert) {
try {
// get public key
- String pubKeyType = config.getString(
- PCERT_PREFIX + certTag + ".keytype");
- String algorithm = config.getString(
- PCERT_PREFIX + certTag + ".keyalgorithm");
+ String pubKeyType = config.getString(PCERT_PREFIX + certTag
+ + ".keytype");
+ String algorithm = config.getString(PCERT_PREFIX + certTag
+ + ".keyalgorithm");
X509Key pubk = null;
if (pubKeyType.equals("rsa")) {
pubk = getRSAX509Key(config, certTag);
} else if (pubKeyType.equals("ecc")) {
pubk = getECCX509Key(config, certTag);
} else {
- CMS.debug( "CertRequestPanel::handleCertRequest() - "
- + "pubKeyType " + pubKeyType + " is unsupported!" );
+ CMS.debug("CertRequestPanel::handleCertRequest() - "
+ + "pubKeyType " + pubKeyType + " is unsupported!");
return;
}
@@ -337,11 +349,11 @@ public class CertRequestPanel extends WizardPanelBase {
}
// get private key
- String privKeyID = config.getString(
- PCERT_PREFIX + certTag + ".privkey.id");
+ String privKeyID = config.getString(PCERT_PREFIX + certTag
+ + ".privkey.id");
CMS.debug("CertRequestPanel: privKeyID=" + privKeyID);
byte[] keyIDb = CryptoUtil.string2byte(privKeyID);
-
+
PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb);
if (privk != null) {
@@ -349,7 +361,7 @@ public class CertRequestPanel extends WizardPanelBase {
} else {
CMS.debug("CertRequestPanel: error getting private key null");
}
-
+
// construct cert request
String caDN = config.getString(PCERT_PREFIX + certTag + ".dn");
@@ -361,9 +373,9 @@ public class CertRequestPanel extends WizardPanelBase {
byte[] certReqb = certReq.toByteArray();
String certReqs = CryptoUtil.base64Encode(certReqb);
String certReqf = CryptoUtil.reqFormat(certReqs);
-
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
+
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
config.putString(subsystem + "." + certTag + ".certreq", certReqs);
config.commit(false);
cert.setRequest(certReqf);
@@ -378,8 +390,7 @@ public class CertRequestPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("CertRequestPanel: display()");
context.put("title", "Requests and Certificates");
@@ -396,36 +407,35 @@ public class CertRequestPanel extends WizardPanelBase {
String certTag = st.nextToken();
try {
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
- String nickname = config.getString(
- subsystem + "." + certTag + ".nickname");
- String tokenname = config.getString(
- subsystem + "." + certTag + ".tokenname");
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
+ String nickname = config.getString(subsystem + "."
+ + certTag + ".nickname");
+ String tokenname = config.getString(subsystem + "."
+ + certTag + ".tokenname");
Cert c = new Cert(tokenname, nickname, certTag);
handleCertRequest(config, context, certTag, c);
- String type = config.getString(
- PCERT_PREFIX + certTag + ".type");
+ String type = config.getString(PCERT_PREFIX + certTag
+ + ".type");
c.setType(type);
- boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag
+ + ".enable", true);
c.setEnable(enable);
getCert(config, context, certTag, c);
c.setSubsystem(subsystem);
mCerts.addElement(c);
} catch (Exception e) {
- CMS.debug(
- "CertRequestPanel:display() Exception caught: "
- + e.toString() + " for certTag " + certTag);
+ CMS.debug("CertRequestPanel:display() Exception caught: "
+ + e.toString() + " for certTag " + certTag);
}
}
} catch (Exception e) {
- CMS.debug(
- "CertRequestPanel:display() Exception caught: "
- + e.toString());
+ CMS.debug("CertRequestPanel:display() Exception caught: "
+ + e.toString());
System.err.println("Exception caught: " + e.toString());
} // try
@@ -441,8 +451,7 @@ public class CertRequestPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
private boolean findBootstrapServerCert() {
@@ -458,7 +467,8 @@ public class CertRequestPanel extends WizardPanelBase {
if (issuerDN.equals(subjectDN))
return true;
} catch (Exception e) {
- CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString());
+ CMS.debug("CertRequestPanel findBootstrapServerCert Exception="
+ + e.toString());
}
return false;
@@ -472,7 +482,8 @@ public class CertRequestPanel extends WizardPanelBase {
deleteCert("Internal Key Storage Token", nickname);
} catch (Exception e) {
- CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString());
+ CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="
+ + e.toString());
}
}
@@ -480,8 +491,7 @@ public class CertRequestPanel extends WizardPanelBase {
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
CMS.debug("CertRequestPanel: in update()");
boolean hasErr = false;
IConfigStore config = CMS.getConfigStore();
@@ -502,7 +512,7 @@ public class CertRequestPanel extends WizardPanelBase {
String tokenname = "";
try {
- tokenname = config.getString("preop.module.token", "");
+ tokenname = config.getString("preop.module.token", "");
} catch (Exception e) {
}
@@ -510,202 +520,216 @@ public class CertRequestPanel extends WizardPanelBase {
Cert cert = (Cert) c.nextElement();
String certTag = cert.getCertTag();
String subsystem = cert.getSubsystem();
- boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag
+ + ".enable", true);
if (!enable)
continue;
- if (hasErr)
+ if (hasErr)
continue;
String nickname = cert.getNickname();
- CMS.debug(
- "CertRequestPanel: update() for cert tag "
- + cert.getCertTag());
- // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", "");
+ CMS.debug("CertRequestPanel: update() for cert tag "
+ + cert.getCertTag());
+ // String b64 = config.getString(CERT_PREFIX+ certTag +".cert",
+ // "");
String b64 = HttpInput.getCert(request, certTag);
if (cert.getType().equals("local")
- && b64.equals(
- "...certificate be generated internally...")) {
+ && b64.equals("...certificate be generated internally...")) {
- String pubKeyType = config.getString(
- PCERT_PREFIX + certTag + ".keytype");
+ String pubKeyType = config.getString(PCERT_PREFIX + certTag
+ + ".keytype");
X509Key x509key = null;
if (pubKeyType.equals("rsa")) {
- x509key = getRSAX509Key(config, certTag);
+ x509key = getRSAX509Key(config, certTag);
} else if (pubKeyType.equals("ecc")) {
- x509key = getECCX509Key(config, certTag);
+ x509key = getECCX509Key(config, certTag);
}
-
+
if (findCertificate(tokenname, nickname)) {
if (!certTag.equals("sslserver"))
- continue;
+ continue;
}
- X509CertImpl impl = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, cert.getType(), context);
+ X509CertImpl impl = CertUtil.createLocalCert(config,
+ x509key, PCERT_PREFIX, certTag, cert.getType(),
+ context);
if (impl != null) {
- byte[] certb = impl.getEncoded();
+ byte[] certb = impl.getEncoded();
String certs = CryptoUtil.base64Encode(certb);
cert.setCert(certs);
- config.putString(subsystem + "." + certTag + ".cert", certs);
+ config.putString(subsystem + "." + certTag + ".cert",
+ certs);
/* import certificate */
- CMS.debug(
- "CertRequestPanel configCert: nickname="
- + nickname);
+ CMS.debug("CertRequestPanel configCert: nickname="
+ + nickname);
try {
- if (certTag.equals("sslserver") && findBootstrapServerCert())
+ if (certTag.equals("sslserver")
+ && findBootstrapServerCert())
deleteBootstrapServerCert();
if (findCertificate(tokenname, nickname))
deleteCert(tokenname, nickname);
- if (certTag.equals("signing") && subsystem.equals("ca"))
- CryptoUtil.importUserCertificate(impl, nickname);
+ if (certTag.equals("signing")
+ && subsystem.equals("ca"))
+ CryptoUtil
+ .importUserCertificate(impl, nickname);
else
- CryptoUtil.importUserCertificate(impl, nickname, false);
- CMS.debug(
- "CertRequestPanel configCert: cert imported for certTag "
- + certTag);
+ CryptoUtil.importUserCertificate(impl,
+ nickname, false);
+ CMS.debug("CertRequestPanel configCert: cert imported for certTag "
+ + certTag);
} catch (Exception ee) {
- CMS.debug(
- "CertRequestPanel configCert: import certificate for certTag="
- + certTag + " Exception: "
- + ee.toString());
+ CMS.debug("CertRequestPanel configCert: import certificate for certTag="
+ + certTag + " Exception: " + ee.toString());
CMS.debug("ok");
-// hasErr = true;
+ // hasErr = true;
}
}
} else if (cert.getType().equals("remote")) {
if (b64 != null && b64.length() > 0
&& !b64.startsWith("...")) {
- String b64chain = HttpInput.getCertChain(request, certTag+"_cc");
- CMS.debug(
- "CertRequestPanel: in update() process remote...import cert");
+ String b64chain = HttpInput.getCertChain(request,
+ certTag + "_cc");
+ CMS.debug("CertRequestPanel: in update() process remote...import cert");
- String input = HttpInput.getCert(request, cert.getCertTag());
+ String input = HttpInput.getCert(request,
+ cert.getCertTag());
if (input != null) {
try {
- if (certTag.equals("sslserver") && findBootstrapServerCert())
+ if (certTag.equals("sslserver")
+ && findBootstrapServerCert())
deleteBootstrapServerCert();
- if (findCertificate(tokenname, nickname)) {
- deleteCert(tokenname, nickname);
+ if (findCertificate(tokenname, nickname)) {
+ deleteCert(tokenname, nickname);
}
} catch (Exception e) {
- CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString());
+ CMS.debug("CertRequestPanel update (remote): deleteCert Exception="
+ + e.toString());
}
input = CryptoUtil.stripCertBrackets(input.trim());
String certs = CryptoUtil.normalizeCertStr(input);
byte[] certb = CryptoUtil.base64Decode(certs);
- config.putString(subsystem + "." + certTag + ".cert",
- certs);
+ config.putString(subsystem + "." + certTag
+ + ".cert", certs);
try {
CryptoManager cm = CryptoManager.getInstance();
- X509Certificate x509cert = cm.importCertPackage(
- certb, nickname);
+ X509Certificate x509cert = cm
+ .importCertPackage(certb, nickname);
CryptoUtil.trustCertByNickname(nickname);
- X509Certificate[] certchains = cm.buildCertificateChain(
- x509cert);
+ X509Certificate[] certchains = cm
+ .buildCertificateChain(x509cert);
X509Certificate leaf = null;
if (certchains != null) {
- CMS.debug(
- "CertRequestPanel certchains length="
- + certchains.length);
+ CMS.debug("CertRequestPanel certchains length="
+ + certchains.length);
leaf = certchains[certchains.length - 1];
}
- if( leaf == null ) {
- CMS.debug( "CertRequestPanel::update() - "
- + "leaf is null!" );
- throw new IOException( "leaf is null" );
+ if (leaf == null) {
+ CMS.debug("CertRequestPanel::update() - "
+ + "leaf is null!");
+ throw new IOException("leaf is null");
}
- if (/*(certchains.length <= 1) &&*/
- (b64chain != null && b64chain.length() != 0)) {
- CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain);
- try {
- CryptoUtil.importCertificateChain(
- CryptoUtil.normalizeCertAndReq(b64chain));
- } catch (Exception e) {
- CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString());
- }
+ if (/* (certchains.length <= 1) && */
+ (b64chain != null && b64chain.length() != 0)) {
+ CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: "
+ + b64chain);
+ try {
+ CryptoUtil
+ .importCertificateChain(CryptoUtil
+ .normalizeCertAndReq(b64chain));
+ } catch (Exception e) {
+ CMS.debug("CertRequestPanel: importCertChain: Exception: "
+ + e.toString());
+ }
}
InternalCertificate icert = (InternalCertificate) leaf;
- icert.setSSLTrust(
- InternalCertificate.TRUSTED_CA
- | InternalCertificate.TRUSTED_CLIENT_CA
- | InternalCertificate.VALID_CA);
- CMS.debug(
- "CertRequestPanel configCert: import certificate successfully, certTag="
- + certTag);
+ icert.setSSLTrust(InternalCertificate.TRUSTED_CA
+ | InternalCertificate.TRUSTED_CLIENT_CA
+ | InternalCertificate.VALID_CA);
+ CMS.debug("CertRequestPanel configCert: import certificate successfully, certTag="
+ + certTag);
} catch (Exception ee) {
- CMS.debug(
- "CertRequestPanel configCert: import certificate for certTag="
- + certTag + " Exception: "
- + ee.toString());
+ CMS.debug("CertRequestPanel configCert: import certificate for certTag="
+ + certTag
+ + " Exception: "
+ + ee.toString());
CMS.debug("ok");
-// hasErr=true;
+ // hasErr=true;
}
} else {
CMS.debug("CertRequestPanel: in update() input null");
hasErr = true;
}
} else {
- CMS.debug("CertRequestPanel: in update() b64 not set");
- hasErr=true;
+ CMS.debug("CertRequestPanel: in update() b64 not set");
+ hasErr = true;
}
-
+
} else {
b64 = CryptoUtil.stripCertBrackets(b64.trim());
String certs = CryptoUtil.normalizeCertStr(b64);
byte[] certb = CryptoUtil.base64Decode(certs);
X509CertImpl impl = new X509CertImpl(certb);
try {
- if (certTag.equals("sslserver") && findBootstrapServerCert())
+ if (certTag.equals("sslserver")
+ && findBootstrapServerCert())
deleteBootstrapServerCert();
if (findCertificate(tokenname, nickname)) {
- deleteCert(tokenname, nickname);
+ deleteCert(tokenname, nickname);
}
} catch (Exception ee) {
- CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString());
+ CMS.debug("CertRequestPanel update: deleteCert Exception="
+ + ee.toString());
}
try {
if (certTag.equals("signing") && subsystem.equals("ca"))
CryptoUtil.importUserCertificate(impl, nickname);
else
- CryptoUtil.importUserCertificate(impl, nickname, false);
+ CryptoUtil.importUserCertificate(impl, nickname,
+ false);
} catch (Exception ee) {
- CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString());
- hasErr=true;
+ CMS.debug("CertRequestPanel: Failed to import user certificate."
+ + ee.toString());
+ hasErr = true;
}
}
- //update requests in request queue for local certs to allow renewal
- if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) {
- CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null);
+ // update requests in request queue for local certs to allow
+ // renewal
+ if ((cert.getType().equals("local"))
+ || (cert.getType().equals("selfsign"))) {
+ CertUtil.updateLocalRequest(config, certTag,
+ cert.getRequest(), "pkcs10", null);
}
if (certTag.equals("signing") && subsystem.equals("ca")) {
String NickName = nickname;
- if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
- NickName = tokenname+ ":"+ nickname;
+ if (!tokenname.equals("internal")
+ && !tokenname.equals("Internal Key Storage Token"))
+ NickName = tokenname + ":" + nickname;
- CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName);
+ CMS.debug("CertRequestPanel update: set trust on CA signing cert "
+ + NickName);
CryptoUtil.trustCertByNickname(NickName);
CMS.reinit(ICertificateAuthority.ID);
- }
- } //while loop
+ }
+ } // while loop
if (hasErr == false) {
- config.putBoolean("preop.CertRequestPanel.done", true);
+ config.putBoolean("preop.CertRequestPanel.done", true);
}
config.commit(false);
} catch (Exception e) {
@@ -713,7 +737,7 @@ public class CertRequestPanel extends WizardPanelBase {
System.err.println("Exception caught: " + e.toString());
}
- //reset the attribute of the user certificate to u,u,u
+ // reset the attribute of the user certificate to u,u,u
String certlist = "";
try {
certlist = config.getString("preop.cert.list", "");
@@ -723,25 +747,28 @@ public class CertRequestPanel extends WizardPanelBase {
String tag = tokenizer.nextToken();
if (tag.equals("signing"))
continue;
- String nickname = config.getString("preop.cert."+tag+".nickname", "");
+ String nickname = config.getString("preop.cert." + tag
+ + ".nickname", "");
String tokenname = config.getString("preop.module.token", "");
if (!tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname+":"+nickname;
+ nickname = tokenname + ":" + nickname;
X509Certificate c = cm.findCertByNickname(nickname);
if (c instanceof InternalCertificate) {
- InternalCertificate ic = (InternalCertificate)c;
+ InternalCertificate ic = (InternalCertificate) c;
ic.setSSLTrust(InternalCertificate.USER);
ic.setEmailTrust(InternalCertificate.USER);
if (tag.equals("audit_signing")) {
- ic.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
+ ic.setObjectSigningTrust(InternalCertificate.USER
+ | InternalCertificate.VALID_PEER
+ | InternalCertificate.TRUSTED_PEER);
} else {
ic.setObjectSigningTrust(InternalCertificate.USER);
}
}
- }
+ }
} catch (Exception e) {
}
- if (!hasErr) {
+ if (!hasErr) {
context.put("updateStatus", "success");
} else {
context.put("updateStatus", "failure");
@@ -752,8 +779,7 @@ public class CertRequestPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Certificate Request");
context.put("panel", "admin/console/config/certrequestpanel.vm");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 3725149d..0a6d3c60 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -64,13 +64,12 @@ import com.netscape.cmsutil.http.HttpResponse;
import com.netscape.cmsutil.http.JssSSLSocketFactory;
import com.netscape.cmsutil.xml.XMLObject;
-
public class CertUtil {
static final int LINE_COUNT = 76;
- public static X509CertImpl createRemoteCert(String hostname,
- int port, String content, HttpServletResponse response, WizardPanelBase panel)
- throws IOException {
+ public static X509CertImpl createRemoteCert(String hostname, int port,
+ String content, HttpServletResponse response, WizardPanelBase panel)
+ throws IOException {
HttpClient httpclient = new HttpClient();
String c = null;
CMS.debug("CertUtil createRemoteCert: content " + content);
@@ -98,21 +97,22 @@ public class CertUtil {
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "CertUtil::createRemoteCert() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("CertUtil::createRemoteCert() - " + "Exception="
+ + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
CMS.debug("CertUtil createRemoteCert: status=" + status);
if (status.equals("2")) {
- //relogin to the security domain
+ // relogin to the security domain
panel.reloginSecurityDomain(response);
return null;
} else if (!status.equals("0")) {
@@ -136,43 +136,43 @@ public class CertUtil {
return null;
}
- public static String getPKCS10(IConfigStore config, String prefix,
+ public static String getPKCS10(IConfigStore config, String prefix,
Cert certObj, Context context) throws IOException {
String certTag = certObj.getCertTag();
X509Key pubk = null;
try {
- String pubKeyType = config.getString(
- prefix + certTag + ".keytype");
- String algorithm = config.getString(
- prefix + certTag + ".keyalgorithm");
+ String pubKeyType = config.getString(prefix + certTag + ".keytype");
+ String algorithm = config.getString(prefix + certTag
+ + ".keyalgorithm");
if (pubKeyType.equals("rsa")) {
- String pubKeyModulus = config.getString(
- prefix + certTag + ".pubkey.modulus");
- String pubKeyPublicExponent = config.getString(
- prefix + certTag + ".pubkey.exponent");
- pubk = CryptoUtil.getPublicX509Key(
- CryptoUtil.string2byte(pubKeyModulus),
- CryptoUtil.string2byte(pubKeyPublicExponent));
+ String pubKeyModulus = config.getString(prefix + certTag
+ + ".pubkey.modulus");
+ String pubKeyPublicExponent = config.getString(prefix + certTag
+ + ".pubkey.exponent");
+ pubk = CryptoUtil.getPublicX509Key(
+ CryptoUtil.string2byte(pubKeyModulus),
+ CryptoUtil.string2byte(pubKeyPublicExponent));
} else if (pubKeyType.equals("ecc")) {
- String pubKeyEncoded = config.getString(
- prefix + certTag + ".pubkey.encoded");
- pubk = CryptoUtil.getPublicX509ECCKey(
- CryptoUtil.string2byte(pubKeyEncoded));
+ String pubKeyEncoded = config.getString(prefix + certTag
+ + ".pubkey.encoded");
+ pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil
+ .string2byte(pubKeyEncoded));
} else {
- CMS.debug( "CertRequestPanel::getPKCS10() - "
- + "public key type is unsupported!" );
- throw new IOException( "public key type is unsupported" );
+ CMS.debug("CertRequestPanel::getPKCS10() - "
+ + "public key type is unsupported!");
+ throw new IOException("public key type is unsupported");
}
if (pubk != null) {
CMS.debug("CertRequestPanel: got public key");
} else {
CMS.debug("CertRequestPanel: error getting public key null");
- throw new IOException( "public key is null" );
+ throw new IOException("public key is null");
}
// get private key
- String privKeyID = config.getString(prefix + certTag + ".privkey.id");
+ String privKeyID = config.getString(prefix + certTag
+ + ".privkey.id");
byte[] keyIDb = CryptoUtil.string2byte(privKeyID);
PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb);
@@ -187,8 +187,8 @@ public class CertUtil {
String dn = config.getString(prefix + certTag + ".dn");
PKCS10 certReq = null;
- certReq = CryptoUtil.createCertificationRequest(dn, pubk,
- privk, algorithm);
+ certReq = CryptoUtil.createCertificationRequest(dn, pubk, privk,
+ algorithm);
byte[] certReqb = certReq.toByteArray();
String certReqs = CryptoUtil.base64Encode(certReqb);
@@ -201,15 +201,15 @@ public class CertUtil {
}
}
-
-/*
- * create requests so renewal can work on these initial certs
- */
- public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException {
-// RequestId rid = new RequestId(serialNum);
+ /*
+ * create requests so renewal can work on these initial certs
+ */
+ public static IRequest createLocalRequest(IRequestQueue queue,
+ String serialNum, X509CertInfo info) throws EBaseException {
+ // RequestId rid = new RequestId(serialNum);
// just need a request, no need to get into a queue
-// IRequest r = new EnrollmentRequest(rid);
- CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum);
+ // IRequest r = new EnrollmentRequest(rid);
+ CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum);
IRequest req = queue.newRequest("enrollment");
CMS.debug("certUtil: newRequest called");
req.setExtData("profile", "true");
@@ -217,14 +217,14 @@ public class CertUtil {
req.setExtData("req_seq_num", "0");
req.setExtData(IEnrollProfile.REQUEST_CERTINFO, info);
req.setExtData(IEnrollProfile.REQUEST_EXTENSIONS,
- new CertificateExtensions());
+ new CertificateExtensions());
req.setExtData("requesttype", "enrollment");
req.setExtData("requestor_name", "");
req.setExtData("requestor_email", "");
req.setExtData("requestor_phone", "");
req.setExtData("profileRemoteHost", "");
req.setExtData("profileRemoteAddr", "");
- req.setExtData("requestnotes","");
+ req.setExtData("requestnotes", "");
req.setExtData("isencryptioncert", "false");
req.setExtData("profileapprovedby", "system");
@@ -235,18 +235,19 @@ public class CertUtil {
return req;
}
-/**
- * update local cert request with the actual request
- * called from CertRequestPanel.java
- */
- public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName)
- {
- try {
+ /**
+ * update local cert request with the actual request called from
+ * CertRequestPanel.java
+ */
+ public static void updateLocalRequest(IConfigStore config, String certTag,
+ String certReq, String reqType, String subjectName) {
+ try {
CMS.debug("Updating local request... certTag=" + certTag);
- RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId"));
+ RequestId rid = new RequestId(config.getString("preop.cert."
+ + certTag + ".reqId"));
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
- ICertificateAuthority.ID);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(ICertificateAuthority.ID);
IRequestQueue queue = ca.getRequestQueue();
if (queue != null) {
@@ -262,76 +263,84 @@ public class CertUtil {
}
queue.updateRequest(req);
} else {
- CMS.debug("CertUtil:updateLocalRequest - request queue = null");
+ CMS.debug("CertUtil:updateLocalRequest - request queue = null");
}
} catch (Exception e) {
CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString());
}
}
-/**
- * reads from the admin cert profile caAdminCert.profile and takes the first
- * entry in the list of allowed algorithms. Users that wish a different algorithm
- * can specify it in the profile using default.params.signingAlg
- */
+ /**
+ * reads from the admin cert profile caAdminCert.profile and takes the first
+ * entry in the list of allowed algorithms. Users that wish a different
+ * algorithm can specify it in the profile using default.params.signingAlg
+ */
public static String getAdminProfileAlgorithm(IConfigStore config) {
String algorithm = "SHA256withRSA";
try {
- String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa");
+ String caSigningKeyType = config.getString(
+ "preop.cert.signing.keytype", "rsa");
String pfile = config.getString("profile.caAdminCert.config");
FileInputStream fis = new FileInputStream(pfile);
DataInputStream in = new DataInputStream(fis);
BufferedReader br = new BufferedReader(new InputStreamReader(in));
- String strLine;
- while ((strLine = br.readLine()) != null) {
- String marker2 = "default.params.signingAlg=";
- int indx = strLine.indexOf(marker2);
- if (indx != -1) {
- String alg = strLine.substring(indx + marker2.length());
- if ((alg.length() > 0) && (!alg.equals("-"))) {
- algorithm = alg;
- break;
- };
- };
-
- String marker = "signingAlgsAllowed=";
- indx = strLine.indexOf(marker);
- if (indx != -1) {
- String[] algs = strLine.substring(indx + marker.length()).split(",");
- for (int i=0; i<algs.length; i++) {
- if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) ||
- (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) {
- algorithm = algs[i];
- break;
- }
- }
- }
- }
- in.close();
+ String strLine;
+ while ((strLine = br.readLine()) != null) {
+ String marker2 = "default.params.signingAlg=";
+ int indx = strLine.indexOf(marker2);
+ if (indx != -1) {
+ String alg = strLine.substring(indx + marker2.length());
+ if ((alg.length() > 0) && (!alg.equals("-"))) {
+ algorithm = alg;
+ break;
+ }
+ ;
+ }
+ ;
+
+ String marker = "signingAlgsAllowed=";
+ indx = strLine.indexOf(marker);
+ if (indx != -1) {
+ String[] algs = strLine.substring(indx + marker.length())
+ .split(",");
+ for (int i = 0; i < algs.length; i++) {
+ if ((caSigningKeyType.equals("rsa") && (algs[i]
+ .indexOf("RSA") != -1))
+ || (caSigningKeyType.equals("ecc") && (algs[i]
+ .indexOf("EC") != -1))) {
+ algorithm = algs[i];
+ break;
+ }
+ }
+ }
+ }
+ in.close();
} catch (Exception e) {
CMS.debug("getAdminProfleAlgorithm: exception: " + e);
}
return algorithm;
}
- public static X509CertImpl createLocalCert(IConfigStore config, X509Key x509key,
- String prefix, String certTag, String type, Context context) throws IOException {
+ public static X509CertImpl createLocalCert(IConfigStore config,
+ X509Key x509key, String prefix, String certTag, String type,
+ Context context) throws IOException {
CMS.debug("Creating local certificate... certTag=" + certTag);
String profile = null;
try {
profile = config.getString(prefix + certTag + ".profile");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
X509CertImpl cert = null;
ICertificateAuthority ca = null;
ICertificateRepository cr = null;
RequestId reqId = null;
String profileId = null;
- IRequestQueue queue = null;
+ IRequestQueue queue = null;
IRequest req = null;
try {
@@ -344,38 +353,40 @@ public class CertUtil {
if (certTag.equals("admin")) {
keyAlgorithm = getAdminProfileAlgorithm(config);
} else {
- keyAlgorithm = config.getString(prefix + certTag + ".keyalgorithm");
+ keyAlgorithm = config.getString(prefix + certTag
+ + ".keyalgorithm");
}
- ca = (ICertificateAuthority) CMS.getSubsystem(
- ICertificateAuthority.ID);
+ ca = (ICertificateAuthority) CMS
+ .getSubsystem(ICertificateAuthority.ID);
cr = (ICertificateRepository) ca.getCertificateRepository();
BigInteger serialNo = cr.getNextSerialNumber();
if (type.equals("selfsign")) {
CMS.debug("Creating local certificate... issuerdn=" + dn);
CMS.debug("Creating local certificate... dn=" + dn);
- info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date,
- date, keyAlgorithm);
- } else {
+ info = CryptoUtil.createX509CertInfo(x509key,
+ serialNo.intValue(), dn, dn, date, date, keyAlgorithm);
+ } else {
String issuerdn = config.getString("preop.cert.signing.dn", "");
CMS.debug("Creating local certificate... issuerdn=" + issuerdn);
CMS.debug("Creating local certificate... dn=" + dn);
info = CryptoUtil.createX509CertInfo(x509key,
- serialNo.intValue(), issuerdn, dn, date, date, keyAlgorithm);
+ serialNo.intValue(), issuerdn, dn, date, date,
+ keyAlgorithm);
}
CMS.debug("Cert Template: " + info.toString());
String instanceRoot = config.getString("instanceRoot");
- CertInfoProfile processor = new CertInfoProfile(
- instanceRoot + "/conf/" + profile);
+ CertInfoProfile processor = new CertInfoProfile(instanceRoot
+ + "/conf/" + profile);
// cfu - create request to enable renewal
try {
queue = ca.getRequestQueue();
if (queue != null) {
req = createLocalRequest(queue, serialNo.toString(), info);
- CMS.debug("CertUtil profile name= "+profile);
+ CMS.debug("CertUtil profile name= " + profile);
req.setExtData("req_key", x509key.toString());
// store original profile id in cert request
@@ -387,59 +398,60 @@ public class CertUtil {
String name = profile.substring(0, idx);
req.setExtData("origprofileid", name);
}
-
+
// store mapped profile ID for use in renewal
profileId = processor.getProfileIDMapping();
req.setExtData("profileid", profileId);
- req.setExtData("profilesetid", processor.getProfileSetIDMapping());
+ req.setExtData("profilesetid",
+ processor.getProfileSetIDMapping());
reqId = req.getRequestId();
- config.putString("preop.cert." + certTag + ".reqId", reqId.toString());
+ config.putString("preop.cert." + certTag + ".reqId",
+ reqId.toString());
} else {
CMS.debug("certUtil: requestQueue null");
}
} catch (Exception e) {
- CMS.debug("Creating local request exception:"+e.toString());
+ CMS.debug("Creating local request exception:" + e.toString());
}
processor.populate(info);
- String caPriKeyID = config.getString(
- prefix + "signing" + ".privkey.id");
+ String caPriKeyID = config.getString(prefix + "signing"
+ + ".privkey.id");
byte[] keyIDb = CryptoUtil.string2byte(caPriKeyID);
- PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(
- keyIDb);
+ PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(keyIDb);
- if( caPrik == null ) {
- CMS.debug( "CertUtil::createSelfSignedCert() - "
- + "CA private key is null!" );
- throw new IOException( "CA private key is null" );
+ if (caPrik == null) {
+ CMS.debug("CertUtil::createSelfSignedCert() - "
+ + "CA private key is null!");
+ throw new IOException("CA private key is null");
} else {
CMS.debug("CertUtil createSelfSignedCert: got CA private key");
}
String keyAlgo = x509key.getAlgorithm();
CMS.debug("key algorithm is " + keyAlgo);
- String caSigningKeyType =
- config.getString("preop.cert.signing.keytype","rsa");
- String caSigningKeyAlgo = "";
- if (type.equals("selfsign")) {
- caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA");
+ String caSigningKeyType = config.getString(
+ "preop.cert.signing.keytype", "rsa");
+ String caSigningKeyAlgo = "";
+ if (type.equals("selfsign")) {
+ caSigningKeyAlgo = config.getString(
+ "preop.cert.signing.keyalgorithm", "SHA256withRSA");
} else {
- caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA");
+ caSigningKeyAlgo = config.getString(
+ "preop.cert.signing.signingalgorithm", "SHA256withRSA");
}
CMS.debug("CA Signing Key type " + caSigningKeyType);
CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo);
if (caSigningKeyType.equals("ecc")) {
- CMS.debug("CA signing cert is ECC");
- cert = CryptoUtil.signECCCert(caPrik, info,
- caSigningKeyAlgo);
+ CMS.debug("CA signing cert is ECC");
+ cert = CryptoUtil.signECCCert(caPrik, info, caSigningKeyAlgo);
} else {
- CMS.debug("CA signing cert is not ecc");
- cert = CryptoUtil.signCert(caPrik, info,
- caSigningKeyAlgo);
+ CMS.debug("CA signing cert is not ecc");
+ cert = CryptoUtil.signCert(caPrik, info, caSigningKeyAlgo);
}
if (cert != null) {
@@ -453,7 +465,8 @@ public class CertUtil {
if (cr == null) {
context.put("errorString",
"Ceritifcate Authority is not ready to serve.");
- throw new IOException("Ceritifcate Authority is not ready to serve.");
+ throw new IOException(
+ "Ceritifcate Authority is not ready to serve.");
}
ICertRecord record = null;
@@ -462,23 +475,21 @@ public class CertUtil {
if (reqId != null) {
meta.set(ICertRecord.META_REQUEST_ID, reqId.toString());
}
-
+
meta.set(ICertRecord.META_PROFILE_ID, profileId);
- record = (ICertRecord) cr.createCertRecord(
- cert.getSerialNumber(), cert, meta);
+ record = (ICertRecord) cr.createCertRecord(cert.getSerialNumber(),
+ cert, meta);
} catch (Exception e) {
- CMS.debug(
- "NamePanel configCert: failed to add metainfo. Exception: " + e.toString());
+ CMS.debug("NamePanel configCert: failed to add metainfo. Exception: "
+ + e.toString());
}
try {
cr.addCertificateRecord(record);
- CMS.debug(
- "NamePanel configCert: finished adding certificate record.");
+ CMS.debug("NamePanel configCert: finished adding certificate record.");
} catch (Exception e) {
- CMS.debug(
- "NamePanel configCert: failed to add certificate record. Exception: "
- + e.toString());
+ CMS.debug("NamePanel configCert: failed to add certificate record. Exception: "
+ + e.toString());
try {
cr.deleteCertificateRecord(record.getSerialNumber());
cr.addCertificateRecord(record);
@@ -488,10 +499,10 @@ public class CertUtil {
}
if (req != null) {
- // update request with cert
+ // update request with cert
req.setExtData(IEnrollProfile.REQUEST_ISSUED_CERT, cert);
- // store request in db
+ // store request in db
try {
CMS.debug("certUtil: before updateRequest");
if (queue != null) {
@@ -507,21 +518,21 @@ public class CertUtil {
public static void addUserCertificate(X509CertImpl cert) {
IConfigStore cs = CMS.getConfigStore();
- int num=0;
+ int num = 0;
try {
num = cs.getInteger("preop.subsystem.count", 0);
} catch (Exception e) {
}
IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
- String id = "user"+num;
+ String id = "user" + num;
- try {
- String sysType = cs.getString("cs.type", "");
- String machineName = cs.getString("machineName", "");
- String securePort = cs.getString("service.securePort", "");
- id = sysType + "-" + machineName + "-" + securePort;
+ try {
+ String sysType = cs.getString("cs.type", "");
+ String machineName = cs.getString("machineName", "");
+ String securePort = cs.getString("service.securePort", "");
+ id = sysType + "-" + machineName + "-" + securePort;
} catch (Exception e1) {
- // ignore
+ // ignore
}
num++;
@@ -566,7 +577,7 @@ public class CertUtil {
system.addUserCert(user);
CMS.debug("CertUtil addUserCertificate: successfully add the user certificate");
} catch (Exception e) {
- CMS.debug("CertUtil addUserCertificate exception="+e.toString());
+ CMS.debug("CertUtil addUserCertificate exception=" + e.toString());
}
IGroup group = null;
@@ -580,7 +591,8 @@ public class CertUtil {
CMS.debug("CertUtil addUserCertificate: update: successfully added the user to the group.");
}
} catch (Exception e) {
- CMS.debug("CertUtil addUserCertificate update: modifyGroup " + e.toString());
+ CMS.debug("CertUtil addUserCertificate update: modifyGroup "
+ + e.toString());
}
}
@@ -603,17 +615,17 @@ public class CertUtil {
}
if (content.length() > 0)
result.append(content);
- result.append("\n");
+ result.append("\n");
return result.toString();
}
public static boolean privateKeyExistsOnToken(String certTag,
- String tokenname, String nickname) {
+ String tokenname, String nickname) {
IConfigStore cs = CMS.getConfigStore();
String givenid = "";
try {
- givenid = cs.getString("preop.cert."+certTag+".privkey.id");
+ givenid = cs.getString("preop.cert." + certTag + ".privkey.id");
} catch (Exception e) {
CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet.");
return false;
@@ -622,9 +634,10 @@ public class CertUtil {
String fullnickname = nickname;
boolean hardware = false;
- if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
+ if (!tokenname.equals("internal")
+ && !tokenname.equals("Internal Key Storage Token")) {
hardware = true;
- fullnickname = tokenname+":"+nickname;
+ fullnickname = tokenname + ":" + nickname;
}
X509Certificate cert = null;
@@ -633,7 +646,8 @@ public class CertUtil {
cm = CryptoManager.getInstance();
cert = cm.findCertByNickname(fullnickname);
} catch (Exception e) {
- CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString());
+ CMS.debug("CertUtil privateKeyExistsOnToken: nickname="
+ + fullnickname + " Exception:" + e.toString());
return false;
}
@@ -641,19 +655,22 @@ public class CertUtil {
try {
privKey = cm.findPrivKeyByCert(cert);
} catch (Exception e) {
- CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString());
+ CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("
+ + fullnickname + ") exception: " + e.toString());
return false;
}
if (privKey == null) {
- CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")");
+ CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("
+ + fullnickname + ")");
return false;
} else {
String str = "";
try {
str = CryptoUtil.byte2string(privKey.getUniqueID());
} catch (Exception e) {
- CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString());
+ CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "
+ + e.toString());
}
if (str.equals(givenid)) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
index b3c10b6e..a28ae76b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
@@ -36,7 +36,6 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.xml.XMLObject;
-
public class CheckIdentity extends CMSServlet {
/**
@@ -52,6 +51,7 @@ public class CheckIdentity extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -61,7 +61,8 @@ public class CheckIdentity extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -74,12 +75,12 @@ public class CheckIdentity extends CMSServlet {
authToken = authenticate(cmsReq);
} catch (Exception e) {
CMS.debug("CheckIdentity authentication failed");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, "Error: Not authenticated");
return;
- }
+ }
try {
XMLObject xmlObj = null;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
index f2587300..e1d18140 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
@@ -28,7 +27,6 @@ import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
-
public abstract class ConfigBaseServlet extends BaseServlet {
/**
*
@@ -36,8 +34,7 @@ public abstract class ConfigBaseServlet extends BaseServlet {
private static final long serialVersionUID = 7692352201878710530L;
public boolean isDisplayMode(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
String display = request.getParameter("display");
if (display == null) {
@@ -50,43 +47,40 @@ public abstract class ConfigBaseServlet extends BaseServlet {
public abstract void display(HttpServletRequest request,
HttpServletResponse response, Context context);
- public abstract void update(HttpServletRequest request,
+ public abstract void update(HttpServletRequest request,
HttpServletResponse response, Context context);
public abstract Template getTemplate(HttpServletRequest request,
- HttpServletResponse response,
- Context context);
+ HttpServletResponse response, Context context);
public void outputHttpParameters(HttpServletRequest httpReq) {
- CMS.debug("ConfigBaseServlet:service() uri = " + httpReq.getRequestURI());
+ CMS.debug("ConfigBaseServlet:service() uri = "
+ + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
String pn = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
- // all sensitive parameters should be prefixed with
+ // all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("ConfigBaseServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") || pn.endsWith("password")
+ || pn.endsWith("passwd") || pn.endsWith("pwd")
+ || pn.equalsIgnoreCase("admin_password_again")
+ || pn.equalsIgnoreCase("directoryManagerPwd")
+ || pn.equalsIgnoreCase("bindpassword")
+ || pn.equalsIgnoreCase("bindpwd")
+ || pn.equalsIgnoreCase("passwd")
+ || pn.equalsIgnoreCase("password")
+ || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd")
+ || pn.equalsIgnoreCase("pwdagain")
+ || pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("ConfigBaseServlet::service() param name='" + pn
+ + "' value='(sensitive)'");
} else {
- CMS.debug("ConfigBaseServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("ConfigBaseServlet::service() param name='" + pn
+ + "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
@@ -95,9 +89,8 @@ public abstract class ConfigBaseServlet extends BaseServlet {
* Processes request.
*/
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
-
+ HttpServletResponse response, Context context) {
+
if (CMS.debugOn()) {
outputHttpParameters(request);
}
@@ -107,16 +100,16 @@ public abstract class ConfigBaseServlet extends BaseServlet {
} else {
update(request, response, context);
}
-
+
Template template = null;
-
+
try {
context.put("name", "Velocity Test");
template = getTemplate(request, response, context);
} catch (Exception e) {
System.err.println("Exception caught: " + e.getMessage());
}
-
+
return template;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
index d95c85d1..8216593a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
@@ -20,16 +20,14 @@ package com.netscape.cms.servlet.csadmin;
import org.mozilla.jss.crypto.X509Certificate;
import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
-
-public class ConfigCertApprovalCallback
- implements SSLCertificateApprovalCallback {
+public class ConfigCertApprovalCallback implements
+ SSLCertificateApprovalCallback {
public ConfigCertApprovalCallback() {
}
public boolean approve(X509Certificate cert,
- SSLCertificateApprovalCallback.ValidityStatus status) {
- return true;
+ SSLCertificateApprovalCallback.ValidityStatus status) {
+ return true;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
index 37493b6b..536e953a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class ConfigCertReqServlet extends BaseServlet {
/**
@@ -34,15 +32,14 @@ public class ConfigCertReqServlet extends BaseServlet {
private static final long serialVersionUID = 4489288758636916446L;
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
try {
context.put("name", "Velocity Test");
- template = Velocity.getTemplate(
- "admin/console/config/config_certreq.vm");
+ template = Velocity
+ .getTemplate("admin/console/config/config_certreq.vm");
} catch (Exception e) {
System.err.println("Exception caught: " + e.getMessage());
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
index e7d88a35..ddd098bc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class ConfigCloneServlet extends BaseServlet {
/**
@@ -34,15 +32,14 @@ public class ConfigCloneServlet extends BaseServlet {
private static final long serialVersionUID = -9065299591659111350L;
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
try {
context.put("name", "Velocity Test");
- template = Velocity.getTemplate(
- "admin/console/config/config_clone.vm");
+ template = Velocity
+ .getTemplate("admin/console/config/config_clone.vm");
} catch (Exception e) {
System.err.println("Exception caught: " + e.getMessage());
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
index 08ebf08e..05fc8936 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -28,7 +27,6 @@ import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.IConfigStore;
-
public class ConfigDatabaseServlet extends ConfigBaseServlet {
/**
@@ -47,7 +45,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
try {
modified = cs.getString("preop.configDatabase.modified", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (modified.equals("true")) {
return true;
@@ -57,8 +56,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
}
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
String hostname = null;
String portStr = null;
String basedn = null;
@@ -75,7 +73,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
basedn = cs.getString("internaldb.basedn", "");
binddn = cs.getString("internaldb.ldapauth.bindDN", "");
database = cs.getString("internaldb.database", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
} else {
hostname = HOST;
portStr = PORT;
@@ -95,8 +94,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
}
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
IConfigStore cs = CMS.getConfigStore();
String errorString = "";
String hostname = request.getParameter("host");
@@ -113,7 +111,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
int port = -1;
try {
- port = Integer.parseInt(portStr);
+ port = Integer.parseInt(portStr);
cs.putInteger("internaldb.ldapconn.port", port);
} catch (Exception e) {
errorString = "Port is invalid";
@@ -159,7 +157,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
CMS.debug("ConfigDatabaseServlet update: " + e.toString());
return;
}
- psStore.putString("internaldb", bindpwd);
+ psStore.putString("internaldb", bindpwd);
} else {
errorString = "Bind password is empty string";
}
@@ -185,11 +183,11 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
}
public Template getTemplate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
try {
return Velocity.getTemplate("admin/console/config/config_db.vm");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
return null;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
index d04fbf2f..c524e667 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.FileNotFoundException;
import java.io.IOException;
@@ -46,13 +45,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
private CryptoManager mCryptoManager = null;
private String mPwdFilePath = "";
- public ConfigHSMLoginPanel() {}
+ public ConfigHSMLoginPanel() {
+ }
public void init(ServletConfig config, int panelno) throws ServletException {
try {
mCryptoManager = CryptoManager.getInstance();
- mPwdFilePath = CMS.getConfigStore().getString(
- "passwordFile");
+ mPwdFilePath = CMS.getConfigStore().getString("passwordFile");
} catch (Exception e) {
CMS.debug("ConfigHSMLoginPanel: " + e.toString());
}
@@ -60,11 +59,11 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
setName("ConfigHSMLogin");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
try {
mCryptoManager = CryptoManager.getInstance();
- mPwdFilePath = CMS.getConfigStore().getString(
- "passwordFile");
+ mPwdFilePath = CMS.getConfigStore().getString("passwordFile");
} catch (Exception e) {
CMS.debug("ConfigHSMLoginPanel: " + e.toString());
}
@@ -89,8 +88,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
}
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("ConfigHSMLoginPanel: in display()");
context.put("title", "Security Module Login");
@@ -115,9 +113,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
try {
token = mCryptoManager.getTokenByName(tokName);
} catch (Exception e) {
- CMS.debug(
- "ConfigHSMLoginPanel: getTokenByName() failed: "
- + e.toString());
+ CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: "
+ + e.toString());
context.put("error", "tokenNotFound:" + tokName);
context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
return;
@@ -132,7 +129,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString());
}
CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache");
- String tokPwd = pr.getPassword("hardware-"+tokName);
+ String tokPwd = pr.getPassword("hardware-" + tokName);
boolean loggedIn = false;
@@ -157,48 +154,47 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
password = new Password(tokPwd.toCharArray());
try {
- if (token.passwordIsInitialized()) {
- CMS.debug(
- "ConfigHSMLoginPanel: loginToken():token password is initialized");
- if (!token.isLoggedIn()) {
- CMS.debug(
- "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it");
- token.login(password);
- context.put("status", "justLoggedIn");
- } else {
- CMS.debug(
- "ConfigHSMLoginPanel:Token has already logged on");
- context.put("status", "alreadyLoggedIn");
- }
- } else {
- CMS.debug(
- "ConfigHSMLoginPanel: loginToken():Token password not initialized");
- context.put("status", "tokenPasswordNotInitialized");
- rv = false;
- }
-
- } catch (IncorrectPasswordException e) {
- context.put("status", "incorrectPassword");
- context.put("errorString", e.toString());
- CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
- rv = false;
- } catch (Exception e) {
- CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
- context.put("errorString", e.toString());
- rv = false;
- }
+ if (token.passwordIsInitialized()) {
+ CMS.debug("ConfigHSMLoginPanel: loginToken():token password is initialized");
+ if (!token.isLoggedIn()) {
+ CMS.debug("ConfigHSMLoginPanel: loginToken():Token is not logged in, try it");
+ token.login(password);
+ context.put("status", "justLoggedIn");
+ } else {
+ CMS.debug("ConfigHSMLoginPanel:Token has already logged on");
+ context.put("status", "alreadyLoggedIn");
+ }
+ } else {
+ CMS.debug("ConfigHSMLoginPanel: loginToken():Token password not initialized");
+ context.put("status", "tokenPasswordNotInitialized");
+ rv = false;
+ }
+
+ } catch (IncorrectPasswordException e) {
+ context.put("status", "incorrectPassword");
+ context.put("errorString", e.toString());
+ CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
+ rv = false;
+ } catch (Exception e) {
+ CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
+ context.put("errorString", e.toString());
+ rv = false;
+ }
return rv;
}
// XXX how do you do this?
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
- Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */
- set.add(
- "choice", choiceDesc);
-
+ Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /*
+ * no
+ * default
+ * parameters
+ */
+
+ set.add("choice", choiceDesc);
+
return set;
}
@@ -206,13 +202,11 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
IConfigStore cs = CMS.getConfigStore();
String select = "";
@@ -220,10 +214,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
select = cs.getString("preop.subsystem.select", "");
} catch (Exception e) {
}
-
-// if (select.equals("clone"))
- // return;
-
+
+ // if (select.equals("clone"))
+ // return;
+
CMS.debug("ConfigHSMLoginPanel: in update()");
String uTokName = null;
@@ -233,7 +227,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
uPasswd = HttpInput.getPassword(request, "__uPasswd");
} catch (Exception e) {
}
-
+
if (uPasswd == null) {
CMS.debug("ConfigHSMLoginPanel: password not found");
context.put("error", "no password");
@@ -248,47 +242,41 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
try {
token = mCryptoManager.getTokenByName(uTokName);
} catch (Exception e) {
- CMS.debug(
- "ConfigHSMLoginPanel: getTokenByName() failed: "
- + e.toString());
+ CMS.debug("ConfigHSMLoginPanel: getTokenByName() failed: "
+ + e.toString());
context.put("error", "tokenNotFound:" + uTokName);
}
try {
if (loginToken(token, uPasswd, context) == false) {
- CMS.debug(
- "ConfigHSMLoginPanel:loginToken failed for "
- + uTokName);
+ CMS.debug("ConfigHSMLoginPanel:loginToken failed for "
+ + uTokName);
context.put("error", "tokenLoginFailed");
context.put("updateStatus", "login failed");
context.put("panel",
"admin/console/config/config_hsmloginpanel.vm");
return;
}
- CMS.debug(
- "ConfigHSMLoginPanel: update(): just logged in successfully");
+ CMS.debug("ConfigHSMLoginPanel: update(): just logged in successfully");
PlainPasswordWriter pw = new PlainPasswordWriter();
pw.init(mPwdFilePath);
- pw.putPassword("hardware-"+uTokName, uPasswd);
+ pw.putPassword("hardware-" + uTokName, uPasswd);
pw.commit();
} catch (FileNotFoundException e) {
- CMS.debug(
- "ConfigHSMLoginPanel: update(): Exception caught: "
- + e.toString() + " writing to "+ mPwdFilePath);
- CMS.debug(
- "ConfigHSMLoginPanel: update(): password not written to cache");
+ CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: "
+ + e.toString() + " writing to " + mPwdFilePath);
+ CMS.debug("ConfigHSMLoginPanel: update(): password not written to cache");
System.err.println("Exception caught: " + e.toString());
context.put("error", "Exception:" + e.toString());
} catch (Exception e) {
- CMS.debug(
- "ConfigHSMLoginPanel: update(): Exception caught: "
- + e.toString());
+ CMS.debug("ConfigHSMLoginPanel: update(): Exception caught: "
+ + e.toString());
System.err.println("Exception caught: " + e.toString());
context.put("error", "Exception:" + e.toString());
}
-
+
} // found password
context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
@@ -302,10 +290,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Security Module Login");
context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
index bfc6e278..814569ed 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Vector;
@@ -39,7 +38,6 @@ import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.cmsutil.crypto.Module;
-
public class ConfigHSMServlet extends ConfigBaseServlet {
/**
*
@@ -68,9 +66,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
mCurrModTable.put(mod.getName(), mod);
} // while
} catch (Exception e) {
- CMS.debug(
- "ConfigHSMServlet: Exception caught in loadCurrModTable: "
- + e.toString());
+ CMS.debug("ConfigHSMServlet: Exception caught in loadCurrModTable: "
+ + e.toString());
System.err.println("Exception caught: " + e.toString());
}
}
@@ -119,21 +116,19 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
try {
CryptoToken token = (CryptoToken) tokens.nextElement();
- CMS.debug("ConfigHSMServlet: token nick name=" + token.getName());
- CMS.debug(
- "ConfigHSMServlet: token logged in?"
- + token.isLoggedIn());
- CMS.debug(
- "ConfigHSMServlet: token is present?"
- + token.isPresent());
+ CMS.debug("ConfigHSMServlet: token nick name="
+ + token.getName());
+ CMS.debug("ConfigHSMServlet: token logged in?"
+ + token.isLoggedIn());
+ CMS.debug("ConfigHSMServlet: token is present?"
+ + token.isPresent());
if (!token.getName().equals("Internal Crypto Services Token")) {
module.addToken(token);
} else {
- CMS.debug(
- "ConfigHSMServlet: token " + token.getName()
+ CMS.debug("ConfigHSMServlet: token " + token.getName()
+ " not to be added");
}
-
+
} catch (TokenException ex) {
CMS.debug("ConfigHSMServlet:" + ex.toString());
}
@@ -165,11 +160,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
if ((cn == null) || (cn.equals(""))) {
break;
}
-
+
CMS.debug("ConfigHSMServlet: got from config module: " + cn);
// create a Module object
Module module = new Module(cn, pn, img);
-
+
if (mCurrModTable.containsKey(cn)) {
CMS.debug("ConfigHSMServlet: module found: " + cn);
module.setFound(true);
@@ -178,7 +173,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
loadModTokens(module, m);
}
-
+
CMS.debug("ConfigHSMServlet: adding module " + cn);
// add module to set
if (!mSupportedModules.contains(module)) {
@@ -187,16 +182,14 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
}// for
} catch (Exception e) {
- CMS.debug(
- "ConfigHSMServlet: Exception caught in loadSupportedModules(): "
- + e.toString());
+ CMS.debug("ConfigHSMServlet: Exception caught in loadSupportedModules(): "
+ + e.toString());
System.err.println("Exception caught: " + e.toString());
}
}
public boolean isDisplayMode(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
String choice = request.getParameter("choice");
if (choice == null) {
@@ -223,8 +216,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
}
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("ConfigHSMServlet: in display()");
loadCurrModTable();
@@ -252,8 +244,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
}
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
IConfigStore cs = CMS.getConfigStore();
@@ -286,12 +277,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
}
public Template getTemplate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
try {
return Velocity.getTemplate("admin/console/config/config_hsm.vm");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
return null;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
index 3b3b8a64..6bf74af6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class ConfigImportCertServlet extends BaseServlet {
/**
@@ -34,15 +32,14 @@ public class ConfigImportCertServlet extends BaseServlet {
private static final long serialVersionUID = 1907102921734394118L;
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
try {
context.put("name", "Velocity Test");
- template = Velocity.getTemplate(
- "admin/console/config/config_importcert.vm");
+ template = Velocity
+ .getTemplate("admin/console/config/config_importcert.vm");
} catch (Exception e) {
System.err.println("Exception caught: " + e.getMessage());
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
index 01917303..4415fdbd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -30,7 +29,6 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.cmsutil.crypto.CryptoUtil;
-
public class ConfigJoinServlet extends ConfigBaseServlet {
/**
@@ -39,8 +37,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
private static final long serialVersionUID = -5848083581083497909L;
public boolean isDisplayMode(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
String cert = request.getParameter("cert");
if (cert == null) {
@@ -52,12 +49,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
public boolean isPanelModified() {
IConfigStore config = CMS.getConfigStore();
-
+
String cert = null;
try {
cert = config.getString("preop.join.cert", null);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
if (cert == null || cert.equals("")) {
return false;
} else {
@@ -69,15 +67,14 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
* Displays panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
IConfigStore config = CMS.getConfigStore();
try {
- String pubKeyModulus = config.getString(
- "preop.keysize.pubKeyModulus");
- String pubKeyPublicExponent = config.getString(
- "preop.keysize.pubKeyPublicExponent");
+ String pubKeyModulus = config
+ .getString("preop.keysize.pubKeyModulus");
+ String pubKeyPublicExponent = config
+ .getString("preop.keysize.pubKeyPublicExponent");
String dn = config.getString("preop.name.dn");
String priKeyID = config.getString("preop.keysize.priKeyID");
String pkcs10 = CryptoUtil.getPKCS10FromKey(dn,
@@ -85,7 +82,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
CryptoUtil.string2byte(pubKeyPublicExponent),
CryptoUtil.string2byte(priKeyID));
context.put("certreq", pkcs10);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
String select = "auto";
boolean select_manual = true;
@@ -94,8 +92,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
try {
select = config.getString("preop.join.select", null);
} catch (EBaseException e) {
- CMS.debug( "ConfigJoinServlet::display() - "
- + "Exception="+e.toString() );
+ CMS.debug("ConfigJoinServlet::display() - " + "Exception="
+ + e.toString());
return;
}
if (select.equals("auto")) {
@@ -109,12 +107,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
String cert = config.getString("preop.join.cert", "");
context.put("cert", cert);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
} else {
context.put("cert", "");
}
- if (select_manual) {
+ if (select_manual) {
context.put("check_manual", "checked");
context.put("check_auto", "");
} else {
@@ -128,8 +127,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
* Updates panel.
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("JoinServlet: update");
IConfigStore config = CMS.getConfigStore();
String select = request.getParameter("choice");
@@ -155,22 +153,21 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
config.putString("preop.join.pwd", pwd);
/* XXX - submit request to the CA, and import it automatically */
- config.putString(
- "preop.join.cert", ""); /* store the chain */
+ config.putString("preop.join.cert", ""); /* store the chain */
}
config.putString("preop.join.select", select);
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
-
+
public Template getTemplate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
try {
- template = Velocity.getTemplate(
- "admin/console/config/config_join.vm");
+ template = Velocity
+ .getTemplate("admin/console/config/config_join.vm");
} catch (Exception e) {
System.err.println("Exception caught: " + e.getMessage());
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
index 895c75ac..9926895b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
@@ -32,7 +31,6 @@ import com.netscape.certsrv.base.EBaseException;
import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.profile.CertInfoProfile;
-
public class ConfigRootCAServlet extends ConfigBaseServlet {
/**
@@ -41,8 +39,7 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
private static final long serialVersionUID = 1128630821163059659L;
public boolean isDisplayMode(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
String profile = request.getParameter("profile");
if (profile == null) {
@@ -54,12 +51,13 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
public boolean isPanelModified() {
IConfigStore config = CMS.getConfigStore();
-
+
String profile = null;
try {
profile = config.getString("preop.hierarchy.profile", null);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
if (profile == null || profile.equals("")) {
return false;
} else {
@@ -73,29 +71,31 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
try {
instancePath = config.getString("instanceRoot");
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
String p[] = { "caCert.profile" };
Vector profiles = new Vector();
for (int i = 0; i < p.length; i++) {
try {
- profiles.addElement(
- new CertInfoProfile(instancePath + "/conf/" + p[i]));
- } catch (Exception e) {}
+ profiles.addElement(new CertInfoProfile(instancePath + "/conf/"
+ + p[i]));
+ } catch (Exception e) {
+ }
}
return profiles;
}
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
IConfigStore config = CMS.getConfigStore();
String profile = null;
if (isPanelModified()) {
try {
profile = config.getString("preop.hierarchy.profile", null);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
if (profile == null) {
profile = "caCert.profile";
@@ -108,15 +108,15 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
}
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
String profile = request.getParameter("profile");
IConfigStore config = CMS.getConfigStore();
config.putString("preop.hierarchy.profile", profile);
try {
- config.commit(false);
- } catch (Exception e) {}
+ config.commit(false);
+ } catch (Exception e) {
+ }
context.put("status", "update");
context.put("error", "");
Vector profiles = getProfiles();
@@ -124,15 +124,14 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
context.put("profiles", profiles);
context.put("selected_profile_id", profile);
}
-
+
public Template getTemplate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
try {
- template = Velocity.getTemplate(
- "admin/console/config/config_rootca.vm");
+ template = Velocity
+ .getTemplate("admin/console/config/config_rootca.vm");
} catch (Exception e) {
System.err.println("Exception caught: " + e.getMessage());
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
index daf14c9e..febe8f9a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.net.URL;
import java.util.StringTokenizer;
@@ -39,19 +38,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class CreateSubsystemPanel extends WizardPanelBase {
- public CreateSubsystemPanel() {}
+ public CreateSubsystemPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Subsystem Selection");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Subsystem Type");
setId(id);
@@ -72,15 +71,16 @@ public class CreateSubsystemPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -88,8 +88,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Subsystem Type");
IConfigStore config = CMS.getConfigStore();
String session_id = request.getParameter("session_id");
@@ -112,8 +111,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
context.put("check_newsubsystem", "");
context.put("check_clonesubsystem", "checked");
}
- context.put("subsystemName",
- config.getString("preop.subsystem.name"));
+ context.put("subsystemName",
+ config.getString("preop.subsystem.name"));
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -121,8 +120,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
context.put("check_newsubsystem", "checked");
context.put("check_clonesubsystem", "");
try {
- context.put("subsystemName",
- config.getString("preop.system.fullname"));
+ context.put("subsystemName",
+ config.getString("preop.system.fullname"));
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -135,7 +134,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
context.put("cstype", cstype);
context.put("wizardname", config.getString("preop.wizard.name"));
context.put("systemname", config.getString("preop.system.name"));
- context.put("fullsystemname", config.getString("preop.system.fullname"));
+ context.put("fullsystemname",
+ config.getString("preop.system.fullname"));
context.put("machineName", config.getString("machineName"));
context.put("http_port", CMS.getEENonSSLPort());
context.put("https_agent_port", CMS.getAgentPort());
@@ -144,7 +144,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
} catch (EBaseException e) {
}
- Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" );
+ Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort");
StringBuffer list = new StringBuffer();
int size = v.size();
@@ -164,7 +164,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
errorString = "Internal error, cs.type is missing from CS.cfg";
}
- if (list.length()==0)
+ if (list.length() == 0)
context.put("disableClone", "true");
context.put("panel", "admin/console/config/createsubsystempanel.vm");
@@ -176,16 +176,14 @@ public class CreateSubsystemPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
String errorString = "";
IConfigStore config = CMS.getConfigStore();
String select = HttpInput.getID(request, "choice");
@@ -196,8 +194,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
throw new IOException("choice not found");
}
- config.putString("preop.subsystem.name",
- HttpInput.getName(request, "subsystemName"));
+ config.putString("preop.subsystem.name",
+ HttpInput.getName(request, "subsystemName"));
if (select.equals("newsubsystem")) {
config.putString("preop.subsystem.select", "new");
config.putString("subsystem.select", "New");
@@ -209,7 +207,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
}
cstype = toLowerCaseSubsystemType(cstype);
-
+
config.putString("preop.subsystem.select", "clone");
config.putString("subsystem.select", "Clone");
@@ -223,9 +221,9 @@ public class CreateSubsystemPanel extends WizardPanelBase {
while (t.hasMoreTokens()) {
String tag = t.nextToken();
if (tag.equals("sslserver"))
- config.putBoolean(PCERT_PREFIX+tag+".enable", true);
- else
- config.putBoolean(PCERT_PREFIX+tag+".enable", false);
+ config.putBoolean(PCERT_PREFIX + tag + ".enable", true);
+ else
+ config.putBoolean(PCERT_PREFIX + tag + ".enable", false);
}
// get the master CA
@@ -254,10 +252,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
String host = u.getHost();
int https_ee_port = u.getPort();
- String https_admin_port = getSecurityDomainAdminPort( config,
- host,
- String.valueOf(https_ee_port),
- cstype );
+ String https_admin_port = getSecurityDomainAdminPort(config, host,
+ String.valueOf(https_ee_port), cstype);
config.putString("preop.master.hostname", host);
config.putInteger("preop.master.httpsport", https_ee_port);
@@ -265,12 +261,12 @@ public class CreateSubsystemPanel extends WizardPanelBase {
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
if (cstype.equals("ca")) {
- updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port,
- true, context, certApprovalCallback );
+ updateCertChainUsingSecureEEPort(config, "clone", host,
+ https_ee_port, true, context, certApprovalCallback);
}
- getTokenInfo(config, cstype, host, https_ee_port, true, context,
- certApprovalCallback);
+ getTokenInfo(config, cstype, host, https_ee_port, true, context,
+ certApprovalCallback);
} else {
CMS.debug("CreateSubsystemPanel: invalid choice " + select);
errorString = "Invalid choice";
@@ -291,8 +287,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Subsystem Type");
context.put("panel", "admin/console/config/createsubsystempanel.vm");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index 17a4bae6..feb6ad28 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
@@ -64,7 +63,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil;
public class DatabasePanel extends WizardPanelBase {
private static final String HOST = "localhost";
- private static final String CLONE_HOST="Enter FQDN here";
+ private static final String CLONE_HOST = "Enter FQDN here";
private static final String PORT = "389";
private static final String BASEDN = "o=netscapeCertificateServer";
private static final String BINDDN = "cn=Directory Manager";
@@ -74,19 +73,19 @@ public class DatabasePanel extends WizardPanelBase {
private WizardServlet mServlet = null;
- public DatabasePanel() {}
+ public DatabasePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Internal Database");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Internal Database");
setId(id);
@@ -101,15 +100,15 @@ public class DatabasePanel extends WizardPanelBase {
public boolean isPanelDone() {
IConfigStore cs = CMS.getConfigStore();
try {
- boolean s = cs.getBoolean("preop.Database.done",
- false);
+ boolean s = cs.getBoolean("preop.Database.done", false);
if (s != true) {
return false;
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -120,7 +119,7 @@ public class DatabasePanel extends WizardPanelBase {
"Host name");
set.add("hostname", hostDesc);
-
+
Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null,
"Port");
@@ -130,19 +129,19 @@ public class DatabasePanel extends WizardPanelBase {
"Base DN");
set.add("basedn", basednDesc);
-
+
Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null,
"Bind DN");
set.add("binddn", binddnDesc);
- Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null,
- "Bind Password");
+ Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null,
+ null, "Bind Password");
set.add("bindpwd", bindpwdDesc);
- Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null, null,
- "Database");
+ Descriptor databaseDesc = new Descriptor(IDescriptor.STRING, null,
+ null, "Database");
set.add("database", databaseDesc);
@@ -153,8 +152,7 @@ public class DatabasePanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("DatabasePanel: display()");
context.put("title", "Internal Database");
context.put("firsttime", "false");
@@ -187,8 +185,9 @@ public class DatabasePanel extends WizardPanelBase {
basedn = cs.getString("internaldb.basedn", "");
binddn = cs.getString("internaldb.ldapauth.bindDN", "");
database = cs.getString("internaldb.database", "");
- secure = cs.getString("internaldb.ldapconn.secureConn", "");
- cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", "");
+ secure = cs.getString("internaldb.ldapconn.secureConn", "");
+ cloneStartTLS = cs.getString(
+ "internaldb.ldapconn.cloneStartTLS", "");
errorString = cs.getString("preop.database.errorString", "");
} catch (Exception e) {
CMS.debug("DatabasePanel display: " + e.toString());
@@ -199,12 +198,12 @@ public class DatabasePanel extends WizardPanelBase {
try {
basedn = cs.getString("internaldb.basedn", "");
} catch (Exception e) {
- CMS.debug( "DatabasePanel::display() - "
- + "Exception="+e.toString() );
+ CMS.debug("DatabasePanel::display() - " + "Exception="
+ + e.toString());
return;
}
binddn = BINDDN;
- database = basedn.substring(basedn.lastIndexOf('=')+1);
+ database = basedn.substring(basedn.lastIndexOf('=') + 1);
CMS.debug("Clone: database=" + database);
} else {
hostname = HOST;
@@ -223,11 +222,10 @@ public class DatabasePanel extends WizardPanelBase {
boolean multipleEnable = false;
try {
multipleEnable = cs.getBoolean(
- "internaldb.multipleSuffix.enable", false);
+ "internaldb.multipleSuffix.enable", false);
} catch (Exception e) {
}
-
-
+
if (multipleEnable)
basedn = "ou=" + instanceId + "," + suffix;
else
@@ -243,15 +241,15 @@ public class DatabasePanel extends WizardPanelBase {
context.put("binddn", binddn);
context.put("bindpwd", bindpwd);
context.put("database", database);
- context.put("secureConn", (secure.equals("true")? "on":"off"));
- context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off"));
+ context.put("secureConn", (secure.equals("true") ? "on" : "off"));
+ context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on"
+ : "off"));
context.put("panel", "admin/console/config/databasepanel.vm");
context.put("errorString", errorString);
}
public void initParams(HttpServletRequest request, Context context)
- throws IOException
- {
+ throws IOException {
IConfigStore config = CMS.getConfigStore();
String select = "";
try {
@@ -271,8 +269,7 @@ public class DatabasePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore cs = CMS.getConfigStore();
context.put("firsttime", "false");
@@ -317,13 +314,15 @@ public class DatabasePanel extends WizardPanelBase {
String masterport = "";
String masterbasedn = "";
try {
- masterhost = cs.getString("preop.internaldb.master.hostname", "");
+ masterhost = cs.getString("preop.internaldb.master.hostname",
+ "");
masterport = cs.getString("preop.internaldb.master.port", "");
- masterbasedn = cs.getString("preop.internaldb.master.basedn", "");
+ masterbasedn = cs.getString("preop.internaldb.master.basedn",
+ "");
} catch (Exception e) {
}
- //get the real host name
+ // get the real host name
String realhostname = "";
if (hostname.equals("localhost")) {
try {
@@ -333,12 +332,14 @@ public class DatabasePanel extends WizardPanelBase {
}
if (masterhost.equals(realhostname) && masterport.equals(portStr)) {
context.put("updateStatus", "validate-failure");
- throw new IOException("Master and clone must not share the same internal database");
+ throw new IOException(
+ "Master and clone must not share the same internal database");
}
if (!masterbasedn.equals(basedn)) {
context.put("updateStatus", "validate-failure");
- throw new IOException("Master and clone should have the same base DN");
+ throw new IOException(
+ "Master and clone should have the same base DN");
}
}
@@ -365,13 +366,15 @@ public class DatabasePanel extends WizardPanelBase {
}
if (basedn == null || basedn.length() == 0) {
- cs.putString("preop.database.errorString", "Base DN is empty string");
+ cs.putString("preop.database.errorString",
+ "Base DN is empty string");
context.put("updateStatus", "validate-failure");
throw new IOException("Base DN is empty string");
}
if (binddn == null || binddn.length() == 0) {
- cs.putString("preop.database.errorString", "Bind DN is empty string");
+ cs.putString("preop.database.errorString",
+ "Bind DN is empty string");
context.put("updateStatus", "validate-failure");
throw new IOException("Bind DN is empty string");
}
@@ -395,8 +398,7 @@ public class DatabasePanel extends WizardPanelBase {
}
private LDAPConnection getLocalLDAPConn(Context context, String secure)
- throws IOException
- {
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
String host = "";
@@ -409,7 +411,7 @@ public class DatabasePanel extends WizardPanelBase {
host = cs.getString("internaldb.ldapconn.host");
port = cs.getString("internaldb.ldapconn.port");
binddn = cs.getString("internaldb.ldapauth.bindDN");
- pwd = (String) context.get("bindpwd");
+ pwd = (String) context.get("bindpwd");
security = cs.getString("internaldb.ldapconn.secureConn");
} catch (Exception e) {
CMS.debug("DatabasePanel populateDB: " + e.toString());
@@ -428,12 +430,12 @@ public class DatabasePanel extends WizardPanelBase {
LDAPConnection conn = null;
if (security.equals("true")) {
- CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap");
- conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- } else {
- CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap");
- conn = new LDAPConnection();
- }
+ CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ } else {
+ CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
+ }
CMS.debug("DatabasePanel connecting to " + host + ":" + p);
try {
@@ -443,81 +445,80 @@ public class DatabasePanel extends WizardPanelBase {
throw new IOException("Failed to connect to the internal database.");
}
- return conn;
+ return conn;
}
- private boolean deleteDir(File dir)
- {
+ private boolean deleteDir(File dir) {
if (dir.isDirectory()) {
String[] children = dir.list();
- for (int i=0; i<children.length; i++) {
+ for (int i = 0; i < children.length; i++) {
boolean success = deleteDir(new File(dir, children[i]));
if (!success) {
return false;
}
}
}
-
+
// The directory is now empty so delete it
return dir.delete();
- }
+ }
- private void cleanupDB(LDAPConnection conn, String baseDN, String database)
- {
+ private void cleanupDB(LDAPConnection conn, String baseDN, String database) {
String[] entries = {};
String filter = "objectclass=*";
LDAPSearchConstraints cons = null;
String[] attrs = null;
- String dn="";
+ String dn = "";
try {
CMS.debug("Deleting baseDN: " + baseDN);
- LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter,
- attrs, true, cons);
- if (res != null)
- deleteEntries(res, conn, baseDN, entries);
+ LDAPSearchResults res = conn.search(baseDN,
+ LDAPConnection.SCOPE_BASE, filter, attrs, true, cons);
+ if (res != null)
+ deleteEntries(res, conn, baseDN, entries);
+ } catch (LDAPException e) {
}
- catch (LDAPException e) {}
-
+
try {
- dn="cn=mapping tree, cn=config";
- filter = "nsslapd-backend=" + database;
- LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
- attrs, true, cons);
- if (res != null) {
- while (res.hasMoreElements()) {
- dn = res.next().getDN();
- filter = "objectclass=*";
- LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, true, cons);
- if (res2 != null)
- deleteEntries(res2, conn, dn, entries);
- }
- }
- }
- catch (LDAPException e) {}
+ dn = "cn=mapping tree, cn=config";
+ filter = "nsslapd-backend=" + database;
+ LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE,
+ filter, attrs, true, cons);
+ if (res != null) {
+ while (res.hasMoreElements()) {
+ dn = res.next().getDN();
+ filter = "objectclass=*";
+ LDAPSearchResults res2 = conn.search(dn,
+ LDAPConnection.SCOPE_BASE, filter, attrs, true,
+ cons);
+ if (res2 != null)
+ deleteEntries(res2, conn, dn, entries);
+ }
+ }
+ } catch (LDAPException e) {
+ }
try {
dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
- LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, true, cons);
+ LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE,
+ filter, attrs, true, cons);
if (res != null) {
deleteEntries(res, conn, dn, entries);
- String dbdir = getInstanceDir(conn) + "/db/" + database;
- if (dbdir != null) {
- CMS.debug(" Deleting dbdir " + dbdir);
+ String dbdir = getInstanceDir(conn) + "/db/" + database;
+ if (dbdir != null) {
+ CMS.debug(" Deleting dbdir " + dbdir);
boolean success = deleteDir(new File(dbdir));
if (!success) {
- CMS.debug("Unable to delete database directory " + dbdir);
+ CMS.debug("Unable to delete database directory "
+ + dbdir);
}
}
}
+ } catch (LDAPException e) {
}
- catch (LDAPException e) {}
}
-
- private void populateDB(HttpServletRequest request, Context context, String secure)
- throws IOException {
+ private void populateDB(HttpServletRequest request, Context context,
+ String secure) throws IOException {
IConfigStore cs = CMS.getConfigStore();
String baseDN = "";
@@ -542,50 +543,53 @@ public class DatabasePanel extends WizardPanelBase {
boolean foundDatabase = false;
try {
LDAPEntry entry = conn.read(baseDN);
- if (entry != null) foundBaseDN = true;
+ if (entry != null)
+ foundBaseDN = true;
} catch (LDAPException e) {
- switch( e.getLDAPResultCode() ) {
- case LDAPException.NO_SUCH_OBJECT:
- break;
- default:
- CMS.debug("DatabasePanel update: LDAPException " + e.toString());
- throw new IOException("Failed to create the database");
+ switch (e.getLDAPResultCode()) {
+ case LDAPException.NO_SUCH_OBJECT:
+ break;
+ default:
+ CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+ throw new IOException("Failed to create the database");
}
}
try {
dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
LDAPEntry entry = conn.read(dn);
- if (entry != null) foundDatabase = true;
+ if (entry != null)
+ foundDatabase = true;
} catch (LDAPException e) {
- switch( e.getLDAPResultCode() ) {
- case LDAPException.NO_SUCH_OBJECT:
- break;
- default:
- CMS.debug("DatabasePanel update: LDAPException " + e.toString());
- throw new IOException("Failed to create the database");
+ switch (e.getLDAPResultCode()) {
+ case LDAPException.NO_SUCH_OBJECT:
+ break;
+ default:
+ CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+ throw new IOException("Failed to create the database");
}
}
try {
dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
LDAPEntry entry = conn.read(dn);
- if (entry != null) foundDatabase = true;
+ if (entry != null)
+ foundDatabase = true;
} catch (LDAPException e) {
- switch( e.getLDAPResultCode() ) {
- case LDAPException.NO_SUCH_OBJECT:
- break;
- default:
- CMS.debug("DatabasePanel update: LDAPException " + e.toString());
- throw new IOException("Failed to create the database");
+ switch (e.getLDAPResultCode()) {
+ case LDAPException.NO_SUCH_OBJECT:
+ break;
+ default:
+ CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+ throw new IOException("Failed to create the database");
}
}
if (foundDatabase) {
CMS.debug("DatabasePanel update: This database has already been used.");
if (remove == null) {
- throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database");
- }
- else {
+ throw new IOException(
+ "This database has already been used. Select the checkbox below to remove all data and reuse this database");
+ } else {
CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
cleanupDB(conn, baseDN, database);
foundBaseDN = false;
@@ -596,9 +600,11 @@ public class DatabasePanel extends WizardPanelBase {
if (foundBaseDN) {
CMS.debug("DatabasePanel update: This base DN has already been used.");
if (remove == null) {
- throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN");
- }
- else {
+ throw new IOException(
+ "This base DN ("
+ + baseDN
+ + ") has already been used. Select the checkbox below to remove all data and reuse this base DN");
+ } else {
CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
cleanupDB(conn, baseDN, database);
foundBaseDN = false;
@@ -609,7 +615,7 @@ public class DatabasePanel extends WizardPanelBase {
// create database
try {
LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc[] = { "top", "extensibleObject", "nsBackendInstance"};
+ String oc[] = { "top", "extensibleObject", "nsBackendInstance" };
attrs.add(new LDAPAttribute("objectClass", oc));
attrs.add(new LDAPAttribute("cn", database));
attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN));
@@ -623,7 +629,7 @@ public class DatabasePanel extends WizardPanelBase {
try {
LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc2[] = { "top", "extensibleObject", "nsMappingTree"};
+ String oc2[] = { "top", "extensibleObject", "nsMappingTree" };
attrs.add(new LDAPAttribute("objectClass", oc2));
attrs.add(new LDAPAttribute("cn", baseDN));
attrs.add(new LDAPAttribute("nsslapd-backend", database));
@@ -632,7 +638,8 @@ public class DatabasePanel extends WizardPanelBase {
LDAPEntry entry = new LDAPEntry(dn, attrs);
conn.add(entry);
} catch (Exception e) {
- CMS.debug("Warning: database mapping tree creation error - " + e.toString());
+ CMS.debug("Warning: database mapping tree creation error - "
+ + e.toString());
throw new IOException("Failed to create the database.");
}
@@ -644,19 +651,19 @@ public class DatabasePanel extends WizardPanelBase {
String n = st.nextToken();
String v = st.nextToken();
LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc3[] = { "top", "domain"};
+ String oc3[] = { "top", "domain" };
if (n.equals("o")) {
- oc3[1] = "organization";
+ oc3[1] = "organization";
} else if (n.equals("ou")) {
- oc3[1] = "organizationalUnit";
- }
+ oc3[1] = "organizationalUnit";
+ }
attrs.add(new LDAPAttribute("objectClass", oc3));
attrs.add(new LDAPAttribute(n, v));
LDAPEntry entry = new LDAPEntry(baseDN, attrs);
conn.add(entry);
} catch (Exception e) {
CMS.debug("Warning: suffix creation error - " + e.toString());
- throw new IOException("Failed to create the base DN: "+baseDN);
+ throw new IOException("Failed to create the base DN: " + baseDN);
}
// check to see if the base dn exists
@@ -666,19 +673,23 @@ public class DatabasePanel extends WizardPanelBase {
LDAPEntry entry = conn.read(baseDN);
if (entry != null) {
- foundBaseDN = true;
+ foundBaseDN = true;
}
- } catch (LDAPException e) {}
+ } catch (LDAPException e) {
+ }
boolean createBaseDN = true;
boolean testing = false;
try {
testing = cs.getBoolean("internaldb.multipleSuffix.enable", false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (!foundBaseDN) {
if (!testing) {
- context.put("errorString", "Base DN was not found. Please make sure to create the suffix in the internal database.");
+ context.put(
+ "errorString",
+ "Base DN was not found. Please make sure to create the suffix in the internal database.");
throw new IOException("Base DN not found");
}
@@ -697,7 +708,7 @@ public class DatabasePanel extends WizardPanelBase {
// support only one level creation - create new entry
// right under the suffix
LDAPAttributeSet attrs = new LDAPAttributeSet();
- String oc[] = { "top", "organizationalUnit"};
+ String oc[] = { "top", "organizationalUnit" };
attrs.add(new LDAPAttribute("objectClass", oc));
attrs.add(new LDAPAttribute("ou", dns2[0]));
@@ -705,7 +716,7 @@ public class DatabasePanel extends WizardPanelBase {
try {
conn.add(entry);
- foundBaseDN = true;
+ foundBaseDN = true;
CMS.debug("DatabasePanel added " + baseDN);
} catch (LDAPException e) {
throw new IOException("Failed to create " + baseDN);
@@ -723,39 +734,41 @@ public class DatabasePanel extends WizardPanelBase {
}
if (select.equals("clone")) {
- // if this is clone, add index before replication
- // don't put in the schema or bad things will happen
-
- importLDIFS("preop.internaldb.ldif", conn);
- importLDIFS("preop.internaldb.index_ldif", conn);
+ // if this is clone, add index before replication
+ // don't put in the schema or bad things will happen
+
+ importLDIFS("preop.internaldb.ldif", conn);
+ importLDIFS("preop.internaldb.index_ldif", conn);
} else {
- // data will be replicated from the master to the clone
- // so clone does not need the data
- //
+ // data will be replicated from the master to the clone
+ // so clone does not need the data
+ //
- importLDIFS("preop.internaldb.schema.ldif", conn);
- importLDIFS("preop.internaldb.ldif", conn);
- importLDIFS("preop.internaldb.data_ldif", conn);
- importLDIFS("preop.internaldb.index_ldif", conn);
+ importLDIFS("preop.internaldb.schema.ldif", conn);
+ importLDIFS("preop.internaldb.ldif", conn);
+ importLDIFS("preop.internaldb.data_ldif", conn);
+ importLDIFS("preop.internaldb.index_ldif", conn);
}
try {
conn.disconnect();
- } catch (LDAPException e) {}
+ } catch (LDAPException e) {
+ }
}
- private void importLDIFS(String param, LDAPConnection conn) throws IOException {
+ private void importLDIFS(String param, LDAPConnection conn)
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
String v = null;
CMS.debug("DatabasePanel populateDB param=" + param);
try {
v = cs.getString(param);
- } catch (EBaseException e) {
+ } catch (EBaseException e) {
CMS.debug("DatabasePanel populateDB: " + e.toString());
throw new IOException("Cant find ldif files.");
}
-
+
StringTokenizer tokenizer = new StringTokenizer(v, ",");
String baseDN = null;
String database = null;
@@ -770,9 +783,8 @@ public class DatabasePanel extends WizardPanelBase {
database = cs.getString("internaldb.database");
CMS.debug("DatabasePanel update: database=" + database);
} catch (EBaseException e) {
- CMS.debug(
- "DatabasePanel update: Failed to get database name. Exception: "
- + e.toString());
+ CMS.debug("DatabasePanel update: Failed to get database name. Exception: "
+ + e.toString());
database = "userRoot";
}
@@ -787,13 +799,12 @@ public class DatabasePanel extends WizardPanelBase {
String instanceId = null;
try {
- instanceId = cs.getString("instanceId");
+ instanceId = cs.getString("instanceId");
} catch (EBaseException e) {
throw new IOException("instanceId is missing");
}
-
- String configDir = instancePath + File.separator + "conf";
+ String configDir = instancePath + File.separator + "conf";
while (tokenizer.hasMoreTokens()) {
String token = tokenizer.nextToken().trim();
@@ -807,7 +818,8 @@ public class DatabasePanel extends WizardPanelBase {
CMS.debug("DatabasePanel importLDIFS: ldif file = " + token);
String filename = configDir + File.separator + name;
- CMS.debug("DatabasePanel importLDIFS: ldif file copy to " + filename);
+ CMS.debug("DatabasePanel importLDIFS: ldif file copy to "
+ + filename);
PrintStream ps = null;
BufferedReader in = null;
@@ -846,14 +858,14 @@ public class DatabasePanel extends WizardPanelBase {
if (!endOfline) {
ps.println(s);
}
- }
+ }
}
in.close();
ps.close();
- } catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("DBSubsystem popuateDB: " + e.toString());
- throw new IOException(
- "Problem of copying ldif file: " + filename);
+ throw new IOException("Problem of copying ldif file: "
+ + filename);
}
LDAPUtil.importLDIF(conn, filename);
@@ -864,10 +876,9 @@ public class DatabasePanel extends WizardPanelBase {
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore cs = CMS.getConfigStore();
- boolean hasErr = false;
+ boolean hasErr = false;
boolean firsttime = false;
context.put("firsttime", "false");
@@ -903,17 +914,20 @@ public class DatabasePanel extends WizardPanelBase {
cs.putString("internaldb.ldapauth.bindDN", binddn);
cs.putString("internaldb.database", database2);
String secure = HttpInput.getCheckbox(request, "secureConn");
- cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false"));
+ cs.putString("internaldb.ldapconn.secureConn",
+ (secure.equals("on") ? "true" : "false"));
String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS");
- cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false"));
+ cs.putString("internaldb.ldapconn.cloneStartTLS",
+ (cloneStartTLS.equals("on") ? "true" : "false"));
String remove = HttpInput.getID(request, "removeData");
if (isPanelDone() && (remove == null || remove.equals(""))) {
- /* if user submits the same data, they just want to skip
- to the next panel, no database population is required. */
- if (hostname1.equals(hostname2) &&
- portStr1.equals(portStr2) &&
- database1.equals(database2)) {
+ /*
+ * if user submits the same data, they just want to skip to the next
+ * panel, no database population is required.
+ */
+ if (hostname1.equals(hostname2) && portStr1.equals(portStr2)
+ && database1.equals(database2)) {
context.put("updateStatus", "success");
return;
}
@@ -921,15 +935,17 @@ public class DatabasePanel extends WizardPanelBase {
mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
-
try {
- populateDB(request, context, (secure.equals("on")?"true":"false"));
+ populateDB(request, context, (secure.equals("on") ? "true"
+ : "false"));
} catch (IOException e) {
- CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString());
+ CMS.debug("DatabasePanel update: populateDB Exception: "
+ + e.toString());
context.put("updateStatus", "failure");
throw e;
} catch (Exception e) {
- CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString());
+ CMS.debug("DatabasePanel update: populateDB Exception: "
+ + e.toString());
context.put("errorString", e.toString());
cs.putString("preop.database.errorString", e.toString());
context.put("updateStatus", "failure");
@@ -950,11 +966,11 @@ public class DatabasePanel extends WizardPanelBase {
} catch (Exception e) {
CMS.debug("ConfigDatabaseServlet update: " + e.toString());
context.put("updateStatus", "failure");
- throw new IOException( e.toString() );
+ throw new IOException(e.toString());
}
psStore.putString("internaldb", bindpwd);
psStore.putString("replicationdb", replicationpwd);
- cs.putString("preop.internaldb.replicationpwd" , replicationpwd);
+ cs.putString("preop.internaldb.replicationpwd", replicationpwd);
cs.putString("preop.database.removeData", "false");
try {
@@ -983,57 +999,65 @@ public class DatabasePanel extends WizardPanelBase {
// always populate the index the last
try {
- CMS.debug("Populating local indexes");
- LDAPConnection conn = getLocalLDAPConn(context,
- (secure.equals("on")?"true":"false"));
- importLDIFS("preop.internaldb.post_ldif", conn);
-
- /* For vlvtask, we need to check if the task has
- been completed or not. Presence of nsTaskExitCode means task is complete
- */
- String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
- if (!wait_dn.equals("")) {
- int i = 0;
- LDAPEntry task = null;
- boolean taskComplete = false;
- CMS.debug("Checking wait_dn " + wait_dn);
- do {
- Thread.sleep(1000);
- try {
- task = conn.read(wait_dn, (String[])null);
- if (task != null) {
- LDAPAttribute attr = task.getAttribute("nsTaskExitCode");
- if (attr != null) {
- taskComplete = true;
- String val = (String) attr.getStringValues().nextElement();
- if (val.compareTo("0") != 0) {
- CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val);
- }
- }
+ CMS.debug("Populating local indexes");
+ LDAPConnection conn = getLocalLDAPConn(context,
+ (secure.equals("on") ? "true" : "false"));
+ importLDIFS("preop.internaldb.post_ldif", conn);
+
+ /*
+ * For vlvtask, we need to check if the task has been completed or
+ * not. Presence of nsTaskExitCode means task is complete
+ */
+ String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
+ if (!wait_dn.equals("")) {
+ int i = 0;
+ LDAPEntry task = null;
+ boolean taskComplete = false;
+ CMS.debug("Checking wait_dn " + wait_dn);
+ do {
+ Thread.sleep(1000);
+ try {
+ task = conn.read(wait_dn, (String[]) null);
+ if (task != null) {
+ LDAPAttribute attr = task
+ .getAttribute("nsTaskExitCode");
+ if (attr != null) {
+ taskComplete = true;
+ String val = (String) attr.getStringValues()
+ .nextElement();
+ if (val.compareTo("0") != 0) {
+ CMS.debug("Error in populating local indexes: nsTaskExitCode="
+ + val);
+ }
+ }
+ }
+ } catch (LDAPException le) {
+ CMS.debug("Still checking wait_dn '" + wait_dn + "' ("
+ + le.toString() + ")");
+ } catch (Exception e) {
+ CMS.debug("Still checking wait_dn '" + wait_dn + "' ("
+ + e.toString() + ").");
+ }
+ } while ((!taskComplete) && (i < 20));
+ if (i < 20) {
+ CMS.debug("Done checking wait_dn " + wait_dn);
+ } else {
+ CMS.debug("Done checking wait_dn " + wait_dn
+ + " due to timeout.");
}
- } catch (LDAPException le) {
- CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
- } catch (Exception e) {
- CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ").");
- }
- } while ((!taskComplete) && (i < 20));
- if (i < 20) {
- CMS.debug("Done checking wait_dn " + wait_dn);
- } else {
- CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout.");
}
- }
- conn.disconnect();
- CMS.debug("Done populating local indexes");
+ conn.disconnect();
+ CMS.debug("Done populating local indexes");
} catch (Exception e) {
- CMS.debug("Populating index failure - " + e);
+ CMS.debug("Populating index failure - " + e);
}
// setup replication after indexes have been created
if (select.equals("clone")) {
CMS.debug("Start setting up replication.");
- setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false"));
+ setupReplication(request, context, (secure.equals("on") ? "true"
+ : "false"), (cloneStartTLS.equals("on") ? "true" : "false"));
CMS.debug("Finish setting up replication.");
try {
@@ -1048,25 +1072,23 @@ public class DatabasePanel extends WizardPanelBase {
}
}
-
if (hasErr == false) {
- cs.putBoolean("preop.Database.done", true);
- try {
- cs.commit(false);
- } catch (EBaseException e) {
- CMS.debug(
- "DatabasePanel: update() Exception caught at config commit: "
- + e.toString());
- }
- }
+ cs.putBoolean("preop.Database.done", true);
+ try {
+ cs.commit(false);
+ } catch (EBaseException e) {
+ CMS.debug("DatabasePanel: update() Exception caught at config commit: "
+ + e.toString());
+ }
+ }
context.put("updateStatus", "success");
}
- private void setupReplication(HttpServletRequest request,
- Context context, String secure, String cloneStartTLS) throws IOException {
+ private void setupReplication(HttpServletRequest request, Context context,
+ String secure, String cloneStartTLS) throws IOException {
String bindpwd = HttpInput.getPassword(request, "__bindpwd");
IConfigStore cs = CMS.getConfigStore();
-
+
String cstype = "";
String machinename = "";
String instanceId = "";
@@ -1078,13 +1100,14 @@ public class DatabasePanel extends WizardPanelBase {
} catch (Exception e) {
}
-
- //setup replication agreement
- String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId;
+ // setup replication agreement
+ String masterAgreementName = "masterAgreement1-" + machinename + "-"
+ + instanceId;
cs.putString("internaldb.replication.master", masterAgreementName);
- String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId;
+ String cloneAgreementName = "cloneAgreement1-" + machinename + "-"
+ + instanceId;
cs.putString("internaldb.replication.consumer", cloneAgreementName);
-
+
try {
cs.commit(false);
} catch (Exception e) {
@@ -1097,11 +1120,14 @@ public class DatabasePanel extends WizardPanelBase {
String master1_replicationpwd = "";
try {
- master1_hostname = cs.getString("preop.internaldb.master.hostname", "");
+ master1_hostname = cs.getString("preop.internaldb.master.hostname",
+ "");
master1_port = cs.getInteger("preop.internaldb.master.port", -1);
master1_binddn = cs.getString("preop.internaldb.master.binddn", "");
- master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd", "");
- master1_replicationpwd = cs.getString("preop.internaldb.master.replicationpwd", "");
+ master1_bindpwd = cs.getString("preop.internaldb.master.bindpwd",
+ "");
+ master1_replicationpwd = cs.getString(
+ "preop.internaldb.master.replicationpwd", "");
} catch (Exception e) {
}
@@ -1116,21 +1142,22 @@ public class DatabasePanel extends WizardPanelBase {
master2_port = cs.getInteger("internaldb.ldapconn.port", -1);
master2_binddn = cs.getString("internaldb.ldapauth.bindDN", "");
master2_bindpwd = bindpwd;
- master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", "");
+ master2_replicationpwd = cs.getString(
+ "preop.internaldb.replicationpwd", "");
} catch (Exception e) {
}
-
+
LDAPConnection conn1 = null;
LDAPConnection conn2 = null;
if (secure.equals("true")) {
- CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap");
- conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
- } else {
- CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap");
- conn1 = new LDAPConnection();
- conn2 = new LDAPConnection();
- }
+ CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap");
+ conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ } else {
+ CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap");
+ conn1 = new LDAPConnection();
+ conn2 = new LDAPConnection();
+ }
String basedn = "";
try {
@@ -1140,19 +1167,23 @@ public class DatabasePanel extends WizardPanelBase {
try {
conn1.connect(master1_hostname, master1_port, master1_binddn,
- master1_bindpwd);
+ master1_bindpwd);
conn2.connect(master2_hostname, master2_port, master2_binddn,
- master2_bindpwd);
+ master2_bindpwd);
String suffix = cs.getString("internaldb.basedn", "");
- String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config";
- CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn);
+ String replicadn = "cn=replica,cn=\"" + suffix
+ + "\",cn=mapping tree,cn=config";
+ CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn);
- String masterBindUser = "Replication Manager " + masterAgreementName;
+ String masterBindUser = "Replication Manager "
+ + masterAgreementName;
String cloneBindUser = "Replication Manager " + cloneAgreementName;
- createReplicationManager(conn1, masterBindUser, master1_replicationpwd);
- createReplicationManager(conn2, cloneBindUser, master2_replicationpwd);
+ createReplicationManager(conn1, masterBindUser,
+ master1_replicationpwd);
+ createReplicationManager(conn2, cloneBindUser,
+ master2_replicationpwd);
String dir1 = getInstanceDir(conn1);
createChangeLog(conn1, dir1 + "/changelogs");
@@ -1162,36 +1193,43 @@ public class DatabasePanel extends WizardPanelBase {
int replicaId = cs.getInteger("dbs.beginReplicaNumber", 1);
- replicaId = enableReplication(replicadn, conn1, masterBindUser, basedn, replicaId);
- replicaId = enableReplication(replicadn, conn2, cloneBindUser, basedn, replicaId);
+ replicaId = enableReplication(replicadn, conn1, masterBindUser,
+ basedn, replicaId);
+ replicaId = enableReplication(replicadn, conn2, cloneBindUser,
+ basedn, replicaId);
cs.putString("dbs.beginReplicaNumber", Integer.toString(replicaId));
CMS.debug("DatabasePanel setupReplication: Finished enabling replication");
- createReplicationAgreement(replicadn, conn1, masterAgreementName,
- master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS);
+ createReplicationAgreement(replicadn, conn1, masterAgreementName,
+ master2_hostname, master2_port, master2_replicationpwd,
+ basedn, cloneBindUser, secure, cloneStartTLS);
- createReplicationAgreement(replicadn, conn2, cloneAgreementName,
- master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS);
+ createReplicationAgreement(replicadn, conn2, cloneAgreementName,
+ master1_hostname, master1_port, master1_replicationpwd,
+ basedn, masterBindUser, secure, cloneStartTLS);
// initialize consumer
initializeConsumer(replicadn, conn1, masterAgreementName);
- while (! replicationDone(replicadn, conn1, masterAgreementName)) {
+ while (!replicationDone(replicadn, conn1, masterAgreementName)) {
CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete");
Thread.sleep(1000);
}
- String status = replicationStatus(replicadn, conn1, masterAgreementName);
+ String status = replicationStatus(replicadn, conn1,
+ masterAgreementName);
if (!status.startsWith("0 ")) {
- CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " +
- status);
- throw new IOException("consumer initialization failed. " + status);
- }
+ CMS.debug("DatabasePanel setupReplication: consumer initialization failed. "
+ + status);
+ throw new IOException("consumer initialization failed. "
+ + status);
+ }
} catch (Exception e) {
- CMS.debug("DatabasePanel setupReplication: "+e.toString());
- throw new IOException("Failed to setup the replication for cloning.");
+ CMS.debug("DatabasePanel setupReplication: " + e.toString());
+ throw new IOException(
+ "Failed to setup the replication for cloning.");
}
}
@@ -1199,27 +1237,26 @@ public class DatabasePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
try {
- initParams(request, context);
- } catch (IOException e) {
+ initParams(request, context);
+ } catch (IOException e) {
}
context.put("title", "Database");
context.put("panel", "admin/console/config/databasepanel.vm");
}
private boolean isAgreementExist(String replicadn, LDAPConnection conn,
- String name) {
- String dn = "cn="+name+","+replicadn;
- String filter = "(cn="+name+")";
- String[] attrs = {"cn"};
+ String name) {
+ String dn = "cn=" + name + "," + replicadn;
+ String filter = "(cn=" + name + ")";
+ String[] attrs = { "cn" };
try {
LDAPSearchResults results = conn.search(dn, LDAPv3.SCOPE_SUB,
- filter, attrs, false);
+ filter, attrs, false);
while (results.hasMoreElements())
- return true;
+ return true;
} catch (LDAPException e) {
return false;
}
@@ -1227,8 +1264,8 @@ public class DatabasePanel extends WizardPanelBase {
return false;
}
- private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd)
- throws LDAPException {
+ private void createReplicationManager(LDAPConnection conn, String bindUser,
+ String pwd) throws LDAPException {
LDAPAttributeSet attrs = null;
LDAPEntry entry = null;
String dn = "cn=" + bindUser + ",cn=config";
@@ -1248,11 +1285,13 @@ public class DatabasePanel extends WizardPanelBase {
conn.delete(dn);
conn.add(entry);
} catch (LDAPException ee) {
- CMS.debug("DatabasePanel createReplicationManager: "+ee.toString());
+ CMS.debug("DatabasePanel createReplicationManager: "
+ + ee.toString());
}
return;
} else {
- CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString());
+ CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "
+ + e.toString());
throw e;
}
}
@@ -1261,7 +1300,7 @@ public class DatabasePanel extends WizardPanelBase {
}
private void createChangeLog(LDAPConnection conn, String dir)
- throws LDAPException {
+ throws LDAPException {
LDAPAttributeSet attrs = null;
LDAPEntry entry = null;
String dn = "cn=changelog5,cn=config";
@@ -1276,17 +1315,16 @@ public class DatabasePanel extends WizardPanelBase {
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used");
-/* leave it, dont delete it because it will have operation error
- try {
- conn.delete(dn);
- conn.add(entry);
- } catch (LDAPException ee) {
- CMS.debug("DatabasePanel createChangeLog: "+ee.toString());
- }
-*/
+ /*
+ * leave it, dont delete it because it will have operation error
+ * try { conn.delete(dn); conn.add(entry); } catch
+ * (LDAPException ee) {
+ * CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); }
+ */
return;
} else {
- CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "
+ + e.toString());
throw e;
}
}
@@ -1294,9 +1332,9 @@ public class DatabasePanel extends WizardPanelBase {
CMS.debug("DatabasePanel createChangeLog: Successfully create change log entry");
}
- private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id)
- throws LDAPException {
- CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn);
+ private int enableReplication(String replicadn, LDAPConnection conn,
+ String bindUser, String basedn, int id) throws LDAPException {
+ CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn);
LDAPAttributeSet attrs = null;
LDAPEntry entry = null;
try {
@@ -1306,8 +1344,8 @@ public class DatabasePanel extends WizardPanelBase {
attrs.add(new LDAPAttribute("objectclass", "extensibleobject"));
attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3"));
- attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
- "cn=" + bindUser + ",cn=config"));
+ attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser
+ + ",cn=config"));
attrs.add(new LDAPAttribute("cn", "replica"));
attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id)));
attrs.add(new LDAPAttribute("nsds5flags", "1"));
@@ -1315,49 +1353,57 @@ public class DatabasePanel extends WizardPanelBase {
conn.add(entry);
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
- /* BZ 470918 -we cant just add the new dn. We need to do a replace instead
- * until the DS code is fixed */
- CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used");
-
+ /*
+ * BZ 470918 -we cant just add the new dn. We need to do a
+ * replace instead until the DS code is fixed
+ */
+ CMS.debug("DatabasePanel enableReplication: " + replicadn
+ + " has already been used");
+
try {
entry = conn.read(replicadn);
- LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN");
- attr.addValue( "cn=" + bindUser + ",cn=config");
- LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
+ LDAPAttribute attr = entry
+ .getAttribute("nsDS5ReplicaBindDN");
+ attr.addValue("cn=" + bindUser + ",cn=config");
+ LDAPModification mod = new LDAPModification(
+ LDAPModification.REPLACE, attr);
conn.modify(replicadn, mod);
} catch (LDAPException ee) {
- CMS.debug("DatabasePanel enableReplication: Failed to modify "
- +replicadn+" entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel enableReplication: Failed to modify "
+ + replicadn + " entry. Exception: " + e.toString());
}
return id;
} else {
- CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel enableReplication: Failed to create "
+ + replicadn + " entry. Exception: " + e.toString());
return id;
}
}
- CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry.");
+ CMS.debug("DatabasePanel enableReplication: Successfully create "
+ + replicadn + " entry.");
return id + 1;
}
- private void createReplicationAgreement(String replicadn,
- LDAPConnection conn, String name, String replicahost, int replicaport,
- String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException {
- String dn = "cn="+name+","+replicadn;
- CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn);
+ private void createReplicationAgreement(String replicadn,
+ LDAPConnection conn, String name, String replicahost,
+ int replicaport, String replicapwd, String basedn, String bindUser,
+ String secure, String cloneStartTLS) throws LDAPException {
+ String dn = "cn=" + name + "," + replicadn;
+ CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn);
LDAPEntry entry = null;
LDAPAttributeSet attrs = null;
try {
attrs = new LDAPAttributeSet();
attrs.add(new LDAPAttribute("objectclass", "top"));
attrs.add(new LDAPAttribute("objectclass",
- "nsds5replicationagreement"));
+ "nsds5replicationagreement"));
attrs.add(new LDAPAttribute("cn", name));
attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost));
- attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport));
- attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
- "cn=" + bindUser + ",cn=config"));
+ attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport));
+ attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN", "cn=" + bindUser
+ + ",cn=config"));
attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple"));
attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd));
@@ -1368,50 +1414,58 @@ public class DatabasePanel extends WizardPanelBase {
}
CMS.debug("About to set description attr to " + name);
- attrs.add(new LDAPAttribute("description",name));
+ attrs.add(new LDAPAttribute("description", name));
entry = new LDAPEntry(dn, attrs);
conn.add(entry);
} catch (LDAPException e) {
if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
- CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used");
+ CMS.debug("DatabasePanel createReplicationAgreement: " + dn
+ + " has already used");
try {
conn.delete(dn);
} catch (LDAPException ee) {
- CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString());
+ CMS.debug("DatabasePanel createReplicationAgreement: "
+ + ee.toString());
throw ee;
}
try {
conn.add(entry);
} catch (LDAPException ee) {
- CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString());
+ CMS.debug("DatabasePanel createReplicationAgreement: "
+ + ee.toString());
throw ee;
}
} else {
- CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "
+ + dn + " entry. Exception: " + e.toString());
throw e;
}
}
- CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name);
+ CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "
+ + name);
}
- private void initializeConsumer(String replicadn, LDAPConnection conn,
- String name) {
- String dn = "cn="+name+","+replicadn;
- CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn);
- CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort());
+ private void initializeConsumer(String replicadn, LDAPConnection conn,
+ String name) {
+ String dn = "cn=" + name + "," + replicadn;
+ CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "
+ + dn);
+ CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "
+ + conn.getHost() + " port: " + conn.getPort());
try {
LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh",
- "start");
+ "start");
LDAPModification mod = new LDAPModification(
- LDAPModification.REPLACE, attr);
+ LDAPModification.REPLACE, attr);
CMS.debug("DatabasePanel initializeConsumer: start modifying");
conn.modify(dn, mod);
CMS.debug("DatabasePanel initializeConsumer: Finish modification.");
} catch (LDAPException e) {
- CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString());
+ CMS.debug("DatabasePanel initializeConsumer: Failed to modify "
+ + dn + " entry. Exception: " + e.toString());
return;
} catch (Exception e) {
CMS.debug("DatabasePanel initializeConsumer: exception " + e);
@@ -1422,33 +1476,35 @@ public class DatabasePanel extends WizardPanelBase {
Thread.sleep(5000);
CMS.debug("DatabasePanel initializeConsumer: finish sleeping.");
} catch (InterruptedException ee) {
- CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString());
+ CMS.debug("DatabasePanel initializeConsumer: exception: "
+ + ee.toString());
}
CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer");
}
- private boolean replicationDone(String replicadn, LDAPConnection conn, String name)
- throws IOException {
- String dn = "cn="+name+","+replicadn;
+ private boolean replicationDone(String replicadn, LDAPConnection conn,
+ String name) throws IOException {
+ String dn = "cn=" + name + "," + replicadn;
String filter = "(objectclass=*)";
- String[] attrs = {"nsds5beginreplicarefresh"};
+ String[] attrs = { "nsds5beginreplicarefresh" };
- CMS.debug("DatabasePanel replicationDone: dn: "+dn);
+ CMS.debug("DatabasePanel replicationDone: dn: " + dn);
try {
- LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, true);
+ LDAPSearchResults results = conn.search(dn,
+ LDAPConnection.SCOPE_BASE, filter, attrs, true);
int count = results.getCount();
if (count < 1) {
throw new IOException("Replication entry not found");
- }
-
+ }
+
LDAPEntry entry = results.next();
- LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh");
+ LDAPAttribute refresh = entry
+ .getAttribute("nsds5beginreplicarefresh");
if (refresh == null) {
return true;
- }
+ }
return false;
} catch (Exception e) {
CMS.debug("DatabasePanel replicationDone: exception " + e);
@@ -1456,31 +1512,33 @@ public class DatabasePanel extends WizardPanelBase {
}
}
- private String replicationStatus(String replicadn, LDAPConnection conn, String name)
- throws IOException {
- String dn = "cn="+name+","+replicadn;
+ private String replicationStatus(String replicadn, LDAPConnection conn,
+ String name) throws IOException {
+ String dn = "cn=" + name + "," + replicadn;
String filter = "(objectclass=*)";
- String[] attrs = {"nsds5replicalastinitstatus"};
+ String[] attrs = { "nsds5replicalastinitstatus" };
String status = null;
- CMS.debug("DatabasePanel replicationStatus: dn: "+dn);
+ CMS.debug("DatabasePanel replicationStatus: dn: " + dn);
try {
- LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
- attrs, false);
+ LDAPSearchResults results = conn.search(dn,
+ LDAPConnection.SCOPE_BASE, filter, attrs, false);
int count = results.getCount();
if (count < 1) {
throw new IOException("Replication entry not found");
- }
+ }
LDAPEntry entry = results.next();
- LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus");
+ LDAPAttribute attr = entry
+ .getAttribute("nsds5replicalastinitstatus");
if (attr != null) {
Enumeration valsInAttr = attr.getStringValues();
if (valsInAttr.hasMoreElements()) {
- return (String)valsInAttr.nextElement();
+ return (String) valsInAttr.nextElement();
} else {
- throw new IOException("No value returned for nsds5replicalastinitstatus");
+ throw new IOException(
+ "No value returned for nsds5replicalastinitstatus");
}
} else {
throw new IOException("nsDS5ReplicaLastInitStatus is null.");
@@ -1492,35 +1550,42 @@ public class DatabasePanel extends WizardPanelBase {
}
private String getInstanceDir(LDAPConnection conn) {
- String instancedir="";
+ String instancedir = "";
try {
String filter = "(objectclass=*)";
- String[] attrs = {"nsslapd-directory"};
- LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB,
- filter, attrs, false);
+ String[] attrs = { "nsslapd-directory" };
+ LDAPSearchResults results = conn.search(
+ "cn=config,cn=ldbm database,cn=plugins,cn=config",
+ LDAPv3.SCOPE_SUB, filter, attrs, false);
while (results.hasMoreElements()) {
LDAPEntry entry = results.next();
String dn = entry.getDN();
- CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn);
+ CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "
+ + dn);
LDAPAttributeSet entryAttrs = entry.getAttributeSet();
Enumeration attrsInSet = entryAttrs.getAttributes();
while (attrsInSet.hasMoreElements()) {
- LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement();
+ LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet
+ .nextElement();
String attrName = nextAttr.getName();
- CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName);
+ CMS.debug("DatabasePanel getInstanceDir: attribute name: "
+ + attrName);
Enumeration valsInAttr = nextAttr.getStringValues();
- while ( valsInAttr.hasMoreElements() ) {
- String nextValue = (String)valsInAttr.nextElement();
+ while (valsInAttr.hasMoreElements()) {
+ String nextValue = (String) valsInAttr.nextElement();
if (attrName.equalsIgnoreCase("nsslapd-directory")) {
- CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue);
- return nextValue.substring(0,nextValue.lastIndexOf("/db"));
+ CMS.debug("DatabasePanel getInstanceDir: instanceDir="
+ + nextValue);
+ return nextValue.substring(0,
+ nextValue.lastIndexOf("/db"));
}
}
}
}
} catch (LDAPException e) {
- CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString());
+ CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "
+ + e.toString());
}
return instancedir;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
index d8fd7526..127e233c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class DatabaseServlet extends BaseServlet {
/**
@@ -34,8 +32,7 @@ public class DatabaseServlet extends BaseServlet {
private static final long serialVersionUID = 6474664942834474385L;
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
index 1e1b6dec..b2365eb7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Locale;
@@ -42,25 +41,25 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
public class DisplayCertChainPanel extends WizardPanelBase {
- public DisplayCertChainPanel() {}
+ public DisplayCertChainPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Display Certificate Chain");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Display Certificate Chain");
setId(id);
}
-
- public boolean isSubPanel() {
+
+ public boolean isSubPanel() {
return true;
}
@@ -70,7 +69,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
return set;
}
@@ -86,8 +85,8 @@ public class DisplayCertChainPanel extends WizardPanelBase {
IConfigStore cs = CMS.getConfigStore();
// if we are root, no need to get the certificate chain.
- try {
- String select = cs.getString("securitydomain.select","");
+ try {
+ String select = cs.getString("securitydomain.select", "");
String type = cs.getString("preop.subsystem.select", "");
String hierarchy = cs.getString("preop.hierarchy.select", "");
@@ -113,11 +112,10 @@ public class DisplayCertChainPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("DisplayCertChainPanel: display");
- // update session id
+ // update session id
String session_id = request.getParameter("session_id");
if (session_id != null) {
CMS.debug("DisplayCertChainPanel setting session id.");
@@ -132,7 +130,8 @@ public class DisplayCertChainPanel extends WizardPanelBase {
try {
certchain_size = cs.getString(certChainConfigName, "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
int size = 0;
Vector v = new Vector();
@@ -140,20 +139,22 @@ public class DisplayCertChainPanel extends WizardPanelBase {
if (!certchain_size.equals("")) {
try {
size = Integer.parseInt(certchain_size);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
for (int i = 0; i < size; i++) {
certChainConfigName = "preop." + type + ".certchain." + i;
try {
String c = cs.getString(certChainConfigName, "");
byte[] b_c = CryptoUtil.base64Decode(c);
- CertPrettyPrint pp = new CertPrettyPrint(
- new X509CertImpl(b_c));
+ CertPrettyPrint pp = new CertPrettyPrint(new X509CertImpl(
+ b_c));
v.addElement(pp.toString(Locale.getDefault()));
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
}
-
+
if (getId().equals("securitydomain")) {
context.put("panelid", "securitydomain");
context.put("panelname", "Security Domain Trust Verification");
@@ -171,44 +172,48 @@ public class DisplayCertChainPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
importCertChain(getId());
if (getId().equals("securitydomain")) {
- int panel = getPanelNo()+1;
+ int panel = getPanelNo() + 1;
IConfigStore cs = CMS.getConfigStore();
try {
String sd_hostname = cs.getString("securitydomain.host", "");
- int sd_port = cs.getInteger("securitydomain.httpsadminport", -1);
+ int sd_port = cs
+ .getInteger("securitydomain.httpsadminport", -1);
String cs_hostname = cs.getString("machineName", "");
int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
String subsystem = cs.getString("cs.type", "");
- String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+ String urlVal = "https://" + cs_hostname + ":" + cs_port + "/"
+ + toLowerCaseSubsystemType(subsystem)
+ + "/admin/console/config/wizard?p=" + panel
+ + "&subsystem=" + subsystem;
String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
- String sdurl = "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
+ String sdurl = "https://" + sd_hostname + ":" + sd_port
+ + "/ca/admin/ca/securityDomainLogin?url="
+ + encodedValue;
response.sendRedirect(sdurl);
// The user previously specified the CA Security Domain's
// SSL Admin port in the "Security Domain Panel";
// now retrieve this specified CA Security Domain's
// non-SSL EE, SSL Agent, and SSL EE ports:
- cs.putString( "securitydomain.httpport",
- getSecurityDomainPort( cs, "UnSecurePort" ) );
- cs.putString("securitydomain.httpsagentport",
- getSecurityDomainPort( cs, "SecureAgentPort" ) );
- cs.putString("securitydomain.httpseeport",
- getSecurityDomainPort( cs, "SecurePort" ) );
+ cs.putString("securitydomain.httpport",
+ getSecurityDomainPort(cs, "UnSecurePort"));
+ cs.putString("securitydomain.httpsagentport",
+ getSecurityDomainPort(cs, "SecureAgentPort"));
+ cs.putString("securitydomain.httpseeport",
+ getSecurityDomainPort(cs, "SecurePort"));
} catch (Exception ee) {
- CMS.debug("DisplayCertChainPanel Exception="+ee.toString());
+ CMS.debug("DisplayCertChainPanel Exception=" + ee.toString());
}
}
context.put("updateStatus", "success");
@@ -218,8 +223,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
/* This should never be called */
context.put("title", "Display Certificate Chain");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
index 00871921..cdcc8a47 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class DisplayServlet extends BaseServlet {
/**
@@ -34,8 +32,7 @@ public class DisplayServlet extends BaseServlet {
private static final long serialVersionUID = -8753831516572779596L;
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
try {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
index 9669ddb1..c8c4d56c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.math.BigInteger;
import java.net.URLEncoder;
@@ -57,23 +56,22 @@ public class DonePanel extends WizardPanelBase {
public static final BigInteger BIG_ZERO = new BigInteger("0");
public static final Long MINUS_ONE = Long.valueOf(-1);
- public static final String RESTART_SERVER_AFTER_CONFIGURATION =
- "restart_server_after_configuration";
+ public static final String RESTART_SERVER_AFTER_CONFIGURATION = "restart_server_after_configuration";
public static final String PKI_SECURITY_DOMAIN = "pki_security_domain";
- public DonePanel() {}
+ public DonePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Done");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Done");
setId(id);
@@ -88,15 +86,13 @@ public class DonePanel extends WizardPanelBase {
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
- private LDAPConnection getLDAPConn(Context context)
- throws IOException
- {
+ private LDAPConnection getLDAPConn(Context context) throws IOException {
IConfigStore cs = CMS.getConfigStore();
String host = "";
@@ -112,8 +108,9 @@ public class DonePanel extends WizardPanelBase {
pwd = pwdStore.getPassword("internaldb");
}
- if ( pwd == null) {
- throw new IOException("DonePanel: Failed to obtain password from password store");
+ if (pwd == null) {
+ throw new IOException(
+ "DonePanel: Failed to obtain password from password store");
}
try {
@@ -138,11 +135,11 @@ public class DonePanel extends WizardPanelBase {
LDAPConnection conn = null;
if (security.equals("true")) {
- CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
- conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
} else {
- CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
- conn = new LDAPConnection();
+ CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
}
CMS.debug("DonePanel connecting to " + host + ":" + p);
@@ -153,19 +150,17 @@ public class DonePanel extends WizardPanelBase {
throw new IOException("Failed to connect to the internal database.");
}
- return conn;
+ return conn;
}
-
/**
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("DonePanel: display()");
- // update session id
+ // update session id
String session_id = request.getParameter("session_id");
if (session_id != null) {
CMS.debug("NamePanel setting session id.");
@@ -193,31 +188,32 @@ public class DonePanel extends WizardPanelBase {
instanceRoot = cs.getString("instanceRoot");
select = cs.getString("preop.subsystem.select", "");
systemdService = cs.getString("pkicreate.systemd.servicename", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
String initDaemon = "";
if (type.equals("CA")) {
- initDaemon = "pki-cad";
+ initDaemon = "pki-cad";
} else if (type.equals("KRA")) {
- initDaemon = "pki-krad";
+ initDaemon = "pki-krad";
} else if (type.equals("OCSP")) {
- initDaemon = "pki-ocspd";
+ initDaemon = "pki-ocspd";
} else if (type.equals("TKS")) {
- initDaemon = "pki-tksd";
+ initDaemon = "pki-tksd";
}
- String os = System.getProperty( "os.name" );
- if( os.equalsIgnoreCase( "Linux" ) ) {
- if (! systemdService.equals("")) {
- context.put( "initCommand", "/bin/systemctl");
- context.put( "instanceId", systemdService );
+ String os = System.getProperty("os.name");
+ if (os.equalsIgnoreCase("Linux")) {
+ if (!systemdService.equals("")) {
+ context.put("initCommand", "/bin/systemctl");
+ context.put("instanceId", systemdService);
} else {
- context.put( "initCommand", "/sbin/service " + initDaemon );
- context.put( "instanceId", instanceId );
+ context.put("initCommand", "/sbin/service " + initDaemon);
+ context.put("instanceId", instanceId);
}
} else {
- /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
- context.put( "initCommand", "/etc/init.d/" + initDaemon );
- context.put( "instanceId", instanceId );
+ /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
+ context.put("initCommand", "/etc/init.d/" + initDaemon);
+ context.put("instanceId", instanceId);
}
context.put("title", "Done");
context.put("panel", "admin/console/config/donepanel.vm");
@@ -233,7 +229,7 @@ public class DonePanel extends WizardPanelBase {
return;
} else
context.put("csstate", "0");
-
+
} catch (Exception e) {
}
@@ -267,7 +263,8 @@ public class DonePanel extends WizardPanelBase {
boolean cloneMaster = false;
- if (select.equals("clone") && type.equalsIgnoreCase("CA") && isSDHostDomainMaster(cs)) {
+ if (select.equals("clone") && type.equalsIgnoreCase("CA")
+ && isSDHostDomainMaster(cs)) {
cloneMaster = true;
CMS.debug("Cloning a domain master");
}
@@ -280,20 +277,22 @@ public class DonePanel extends WizardPanelBase {
String basedn = cs.getString("internaldb.basedn");
String secdomain = cs.getString("securitydomain.name");
- try {
+ try {
// Create security domain ldap entry
String dn = "ou=Security Domain," + basedn;
CMS.debug("DonePanel: creating ldap entry : " + dn);
-
+
LDAPEntry entry = null;
LDAPAttributeSet attrs = null;
attrs = new LDAPAttributeSet();
attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "pkiSecurityDomain"));
+ attrs.add(new LDAPAttribute("objectclass",
+ "pkiSecurityDomain"));
if (secdomain.equals("")) {
// this should not happen - just in case
CMS.debug("DonePanel display(): Security domain is an empty string!");
- throw new IOException("Security domain is an empty string!");
+ throw new IOException(
+ "Security domain is an empty string!");
} else {
attrs.add(new LDAPAttribute("name", secdomain));
}
@@ -305,29 +304,33 @@ public class DonePanel extends WizardPanelBase {
throw e;
}
- try {
+ try {
// create list containers
- String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"};
- for (int i=0; i< clist.length; i++) {
+ String clist[] = { "CAList", "OCSPList", "KRAList",
+ "RAList", "TKSList", "TPSList" };
+ for (int i = 0; i < clist.length; i++) {
LDAPEntry entry = null;
LDAPAttributeSet attrs = null;
- String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
+ String dn = "cn=" + clist[i] + ",ou=Security Domain,"
+ + basedn;
attrs = new LDAPAttributeSet();
attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup"));
+ attrs.add(new LDAPAttribute("objectclass",
+ "pkiSecurityGroup"));
attrs.add(new LDAPAttribute("cn", clist[i]));
entry = new LDAPEntry(dn, attrs);
conn.add(entry);
}
} catch (Exception e) {
- CMS.debug("Unable to create security domain list groups" );
+ CMS.debug("Unable to create security domain list groups");
throw e;
- }
+ }
try {
- // Add this host (only CA can create new domain)
+ // Add this host (only CA can create new domain)
String cn = ownhost + ":" + ownadminsport;
- String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn;
+ String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain,"
+ + basedn;
LDAPEntry entry = null;
LDAPAttributeSet attrs = null;
attrs = new LDAPAttributeSet();
@@ -336,12 +339,12 @@ public class DonePanel extends WizardPanelBase {
attrs.add(new LDAPAttribute("Host", ownhost));
attrs.add(new LDAPAttribute("SecurePort", ownsport));
attrs.add(new LDAPAttribute("SecureAgentPort",
- ownagentsport));
+ ownagentsport));
attrs.add(new LDAPAttribute("SecureAdminPort",
- ownadminsport));
+ ownadminsport));
if (owneeclientauthsport != null) {
- attrs.add(new LDAPAttribute("SecureEEClientAuthPort",
- owneeclientauthsport));
+ attrs.add(new LDAPAttribute("SecureEEClientAuthPort",
+ owneeclientauthsport));
}
attrs.add(new LDAPAttribute("UnSecurePort", ownport));
attrs.add(new LDAPAttribute("Clone", "FALSE"));
@@ -357,31 +360,32 @@ public class DonePanel extends WizardPanelBase {
CMS.debug("DonePanel display: finish updating domain info");
conn.disconnect();
} catch (Exception e) {
- CMS.debug("DonePanel display: "+e.toString());
+ CMS.debug("DonePanel display: " + e.toString());
}
int sd_admin_port_int = -1;
try {
- sd_admin_port_int = Integer.parseInt( sd_admin_port );
+ sd_admin_port_int = Integer.parseInt(sd_admin_port);
} catch (Exception e) {
}
try {
// Fetch the "new" security domain and display it
- CMS.debug( "Dump contents of new Security Domain . . ." );
- String c = getDomainXML( sd_host, sd_admin_port_int, true );
- } catch( Exception e ) {}
+ CMS.debug("Dump contents of new Security Domain . . .");
+ String c = getDomainXML(sd_host, sd_admin_port_int, true);
+ } catch (Exception e) {
+ }
// Since this instance is a new Security Domain,
// create an empty file to designate this fact.
String security_domain = instanceRoot + "/conf/"
- + PKI_SECURITY_DOMAIN;
- if( !Utils.isNT() ) {
- Utils.exec( "touch " + security_domain );
- Utils.exec( "chmod 00660 " + security_domain );
+ + PKI_SECURITY_DOMAIN;
+ if (!Utils.isNT()) {
+ Utils.exec("touch " + security_domain);
+ Utils.exec("chmod 00660 " + security_domain);
}
- } else { //existing domain
+ } else { // existing domain
int sd_agent_port_int = -1;
int sd_admin_port_int = -1;
try {
@@ -398,34 +402,30 @@ public class DonePanel extends WizardPanelBase {
cloneStr = "&clone=false";
String domainMasterStr = "";
- if (cloneMaster)
+ if (cloneMaster)
domainMasterStr = "&dm=true";
- else
- domainMasterStr = "&dm=false";
+ else
+ domainMasterStr = "&dm=false";
String eecaStr = "";
- if (owneeclientauthsport != null)
- eecaStr="&eeclientauthsport=" + owneeclientauthsport;
-
- updateDomainXML( sd_host, sd_agent_port_int, true,
- "/ca/agent/ca/updateDomainXML",
- "list=" + s
- + "&type=" + type
- + "&host=" + ownhost
- + "&name=" + subsystemName
- + "&sport=" + ownsport
- + domainMasterStr
- + cloneStr
- + "&agentsport=" + ownagentsport
- + "&adminsport=" + ownadminsport
- + eecaStr
- + "&httpport=" + ownport );
+ if (owneeclientauthsport != null)
+ eecaStr = "&eeclientauthsport=" + owneeclientauthsport;
+
+ updateDomainXML(sd_host, sd_agent_port_int, true,
+ "/ca/agent/ca/updateDomainXML", "list=" + s + "&type="
+ + type + "&host=" + ownhost + "&name="
+ + subsystemName + "&sport=" + ownsport
+ + domainMasterStr + cloneStr + "&agentsport="
+ + ownagentsport + "&adminsport="
+ + ownadminsport + eecaStr + "&httpport="
+ + ownport);
// Fetch the "updated" security domain and display it
- CMS.debug( "Dump contents of updated Security Domain . . ." );
- String c = getDomainXML( sd_host, sd_admin_port_int, true );
+ CMS.debug("Dump contents of updated Security Domain . . .");
+ String c = getDomainXML(sd_host, sd_admin_port_int, true);
} catch (Exception e) {
- context.put("errorString", "Failed to update the security domain on the domain master.");
- //return;
+ context.put("errorString",
+ "Failed to update the security domain on the domain master.");
+ // return;
}
}
@@ -436,16 +436,17 @@ public class DonePanel extends WizardPanelBase {
cs.putString("securitydomain.store", "ldap");
cs.commit(false);
} catch (Exception e) {
- CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e);
+ CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg"
+ + e);
}
-
// need to push connector information to the CA
if (type.equals("KRA") && !ca_host.equals("")) {
try {
updateConnectorInfo(ownagenthost, ownagentsport);
} catch (IOException e) {
- context.put("errorString", "Failed to update connector information.");
+ context.put("errorString",
+ "Failed to update connector information.");
return;
}
setupClientAuthUser();
@@ -469,7 +470,7 @@ public class DonePanel extends WizardPanelBase {
setupClientAuthUser();
}
-
+
if (!select.equals("clone")) {
if (type.equals("CA") || type.equals("KRA")) {
String beginRequestNumStr = "";
@@ -478,7 +479,7 @@ public class DonePanel extends WizardPanelBase {
String endSerialNumStr = "";
String requestIncStr = "";
String serialIncStr = "";
-
+
try {
endRequestNumStr = cs.getString("dbs.endRequestNumber", "");
endSerialNumStr = cs.getString("dbs.endSerialNumber", "");
@@ -492,28 +493,37 @@ public class DonePanel extends WizardPanelBase {
String serialdn = "";
if (type.equals("CA")) {
- serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn;
+ serialdn = "ou=certificateRepository,ou="
+ + type.toLowerCase() + "," + basedn;
} else {
- serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn;
- }
- LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString());
- LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange );
- conn.modify( serialdn, serialmod );
-
- String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn;
- LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString());
- LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange );
- conn.modify( requestdn, requestmod );
-
- conn.disconnect();
+ serialdn = "ou=keyRepository,ou=" + type.toLowerCase()
+ + "," + basedn;
+ }
+ LDAPAttribute attrSerialNextRange = new LDAPAttribute(
+ "nextRange", endSerialNum.add(oneNum).toString());
+ LDAPModification serialmod = new LDAPModification(
+ LDAPModification.REPLACE, attrSerialNextRange);
+ conn.modify(serialdn, serialmod);
+
+ String requestdn = "ou=" + type.toLowerCase()
+ + ",ou=requests," + basedn;
+ LDAPAttribute attrRequestNextRange = new LDAPAttribute(
+ "nextRange", endRequestNum.add(oneNum).toString());
+ LDAPModification requestmod = new LDAPModification(
+ LDAPModification.REPLACE, attrRequestNextRange);
+ conn.modify(requestdn, requestmod);
+
+ conn.disconnect();
} catch (Exception e) {
- CMS.debug("Unable to update global next range numbers: " + e);
- }
+ CMS.debug("Unable to update global next range numbers: "
+ + e);
+ }
}
- }
+ }
if (cloneMaster) {
- // cloning a domain master CA, the clone is also master of its domain
+ // cloning a domain master CA, the clone is also master of its
+ // domain
try {
cs.putString("securitydomain.host", ownhost);
cs.putString("securitydomain.httpport", ownport);
@@ -536,42 +546,58 @@ public class DonePanel extends WizardPanelBase {
String ss = st.nextToken();
if (ss.equals("sslserver"))
continue;
- cs.putString("cloning." + ss + ".nickname", cs.getString("preop.cert." + ss + ".nickname", ""));
- cs.putString("cloning." + ss + ".dn", cs.getString("preop.cert." + ss + ".dn", ""));
- cs.putString("cloning." + ss + ".keytype", cs.getString("preop.cert." + ss + ".keytype", ""));
- cs.putString("cloning." + ss + ".keyalgorithm", cs.getString("preop.cert." + ss + ".keyalgorithm", ""));
- cs.putString("cloning." + ss + ".privkey.id", cs.getString("preop.cert." + ss + ".privkey.id", ""));
- cs.putString("cloning." + ss + ".pubkey.exponent", cs.getString("preop.cert." + ss + ".pubkey.exponent", ""));
- cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString("preop.cert." + ss + ".pubkey.modulus", ""));
- cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString("preop.cert." + ss + ".pubkey.encoded", ""));
+ cs.putString("cloning." + ss + ".nickname",
+ cs.getString("preop.cert." + ss + ".nickname", ""));
+ cs.putString("cloning." + ss + ".dn",
+ cs.getString("preop.cert." + ss + ".dn", ""));
+ cs.putString("cloning." + ss + ".keytype",
+ cs.getString("preop.cert." + ss + ".keytype", ""));
+ cs.putString("cloning." + ss + ".keyalgorithm",
+ cs.getString("preop.cert." + ss + ".keyalgorithm", ""));
+ cs.putString("cloning." + ss + ".privkey.id",
+ cs.getString("preop.cert." + ss + ".privkey.id", ""));
+ cs.putString("cloning." + ss + ".pubkey.exponent", cs
+ .getString("preop.cert." + ss + ".pubkey.exponent", ""));
+ cs.putString("cloning." + ss + ".pubkey.modulus", cs.getString(
+ "preop.cert." + ss + ".pubkey.modulus", ""));
+ cs.putString("cloning." + ss + ".pubkey.encoded", cs.getString(
+ "preop.cert." + ss + ".pubkey.encoded", ""));
}
- cs.putString("cloning.module.token", cs.getString("preop.module.token", ""));
+ cs.putString("cloning.module.token",
+ cs.getString("preop.module.token", ""));
cs.putString("cloning.list", list);
// more cloning variables needed for non-ca clones
- if (! type.equals("CA")) {
+ if (!type.equals("CA")) {
String val = cs.getString("preop.ca.hostname", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.hostname", val);
val = cs.getString("preop.ca.httpport", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.httpport", val);
- val = cs.getString("preop.ca.httpsport", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val);
+ val = cs.getString("preop.ca.httpsport", "");
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.httpsport", val);
val = cs.getString("preop.ca.list", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.list", val);
val = cs.getString("preop.ca.pkcs7", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.pkcs7", val);
val = cs.getString("preop.ca.type", "");
- if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val);
+ if (val.compareTo("") != 0)
+ cs.putString("cloning.ca.type", val);
}
// save EC type for sslserver cert (if present)
- cs.putString("jss.ssl.sslserver.ectype", cs.getString("preop.cert.sslserver.ec.type", "ECDHE"));
+ cs.putString("jss.ssl.sslserver.ectype",
+ cs.getString("preop.cert.sslserver.ec.type", "ECDHE"));
cs.removeSubStore("preop");
cs.commit(false);
@@ -580,10 +606,10 @@ public class DonePanel extends WizardPanelBase {
// this server instance has been configured, it has NOT yet
// been restarted!
String restart_server = instanceRoot + "/conf/"
- + RESTART_SERVER_AFTER_CONFIGURATION;
- if( !Utils.isNT() ) {
- Utils.exec( "touch " + restart_server );
- Utils.exec( "chmod 00660 " + restart_server );
+ + RESTART_SERVER_AFTER_CONFIGURATION;
+ if (!Utils.isNT()) {
+ Utils.exec("touch " + restart_server);
+ Utils.exec("chmod 00660 " + restart_server);
}
} catch (Exception e) {
@@ -593,13 +619,11 @@ public class DonePanel extends WizardPanelBase {
context.put("csstate", "1");
}
- private void setupClientAuthUser()
- {
+ private void setupClientAuthUser() {
IConfigStore cs = CMS.getConfigStore();
// retrieve CA subsystem certificate from the CA
- IUGSubsystem system =
- (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
+ IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
String id = "";
try {
String b64 = getCASubsystemCert();
@@ -640,9 +664,8 @@ public class DonePanel extends WizardPanelBase {
}
}
-
- private void updateOCSPConfig(HttpServletResponse response)
- throws IOException {
+ private void updateOCSPConfig(HttpServletResponse response)
+ throws IOException {
IConfigStore config = CMS.getConfigStore();
String cahost = "";
int caport = -1;
@@ -661,7 +684,8 @@ public class DonePanel extends WizardPanelBase {
int ocspport = Integer.parseInt(CMS.getAgentPort());
int ocspagentport = Integer.parseInt(CMS.getAgentPort());
String session_id = CMS.getConfigSDSessionId();
- String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport;
+ String content = "xmlOutput=true&sessionID=" + session_id
+ + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport;
updateOCSPConfig(cahost, caport, true, content, response);
}
@@ -675,38 +699,43 @@ public class DonePanel extends WizardPanelBase {
if (b64.equals(""))
throw new IOException("Failed to get certificate chain.");
-
+
try {
// this could be a chain
X509Certificate[] certs = Cert.mapCertFromPKCS7(b64);
X509Certificate leafCert = null;
if (certs != null && certs.length > 0) {
- if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) {
+ if (certs[0].getSubjectDN().getName()
+ .equals(certs[0].getIssuerDN().getName())) {
leafCert = certs[certs.length - 1];
} else {
leafCert = certs[0];
}
-
- IOCSPAuthority ocsp =
- (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID);
+
+ IOCSPAuthority ocsp = (IOCSPAuthority) CMS
+ .getSubsystem(IOCSPAuthority.ID);
IDefStore defStore = ocsp.getDefaultStore();
// (1) need to normalize (sort) the chain
// (2) store certificate (and certificate chain) into
// database
- ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
- leafCert.getSubjectDN().getName(),
- BIG_ZERO,
- MINUS_ONE, null, null);
+ ICRLIssuingPointRecord rec = defStore
+ .createCRLIssuingPointRecord(leafCert
+ .getSubjectDN().getName(), BIG_ZERO,
+ MINUS_ONE, null, null);
try {
- rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
+ rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT,
+ leafCert.getEncoded());
} catch (Exception e) {
// error
}
- defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
- //log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName());
+ defStore.addCRLIssuingPoint(leafCert.getSubjectDN()
+ .getName(), rec);
+ // log(ILogger.EV_AUDIT, AuditFormat.LEVEL,
+ // "Added CA certificate " +
+ // leafCert.getSubjectDN().getName());
CMS.debug("DonePanel importCACertToOCSP: Added CA certificate.");
}
@@ -717,7 +746,8 @@ public class DonePanel extends WizardPanelBase {
throw e;
} catch (Exception e) {
CMS.debug("DonePanel importCACertToOCSP: Failed to import the certificate chain into the OCSP");
- throw new IOException("Failed to import the certificate chain into the OCSP");
+ throw new IOException(
+ "Failed to import the certificate chain into the OCSP");
}
}
@@ -748,7 +778,7 @@ public class DonePanel extends WizardPanelBase {
}
private void updateConnectorInfo(String ownagenthost, String ownagentsport)
- throws IOException {
+ throws IOException {
IConfigStore cs = CMS.getConfigStore();
int port = -1;
String url = "";
@@ -757,21 +787,29 @@ public class DonePanel extends WizardPanelBase {
try {
url = cs.getString("preop.ca.url", "");
if (!url.equals("")) {
- host = cs.getString("preop.ca.hostname", "");
- port = cs.getInteger("preop.ca.httpsadminport", -1);
- transportCert = cs.getString("kra.transport.cert", "");
+ host = cs.getString("preop.ca.hostname", "");
+ port = cs.getInteger("preop.ca.httpsadminport", -1);
+ transportCert = cs.getString("kra.transport.cert", "");
}
} catch (Exception e) {
}
if (host == null) {
- CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
+ CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
} else {
- CMS.debug("DonePanel: Transport certificate is being setup in " + url);
- String session_id = CMS.getConfigSDSessionId();
- String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id;
-
- updateConnectorInfo(host, port, true, content);
+ CMS.debug("DonePanel: Transport certificate is being setup in "
+ + url);
+ String session_id = CMS.getConfigSDSessionId();
+ String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="
+ + ownagenthost
+ + "&ca.connector.KRA.port="
+ + ownagentsport
+ + "&ca.connector.KRA.transportCert="
+ + URLEncoder.encode(transportCert)
+ + "&sessionID="
+ + session_id;
+
+ updateConnectorInfo(host, port, true, content);
}
}
@@ -793,21 +831,23 @@ public class DonePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {}
+ HttpServletResponse response, Context context) throws IOException {
+ }
/**
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {/* This should never be called */}
+ HttpServletResponse response, Context context) {/*
+ * This should never
+ * be called
+ */
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
index 9d7fc22a..561fbcf6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
@@ -50,6 +50,7 @@ public class DownloadPKCS12 extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -59,7 +60,7 @@ public class DownloadPKCS12 extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("DownloadPKCS12: processing...");
@@ -70,7 +71,7 @@ public class DownloadPKCS12 extends CMSServlet {
mRenderResult = false;
// check the pin from the session
- String pin = (String)httpReq.getSession().getAttribute("pin");
+ String pin = (String) httpReq.getSession().getAttribute("pin");
if (pin == null) {
CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie.");
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
@@ -101,18 +102,26 @@ public class DownloadPKCS12 extends CMSServlet {
httpResp.getOutputStream().write(pkcs12);
return;
} catch (Exception e) {
- CMS.debug("DownloadPKCS12 process: Exception="+e.toString());
+ CMS.debug("DownloadPKCS12 process: Exception=" + e.toString());
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {// do nothing
+ }
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
index 87cb7a7c..57af9f9a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Locale;
@@ -40,7 +39,6 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.xml.XMLObject;
-
public class GetCertChain extends CMSServlet {
/**
@@ -56,6 +54,7 @@ public class GetCertChain extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -63,11 +62,13 @@ public class GetCertChain extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
- * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+ * <li>http.param op 'displayIND' - display pretty-print of certificate
+ * chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -76,11 +77,11 @@ public class GetCertChain extends CMSServlet {
String outputString = null;
- CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain();
+ CertificateChain certChain = ((ICertAuthority) mAuthority)
+ .getCACertChain();
if (certChain == null) {
- CMS.debug(
- "GetCertChain displayChain: cannot get the certificate chain.");
+ CMS.debug("GetCertChain displayChain: cannot get the certificate chain.");
outputError(httpResp, "Error: Failed to get certificate chain.");
return;
}
@@ -95,7 +96,7 @@ public class GetCertChain extends CMSServlet {
} catch (IOException e) {
log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1",
- e.toString()));
+ e.toString()));
outputError(httpResp,
"Error: Failed to encode the certificate chain");
}
@@ -121,7 +122,15 @@ public class GetCertChain extends CMSServlet {
}
}
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
index c1010b46..456bf6c1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
@@ -59,6 +59,7 @@ public class GetConfigEntries extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -67,11 +68,13 @@ public class GetConfigEntries extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
- * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+ * <li>http.param op 'displayIND' - display pretty-print of certificate
+ * chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -84,12 +87,12 @@ public class GetConfigEntries extends CMSServlet {
authToken = authenticate(cmsReq);
} catch (Exception e) {
CMS.debug("GetConfigEntries authentication failed");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
- }
+ }
// Construct an ArgBlock
IArgBlock args = cmsReq.getHttpParams();
@@ -104,32 +107,32 @@ public class GetConfigEntries extends CMSServlet {
try {
xmlObj = new XMLObject();
} catch (Exception e) {
- CMS.debug("GetConfigEntries process: Exception: "+e.toString());
- throw new EBaseException( e.toString() );
+ CMS.debug("GetConfigEntries process: Exception: " + e.toString());
+ throw new EBaseException(e.toString());
}
Node root = xmlObj.createRoot("XMLResponse");
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
"read");
} catch (EAuthzAccessDenied e) {
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- outputError(httpResp, "Error: Not authorized");
- return;
+ outputError(httpResp, "Error: Not authorized");
+ return;
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- outputError(httpResp,
+ outputError(httpResp,
"Error: Encountered problem during authorization.");
- return;
+ return;
}
if (authzToken == null) {
- outputError(httpResp, "Error: Not authorized");
- return;
+ outputError(httpResp, "Error: Not authorized");
+ return;
}
if (op != null) {
@@ -140,9 +143,9 @@ public class GetConfigEntries extends CMSServlet {
String name1 = t.nextToken();
IConfigStore cs = config.getSubStore(name1);
Enumeration enum1 = cs.getPropertyNames();
-
+
while (enum1.hasMoreElements()) {
- String name = name1+"."+enum1.nextElement();
+ String name = name1 + "." + enum1.nextElement();
try {
String value = config.getString(name);
Node container = xmlObj.createContainer(root, "Config");
@@ -171,10 +174,10 @@ public class GetConfigEntries extends CMSServlet {
value = getLDAPPassword();
} else if (name.equals("internaldb.replication.password")) {
value = getReplicationPassword();
- } else
+ } else
continue;
}
-
+
Node container = xmlObj.createContainer(root, "Config");
xmlObj.addItemToContainer(container, "name", name);
xmlObj.addItemToContainer(container, "value", value);
@@ -208,7 +211,15 @@ public class GetConfigEntries extends CMSServlet {
return locale;
}
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
private String getLDAPPassword() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
index 74edda79..1e59bf71 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
@@ -45,7 +45,6 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
public class GetCookie extends CMSServlet {
/**
@@ -57,10 +56,8 @@ public class GetCookie extends CMSServlet {
private String mErrorFormPath = null;
private String mFormPath = null;
- private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
- "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
- private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
- "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+ private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+ private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME = "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
public GetCookie() {
super();
@@ -68,6 +65,7 @@ public class GetCookie extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -78,12 +76,13 @@ public class GetCookie extends CMSServlet {
mRandom = new Random();
mErrorFormPath = sc.getInitParameter("errorTemplatePath");
if (mOutputTemplatePath != null) {
- mFormPath = mOutputTemplatePath;
+ mFormPath = mOutputTemplatePath;
}
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -100,28 +99,27 @@ public class GetCookie extends CMSServlet {
}
IArgBlock header = CMS.createArgBlock();
- IArgBlock ctx = CMS.createArgBlock();
+ IArgBlock ctx = CMS.createArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
CMSTemplate form = null;
Locale[] locale = new Locale[1];
String url = httpReq.getParameter("url");
- CMS.debug("GetCookie before auth, url ="+url);
+ CMS.debug("GetCookie before auth, url =" + url);
String url_e = "";
URL u = null;
try {
url_e = URLDecoder.decode(url, "UTF-8");
u = new URL(url_e);
} catch (Exception eee) {
- throw new ECMSGWException(
- "GetCookie missing parameter: url");
+ throw new ECMSGWException("GetCookie missing parameter: url");
}
int index2 = url_e.indexOf("subsystem=");
String subsystem = "";
if (index2 > 0) {
- subsystem = url.substring(index2+10);
+ subsystem = url.substring(index2 + 10);
int index1 = subsystem.indexOf("&");
if (index1 > 0)
subsystem = subsystem.substring(0, index1);
@@ -131,9 +129,9 @@ public class GetCookie extends CMSServlet {
authToken = authenticate(cmsReq);
} catch (Exception e) {
CMS.debug("GetCookie authentication failed");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
header.addStringValue("sd_uid", "");
header.addStringValue("sd_pwd", "");
header.addStringValue("host", u.getHost());
@@ -149,17 +147,17 @@ public class GetCookie extends CMSServlet {
form = getTemplate(mErrorFormPath, httpReq, locale);
} catch (IOException eee) {
CMS.debug("GetCookie process: cant locate the form");
-/*
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
- }
+ /*
+ * log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ * throw new ECMSGWException(
+ * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ */
+ }
- if( form == null ) {
+ if (form == null) {
CMS.debug("GetCookie::process() - form is null!");
- throw new EBaseException( "form is null" );
+ throw new EBaseException("form is null");
}
try {
@@ -170,16 +168,17 @@ public class GetCookie extends CMSServlet {
form.renderOutput(out, argSet);
} catch (IOException ee) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ ee.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
return;
- }
+ }
String cookie = "";
String auditMessage = "";
-
+
if (authToken != null) {
String uid = authToken.getInString("uid");
String groupname = getGroupName(uid, subsystem);
@@ -187,16 +186,15 @@ public class GetCookie extends CMSServlet {
if (groupname != null) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- uid,
- ILogger.SUCCESS,
- groupname);
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.SUCCESS,
+ groupname);
audit(auditMessage);
// assign cookie
long num = mRandom.nextLong();
- cookie = num+"";
- ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
+ cookie = num + "";
+ ISecurityDomainSessionTable ctable = CMS
+ .getSecurityDomainSessionTable();
String addr = "";
try {
addr = u.getHost();
@@ -207,43 +205,42 @@ public class GetCookie extends CMSServlet {
ip = InetAddress.getByName(addr).toString();
int index = ip.indexOf("/");
if (index > 0)
- ip = ip.substring(index+1);
+ ip = ip.substring(index + 1);
} catch (Exception e) {
}
- String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip +
- "+uid;;" + uid + "+groupname;;" + groupname;
+ String auditParams = "operation;;issue_token+token;;" + cookie
+ + "+ip;;" + ip + "+uid;;" + uid + "+groupname;;"
+ + groupname;
int status = ctable.addEntry(cookie, ip, uid, groupname);
if (status == ISecurityDomainSessionTable.SUCCESS) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
- uid,
- ILogger.SUCCESS,
- auditParams);
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid,
+ ILogger.SUCCESS, auditParams);
audit(auditMessage);
} else {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
- uid,
- ILogger.FAILURE,
- auditParams);
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, uid,
+ ILogger.FAILURE, auditParams);
audit(auditMessage);
}
try {
- String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort();
+ String sd_url = "https://" + CMS.getEESSLHost() + ":"
+ + CMS.getEESSLPort();
if (!url.startsWith("$")) {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
CMS.debug("GetCookie process: cant locate the form");
-/*
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
+ /*
+ * log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
+ * e.toString())); throw new ECMSGWException(
+ * CMS.getUserMessage
+ * ("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ */
}
header.addStringValue("url", url);
@@ -251,26 +248,26 @@ public class GetCookie extends CMSServlet {
EBaseException error = null;
try {
- ServletOutputStream out = httpResp.getOutputStream();
+ ServletOutputStream out = httpResp
+ .getOutputStream();
cmsReq.setStatus(CMSRequest.SUCCESS);
- httpResp.setContentType("text/html");
- form.renderOutput(out, argSet);
+ httpResp.setContentType("text/html");
+ form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
} catch (Exception e) {
}
} else {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ROLE_ASSUME,
- uid,
- ILogger.FAILURE,
- "Enterprise " + subsystem + " Administrators");
+ LOGGING_SIGNED_AUDIT_ROLE_ASSUME, uid, ILogger.FAILURE,
+ "Enterprise " + subsystem + " Administrators");
audit(auditMessage);
}
}
@@ -278,25 +275,25 @@ public class GetCookie extends CMSServlet {
private String getGroupName(String uid, String subsystemname) {
String groupname = "";
- IUGSubsystem subsystem =
- (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID));
- if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") &&
- subsystemname.equals("CA")) {
+ IUGSubsystem subsystem = (IUGSubsystem) (CMS
+ .getSubsystem(IUGSubsystem.ID));
+ if (subsystem.isMemberOf(uid, "Enterprise CA Administrators")
+ && subsystemname.equals("CA")) {
return "Enterprise CA Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") &&
- subsystemname.equals("KRA")) {
+ } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators")
+ && subsystemname.equals("KRA")) {
return "Enterprise KRA Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") &&
- subsystemname.equals("OCSP")) {
+ } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators")
+ && subsystemname.equals("OCSP")) {
return "Enterprise OCSP Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") &&
- subsystemname.equals("TKS")) {
+ } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators")
+ && subsystemname.equals("TKS")) {
return "Enterprise TKS Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") &&
- subsystemname.equals("RA")) {
+ } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators")
+ && subsystemname.equals("RA")) {
return "Enterprise RA Administrators";
- } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") &&
- subsystemname.equals("TPS")) {
+ } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators")
+ && subsystemname.equals("TPS")) {
return "Enterprise TPS Administrators";
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
index f9e6c70e..b3d9470d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Enumeration;
@@ -48,7 +47,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class GetDomainXML extends CMSServlet {
/**
@@ -64,6 +62,7 @@ public class GetDomainXML extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -73,11 +72,13 @@ public class GetDomainXML extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
- * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+ * <li>http.param op 'displayIND' - display pretty-print of certificate
+ * chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -95,8 +96,7 @@ public class GetDomainXML extends CMSServlet {
try {
secstore = cs.getString("securitydomain.store");
basedn = cs.getString("internaldb.basedn");
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script");
}
@@ -104,7 +104,8 @@ public class GetDomainXML extends CMSServlet {
XMLObject response = new XMLObject();
Node root = response.createRoot("XMLResponse");
- if ((secstore != null) && (basedn != null) && (secstore.equals("ldap"))) {
+ if ((secstore != null) && (basedn != null)
+ && (secstore.equals("ldap"))) {
ILdapConnFactory connFactory = null;
LDAPConnection conn = null;
try {
@@ -120,64 +121,77 @@ public class GetDomainXML extends CMSServlet {
connFactory.init(ldapConfig);
conn = connFactory.getConn();
- // get the security domain name
- String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement();
+ // get the security domain name
+ String secdomain = (String) conn.read(dn)
+ .getAttribute("name").getStringValues()
+ .nextElement();
XMLObject xmlObj = new XMLObject();
Node domainInfo = xmlObj.createRoot("DomainInfo");
xmlObj.addItemToContainer(domainInfo, "Name", secdomain);
- // this should return CAList, KRAList etc.
- LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
- attrs, true, cons);
+ // this should return CAList, KRAList etc.
+ LDAPSearchResults res = conn
+ .search(dn, LDAPConnection.SCOPE_ONE, filter,
+ attrs, true, cons);
while (res.hasMoreElements()) {
int count = 0;
dn = res.next().getDN();
String listName = dn.substring(3, dn.indexOf(","));
- String subType = listName.substring(0, listName.indexOf("List"));
- Node listNode = xmlObj.createContainer(domainInfo, listName);
-
+ String subType = listName.substring(0,
+ listName.indexOf("List"));
+ Node listNode = xmlObj.createContainer(domainInfo,
+ listName);
+
filter = "objectclass=pkiSubsystem";
- LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
- attrs, false, cons);
+ LDAPSearchResults res2 = conn.search(dn,
+ LDAPConnection.SCOPE_ONE, filter, attrs, false,
+ cons);
while (res2.hasMoreElements()) {
- Node node = xmlObj.createContainer(listNode, subType);
+ Node node = xmlObj.createContainer(listNode,
+ subType);
LDAPEntry entry = res2.next();
- LDAPAttributeSet entryAttrs = entry.getAttributeSet();
+ LDAPAttributeSet entryAttrs = entry
+ .getAttributeSet();
Enumeration attrsInSet = entryAttrs.getAttributes();
while (attrsInSet.hasMoreElements()) {
- LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement();
+ LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet
+ .nextElement();
String attrName = nextAttr.getName();
- if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) {
- String attrValue = (String) nextAttr.getStringValues().nextElement();
- xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue);
+ if ((!attrName.equals("cn"))
+ && (!attrName.equals("objectClass"))) {
+ String attrValue = (String) nextAttr
+ .getStringValues().nextElement();
+ xmlObj.addItemToContainer(node,
+ securityDomainLDAPtoXML(attrName),
+ attrValue);
}
}
- count ++;
- }
- xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count));
+ count++;
+ }
+ xmlObj.addItemToContainer(listNode, "SubsystemCount",
+ Integer.toString(count));
}
// Add new xml object as string to response.
- response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString());
- }
- catch (Exception e) {
- CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString());
+ response.addItemToContainer(root, "DomainInfo",
+ xmlObj.toXMLString());
+ } catch (Exception e) {
+ CMS.debug("GetDomainXML: Failed to read domain.xml from ldap "
+ + e.toString());
status = FAILED;
- }
- finally {
- if ((conn != null) && (connFactory!= null)) {
+ } finally {
+ if ((conn != null) && (connFactory != null)) {
CMS.debug("Releasing ldap connection");
connFactory.returnConn(conn);
}
}
- }
- else {
- // get data from file store
+ } else {
+ // get data from file store
- String path = CMS.getConfigStore().getString("instanceRoot", "")
- + "/conf/domain.xml";
+ String path = CMS.getConfigStore()
+ .getString("instanceRoot", "") + "/conf/domain.xml";
CMS.debug("GetDomainXML: got path=" + path);
@@ -193,11 +207,12 @@ public class GetDomainXML extends CMSServlet {
fis.close();
CMS.debug("GetDomainXML: Done Reading domain.xml...");
- response.addItemToContainer(root, "DomainInfo", new String(buf));
- }
- catch (Exception e) {
- CMS.debug("Failed to read domain.xml from file" + e.toString());
- status = FAILED;
+ response.addItemToContainer(root, "DomainInfo", new String(
+ buf));
+ } catch (Exception e) {
+ CMS.debug("Failed to read domain.xml from file"
+ + e.toString());
+ status = FAILED;
}
}
@@ -206,23 +221,34 @@ public class GetDomainXML extends CMSServlet {
outputResult(httpResp, "application/xml", cb);
} catch (Exception e) {
- CMS.debug("GetDomainXML: Failed to send the XML output" + e.toString());
+ CMS.debug("GetDomainXML: Failed to send the XML output"
+ + e.toString());
}
}
protected String securityDomainLDAPtoXML(String attribute) {
- if (attribute.equals("host")) return "Host";
- else return attribute;
+ if (attribute.equals("host"))
+ return "Host";
+ else
+ return attribute;
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {// do nothing
+ }
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
index 02fe36c1..623acf9a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
@@ -36,7 +35,6 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.xml.XMLObject;
-
public class GetStatus extends CMSServlet {
/**
@@ -52,6 +50,7 @@ public class GetStatus extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -59,18 +58,19 @@ public class GetStatus extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
- IConfigStore config = CMS.getConfigStore();
+ IConfigStore config = CMS.getConfigStore();
String outputString = null;
- String state = config.getString("cs.state", "");
- String type = config.getString("cs.type", "");
+ String state = config.getString("cs.state", "");
+ String type = config.getString("cs.type", "");
try {
XMLObject xmlObj = null;
@@ -89,7 +89,15 @@ public class GetStatus extends CMSServlet {
}
}
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
index 0a6c5ec3..93d7e922 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
@@ -39,7 +38,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.crypto.CryptoUtil;
import com.netscape.cmsutil.xml.XMLObject;
-
public class GetSubsystemCert extends CMSServlet {
/**
@@ -55,6 +53,7 @@ public class GetSubsystemCert extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -62,7 +61,7 @@ public class GetSubsystemCert extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -75,27 +74,29 @@ public class GetSubsystemCert extends CMSServlet {
try {
nickname = cs.getString("ca.subsystem.nickname", "");
String tokenname = cs.getString("ca.subsystem.tokenname", "");
- if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname+":"+nickname;
+ if (!tokenname.equals("internal")
+ && !tokenname.equals("Internal Key Storage Token"))
+ nickname = tokenname + ":" + nickname;
} catch (Exception e) {
}
- CMS.debug("GetSubsystemCert process: nickname="+nickname);
+ CMS.debug("GetSubsystemCert process: nickname=" + nickname);
String s = "";
try {
CryptoManager cm = CryptoManager.getInstance();
X509Certificate cert = cm.findCertByNickname(nickname);
-
+
if (cert == null) {
CMS.debug("GetSubsystemCert process: subsystem cert is null");
- outputError(httpResp, "Error: Failed to get subsystem certificate.");
+ outputError(httpResp,
+ "Error: Failed to get subsystem certificate.");
return;
}
byte[] bytes = cert.getEncoded();
s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes));
} catch (Exception e) {
- CMS.debug("GetSubsystemCert process: exception: "+e.toString());
+ CMS.debug("GetSubsystemCert process: exception: " + e.toString());
}
try {
@@ -111,7 +112,15 @@ public class GetSubsystemCert extends CMSServlet {
}
}
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
index d7af0740..f4d68392 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
@@ -52,6 +52,7 @@ public class GetTokenInfo extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -60,11 +61,13 @@ public class GetTokenInfo extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
- * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+ * <li>http.param op 'displayIND' - display pretty-print of certificate
+ * chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -78,8 +81,8 @@ public class GetTokenInfo extends CMSServlet {
try {
xmlObj = new XMLObject();
} catch (Exception e) {
- CMS.debug("GetTokenInfo process: Exception: "+e.toString());
- throw new EBaseException( e.toString() );
+ CMS.debug("GetTokenInfo process: Exception: " + e.toString());
+ throw new EBaseException(e.toString());
}
Node root = xmlObj.createRoot("XMLResponse");
@@ -97,7 +100,7 @@ public class GetTokenInfo extends CMSServlet {
String name = t1.nextToken();
if (name.equals("sslserver"))
continue;
- name = "cloning."+name+".nickname";
+ name = "cloning." + name + ".nickname";
String value = "";
try {
@@ -105,7 +108,7 @@ public class GetTokenInfo extends CMSServlet {
} catch (Exception ee) {
continue;
}
-
+
Node container = xmlObj.createContainer(root, "Config");
xmlObj.addItemToContainer(container, "name", name);
xmlObj.addItemToContainer(container, "value", value);
@@ -149,6 +152,14 @@ public class GetTokenInfo extends CMSServlet {
return locale;
}
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
index bc29b34a..8d8747b9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.util.Locale;
@@ -63,6 +62,7 @@ public class GetTransportCert extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateUpdater: processing...");
@@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet {
CMS.debug("GetTransportCert authentication successful.");
} catch (Exception e) {
CMS.debug("GetTransportCert: authentication failed.");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
CMS.debug("GetTransportCert authorization successful.");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
@@ -124,19 +124,19 @@ public class GetTransportCert extends CMSServlet {
IConfigStore cs = CMS.getConfigStore();
- IKeyRecoveryAuthority kra =
- (IKeyRecoveryAuthority) mAuthority;
- ITransportKeyUnit tu = kra.getTransportKeyUnit();
- org.mozilla.jss.crypto.X509Certificate transportCert =
- tu.getCertificate();
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority;
+ ITransportKeyUnit tu = kra.getTransportKeyUnit();
+ org.mozilla.jss.crypto.X509Certificate transportCert = tu
+ .getCertificate();
- String mime64 = "";
+ String mime64 = "";
try {
mime64 = CMS.BtoA(transportCert.getEncoded());
- mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64);
- } catch (CertificateEncodingException eee) {
+ mime64 = com.netscape.cmsutil.util.Cert
+ .normalizeCertStrAndReq(mime64);
+ } catch (CertificateEncodingException eee) {
CMS.debug("GetTransportCert: Failed to encode certificate");
- }
+ }
// send success status back to the requestor
try {
@@ -154,14 +154,22 @@ public class GetTransportCert extends CMSServlet {
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {// do nothing
+ }
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
index a00b0fb7..02a2c21a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class HierarchyPanel extends WizardPanelBase {
- public HierarchyPanel() {}
+ public HierarchyPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("PKI Hierarchy");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("PKI Hierarchy");
setId(id);
@@ -56,16 +55,15 @@ public class HierarchyPanel extends WizardPanelBase {
public boolean shouldSkip() {
- // we dont need to ask the hierachy if we are
+ // we dont need to ask the hierachy if we are
// setting up a clone
try {
IConfigStore c = CMS.getConfigStore();
- String s = c.getString("preop.subsystem.select",
- null);
+ String s = c.getString("preop.subsystem.select", null);
if (s != null && s.equals("clone")) {
// mark this panel as done
- c.putString("preop.hierarchy.select","root");
- c.putString("hierarchy.select","Clone");
+ c.putString("preop.hierarchy.select", "root");
+ c.putString("hierarchy.select", "Clone");
return true;
}
} catch (EBaseException e) {
@@ -89,15 +87,16 @@ public class HierarchyPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -105,8 +104,7 @@ public class HierarchyPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "PKI Hierarchy");
IConfigStore config = CMS.getConfigStore();
@@ -117,7 +115,7 @@ public class HierarchyPanel extends WizardPanelBase {
if (s.equals("root")) {
context.put("check_root", "checked");
} else if (s.equals("join")) {
- context.put("check_join", "checked");
+ context.put("check_join", "checked");
}
} catch (Exception e) {
CMS.debug(e.toString());
@@ -134,16 +132,14 @@ public class HierarchyPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
try {
String cstype = config.getString("preop.subsystem.select", "");
@@ -163,16 +159,17 @@ public class HierarchyPanel extends WizardPanelBase {
}
if (select.equals("root")) {
- config.putString("preop.hierarchy.select", "root");
- config.putString("hierarchy.select", "Root");
+ config.putString("preop.hierarchy.select", "root");
+ config.putString("hierarchy.select", "Root");
config.putString("preop.ca.type", "sdca");
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
} else if (select.equals("join")) {
config.putString(PCERT_PREFIX + "signing.type", "remote");
config.putString("preop.hierarchy.select", "join");
- config.putString("hierarchy.select", "Subordinate");
+ config.putString("hierarchy.select", "Subordinate");
} else {
config.putString(PCERT_PREFIX + "signing.type", "remote");
CMS.debug("HierarchyPanel: invalid choice " + select);
@@ -186,6 +183,6 @@ public class HierarchyPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {}
+ HttpServletResponse response, Context context) {
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
index d4f93a9b..ce5e9795 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.IOException;
@@ -47,19 +46,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
public class ImportAdminCertPanel extends WizardPanelBase {
- public ImportAdminCertPanel() {}
+ public ImportAdminCertPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Import Administrator's Certificate");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Import Administrator's Certificate");
setId(id);
@@ -86,8 +85,7 @@ public class ImportAdminCertPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("ImportAdminCertPanel: display");
context.put("errorString", "");
context.put("title", "Import Administrator's Certificate");
@@ -102,11 +100,12 @@ public class ImportAdminCertPanel extends WizardPanelBase {
try {
type = cs.getString("preop.ca.type", "");
subsystemtype = cs.getString("cs.type", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
try {
String serialno = cs.getString("preop.admincert.serialno.0");
-
+
context.put("serialNumber", serialno);
} catch (Exception e) {
context.put("errorString", "Failed to get serial number.");
@@ -129,21 +128,26 @@ public class ImportAdminCertPanel extends WizardPanelBase {
if (ca == null) {
if (type.equals("otherca")) {
try {
- // this is a non-CA system that has elected to have its certificates
+ // this is a non-CA system that has elected to have its
+ // certificates
// signed by a CA outside of the security domain.
- // in this case, we submitted the cert request for the admin cert to
+ // in this case, we submitted the cert request for the admin
+ // cert to
// to security domain host.
caHost = cs.getString("securitydomain.host", "");
caPort = cs.getString("securitydomain.httpsadminport", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
} else if (type.equals("sdca")) {
try {
// this is a non-CA system that submitted its certs to a CA
- // within the security domain. In this case, we submitted the cert
+ // within the security domain. In this case, we submitted
+ // the cert
// request for the admin cert to this CA
caHost = cs.getString("preop.ca.hostname", "");
caPort = cs.getString("preop.ca.httpsadminport", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
} else {
// for CAs, we always generate our own admin certs
@@ -151,7 +155,8 @@ public class ImportAdminCertPanel extends WizardPanelBase {
try {
caHost = cs.getString("service.machineName", "");
caPort = cs.getString("pkicreate.admin_secure_port", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
}
String pkcs7 = "";
@@ -170,16 +175,14 @@ public class ImportAdminCertPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore cs = CMS.getConfigStore();
String type = "";
@@ -192,12 +195,13 @@ public class ImportAdminCertPanel extends WizardPanelBase {
subsystemtype = cs.getString("cs.type", "");
security_domain_type = cs.getString("securitydomain.select", "");
selected_hierarchy = cs.getString("preop.hierarchy.select", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
- ICertificateAuthority.ID);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(ICertificateAuthority.ID);
- if (ca == null) {
+ if (ca == null) {
context.put("ca", "false");
} else {
context.put("ca", "true");
@@ -206,25 +210,23 @@ public class ImportAdminCertPanel extends WizardPanelBase {
X509CertImpl certs[] = new X509CertImpl[1];
- // REMINDER: This panel is NOT used by "clones"
- if( ca != null ) {
+ // REMINDER: This panel is NOT used by "clones"
+ if (ca != null) {
String serialno = null;
- if( selected_hierarchy.equals( "root" ) ) {
- CMS.debug( "ImportAdminCertPanel update: "
- + "Root CA subsystem - "
- + "(new Security Domain)" );
+ if (selected_hierarchy.equals("root")) {
+ CMS.debug("ImportAdminCertPanel update: "
+ + "Root CA subsystem - " + "(new Security Domain)");
} else {
- CMS.debug( "ImportAdminCertPanel update: "
- + "Subordinate CA subsystem - "
- + "(new Security Domain)" );
+ CMS.debug("ImportAdminCertPanel update: "
+ + "Subordinate CA subsystem - "
+ + "(new Security Domain)");
}
try {
serialno = cs.getString("preop.admincert.serialno.0");
} catch (Exception e) {
- CMS.debug(
- "ImportAdminCertPanel update: Failed to get request id.");
+ CMS.debug("ImportAdminCertPanel update: Failed to get request id.");
context.put("updateStatus", "failure");
throw new IOException("Failed to get request id.");
}
@@ -232,37 +234,37 @@ public class ImportAdminCertPanel extends WizardPanelBase {
ICertificateRepository repost = ca.getCertificateRepository();
try {
- certs[0] = repost.getX509Certificate(
- new BigInteger(serialno, 16));
- } catch (Exception ee) {}
+ certs[0] = repost.getX509Certificate(new BigInteger(serialno,
+ 16));
+ } catch (Exception ee) {
+ }
} else {
String dir = null;
- // REMINDER: This panel is NOT used by "clones"
- if( subsystemtype.equals( "CA" ) ) {
- if( selected_hierarchy.equals( "root" ) ) {
- CMS.debug( "ImportAdminCertPanel update: "
- + "Root CA subsystem - "
- + "(existing Security Domain)" );
+ // REMINDER: This panel is NOT used by "clones"
+ if (subsystemtype.equals("CA")) {
+ if (selected_hierarchy.equals("root")) {
+ CMS.debug("ImportAdminCertPanel update: "
+ + "Root CA subsystem - "
+ + "(existing Security Domain)");
} else {
- CMS.debug( "ImportAdminCertPanel update: "
- + "Subordinate CA subsystem - "
- + "(existing Security Domain)" );
+ CMS.debug("ImportAdminCertPanel update: "
+ + "Subordinate CA subsystem - "
+ + "(existing Security Domain)");
}
} else {
- CMS.debug( "ImportAdminCertPanel update: "
- + subsystemtype
- + " subsystem" );
+ CMS.debug("ImportAdminCertPanel update: " + subsystemtype
+ + " subsystem");
}
try {
- dir = cs.getString("preop.admincert.b64", "");
+ dir = cs.getString("preop.admincert.b64", "");
CMS.debug("ImportAdminCertPanel update: dir=" + dir);
- } catch (Exception ee) {}
+ } catch (Exception ee) {
+ }
try {
- BufferedReader reader = new BufferedReader(
- new FileReader(dir));
+ BufferedReader reader = new BufferedReader(new FileReader(dir));
String b64 = "";
StringBuffer sb = new StringBuffer();
@@ -289,15 +291,15 @@ public class ImportAdminCertPanel extends WizardPanelBase {
user.setX509Certificates(certs);
ug.addUserCert(user);
} catch (LDAPException e) {
- CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString());
+ CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "
+ + e.toString());
if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
context.put("updateStatus", "failure");
throw new IOException(e.toString());
}
} catch (Exception e) {
- CMS.debug(
- "ImportAdminCertPanel update: failed to add certificate. Exception: "
- + e.toString());
+ CMS.debug("ImportAdminCertPanel update: failed to add certificate. Exception: "
+ + e.toString());
context.put("updateStatus", "failure");
throw new IOException(e.toString());
}
@@ -312,7 +314,7 @@ public class ImportAdminCertPanel extends WizardPanelBase {
public boolean shouldSkip() {
try {
IConfigStore c = CMS.getConfigStore();
- String s = c.getString("preop.subsystem.select",null);
+ String s = c.getString("preop.subsystem.select", null);
if (s != null && s.equals("clone")) {
return true;
}
@@ -322,13 +324,11 @@ public class ImportAdminCertPanel extends WizardPanelBase {
return false;
}
-
/**
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
/* This should never be called */
context.put("title", "Import Administrator Certificate");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
index 0c2e7fa0..8b0ccc0c 100755
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -36,19 +35,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class ImportCAChainPanel extends WizardPanelBase {
- public ImportCAChainPanel() {}
+ public ImportCAChainPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Import CA's Certificate Chain");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Import CA's Certificate Chain");
setId(id);
@@ -75,8 +74,7 @@ public class ImportCAChainPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("ImportCACertChain: display");
context.put("errorString", "");
context.put("title", "Import CA's Certificate Chain");
@@ -89,8 +87,9 @@ public class ImportCAChainPanel extends WizardPanelBase {
context.put("https_port", cs.getString("pkicreate.ee_secure_port"));
context.put("http_port", cs.getString("pkicreate.unsecure_port"));
} catch (EBaseException e) {
- CMS.debug("ImportCACertChain:display: Exception: " + e.toString());
- context.put("errorString", "Error loading values for Import CA Certificate Panel");
+ CMS.debug("ImportCACertChain:display: Exception: " + e.toString());
+ context.put("errorString",
+ "Error loading values for Import CA Certificate Panel");
}
ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
@@ -107,19 +106,16 @@ public class ImportCAChainPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore cs = CMS.getConfigStore();
-
context.put("errorString", "");
context.put("title", "Import CA's Certificate Chain");
context.put("panel", "admin/console/config/importcachainpanel.vm");
@@ -130,8 +126,7 @@ public class ImportCAChainPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
/* This should never be called */
IConfigStore cs = CMS.getConfigStore();
@@ -141,6 +136,7 @@ public class ImportCAChainPanel extends WizardPanelBase {
context.put("http_port", cs.getString("pkicreate.unsecure_port"));
context.put("title", "Import CA's Certificate Chain");
context.put("panel", "admin/console/config/importcachainpanel.vm");
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
index 3f54ec1c..a5efbbfe 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
@@ -61,6 +60,7 @@ public class ImportTransportCert extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateUpdater: processing...");
@@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet {
CMS.debug("ImportTransportCert authentication successful.");
} catch (Exception e) {
CMS.debug("ImportTransportCert: authentication failed.");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
CMS.debug("ImportTransportCert authorization successful.");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
@@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet {
String certsString = httpReq.getParameter("certificate");
try {
- CryptoManager cm = CryptoManager.getInstance();
- CMS.debug("ImportTransportCert: Importing certificate");
- org.mozilla.jss.crypto.X509Certificate cert =
- cm.importCACertPackage(CMS.AtoB(certsString));
- String nickName = cert.getNickname();
- CMS.debug("ImportTransportCert: nickname " + nickName);
- cs.putString("tks.drm_transport_cert_nickname", nickName);
- CMS.debug("ImportTransportCert: Commiting configuration");
- cs.commit(false);
-
- // send success status back to the requestor
+ CryptoManager cm = CryptoManager.getInstance();
+ CMS.debug("ImportTransportCert: Importing certificate");
+ org.mozilla.jss.crypto.X509Certificate cert = cm
+ .importCACertPackage(CMS.AtoB(certsString));
+ String nickName = cert.getNickname();
+ CMS.debug("ImportTransportCert: nickname " + nickName);
+ cs.putString("tks.drm_transport_cert_nickname", nickName);
+ CMS.debug("ImportTransportCert: Commiting configuration");
+ cs.commit(false);
+
+ // send success status back to the requestor
CMS.debug("ImportTransportCert: Sending response");
XMLObject xmlObj = new XMLObject();
Node root = xmlObj.createRoot("XMLResponse");
@@ -150,14 +150,22 @@ public class ImportTransportCert extends CMSServlet {
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {// do nothing
+ }
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
index da2a3ccb..b7b52129 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
@@ -36,11 +36,11 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable;
import com.netscape.cmsutil.password.IPasswordStore;
/**
- * This object stores the values for IP, uid and group based on the cookie id in LDAP.
- * Entries are stored under ou=Security Domain, ou=sessions, $basedn
+ * This object stores the values for IP, uid and group based on the cookie id in
+ * LDAP. Entries are stored under ou=Security Domain, ou=sessions, $basedn
*/
-public class LDAPSecurityDomainSessionTable
- implements ISecurityDomainSessionTable {
+public class LDAPSecurityDomainSessionTable implements
+ ISecurityDomainSessionTable {
private long m_timeToLive;
@@ -48,8 +48,7 @@ public class LDAPSecurityDomainSessionTable
m_timeToLive = timeToLive;
}
- public int addEntry(String sessionId, String ip,
- String uid, String group) {
+ public int addEntry(String sessionId, String ip, String uid, String group) {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
boolean sessions_exists = true;
@@ -61,7 +60,8 @@ public class LDAPSecurityDomainSessionTable
basedn = cs.getString("internaldb.basedn");
sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
} catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn" + e);
+ CMS.debug("SecurityDomainSessionTable: addEntry: failed to read basedn"
+ + e);
return status;
}
@@ -77,14 +77,16 @@ public class LDAPSecurityDomainSessionTable
attrs.add(new LDAPAttribute("ou", "sessions"));
entry = new LDAPEntry(sessionsdn, attrs);
conn.add(entry);
- } catch (Exception e) {
- if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) {
+ } catch (Exception e) {
+ if ((e instanceof LDAPException)
+ && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) {
// continue
} else {
- CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e);
+ CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:"
+ + e);
sessions_exists = false;
}
- }
+ }
// add new entry
try {
@@ -93,27 +95,32 @@ public class LDAPSecurityDomainSessionTable
String entrydn = "cn=" + sessionId + "," + sessionsdn;
attrs = new LDAPAttributeSet();
attrs.add(new LDAPAttribute("objectclass", "top"));
- attrs.add(new LDAPAttribute("objectclass", "securityDomainSessionEntry"));
+ attrs.add(new LDAPAttribute("objectclass",
+ "securityDomainSessionEntry"));
attrs.add(new LDAPAttribute("cn", sessionId));
attrs.add(new LDAPAttribute("host", ip));
attrs.add(new LDAPAttribute("uid", uid));
attrs.add(new LDAPAttribute("cmsUserGroup", group));
- attrs.add(new LDAPAttribute("dateOfCreate", Long.toString((new Date()).getTime())));
+ attrs.add(new LDAPAttribute("dateOfCreate", Long
+ .toString((new Date()).getTime())));
entry = new LDAPEntry(entrydn, attrs);
if (sessions_exists) {
conn.add(entry);
- CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
+ CMS.debug("SecurityDomainSessionTable: added session entry"
+ + sessionId);
status = SUCCESS;
}
- } catch(Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e);
- }
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to create session entry"
+ + sessionId + ": " + e);
+ }
try {
conn.disconnect();
} catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: " + e);
+ CMS.debug("SecurityDomainSessionTable:addEntry: Error in disconnecting from database: "
+ + e);
}
return status;
}
@@ -124,21 +131,25 @@ public class LDAPSecurityDomainSessionTable
int status = FAILURE;
try {
String basedn = cs.getString("internaldb.basedn");
- String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain," + basedn;
+ String dn = "cn=" + sessionId + ",ou=sessions,ou=Security Domain,"
+ + basedn;
conn = getLDAPConn();
conn.delete(dn);
status = SUCCESS;
} catch (Exception e) {
- if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) {
+ if ((e instanceof LDAPException)
+ && (((LDAPException) e).getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)) {
// continue
} else {
- CMS.debug("SecurityDomainSessionTable: unable to delete session " + sessionId + ": " + e);
+ CMS.debug("SecurityDomainSessionTable: unable to delete session "
+ + sessionId + ": " + e);
}
}
try {
conn.disconnect();
} catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: " + e);
+ CMS.debug("SecurityDomainSessionTable: removeEntry: Error in disconnecting from database: "
+ + e);
}
return status;
}
@@ -154,21 +165,24 @@ public class LDAPSecurityDomainSessionTable
String[] attrs = { "cn" };
conn = getLDAPConn();
- LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
- if (res.getCount() > 0) ret = true;
- } catch(Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
+ LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB,
+ filter, attrs, false);
+ if (res.getCount() > 0)
+ ret = true;
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to query session "
+ + sessionId + ": " + e);
}
try {
conn.disconnect();
} catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e);
+ CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: "
+ + e);
}
return ret;
}
-
public Enumeration getSessionIds() {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
@@ -181,27 +195,31 @@ public class LDAPSecurityDomainSessionTable
String[] attrs = { "cn" };
conn = getLDAPConn();
- LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
+ LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB,
+ filter, attrs, false);
while (res.hasMoreElements()) {
LDAPEntry entry = res.next();
ret.add(entry.getAttribute("cn").getStringValueArray()[0]);
}
} catch (LDAPException e) {
switch (e.getLDAPResultCode()) {
- case LDAPException.NO_SUCH_OBJECT:
- CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created");
- break;
- default:
- CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e);
+ case LDAPException.NO_SUCH_OBJECT:
+ CMS.debug("SecurityDomainSessionTable: getSessionIds(): no sessions have been created");
+ break;
+ default:
+ CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: "
+ + e);
}
- } catch(Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: "
+ + e);
}
try {
conn.disconnect();
} catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e);
+ CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: "
+ + e);
}
return ret.elements();
@@ -211,25 +229,28 @@ public class LDAPSecurityDomainSessionTable
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
String ret = null;
- try {
+ try {
String basedn = cs.getString("internaldb.basedn");
String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
String filter = "(cn=" + sessionId + ")";
String[] attrs = { attr };
conn = getLDAPConn();
- LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
- if (res.getCount() > 0) {
+ LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB,
+ filter, attrs, false);
+ if (res.getCount() > 0) {
LDAPEntry entry = res.next();
ret = entry.getAttribute(attr).getStringValueArray()[0];
}
- } catch(Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to query session "
+ + sessionId + ": " + e);
}
try {
conn.disconnect();
} catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: " + e);
+ CMS.debug("SecurityDomainSessionTable: isSessionIdExist: Error in disconnecting from database: "
+ + e);
}
return ret;
}
@@ -261,7 +282,7 @@ public class LDAPSecurityDomainSessionTable
public int getSize() {
IConfigStore cs = CMS.getConfigStore();
LDAPConnection conn = null;
- int ret =0;
+ int ret = 0;
try {
String basedn = cs.getString("internaldb.basedn");
@@ -270,24 +291,25 @@ public class LDAPSecurityDomainSessionTable
String[] attrs = { "cn" };
conn = getLDAPConn();
- LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
+ LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB,
+ filter, attrs, false);
ret = res.getCount();
- } catch(Exception e) {
- CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: "
+ + e);
}
try {
conn.disconnect();
} catch (Exception e) {
- CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: " + e);
+ CMS.debug("SecurityDomainSessionTable: getSessionIds: Error in disconnecting from database: "
+ + e);
}
return ret;
}
- private LDAPConnection getLDAPConn()
- throws IOException
- {
+ private LDAPConnection getLDAPConn() throws IOException {
IConfigStore cs = CMS.getConfigStore();
String host = "";
@@ -299,12 +321,13 @@ public class LDAPSecurityDomainSessionTable
IPasswordStore pwdStore = CMS.getPasswordStore();
if (pwdStore != null) {
- //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available");
+ // CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available");
pwd = pwdStore.getPassword("internaldb");
}
- if ( pwd == null) {
- throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store");
+ if (pwd == null) {
+ throw new IOException(
+ "SecurityDomainSessionTable: Failed to obtain password from password store");
}
try {
@@ -329,14 +352,15 @@ public class LDAPSecurityDomainSessionTable
LDAPConnection conn = null;
if (security.equals("true")) {
- //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap");
- conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+ // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
} else {
- //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
- conn = new LDAPConnection();
+ // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
}
- //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p);
+ // CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" +
+ // p);
try {
conn.connect(host, p, binddn, pwd);
} catch (LDAPException e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
index e7fdbe3f..844a5a36 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -27,7 +26,6 @@ import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
-
public class LoginServlet extends BaseServlet {
/**
@@ -36,14 +34,12 @@ public class LoginServlet extends BaseServlet {
private static final long serialVersionUID = -4766622132710080340L;
public boolean authenticate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
return true;
}
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
try {
@@ -52,7 +48,7 @@ public class LoginServlet extends BaseServlet {
if (pin == null) {
context.put("error", "");
} else {
- String cspin = CMS.getConfigStore().getString("preop.pin");
+ String cspin = CMS.getConfigStore().getString("preop.pin");
if (cspin != null && cspin.equals(pin)) {
// create session
@@ -62,7 +58,7 @@ public class LoginServlet extends BaseServlet {
return null;
} else {
context.put("error", "Login Failed");
- }
+ }
}
template = Velocity.getTemplate("admin/console/config/login.vm");
} catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
index a91ca979..2fcb1f2f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Locale;
@@ -43,7 +42,7 @@ public class MainPageServlet extends CMSServlet {
*
*/
private static final long serialVersionUID = 2425301522251239666L;
- private static final String PROP_AUTHORITY_ID="authorityId";
+ private static final String PROP_AUTHORITY_ID = "authorityId";
private String mAuthorityId = null;
private String mFormPath = null;
@@ -75,12 +74,12 @@ public class MainPageServlet extends CMSServlet {
form = getTemplate(mFormPath, request, locale);
} catch (IOException e) {
CMS.debug("MainPageServlet process: cant locate the form");
-/*
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
+ /*
+ * log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw
+ * new ECMSGWException(
+ * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ */
}
process(argSet, header, ctx, request, response);
@@ -90,21 +89,22 @@ public class MainPageServlet extends CMSServlet {
ServletOutputStream out = response.getOutputStream();
cmsReq.setStatus(CMSRequest.SUCCESS);
- response.setContentType("text/html");
- form.renderOutput(out, argSet);
+ response.setContentType("text/html");
+ form.renderOutput(out, argSet);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
private void process(CMSTemplateParams argSet, IArgBlock header,
- IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp)
- throws EBaseException {
+ IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp)
+ throws EBaseException {
- int num = 0;
+ int num = 0;
IArgBlock rarg = null;
IConfigStore cs = CMS.getConfigStore();
int state = 0;
@@ -125,8 +125,8 @@ public class MainPageServlet extends CMSServlet {
rarg = CMS.createArgBlock();
rarg.addStringValue("type", "admin");
rarg.addStringValue("prefix", "http");
- rarg.addIntegerValue("port",
- Integer.valueOf(CMS.getEENonSSLPort()).intValue());
+ rarg.addIntegerValue("port", Integer.valueOf(CMS.getEENonSSLPort())
+ .intValue());
rarg.addStringValue("host", host);
rarg.addStringValue("uri", adminInterface);
argSet.addRepeatRecord(rarg);
@@ -136,8 +136,8 @@ public class MainPageServlet extends CMSServlet {
rarg = CMS.createArgBlock();
rarg.addStringValue("type", "ee");
rarg.addStringValue("prefix", "https");
- rarg.addIntegerValue("port",
- Integer.valueOf(CMS.getEESSLPort()).intValue());
+ rarg.addIntegerValue("port", Integer
+ .valueOf(CMS.getEESSLPort()).intValue());
rarg.addStringValue("host", host);
rarg.addStringValue("uri", eeInterface);
argSet.addRepeatRecord(rarg);
@@ -147,8 +147,8 @@ public class MainPageServlet extends CMSServlet {
rarg = CMS.createArgBlock();
rarg.addStringValue("type", "agent");
rarg.addStringValue("prefix", "https");
- rarg.addIntegerValue("port",
- Integer.valueOf(CMS.getAgentPort()).intValue());
+ rarg.addIntegerValue("port", Integer
+ .valueOf(CMS.getAgentPort()).intValue());
rarg.addStringValue("host", host);
rarg.addStringValue("uri", agentInterface);
argSet.addRepeatRecord(rarg);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
index 38185a33..ef9255f3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -50,19 +49,20 @@ public class ModulePanel extends WizardPanelBase {
private Vector mOtherModules = null;
private Hashtable mCurrModTable = new Hashtable();
private WizardServlet mServlet = null;
- public ModulePanel() {}
+
+ public ModulePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Key Store");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Key Store");
setId(id);
@@ -71,7 +71,7 @@ public class ModulePanel extends WizardPanelBase {
public void cleanUp() throws IOException {
IConfigStore cs = CMS.getConfigStore();
- cs.putBoolean("preop.ModulePanel.done",false);
+ cs.putBoolean("preop.ModulePanel.done", false);
}
public void loadCurrModTable() {
@@ -87,9 +87,8 @@ public class ModulePanel extends WizardPanelBase {
mCurrModTable.put(mod.getName(), mod);
} // while
} catch (Exception e) {
- CMS.debug(
- "ModulePanel: Exception caught in loadCurrModTable: "
- + e.toString());
+ CMS.debug("ModulePanel: Exception caught in loadCurrModTable: "
+ + e.toString());
System.err.println("Exception caught: " + e.toString());
}
}
@@ -141,15 +140,15 @@ public class ModulePanel extends WizardPanelBase {
CMS.debug("ModulePanel: token nick name=" + token.getName());
CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn());
CMS.debug("ModulePanel: token is present?" + token.isPresent());
- if (!token.getName().equals("Internal Crypto Services Token") &&
- !token.getName().equals("NSS Generic Crypto Services")) {
+ if (!token.getName().equals("Internal Crypto Services Token")
+ && !token.getName().equals(
+ "NSS Generic Crypto Services")) {
module.addToken(token);
} else {
- CMS.debug(
- "ModulePanel: token " + token.getName()
+ CMS.debug("ModulePanel: token " + token.getName()
+ " not to be added");
}
-
+
} catch (TokenException ex) {
CMS.debug("ModulePanel:" + ex.toString());
}
@@ -181,11 +180,11 @@ public class ModulePanel extends WizardPanelBase {
if ((cn == null) || (cn.equals(""))) {
break;
}
-
+
CMS.debug("ModulePanel: got from config module: " + cn);
// create a Module object
Module module = new Module(cn, pn, img);
-
+
if (mCurrModTable.containsKey(cn)) {
CMS.debug("ModulePanel: module found: " + cn);
module.setFound(true);
@@ -194,7 +193,7 @@ public class ModulePanel extends WizardPanelBase {
loadModTokens(module, m);
}
-
+
CMS.debug("ModulePanel: adding module " + cn);
// add module to set
if (!mSupportedModules.contains(module)) {
@@ -203,39 +202,41 @@ public class ModulePanel extends WizardPanelBase {
}// for
} catch (Exception e) {
- CMS.debug(
- "ModulePanel: Exception caught in loadSupportedModules(): "
- + e.toString());
+ CMS.debug("ModulePanel: Exception caught in loadSupportedModules(): "
+ + e.toString());
System.err.println("Exception caught: " + e.toString());
}
}
public PropertySet getUsage() {
- // it a token choice. Available tokens are discovered dynamically so
+ // it a token choice. Available tokens are discovered dynamically so
// can't be a real CHOICE
PropertySet set = new PropertySet();
-
- Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* default parameter */
- "module token selection");
+
+ Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* default parameter */
+ "module token selection");
set.add("choice", tokenDesc);
-
+
return set;
}
public boolean isPanelDone() {
IConfigStore cs = CMS.getConfigStore();
try {
- boolean s = cs.getBoolean("preop.ModulePanel.done",
- false);
+ boolean s = cs.getBoolean("preop.ModulePanel.done", false);
if (s != true) {
return false;
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -248,8 +249,7 @@ public class ModulePanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("ModulePanel: display()");
context.put("title", "Key Store");
@@ -272,8 +272,8 @@ public class ModulePanel extends WizardPanelBase {
context.put("oms", mOtherModules);
context.put("sms", mSupportedModules);
// context.put("status_token", "None");
- String subpanelno = String.valueOf(getPanelNo()+1);
- CMS.debug("ModulePanel subpanelno =" +subpanelno);
+ String subpanelno = String.valueOf(getPanelNo() + 1);
+ CMS.debug("ModulePanel subpanelno =" + subpanelno);
context.put("subpanelno", subpanelno);
context.put("panel", "admin/console/config/modulepanel.vm");
}
@@ -282,17 +282,15 @@ public class ModulePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
- boolean hasErr = false;
+ HttpServletResponse response, Context context) throws IOException {
+ boolean hasErr = false;
try {
// get the value of the choice
@@ -306,13 +304,13 @@ public class ModulePanel extends WizardPanelBase {
IConfigStore config = CMS.getConfigStore();
String oldtokenname = config.getString("preop.module.token", "");
- if (!oldtokenname.equals(select))
+ if (!oldtokenname.equals(select))
mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
- if (hasErr == false) {
- config.putString("preop.module.token", select);
- config.putBoolean("preop.ModulePanel.done", true);
- }
+ if (hasErr == false) {
+ config.putString("preop.module.token", select);
+ config.putBoolean("preop.ModulePanel.done", true);
+ }
config.commit(false);
context.put("updateStatus", "success");
} catch (Exception e) {
@@ -326,8 +324,7 @@ public class ModulePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Security Module");
context.put("panel", "admin/console/config/modulepanel.vm");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
index a0a627ee..861eee16 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -27,7 +26,6 @@ import org.apache.velocity.context.Context;
import com.netscape.certsrv.apps.CMS;
-
public class ModuleServlet extends BaseServlet {
/**
@@ -36,19 +34,16 @@ public class ModuleServlet extends BaseServlet {
private static final long serialVersionUID = 6518965840466227888L;
/**
- * Collect information on where keys are to be generated.
- * Once collected, write to CS.cfg:
- * "preop.module=soft"
- * or
- * "preop.module=hard"
- *
+ * Collect information on where keys are to be generated. Once collected,
+ * write to CS.cfg: "preop.module=soft" or "preop.module=hard"
+ *
* <ul>
- * <li>http.param selection "soft" or "hard" for software token or hardware token
+ * <li>http.param selection "soft" or "hard" for software token or hardware
+ * token
* </ul>
*/
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
@@ -76,7 +71,7 @@ public class ModuleServlet extends BaseServlet {
CMS.debug("ModuleServlet: illegal selection: " + selection);
context.put("error", "failed selection");
}
-
+
} else {
CMS.debug("ModuleServlet: no selection");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
index ec3686e9..1f680b64 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
@@ -54,19 +53,19 @@ public class NamePanel extends WizardPanelBase {
private Vector mCerts = null;
private WizardServlet mServlet = null;
- public NamePanel() {}
+ public NamePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Subject Names");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Subject Names");
setId(id);
@@ -79,27 +78,39 @@ public class NamePanel extends WizardPanelBase {
public PropertySet getUsage() {
PropertySet set = new PropertySet();
- Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
- "CA Signing Certificate's DN");
+ Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameter */
+ "CA Signing Certificate's DN");
set.add("caDN", caDN);
- Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
- "SSL Server Certificate's DN");
+ Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameter */
+ "SSL Server Certificate's DN");
set.add("sslDN", sslDN);
- Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
- "CA Subsystem Certificate's DN");
+ Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameter */
+ "CA Subsystem Certificate's DN");
set.add("subsystemDN", subsystemDN);
- Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
- "OCSP Signing Certificate's DN");
+ Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameter */
+ "OCSP Signing Certificate's DN");
set.add("ocspDN", ocspDN);
@@ -124,7 +135,7 @@ public class NamePanel extends WizardPanelBase {
StringTokenizer st = new StringTokenizer(list, ",");
while (st.hasMoreTokens()) {
String t = st.nextToken();
- cs.remove("preop.cert."+t+".done");
+ cs.remove("preop.cert." + t + ".done");
}
try {
@@ -142,7 +153,8 @@ public class NamePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -159,12 +171,11 @@ public class NamePanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("NamePanel: display()");
context.put("title", "Subject Names");
- // update session id
+ // update session id
String session_id = request.getParameter("session_id");
if (session_id != null) {
CMS.debug("NamePanel setting session id.");
@@ -179,16 +190,16 @@ public class NamePanel extends WizardPanelBase {
String hselect = "";
String cstype = "";
try {
- //if CA, at the hierarchy panel, was it root or subord?
+ // if CA, at the hierarchy panel, was it root or subord?
hselect = config.getString("preop.hierarchy.select", "");
select = config.getString("preop.subsystem.select", "");
cstype = config.getString("cs.type", "");
context.put("select", select);
if (cstype.equals("CA") && hselect.equals("root")) {
- CMS.debug("NamePanel ca is root");
+ CMS.debug("NamePanel ca is root");
context.put("isRoot", "true");
} else {
- CMS.debug("NamePanel not ca or not root");
+ CMS.debug("NamePanel not ca or not root");
context.put("isRoot", "false");
}
} catch (Exception e) {
@@ -207,47 +218,53 @@ public class NamePanel extends WizardPanelBase {
int sd_admin_port = -1;
if (domaintype.equals("existing")) {
host = config.getString("securitydomain.host", "");
- sd_admin_port = config.getInteger("securitydomain.httpsadminport", -1);
+ sd_admin_port = config.getInteger(
+ "securitydomain.httpsadminport", -1);
count = getSubsystemCount(host, sd_admin_port, true, cstype);
}
while (st.hasMoreTokens()) {
String certTag = st.nextToken();
- CMS.debug("NamePanel: display() about to process certTag :" + certTag);
- String nn = config.getString(
- PCERT_PREFIX + certTag + ".nickname");
+ CMS.debug("NamePanel: display() about to process certTag :"
+ + certTag);
+ String nn = config.getString(PCERT_PREFIX + certTag
+ + ".nickname");
Cert c = new Cert(token, nn, certTag);
- String userfriendlyname = config.getString(
- PCERT_PREFIX + certTag + ".userfriendlyname");
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
+ String userfriendlyname = config.getString(PCERT_PREFIX
+ + certTag + ".userfriendlyname");
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
c.setUserFriendlyName(userfriendlyname);
- String type = config.getString(PCERT_PREFIX + certTag + ".type");
+ String type = config
+ .getString(PCERT_PREFIX + certTag + ".type");
c.setType(type);
- boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag
+ + ".enable", true);
c.setEnable(enable);
- String cert = config.getString(subsystem +"."+certTag +".cert", "");
- String certreq =
- config.getString(subsystem + "." +certTag +".certreq", "");
+ String cert = config.getString(subsystem + "." + certTag
+ + ".cert", "");
+ String certreq = config.getString(subsystem + "." + certTag
+ + ".certreq", "");
String dn = config.getString(PCERT_PREFIX + certTag + ".dn");
- boolean override = config.getBoolean(PCERT_PREFIX + certTag +
- ".cncomponent.override", true);
- //o_sd is to add o=secritydomainname
- boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag +
- "o_securitydomain", true);
- domainname = config.getString("securitydomain.name", "");
- CMS.debug("NamePanel: display() override is "+override);
- CMS.debug("NamePanel: display() o_securitydomain is "+o_sd);
- CMS.debug("NamePanel: display() domainname is "+domainname);
+ boolean override = config.getBoolean(PCERT_PREFIX + certTag
+ + ".cncomponent.override", true);
+ // o_sd is to add o=secritydomainname
+ boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag
+ + "o_securitydomain", true);
+ domainname = config.getString("securitydomain.name", "");
+ CMS.debug("NamePanel: display() override is " + override);
+ CMS.debug("NamePanel: display() o_securitydomain is " + o_sd);
+ CMS.debug("NamePanel: display() domainname is " + domainname);
boolean dnUpdated = false;
try {
- dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN");
+ dnUpdated = config.getBoolean(PCERT_PREFIX + certTag
+ + ".updatedDN");
} catch (Exception e) {
}
@@ -255,28 +272,36 @@ public class NamePanel extends WizardPanelBase {
boolean done = config.getBoolean("preop.NamePanel.done");
c.setDN(dn);
} catch (Exception e) {
- String instanceId = config.getString("service.instanceID", "");
+ String instanceId = config.getString("service.instanceID",
+ "");
if (select.equals("clone") || dnUpdated) {
c.setDN(dn);
- } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) {
- CMS.debug("NamePanel subsystemCount = "+count);
- c.setDN(dn + " "+count+
- ((!instanceId.equals(""))? (",OU=" + instanceId):"") +
- ((o_sd)? (",O=" + domainname):""));
- config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true);
+ } else if (count != 0 && override
+ && (cert.equals("") || certreq.equals(""))) {
+ CMS.debug("NamePanel subsystemCount = " + count);
+ c.setDN(dn
+ + " "
+ + count
+ + ((!instanceId.equals("")) ? (",OU=" + instanceId)
+ : "")
+ + ((o_sd) ? (",O=" + domainname) : ""));
+ config.putBoolean(
+ PCERT_PREFIX + certTag + ".updatedDN", true);
} else {
- c.setDN(dn +
- ((!instanceId.equals(""))? (",OU=" + instanceId):"") +
- ((o_sd)? (",O=" + domainname):""));
- config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true);
+ c.setDN(dn
+ + ((!instanceId.equals("")) ? (",OU=" + instanceId)
+ : "")
+ + ((o_sd) ? (",O=" + domainname) : ""));
+ config.putBoolean(
+ PCERT_PREFIX + certTag + ".updatedDN", true);
}
}
mCerts.addElement(c);
- CMS.debug(
- "NamePanel: display() added cert to mCerts: certTag "
- + certTag);
- config.putString(PCERT_PREFIX + c.getCertTag() + ".dn", c.getDN());
+ CMS.debug("NamePanel: display() added cert to mCerts: certTag "
+ + certTag);
+ config.putString(PCERT_PREFIX + c.getCertTag() + ".dn",
+ c.getDN());
}// while
} catch (EBaseException e) {
CMS.debug("NamePanel: display() exception caught:" + e.toString());
@@ -302,7 +327,8 @@ public class NamePanel extends WizardPanelBase {
try {
config.putString("preop.ca.list", list.toString());
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
context.put("urls", v);
@@ -316,8 +342,7 @@ public class NamePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
Enumeration c = mCerts.elements();
while (c.hasMoreElements()) {
@@ -328,30 +353,34 @@ public class NamePanel extends WizardPanelBase {
if (dn == null || dn.length() == 0) {
context.put("updateStatus", "validate-failure");
- throw new IOException("Empty DN for " + cert.getUserFriendlyName());
+ throw new IOException("Empty DN for "
+ + cert.getUserFriendlyName());
}
}
} // while
}
- /*
+ /*
* update some parameters for clones
*/
- public void updateCloneConfig(IConfigStore config)
- throws EBaseException, IOException {
+ public void updateCloneConfig(IConfigStore config) throws EBaseException,
+ IOException {
String cstype = config.getString("cs.type", null);
cstype = toLowerCaseSubsystemType(cstype);
if (cstype.equals("kra")) {
String token = config.getString(PRE_CONF_CA_TOKEN);
if (!token.equals("Internal Key Storage Token")) {
- CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");
- String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem");
+ CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");
+ String subsystem = config.getString(PCERT_PREFIX
+ + "storage.subsystem");
String storageNickname = getNickname(config, "storage");
String transportNickname = getNickname(config, "transport");
config.putString(subsystem + ".storageUnit.hardware", token);
- config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname);
- config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname);
+ config.putString(subsystem + ".storageUnit.nickName", token
+ + ":" + storageNickname);
+ config.putString(subsystem + ".transportUnit.nickName", token
+ + ":" + transportNickname);
config.commit(false);
} else { // software token
// parameters already set
@@ -359,14 +388,19 @@ public class NamePanel extends WizardPanelBase {
}
// audit signing cert
- String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", "");
- String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", "");
- if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- audit_tk + ":" + audit_nn);
+ String audit_nn = config.getString(cstype + ".audit_signing"
+ + ".nickname", "");
+ String audit_tk = config.getString(cstype + ".audit_signing"
+ + ".tokenname", "");
+ if (!audit_tk.equals("Internal Key Storage Token")
+ && !audit_tk.equals("")) {
+ config.putString(
+ "log.instance.SignedAudit.signedAuditCertNickname",
+ audit_tk + ":" + audit_nn);
} else {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- audit_nn);
+ config.putString(
+ "log.instance.SignedAudit.signedAuditCertNickname",
+ audit_nn);
}
}
@@ -374,9 +408,10 @@ public class NamePanel extends WizardPanelBase {
* get some of the "preop" parameters to persisting parameters
*/
public void updateConfig(IConfigStore config, String certTag)
- throws EBaseException, IOException {
+ throws EBaseException, IOException {
String token = config.getString(PRE_CONF_CA_TOKEN);
- String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
CMS.debug("NamePanel: subsystem " + subsystem);
String nickname = getNickname(config, certTag);
@@ -385,38 +420,46 @@ public class NamePanel extends WizardPanelBase {
// should change the entire system to use the uniformed names later
if (certTag.equals("signing") || certTag.equals("ocsp_signing")) {
CMS.debug("NamePanel: setting signing nickname=" + nickname);
- config.putString(subsystem + "." + certTag + ".cacertnickname", nickname);
- config.putString(subsystem + "." + certTag + ".certnickname", nickname);
+ config.putString(subsystem + "." + certTag + ".cacertnickname",
+ nickname);
+ config.putString(subsystem + "." + certTag + ".certnickname",
+ nickname);
}
- // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg
+ // if KRA, hardware token needs param "kra.storageUnit.hardware" in
+ // CS.cfg
String cstype = config.getString("cs.type", null);
cstype = toLowerCaseSubsystemType(cstype);
if (cstype.equals("kra")) {
- if (!token.equals("Internal Key Storage Token")) {
- if (certTag.equals("storage")) {
- config.putString(subsystem + ".storageUnit.hardware", token);
- config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname);
- } else if (certTag.equals("transport")) {
- config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname);
- }
- } else { // software token
- if (certTag.equals("storage")) {
- config.putString(subsystem + ".storageUnit.nickName", nickname);
- } else if (certTag.equals("transport")) {
- config.putString(subsystem + ".transportUnit.nickName", nickname);
- }
- }
+ if (!token.equals("Internal Key Storage Token")) {
+ if (certTag.equals("storage")) {
+ config.putString(subsystem + ".storageUnit.hardware", token);
+ config.putString(subsystem + ".storageUnit.nickName", token
+ + ":" + nickname);
+ } else if (certTag.equals("transport")) {
+ config.putString(subsystem + ".transportUnit.nickName",
+ token + ":" + nickname);
+ }
+ } else { // software token
+ if (certTag.equals("storage")) {
+ config.putString(subsystem + ".storageUnit.nickName",
+ nickname);
+ } else if (certTag.equals("transport")) {
+ config.putString(subsystem + ".transportUnit.nickName",
+ nickname);
+ }
+ }
}
String serverCertNickname = nickname;
String path = CMS.getConfigStore().getString("instanceRoot", "");
if (certTag.equals("sslserver")) {
- if (!token.equals("Internal Key Storage Token")) {
- serverCertNickname = token+":"+nickname;
+ if (!token.equals("Internal Key Storage Token")) {
+ serverCertNickname = token + ":" + nickname;
}
- File file = new File(path+"/conf/serverCertNick.conf");
- PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf"));
+ File file = new File(path + "/conf/serverCertNick.conf");
+ PrintStream ps = new PrintStream(new FileOutputStream(path
+ + "/conf/serverCertNick.conf"));
ps.println(serverCertNickname);
ps.close();
}
@@ -424,25 +467,29 @@ public class NamePanel extends WizardPanelBase {
config.putString(subsystem + "." + certTag + ".nickname", nickname);
config.putString(subsystem + "." + certTag + ".tokenname", token);
if (certTag.equals("audit_signing")) {
- if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- token + ":" + nickname);
- } else {
- config.putString("log.instance.SignedAudit.signedAuditCertNickname",
- nickname);
- }
+ if (!token.equals("Internal Key Storage Token")
+ && !token.equals("")) {
+ config.putString(
+ "log.instance.SignedAudit.signedAuditCertNickname",
+ token + ":" + nickname);
+ } else {
+ config.putString(
+ "log.instance.SignedAudit.signedAuditCertNickname",
+ nickname);
+ }
}
/*
- config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm",
- "SHA1withRSA");
+ * config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm",
+ * "SHA1withRSA");
*/
// for system certs verification
- if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
+ if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
config.putString(subsystem + ".cert." + certTag + ".nickname",
- token + ":" + nickname);
+ token + ":" + nickname);
} else {
- config.putString(subsystem + ".cert." + certTag + ".nickname", nickname);
+ config.putString(subsystem + ".cert." + certTag + ".nickname",
+ nickname);
}
config.commit(false);
@@ -453,13 +500,13 @@ public class NamePanel extends WizardPanelBase {
* create and sign a cert locally (handles both "selfsign" and "local")
*/
public void configCert(HttpServletRequest request,
- HttpServletResponse response,
- Context context, Cert certObj) throws IOException {
+ HttpServletResponse response, Context context, Cert certObj)
+ throws IOException {
CMS.debug("NamePanel: configCert called");
IConfigStore config = CMS.getConfigStore();
String caType = certObj.getType();
- CMS.debug("NamePanel: in configCert caType is "+ caType);
+ CMS.debug("NamePanel: in configCert caType is " + caType);
X509CertImpl cert = null;
String certTag = certObj.getCertTag();
@@ -469,31 +516,40 @@ public class NamePanel extends WizardPanelBase {
String v = config.getString("preop.ca.type", "");
CMS.debug("NamePanel configCert: remote CA");
- String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX,
- certObj, context);
+ String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX,
+ certObj, context);
certObj.setRequest(pkcs10);
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
config.putString(subsystem + "." + certTag + ".certreq", pkcs10);
- String profileId = config.getString(PCERT_PREFIX+certTag+".profile");
+ String profileId = config.getString(PCERT_PREFIX + certTag
+ + ".profile");
String session_id = CMS.getConfigSDSessionId();
String sd_hostname = "";
int sd_ee_port = -1;
try {
sd_hostname = config.getString("securitydomain.host", "");
- sd_ee_port = config.getInteger("securitydomain.httpseeport", -1);
+ sd_ee_port = config.getInteger(
+ "securitydomain.httpseeport", -1);
} catch (Exception ee) {
- CMS.debug("NamePanel: configCert() exception caught:"+ee.toString());
+ CMS.debug("NamePanel: configCert() exception caught:"
+ + ee.toString());
}
String sysType = config.getString("cs.type", "");
String machineName = config.getString("machineName", "");
String securePort = config.getString("service.securePort", "");
if (certTag.equals("subsystem")) {
- String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id;
- cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
- content, response, this);
+ String content = "requestor_name=" + sysType + "-"
+ + machineName + "-" + securePort + "&profileId="
+ + profileId
+ + "&cert_request_type=pkcs10&cert_request="
+ + URLEncoder.encode(pkcs10, "UTF-8")
+ + "&xmlOutput=true&sessionID=" + session_id;
+ cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
+ content, response, this);
if (cert == null) {
- throw new IOException("Error: remote certificate is null");
+ throw new IOException(
+ "Error: remote certificate is null");
}
} else if (v.equals("sdca")) {
String ca_hostname = "";
@@ -504,96 +560,105 @@ public class NamePanel extends WizardPanelBase {
} catch (Exception ee) {
}
- String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id;
- cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
- content, response, this);
+ String content = "requestor_name=" + sysType + "-"
+ + machineName + "-" + securePort + "&profileId="
+ + profileId
+ + "&cert_request_type=pkcs10&cert_request="
+ + URLEncoder.encode(pkcs10, "UTF-8")
+ + "&xmlOutput=true&sessionID=" + session_id;
+ cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
+ content, response, this);
if (cert == null) {
- throw new IOException("Error: remote certificate is null");
+ throw new IOException(
+ "Error: remote certificate is null");
}
} else if (v.equals("otherca")) {
config.putString(subsystem + "." + certTag + ".cert",
"...paste certificate here...");
- } else {
+ } else {
CMS.debug("NamePanel: no preop.ca.type is provided");
- }
+ }
} else { // not remote CA, ie, self-signed or local
ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID);
if (ca == null) {
String s = PCERT_PREFIX + certTag + ".type";
- CMS.debug(
- "The value for " + s
+ CMS.debug("The value for " + s
+ " should be remote, nothing else.");
- throw new IOException(
- "The value for " + s + " should be remote");
- }
-
- String pubKeyType = config.getString(
- PCERT_PREFIX + certTag + ".keytype");
+ throw new IOException("The value for " + s
+ + " should be remote");
+ }
+
+ String pubKeyType = config.getString(PCERT_PREFIX + certTag
+ + ".keytype");
if (pubKeyType.equals("rsa")) {
- String pubKeyModulus = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.modulus");
- String pubKeyPublicExponent = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.exponent");
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
-
- if (certTag.equals("signing")) {
- X509Key x509key = CryptoUtil.getPublicX509Key(
- CryptoUtil.string2byte(pubKeyModulus),
- CryptoUtil.string2byte(pubKeyPublicExponent));
-
- cert = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, caType, context);
- } else {
- String cacert = config.getString("ca.signing.cert", "");
-
- if (cacert.equals("") || cacert.startsWith("...")) {
- certObj.setCert(
- "...certificate be generated internally...");
- config.putString(subsystem + "." + certTag + ".cert",
- "...certificate be generated internally...");
- } else {
+ String pubKeyModulus = config.getString(PCERT_PREFIX
+ + certTag + ".pubkey.modulus");
+ String pubKeyPublicExponent = config.getString(PCERT_PREFIX
+ + certTag + ".pubkey.exponent");
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
+
+ if (certTag.equals("signing")) {
X509Key x509key = CryptoUtil.getPublicX509Key(
CryptoUtil.string2byte(pubKeyModulus),
CryptoUtil.string2byte(pubKeyPublicExponent));
cert = CertUtil.createLocalCert(config, x509key,
PCERT_PREFIX, certTag, caType, context);
+ } else {
+ String cacert = config.getString("ca.signing.cert", "");
+
+ if (cacert.equals("") || cacert.startsWith("...")) {
+ certObj.setCert("...certificate be generated internally...");
+ config.putString(subsystem + "." + certTag
+ + ".cert",
+ "...certificate be generated internally...");
+ } else {
+ X509Key x509key = CryptoUtil.getPublicX509Key(
+ CryptoUtil.string2byte(pubKeyModulus),
+ CryptoUtil
+ .string2byte(pubKeyPublicExponent));
+
+ cert = CertUtil.createLocalCert(config, x509key,
+ PCERT_PREFIX, certTag, caType, context);
+ }
}
- }
} else if (pubKeyType.equals("ecc")) {
- String pubKeyEncoded = config.getString(
- PCERT_PREFIX + certTag + ".pubkey.encoded");
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
-
- if (certTag.equals("signing")) {
-
- X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
- cert = CertUtil.createLocalCert(config, x509key,
- PCERT_PREFIX, certTag, caType, context);
- } else {
- String cacert = config.getString("ca.signing.cert", "");
-
- if (cacert.equals("") || cacert.startsWith("...")) {
- certObj.setCert(
- "...certificate be generated internally...");
- config.putString(subsystem + "." + certTag + ".cert",
- "...certificate be generated internally...");
- } else {
- X509Key x509key = CryptoUtil.getPublicX509ECCKey(
- CryptoUtil.string2byte(pubKeyEncoded));
+ String pubKeyEncoded = config.getString(PCERT_PREFIX
+ + certTag + ".pubkey.encoded");
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
+
+ if (certTag.equals("signing")) {
+ X509Key x509key = CryptoUtil
+ .getPublicX509ECCKey(CryptoUtil
+ .string2byte(pubKeyEncoded));
cert = CertUtil.createLocalCert(config, x509key,
PCERT_PREFIX, certTag, caType, context);
+ } else {
+ String cacert = config.getString("ca.signing.cert", "");
+
+ if (cacert.equals("") || cacert.startsWith("...")) {
+ certObj.setCert("...certificate be generated internally...");
+ config.putString(subsystem + "." + certTag
+ + ".cert",
+ "...certificate be generated internally...");
+ } else {
+ X509Key x509key = CryptoUtil
+ .getPublicX509ECCKey(CryptoUtil
+ .string2byte(pubKeyEncoded));
+
+ cert = CertUtil.createLocalCert(config, x509key,
+ PCERT_PREFIX, certTag, caType, context);
+ }
}
- }
} else {
- // invalid key type
- CMS.debug("Invalid key type " + pubKeyType);
+ // invalid key type
+ CMS.debug("Invalid key type " + pubKeyType);
}
if (cert != null) {
if (certTag.equals("subsystem"))
@@ -605,9 +670,9 @@ public class NamePanel extends WizardPanelBase {
byte[] certb = cert.getEncoded();
String certs = CryptoUtil.base64Encode(certb);
- // certObj.setCert(certs);
- String subsystem = config.getString(
- PCERT_PREFIX + certTag + ".subsystem");
+ // certObj.setCert(certs);
+ String subsystem = config.getString(PCERT_PREFIX + certTag
+ + ".subsystem");
config.putString(subsystem + "." + certTag + ".cert", certs);
}
config.commit(false);
@@ -617,72 +682,76 @@ public class NamePanel extends WizardPanelBase {
CMS.debug("NamePanel configCert() exception caught:" + e.toString());
}
}
-
+
public void configCertWithTag(HttpServletRequest request,
- HttpServletResponse response,
- Context context, String tag) throws IOException
- {
- CMS.debug("NamePanel: configCertWithTag start");
- Enumeration c = mCerts.elements();
- IConfigStore config = CMS.getConfigStore();
-
- while (c.hasMoreElements()) {
- Cert cert = (Cert) c.nextElement();
- String ct = cert.getCertTag();
- CMS.debug("NamePanel: configCertWithTag ct=" + ct +
- " tag=" +tag);
- if (ct.equals(tag)) {
- try {
- String nickname = HttpInput.getNickname(request, ct + "_nick");
- if (nickname != null) {
- CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname);
- config.putString(PCERT_PREFIX + ct + ".nickname", nickname);
- cert.setNickname(nickname);
- config.commit(false);
- }
- String dn = HttpInput.getDN(request, ct);
- if (dn != null) {
- config.putString(PCERT_PREFIX + ct + ".dn", dn);
- config.commit(false);
- }
- } catch (Exception e) {
- CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString());
- }
+ HttpServletResponse response, Context context, String tag)
+ throws IOException {
+ CMS.debug("NamePanel: configCertWithTag start");
+ Enumeration c = mCerts.elements();
+ IConfigStore config = CMS.getConfigStore();
- configCert(request, response, context, cert);
- CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
- return;
+ while (c.hasMoreElements()) {
+ Cert cert = (Cert) c.nextElement();
+ String ct = cert.getCertTag();
+ CMS.debug("NamePanel: configCertWithTag ct=" + ct + " tag=" + tag);
+ if (ct.equals(tag)) {
+ try {
+ String nickname = HttpInput.getNickname(request, ct
+ + "_nick");
+ if (nickname != null) {
+ CMS.debug("configCertWithTag: Setting nickname for "
+ + ct + " to " + nickname);
+ config.putString(PCERT_PREFIX + ct + ".nickname",
+ nickname);
+ cert.setNickname(nickname);
+ config.commit(false);
+ }
+ String dn = HttpInput.getDN(request, ct);
+ if (dn != null) {
+ config.putString(PCERT_PREFIX + ct + ".dn", dn);
+ config.commit(false);
+ }
+ } catch (Exception e) {
+ CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for "
+ + ct + ": " + e.toString());
}
- }
- CMS.debug("NamePanel: configCertWithTag done");
+
+ configCert(request, response, context, cert);
+ CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
+ return;
+ }
+ }
+ CMS.debug("NamePanel: configCertWithTag done");
}
- private boolean inputChanged(HttpServletRequest request)
- throws IOException {
- IConfigStore config = CMS.getConfigStore();
-
+ private boolean inputChanged(HttpServletRequest request) throws IOException {
+ IConfigStore config = CMS.getConfigStore();
+
boolean hasChanged = false;
try {
Enumeration c = mCerts.elements();
while (c.hasMoreElements()) {
Cert cert = (Cert) c.nextElement();
- String ct = cert.getCertTag();
- boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+ String ct = cert.getCertTag();
+ boolean enable = config.getBoolean(PCERT_PREFIX + ct
+ + ".enable", true);
if (!enable)
continue;
- String olddn = config.getString(PCERT_PREFIX + cert.getCertTag() + ".dn", "");
+ String olddn = config.getString(
+ PCERT_PREFIX + cert.getCertTag() + ".dn", "");
// get the dn's and put in config
String dn = HttpInput.getDN(request, cert.getCertTag());
if (!olddn.equals(dn))
hasChanged = true;
- String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname");
- String nick = HttpInput.getNickname(request, ct + "_nick");
- if (!oldnick.equals(nick))
- hasChanged = true;
+ String oldnick = config.getString(PCERT_PREFIX + ct
+ + ".nickname");
+ String nick = HttpInput.getNickname(request, ct + "_nick");
+ if (!oldnick.equals(nick))
+ hasChanged = true;
}
} catch (Exception e) {
@@ -690,44 +759,43 @@ public class NamePanel extends WizardPanelBase {
return hasChanged;
}
-
- public String getURL(HttpServletRequest request, IConfigStore config)
- {
+
+ public String getURL(HttpServletRequest request, IConfigStore config) {
String index = request.getParameter("urls");
- if (index == null){
- return null;
+ if (index == null) {
+ return null;
}
String url = "";
if (index.startsWith("http")) {
- // user may submit url directlry
- url = index;
+ // user may submit url directlry
+ url = index;
} else {
- try {
- int x = Integer.parseInt(index);
- String list = config.getString("preop.ca.list", "");
- StringTokenizer tokenizer = new StringTokenizer(list, ",");
- int counter = 0;
-
- while (tokenizer.hasMoreTokens()) {
- url = tokenizer.nextToken();
- if (counter == x) {
- break;
+ try {
+ int x = Integer.parseInt(index);
+ String list = config.getString("preop.ca.list", "");
+ StringTokenizer tokenizer = new StringTokenizer(list, ",");
+ int counter = 0;
+
+ while (tokenizer.hasMoreTokens()) {
+ url = tokenizer.nextToken();
+ if (counter == x) {
+ break;
+ }
+ counter++;
}
- counter++;
+ } catch (Exception e) {
}
- } catch (Exception e) {}
}
- return url;
+ return url;
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
CMS.debug("NamePanel: in update()");
- boolean hasErr = false;
+ boolean hasErr = false;
if (inputChanged(request)) {
mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
@@ -736,12 +804,12 @@ public class NamePanel extends WizardPanelBase {
return;
}
- IConfigStore config = CMS.getConfigStore();
+ IConfigStore config = CMS.getConfigStore();
String hselect = "";
ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID);
try {
- //if CA, at the hierarchy panel, was it root or subord?
+ // if CA, at the hierarchy panel, was it root or subord?
hselect = config.getString("preop.hierarchy.select", "");
String cstype = config.getString("preop.subsystem.select", "");
if (cstype.equals("clone")) {
@@ -750,13 +818,14 @@ public class NamePanel extends WizardPanelBase {
configCertWithTag(request, response, context, "sslserver");
String url = getURL(request, config);
if (url != null && !url.equals("External CA")) {
- // preop.ca.url and admin port are required for setting KRA connector
- url = url.substring(url.indexOf("https"));
- config.putString("preop.ca.url", url);
+ // preop.ca.url and admin port are required for setting KRA
+ // connector
+ url = url.substring(url.indexOf("https"));
+ config.putString("preop.ca.url", url);
- URL urlx = new URL(url);
- updateCloneSDCAInfo(request, context, urlx.getHost(),
- Integer.toString(urlx.getPort()));
+ URL urlx = new URL(url);
+ updateCloneSDCAInfo(request, context, urlx.getHost(),
+ Integer.toString(urlx.getPort()));
}
updateCloneConfig(config);
@@ -770,50 +839,51 @@ public class NamePanel extends WizardPanelBase {
return;
}
- //if no hselect, then not CA
- if (hselect.equals("") || hselect.equals("join")) {
- String select = null;
- String url = getURL(request, config);
+ // if no hselect, then not CA
+ if (hselect.equals("") || hselect.equals("join")) {
+ String select = null;
+ String url = getURL(request, config);
- URL urlx = null;
+ URL urlx = null;
- if (url.equals("External CA")) {
- CMS.debug("NamePanel: external CA selected");
- select = "otherca";
- config.putString("preop.ca.type", "otherca");
- if (subsystem != null) {
- config.putString(PCERT_PREFIX+"signing.type", "remote");
- }
+ if (url.equals("External CA")) {
+ CMS.debug("NamePanel: external CA selected");
+ select = "otherca";
+ config.putString("preop.ca.type", "otherca");
+ if (subsystem != null) {
+ config.putString(PCERT_PREFIX + "signing.type", "remote");
+ }
- config.putString("preop.ca.pkcs7", "");
- config.putInteger("preop.ca.certchain.size", 0);
- context.put("check_otherca", "checked");
- CMS.debug("NamePanel: update: this is the external CA.");
- } else {
- CMS.debug("NamePanel: local CA selected");
- select = "sdca";
- // parse URL (CA1 - https://...)
- url = url.substring(url.indexOf("https"));
- config.putString("preop.ca.url", url);
-
- urlx = new URL(url);
- config.putString("preop.ca.type", "sdca");
- CMS.debug("NamePanel: update: this is a CA in the security domain.");
- context.put("check_sdca", "checked");
- sdca(request, context, urlx.getHost(),
- Integer.toString(urlx.getPort()));
- if (subsystem != null) {
- config.putString(PCERT_PREFIX + "signing.type", "remote");
- config.putString(PCERT_PREFIX + "signing.profile",
- "caInstallCACert");
+ config.putString("preop.ca.pkcs7", "");
+ config.putInteger("preop.ca.certchain.size", 0);
+ context.put("check_otherca", "checked");
+ CMS.debug("NamePanel: update: this is the external CA.");
+ } else {
+ CMS.debug("NamePanel: local CA selected");
+ select = "sdca";
+ // parse URL (CA1 - https://...)
+ url = url.substring(url.indexOf("https"));
+ config.putString("preop.ca.url", url);
+
+ urlx = new URL(url);
+ config.putString("preop.ca.type", "sdca");
+ CMS.debug("NamePanel: update: this is a CA in the security domain.");
+ context.put("check_sdca", "checked");
+ sdca(request, context, urlx.getHost(),
+ Integer.toString(urlx.getPort()));
+ if (subsystem != null) {
+ config.putString(PCERT_PREFIX + "signing.type", "remote");
+ config.putString(PCERT_PREFIX + "signing.profile",
+ "caInstallCACert");
+ }
}
- }
- try {
- config.commit(false);
- } catch (Exception e) {}
+ try {
+ config.commit(false);
+ } catch (Exception e) {
+ }
- }
+ }
try {
@@ -821,20 +891,23 @@ public class NamePanel extends WizardPanelBase {
while (c.hasMoreElements()) {
Cert cert = (Cert) c.nextElement();
- String ct = cert.getCertTag();
+ String ct = cert.getCertTag();
String tokenname = cert.getTokenname();
- boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + ct
+ + ".enable", true);
if (!enable)
continue;
- boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false);
+ boolean certDone = config.getBoolean(PCERT_PREFIX + ct
+ + ".done", false);
if (certDone)
continue;
// get the nicknames and put in config
String nickname = HttpInput.getNickname(request, ct + "_nick");
if (nickname != null) {
- CMS.debug("NamePanel: update: Setting nickname for " + ct + " to " + nickname);
+ CMS.debug("NamePanel: update: Setting nickname for " + ct
+ + " to " + nickname);
config.putString(PCERT_PREFIX + ct + ".nickname", nickname);
cert.setNickname(nickname);
} else {
@@ -850,32 +923,31 @@ public class NamePanel extends WizardPanelBase {
try {
configCert(request, response, context, cert);
- config.putBoolean("preop.cert."+cert.getCertTag()+".done",
- true);
+ config.putBoolean("preop.cert." + cert.getCertTag()
+ + ".done", true);
config.commit(false);
} catch (Exception e) {
- CMS.debug(
- "NamePanel: update() exception caught:"
- + e.toString());
- hasErr = true;
+ CMS.debug("NamePanel: update() exception caught:"
+ + e.toString());
+ hasErr = true;
System.err.println("Exception caught: " + e.toString());
}
- } // while
- if (hasErr == false) {
- config.putBoolean("preop.NamePanel.done", true);
- config.commit(false);
- }
+ } // while
+ if (hasErr == false) {
+ config.putBoolean("preop.NamePanel.done", true);
+ config.commit(false);
+ }
} catch (Exception e) {
CMS.debug("NamePanel: Exception caught: " + e.toString());
System.err.println("Exception caught: " + e.toString());
}// try
-
try {
config.commit(false);
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (!hasErr) {
context.put("updateStatus", "success");
@@ -885,8 +957,11 @@ public class NamePanel extends WizardPanelBase {
CMS.debug("NamePanel: update() done");
}
- private void updateCloneSDCAInfo(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
- CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname=" + hostname + " port=" + httpsPortStr);
+ private void updateCloneSDCAInfo(HttpServletRequest request,
+ Context context, String hostname, String httpsPortStr)
+ throws IOException {
+ CMS.debug("NamePanel updateCloneSDCAInfo: selected CA hostname="
+ + hostname + " port=" + httpsPortStr);
String https_admin_port = "";
IConfigStore config = CMS.getConfigStore();
@@ -897,19 +972,16 @@ public class NamePanel extends WizardPanelBase {
// Retrieve the associated HTTPS Admin port so that it
// may be stored for use with ImportAdminCertPanel
- https_admin_port = getSecurityDomainAdminPort( config,
- hostname,
- httpsPortStr,
- "CA" );
+ https_admin_port = getSecurityDomainAdminPort(config, hostname,
+ httpsPortStr, "CA");
int httpsport = -1;
try {
- httpsport = Integer.parseInt(httpsPortStr);
+ httpsport = Integer.parseInt(httpsPortStr);
} catch (Exception e) {
- CMS.debug(
- "NamePanel update: Https port is not valid. Exception: "
- + e.toString());
+ CMS.debug("NamePanel update: Https port is not valid. Exception: "
+ + e.toString());
throw new IOException("Https Port is not valid.");
}
@@ -918,9 +990,11 @@ public class NamePanel extends WizardPanelBase {
config.putString("preop.ca.httpsadminport", https_admin_port);
}
- private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
+ private void sdca(HttpServletRequest request, Context context,
+ String hostname, String httpsPortStr) throws IOException {
CMS.debug("NamePanel update: this is the CA in the security domain.");
- CMS.debug("NamePanel update: selected CA hostname=" + hostname + " port=" + httpsPortStr);
+ CMS.debug("NamePanel update: selected CA hostname=" + hostname
+ + " port=" + httpsPortStr);
String https_admin_port = "";
IConfigStore config = CMS.getConfigStore();
@@ -934,19 +1008,16 @@ public class NamePanel extends WizardPanelBase {
// Retrieve the associated HTTPS Admin port so that it
// may be stored for use with ImportAdminCertPanel
- https_admin_port = getSecurityDomainAdminPort( config,
- hostname,
- httpsPortStr,
- "CA" );
+ https_admin_port = getSecurityDomainAdminPort(config, hostname,
+ httpsPortStr, "CA");
int httpsport = -1;
try {
- httpsport = Integer.parseInt(httpsPortStr);
+ httpsport = Integer.parseInt(httpsPortStr);
} catch (Exception e) {
- CMS.debug(
- "NamePanel update: Https port is not valid. Exception: "
- + e.toString());
+ CMS.debug("NamePanel update: Https port is not valid. Exception: "
+ + e.toString());
throw new IOException("Https Port is not valid.");
}
@@ -954,21 +1025,18 @@ public class NamePanel extends WizardPanelBase {
config.putString("preop.ca.httpsport", httpsPortStr);
config.putString("preop.ca.httpsadminport", https_admin_port);
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChainUsingSecureEEPort( config, "ca", hostname,
- httpsport, true, context,
- certApprovalCallback );
+ updateCertChainUsingSecureEEPort(config, "ca", hostname, httpsport,
+ true, context, certApprovalCallback);
try {
- CMS.debug("Importing CA chain");
- importCertChain("ca");
+ CMS.debug("Importing CA chain");
+ importCertChain("ca");
} catch (Exception e1) {
- CMS.debug("Failed in importing CA chain");
+ CMS.debug("Failed in importing CA chain");
}
}
-
public void initParams(HttpServletRequest request, Context context)
- throws IOException
- {
+ throws IOException {
context.put("certs", mCerts);
}
@@ -976,11 +1044,9 @@ public class NamePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response, Context context) {
try {
- initParams(request, context);
+ initParams(request, context);
} catch (IOException e) {
}
context.put("title", "Subject Names");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
index cf37fdff..8d484f4e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
@@ -50,11 +49,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
/**
- * This servlet creates a TPS user in the CA,
- * and it associates TPS's server certificate to
- * the user. Finally, it addes the user to the
- * administrator group. This procedure will
- * allows TPS to connect to the CA for certificate
+ * This servlet creates a TPS user in the CA, and it associates TPS's server
+ * certificate to the user. Finally, it addes the user to the administrator
+ * group. This procedure will allows TPS to connect to the CA for certificate
* issuance.
*/
public class RegisterUser extends CMSServlet {
@@ -67,9 +64,7 @@ public class RegisterUser extends CMSServlet {
private final static String FAILED = "1";
private final static String AUTH_FAILURE = "2";
private String mGroupName = null;
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
- "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
-
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
public RegisterUser() {
super();
@@ -77,6 +72,7 @@ public class RegisterUser extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -88,7 +84,7 @@ public class RegisterUser extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateUpdater: processing...");
@@ -102,9 +98,9 @@ public class RegisterUser extends CMSServlet {
CMS.debug("RegisterUser authentication successful.");
} catch (Exception e) {
CMS.debug("RegisterUser: authentication failed.");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -117,19 +113,19 @@ public class RegisterUser extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
CMS.debug("RegisterUser authorization successful.");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
@@ -150,119 +146,112 @@ public class RegisterUser extends CMSServlet {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
- String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" +
- "+Resource;;"+ uid +
- "+fullname;;"+ name +
- "+state;;1" +
- "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>";
+ String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser"
+ + "+Resource;;"
+ + uid
+ + "+fullname;;"
+ + name
+ + "+state;;1"
+ + "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>";
- IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+ IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
IUser user = null;
boolean foundByCert = false;
X509Certificate certs[] = new X509Certificate[1];
try {
- byte bCert[] = null;
- X509CertImpl cert = null;
- bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
- cert = new X509CertImpl(bCert);
- certs[0] = (X509Certificate)cert;
-
- // test to see if the cert already belongs to a user
- ICertUserLocator cul = ugsys.getCertUserLocator();
- com.netscape.certsrv.usrgrp.Certificates c =
- new com.netscape.certsrv.usrgrp.Certificates(certs);
- user = (IUser) cul.locateUser(c);
+ byte bCert[] = null;
+ X509CertImpl cert = null;
+ bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
+ cert = new X509CertImpl(bCert);
+ certs[0] = (X509Certificate) cert;
+
+ // test to see if the cert already belongs to a user
+ ICertUserLocator cul = ugsys.getCertUserLocator();
+ com.netscape.certsrv.usrgrp.Certificates c = new com.netscape.certsrv.usrgrp.Certificates(
+ certs);
+ user = (IUser) cul.locateUser(c);
} catch (Exception ec) {
- CMS.debug("RegisterUser: exception thrown: "+ec.toString());
+ CMS.debug("RegisterUser: exception thrown: " + ec.toString());
}
if (user == null) {
- CMS.debug("RegisterUser NOT found user by cert");
- try {
- user = ugsys.getUser(uid);
- CMS.debug("RegisterUser found user by uid "+uid);
- } catch (Exception eee) {
- }
+ CMS.debug("RegisterUser NOT found user by cert");
+ try {
+ user = ugsys.getUser(uid);
+ CMS.debug("RegisterUser found user by uid " + uid);
+ } catch (Exception eee) {
+ }
} else {
- foundByCert = true;
- CMS.debug("RegisterUser found user by cert");
+ foundByCert = true;
+ CMS.debug("RegisterUser found user by cert");
}
-
- try {
-
- if (user == null) {
- // create user only if such user does not exist
- user = ugsys.createUser(uid);
- user.setFullName(name);
- user.setState("1");
- user.setUserType("");
- user.setEmail("");
- user.setPhone("");
- user.setPassword("");
-
- ugsys.addUser(user);
- CMS.debug("RegisterUser created user " + uid);
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams);
- audit(auditMessage);
- }
-
- // extract all line separators
- StringBuffer sb = new StringBuffer();
- for (int i = 0; i < certsString.length(); i++) {
- if (!Character.isWhitespace(certsString.charAt(i))) {
- sb.append(certsString.charAt(i));
- }
- }
- certsString = sb.toString();
-
- auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" +
- "+Resource;;"+ uid +
- "+cert;;"+certsString;
-
- user.setX509Certificates(certs);
- if (!foundByCert) {
- ugsys.addUserCert(user);
- CMS.debug("RegisterUser added user certificate");
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams);
- audit(auditMessage);
- } else
- CMS.debug("RegisterUser no need to add user certificate");
- } catch (Exception eee) {
+
+ try {
+
+ if (user == null) {
+ // create user only if such user does not exist
+ user = ugsys.createUser(uid);
+ user.setFullName(name);
+ user.setState("1");
+ user.setUserType("");
+ user.setEmail("");
+ user.setPhone("");
+ user.setPassword("");
+
+ ugsys.addUser(user);
+ CMS.debug("RegisterUser created user " + uid);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams);
+ audit(auditMessage);
+ }
+
+ // extract all line separators
+ StringBuffer sb = new StringBuffer();
+ for (int i = 0; i < certsString.length(); i++) {
+ if (!Character.isWhitespace(certsString.charAt(i))) {
+ sb.append(certsString.charAt(i));
+ }
+ }
+ certsString = sb.toString();
+
+ auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser"
+ + "+Resource;;" + uid + "+cert;;" + certsString;
+
+ user.setX509Certificates(certs);
+ if (!foundByCert) {
+ ugsys.addUserCert(user);
+ CMS.debug("RegisterUser added user certificate");
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams);
+ audit(auditMessage);
+ } else
+ CMS.debug("RegisterUser no need to add user certificate");
+ } catch (Exception eee) {
CMS.debug("RegisterUser error " + eee.toString());
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams);
audit(auditMessage);
outputError(httpResp, "Error: Certificate malformed");
return;
}
-
// add user to the group
- auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" +
- "+Resource;;"+ mGroupName;
+ auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser"
+ + "+Resource;;" + mGroupName;
try {
Enumeration groups = ugsys.findGroups(mGroupName);
- IGroup group = (IGroup)groups.nextElement();
+ IGroup group = (IGroup) groups.nextElement();
auditParams += "+user;;";
Enumeration members = group.getMemberNames();
while (members.hasMoreElements()) {
auditParams += (String) members.nextElement();
if (members.hasMoreElements()) {
- auditParams +=",";
+ auditParams += ",";
}
}
@@ -273,22 +262,17 @@ public class RegisterUser extends CMSServlet {
CMS.debug("RegisterUser modified group");
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams);
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE, auditSubjectID,
+ ILogger.SUCCESS, auditParams);
audit(auditMessage);
}
- } catch (Exception e) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams);
+ } catch (Exception e) {
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE, auditParams);
- audit(auditMessage);
- }
+ audit(auditMessage);
+ }
// send success status back to the requestor
try {
@@ -305,14 +289,22 @@ public class RegisterUser extends CMSServlet {
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {// do nothing
+ }
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
index 76f5a749..d03bc313 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
@@ -76,19 +75,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class RestoreKeyCertPanel extends WizardPanelBase {
- public RestoreKeyCertPanel() {}
+ public RestoreKeyCertPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Import Keys and Certificates");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Import Keys and Certificates");
setId(id);
@@ -99,18 +98,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
*/
public boolean shouldSkip() {
CMS.debug("RestoreKeyCertPanel: should skip");
-
+
IConfigStore cs = CMS.getConfigStore();
// if we are root, no need to get the certificate chain.
-
+
try {
- String select = cs.getString("preop.subsystem.select","");
+ String select = cs.getString("preop.subsystem.select", "");
if (select.equals("clone")) {
return false;
}
} catch (EBaseException e) {
}
-
+
return true;
}
@@ -138,15 +137,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -154,13 +154,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Import Keys and Certificates");
IConfigStore config = CMS.getConfigStore();
if (isPanelDone()) {
-
+
try {
String s = config.getString("preop.pk12.path", "");
String type = config.getString("preop.subsystem.select", "");
@@ -181,8 +180,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
String tokenname = "";
try {
@@ -193,15 +191,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
if (!tokenname.equals("Internal Key Storage Token"))
return;
- // Path can be empty. If this case, we just want to
+ // Path can be empty. If this case, we just want to
// get to the next panel. Customer has HSM.
String s = HttpInput.getString(request, "path");
// if (s == null || s.equals("")) {
- // CMS.debug("RestoreKeyCertPanel validate: path is empty");
- // throw new IOException("Path is empty");
+ // CMS.debug("RestoreKeyCertPanel validate: path is empty");
+ // throw new IOException("Path is empty");
// }
-
if (s != null && !s.equals("")) {
s = HttpInput.getPassword(request, "__password");
if (s == null || s.equals("")) {
@@ -216,16 +213,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException
- {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore config = CMS.getConfigStore();
String path = HttpInput.getString(request, "path");
if (path == null || path.equals("")) {
- // skip to next panel
+ // skip to next panel
config.putBoolean("preop.restorekeycert.done", true);
try {
- config.commit(false);
+ config.commit(false);
} catch (EBaseException e) {
}
getConfigEntriesFromMaster(request, response, context);
@@ -233,7 +228,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
return;
}
String pwd = HttpInput.getPassword(request, "__password");
-
+
String tokenn = "";
String instanceRoot = "";
@@ -245,8 +240,9 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
if (tokenn.equals("Internal Key Storage Token")) {
byte b[] = new byte[1000000];
- FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path);
- while (fis.available() > 0)
+ FileInputStream fis = new FileInputStream(instanceRoot + "/alias/"
+ + path);
+ while (fis.available() > 0)
fis.read(b);
fis.close();
@@ -256,10 +252,11 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
PFX pfx = null;
boolean verifypfx = false;
try {
- pfx = (PFX)(new PFX.Template()).decode(bis);
- verifypfx = pfx.verifyAuthSafes(password, reason);
+ pfx = (PFX) (new PFX.Template()).decode(bis);
+ verifypfx = pfx.verifyAuthSafes(password, reason);
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel update: Exception="
+ + e.toString());
}
if (verifypfx) {
@@ -267,50 +264,60 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
AuthenticatedSafes safes = pfx.getAuthSafes();
Vector pkeyinfo_collection = new Vector();
Vector cert_collection = new Vector();
- for (int i=0; i<safes.getSize(); i++) {
+ for (int i = 0; i < safes.getSize(); i++) {
try {
- SEQUENCE scontent = safes.getSafeContentsAt(null, i);
- for (int j=0; j<scontent.size(); j++) {
- SafeBag bag = (SafeBag)scontent.elementAt(j);
+ SEQUENCE scontent = safes.getSafeContentsAt(null, i);
+ for (int j = 0; j < scontent.size(); j++) {
+ SafeBag bag = (SafeBag) scontent.elementAt(j);
OBJECT_IDENTIFIER oid = bag.getBagType();
if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) {
- EncryptedPrivateKeyInfo privkeyinfo =
- (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent();
+ EncryptedPrivateKeyInfo privkeyinfo = (EncryptedPrivateKeyInfo) bag
+ .getInterpretedBagContent();
PasswordConverter passConverter = new PasswordConverter();
- PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter());
+ PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(
+ password, new PasswordConverter());
Vector pkeyinfo_v = new Vector();
pkeyinfo_v.addElement(pkeyinfo);
SET bagAttrs = bag.getBagAttributes();
- for (int k=0; k<bagAttrs.size(); k++) {
- Attribute attrs = (Attribute)bagAttrs.elementAt(k);
+ for (int k = 0; k < bagAttrs.size(); k++) {
+ Attribute attrs = (Attribute) bagAttrs
+ .elementAt(k);
OBJECT_IDENTIFIER aoid = attrs.getType();
if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
SET val = attrs.getValues();
- ANY ss = (ANY)val.elementAt(0);
- ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
- BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis);
+ ANY ss = (ANY) val.elementAt(0);
+ ByteArrayInputStream bbis = new ByteArrayInputStream(
+ ss.getEncoded());
+ BMPString sss = (BMPString) (new BMPString.Template())
+ .decode(bbis);
String s = sss.toString();
pkeyinfo_v.addElement(s);
}
}
pkeyinfo_collection.addElement(pkeyinfo_v);
} else if (oid.equals(SafeBag.CERT_BAG)) {
- CertBag cbag = (CertBag)bag.getInterpretedBagContent();
- OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert();
+ CertBag cbag = (CertBag) bag
+ .getInterpretedBagContent();
+ OCTET_STRING str = (OCTET_STRING) cbag
+ .getInterpretedCert();
byte[] x509cert = str.toByteArray();
Vector cert_v = new Vector();
cert_v.addElement(x509cert);
SET bagAttrs = bag.getBagAttributes();
-
+
if (bagAttrs != null) {
- for (int k=0; k<bagAttrs.size(); k++) {
- Attribute attrs = (Attribute)bagAttrs.elementAt(k);
- OBJECT_IDENTIFIER aoid = attrs.getType();
+ for (int k = 0; k < bagAttrs.size(); k++) {
+ Attribute attrs = (Attribute) bagAttrs
+ .elementAt(k);
+ OBJECT_IDENTIFIER aoid = attrs
+ .getType();
if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
SET val = attrs.getValues();
- ANY ss = (ANY)val.elementAt(0);
- ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
- BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis);
+ ANY ss = (ANY) val.elementAt(0);
+ ByteArrayInputStream bbis = new ByteArrayInputStream(
+ ss.getEncoded());
+ BMPString sss = (BMPString) (new BMPString.Template())
+ .decode(bbis);
String s = sss.toString();
cert_v.addElement(s);
}
@@ -321,10 +328,11 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
}
}
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel update: Exception="
+ + e.toString());
}
}
-
+
importkeycert(pkeyinfo_collection, cert_collection);
} else {
context.put("updateStatus", "failure");
@@ -342,11 +350,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
cstype = toLowerCaseSubsystemType(cstype);
if (subsystemtype.equals("clone")) {
- CMS.debug("RestoreKeyCertPanel: this is the clone subsystem");
+ CMS.debug("RestoreKeyCertPanel: this is the clone subsystem");
boolean cloneReady = isCertdbCloned(request, context);
if (!cloneReady) {
CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates.");
- context.put("errorString", "Make sure you have copied the certificate database over to the clone");
+ context.put("errorString",
+ "Make sure you have copied the certificate database over to the clone");
context.put("updateStatus", "failure");
throw new IOException("Clone is not ready");
}
@@ -363,7 +372,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
}
private void getConfigEntriesFromMaster(HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
try {
IConfigStore config = CMS.getConfigStore();
String cstype = "";
@@ -381,22 +390,31 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
int master_ee_port = -1;
try {
sd_hostname = config.getString("securitydomain.host", "");
- sd_port = config.getInteger("securitydomain.httpsadminport", -1);
+ sd_port = config
+ .getInteger("securitydomain.httpsadminport", -1);
master_hostname = config.getString("preop.master.hostname", "");
- master_port = config.getInteger("preop.master.httpsadminport", -1);
- master_ee_port = config.getInteger("preop.master.httpsport", -1);
+ master_port = config.getInteger("preop.master.httpsadminport",
+ -1);
+ master_ee_port = config
+ .getInteger("preop.master.httpsport", -1);
String content = "";
if (cstype.equals("ca") || cstype.equals("kra")) {
- content = "type=request&xmlOutput=true&sessionID="+session_id;
+ content = "type=request&xmlOutput=true&sessionID="
+ + session_id;
CMS.debug("http content=" + content);
- updateNumberRange(master_hostname, master_ee_port, true, content, "request", response);
-
- content = "type=serialNo&xmlOutput=true&sessionID="+session_id;
- updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response);
-
- content = "type=replicaId&xmlOutput=true&sessionID="+session_id;
- updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response);
+ updateNumberRange(master_hostname, master_ee_port, true,
+ content, "request", response);
+
+ content = "type=serialNo&xmlOutput=true&sessionID="
+ + session_id;
+ updateNumberRange(master_hostname, master_ee_port, true,
+ content, "serialNo", response);
+
+ content = "type=replicaId&xmlOutput=true&sessionID="
+ + session_id;
+ updateNumberRange(master_hostname, master_ee_port, true,
+ content, "replicaId", response);
}
String list = "";
@@ -406,7 +424,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
}
StringBuffer c1 = new StringBuffer();
- StringBuffer s1 = new StringBuffer();
+ StringBuffer s1 = new StringBuffer();
StringTokenizer tok = new StringTokenizer(list, ",");
while (tok.hasMoreTokens()) {
String t1 = tok.nextToken();
@@ -438,8 +456,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
c1.append(t1);
c1.append(".pubkey.encoded");
-
- if (s1.length()!=0)
+ if (s1.length() != 0)
s1.append(",");
s1.append(cstype);
@@ -449,21 +466,29 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
if (!cstype.equals("ca")) {
c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type");
- }
+ }
if (cstype.equals("ca")) {
/* get ca connector details */
- if (s1.length()!=0)
+ if (s1.length() != 0)
s1.append(",");
s1.append("ca.connector.KRA");
}
- content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id;
- boolean success = updateConfigEntries(master_hostname, master_port, true,
- "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response);
+ content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"
+ + c1.toString()
+ + "&substores="
+ + s1.toString()
+ + "&xmlOutput=true&sessionID=" + session_id;
+ boolean success = updateConfigEntries(master_hostname,
+ master_port, true, "/" + cstype + "/admin/" + cstype
+ + "/getConfigEntries", content, config,
+ response);
if (!success) {
- context.put("errorString", "Failed to get configuration entries from the master");
- throw new IOException("Failed to get configuration entries from the master");
+ context.put("errorString",
+ "Failed to get configuration entries from the master");
+ throw new IOException(
+ "Failed to get configuration entries from the master");
}
config.putString("preop.clone.configuration", "true");
try {
@@ -473,7 +498,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
} catch (IOException eee) {
throw eee;
} catch (Exception eee) {
- CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString());
+ CMS.debug("RestoreKeyCertPanel: update exception caught:"
+ + eee.toString());
}
} catch (IOException ee) {
@@ -491,38 +517,42 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
String s = st.nextToken();
if (s.equals("sslserver"))
continue;
- String name = "preop.master."+s+".nickname";
+ String name = "preop.master." + s + ".nickname";
String nickname = cs.getString(name, "");
CryptoManager cm = CryptoManager.getInstance();
X509Certificate xcert = null;
try {
xcert = cm.findCertByNickname(nickname);
} catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString());
+ CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="
+ + ee.toString());
}
CryptoToken ct = cm.getInternalKeyStorageToken();
CryptoStore store = ct.getCryptoStore();
try {
store.deleteCert(xcert);
} catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString());
+ CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="
+ + ee.toString());
}
}
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString());
- }
+ CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="
+ + e.toString());
+ }
}
- private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) {
- CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'");
- if (pubkey.getAlgorithm().equals("EC")) {
- return org.mozilla.jss.crypto.PrivateKey.Type.EC;
- }
- return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
+ private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(
+ PublicKey pubkey) {
+ CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'");
+ if (pubkey.getAlgorithm().equals("EC")) {
+ return org.mozilla.jss.crypto.PrivateKey.Type.EC;
+ }
+ return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
}
- private void importkeycert(Vector pkeyinfo_collection,
- Vector cert_collection) throws IOException {
+ private void importkeycert(Vector pkeyinfo_collection,
+ Vector cert_collection) throws IOException {
CryptoManager cm = null;
try {
cm = CryptoManager.getInstance();
@@ -532,12 +562,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
// delete all existing certificates first
deleteExistingCerts();
- for (int i=0; i<pkeyinfo_collection.size(); i++) {
+ for (int i = 0; i < pkeyinfo_collection.size(); i++) {
try {
- Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i);
- PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0);
- String nickname = (String)pkeyinfo_v.elementAt(1);
- byte[] x509cert = getX509Cert(nickname, cert_collection);
+ Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i);
+ PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v
+ .elementAt(0);
+ String nickname = (String) pkeyinfo_v.elementAt(1);
+ byte[] x509cert = getX509Cert(nickname, cert_collection);
X509Certificate cert = cm.importCACertPackage(x509cert);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
pkeyinfo.encode(bos);
@@ -550,32 +581,37 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
try {
store.deleteCert(cert);
} catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString());
+ CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="
+ + ee.toString());
}
KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
SymmetricKey sk = kg.generate();
- byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+ byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
IVParameterSpec param = new IVParameterSpec(iv);
- Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
+ Cipher c = token
+ .getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
c.initEncrypt(sk, param);
byte[] encpkey = c.doFinal(pkey);
-
- KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
+
+ KeyWrapper wrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
wrapper.initUnwrap(sk, param);
- org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey);
+ org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(
+ encpkey, getPrivateKeyType(publickey), publickey);
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel importkeycert: Exception="
+ + e.toString());
}
}
- for (int i=0; i<cert_collection.size(); i++) {
+ for (int i = 0; i < cert_collection.size(); i++) {
try {
- Vector cert_v = (Vector)cert_collection.elementAt(i);
- byte[] cert = (byte[])cert_v.elementAt(0);
+ Vector cert_v = (Vector) cert_collection.elementAt(i);
+ byte[] cert = (byte[]) cert_v.elementAt(0);
if (cert_v.size() > 1) {
- String name = (String)cert_v.elementAt(1);
+ String name = (String) cert_v.elementAt(1);
// we need to delete the trusted CA certificate if it is
// the same as the ca signing certificate
if (isCASigningCert(name)) {
@@ -586,30 +622,35 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store");
if (store instanceof PK11Store) {
try {
- PK11Store pk11store = (PK11Store)store;
+ PK11Store pk11store = (PK11Store) store;
pk11store.deleteCertOnly(certchain);
} catch (Exception ee) {
- CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString());
+ CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="
+ + ee.toString());
}
}
}
}
- X509Certificate xcert = cm.importUserCACertPackage(cert, name);
+ X509Certificate xcert = cm.importUserCACertPackage(cert,
+ name);
if (name.startsWith("caSigningCert")) {
// we need to change the trust attribute to CT
- InternalCertificate icert = (InternalCertificate)xcert;
- icert.setSSLTrust(InternalCertificate.TRUSTED_CA
- | InternalCertificate.TRUSTED_CLIENT_CA
- | InternalCertificate.VALID_CA);
+ InternalCertificate icert = (InternalCertificate) xcert;
+ icert.setSSLTrust(InternalCertificate.TRUSTED_CA
+ | InternalCertificate.TRUSTED_CLIENT_CA
+ | InternalCertificate.VALID_CA);
} else if (name.startsWith("auditSigningCert")) {
- InternalCertificate icert = (InternalCertificate)xcert;
- icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
+ InternalCertificate icert = (InternalCertificate) xcert;
+ icert.setObjectSigningTrust(InternalCertificate.USER
+ | InternalCertificate.VALID_PEER
+ | InternalCertificate.TRUSTED_PEER);
}
} else
cm.importCACertPackage(cert);
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel importkeycert: Exception="
+ + e.toString());
}
}
}
@@ -628,41 +669,44 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
return false;
}
- private X509Certificate getX509CertFromToken(byte[] cert)
- throws IOException {
+ private X509Certificate getX509CertFromToken(byte[] cert)
+ throws IOException {
try {
X509CertImpl impl = new X509CertImpl(cert);
String issuer_impl = impl.getIssuerDN().toString();
BigInteger serial_impl = impl.getSerialNumber();
CryptoManager cm = CryptoManager.getInstance();
X509Certificate[] permcerts = cm.getPermCerts();
- for (int i=0; i<permcerts.length; i++) {
+ for (int i = 0; i < permcerts.length; i++) {
String issuer_p = permcerts[i].getSubjectDN().toString();
BigInteger serial_p = permcerts[i].getSerialNumber();
- if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) {
+ if (issuer_p.equals(issuer_impl)
+ && serial_p.compareTo(serial_impl) == 0) {
return permcerts[i];
}
}
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString());
+ CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="
+ + e.toString());
}
return null;
}
- private byte[] getX509Cert(String nickname, Vector cert_collection)
- throws IOException {
- for (int i=0; i<cert_collection.size(); i++) {
- Vector v = (Vector)cert_collection.elementAt(i);
- byte[] b = (byte[])v.elementAt(0);
+ private byte[] getX509Cert(String nickname, Vector cert_collection)
+ throws IOException {
+ for (int i = 0; i < cert_collection.size(); i++) {
+ Vector v = (Vector) cert_collection.elementAt(i);
+ byte[] b = (byte[]) v.elementAt(0);
X509CertImpl impl = null;
try {
impl = new X509CertImpl(b);
} catch (Exception e) {
- CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString());
- throw new IOException( e.toString() );
+ CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="
+ + e.toString());
+ throw new IOException(e.toString());
}
- Principal subjectdn = impl.getSubjectDN();
+ Principal subjectdn = impl.getSubjectDN();
if (LDAPDN.equals(subjectdn.toString(), nickname))
return b;
}
@@ -674,17 +718,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response, Context context) {
context.put("title", "Import Keys and Certificates");
context.put("password", "");
context.put("path", "");
context.put("panel", "admin/console/config/restorekeycertpanel.vm");
}
- private boolean isCertdbCloned(HttpServletRequest request,
- Context context) {
+ private boolean isCertdbCloned(HttpServletRequest request, Context context) {
IConfigStore config = CMS.getConfigStore();
String certList = "";
try {
@@ -698,13 +739,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
String tokenname = config.getString("preop.module.token", "");
CryptoToken tok = cm.getTokenByName(tokenname);
CryptoStore store = tok.getCryptoStore();
- String name1 = "preop.master."+token+".nickname";
+ String name1 = "preop.master." + token + ".nickname";
String nickname = config.getString(name1, "");
- if (!tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal"))
- nickname = tokenname+":"+nickname;
+ if (!tokenname.equals("Internal Key Storage Token")
+ && !tokenname.equals("internal"))
+ nickname = tokenname + ":" + nickname;
- CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname);
+ CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname);
X509Certificate cert = cm.findCertByNickname(nickname);
if (cert == null)
return false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
index 854e8f10..83d8413e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
@@ -34,19 +34,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class SavePKCS12Panel extends WizardPanelBase {
- public SavePKCS12Panel() {}
+ public SavePKCS12Panel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Save Keys and Certificates");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Save Keys and Certificates");
setId(id);
@@ -60,11 +60,11 @@ public class SavePKCS12Panel extends WizardPanelBase {
try {
boolean enable = cs.getBoolean("preop.backupkeys.enable", false);
- if (!enable)
+ if (!enable)
return true;
} catch (Exception e) {
}
-
+
return false;
}
@@ -77,13 +77,14 @@ public class SavePKCS12Panel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
return set;
}
@@ -95,8 +96,7 @@ public class SavePKCS12Panel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Save Keys and Certificates");
IConfigStore config = CMS.getConfigStore();
String subsystemtype = "";
@@ -116,15 +116,14 @@ public class SavePKCS12Panel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response, Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
context.put("title", "Save Keys and Certificates");
context.put("panel", "admin/console/config/savepkcs12panel.vm");
context.put("updateStatus", "success");
@@ -134,9 +133,7 @@ public class SavePKCS12Panel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response, Context context) {
context.put("title", "Save Keys and Certificates");
context.put("panel", "admin/console/config/savepkcs12panel.vm");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
index 3a5d82d1..14e52a38 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.net.URL;
import java.net.URLDecoder;
@@ -39,14 +38,12 @@ public class SecurityDomainLogin extends BaseServlet {
private static final long serialVersionUID = -1616344299101179396L;
public boolean authenticate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
return true;
}
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
try {
@@ -59,9 +56,9 @@ public class SecurityDomainLogin extends BaseServlet {
int index = url.indexOf("subsystem=");
String subsystem = "";
if (index > 0) {
- subsystem = url.substring(index+10);
+ subsystem = url.substring(index + 10);
int index1 = subsystem.indexOf("&");
- if (index1 > 0)
+ if (index1 > 0)
subsystem = subsystem.substring(0, index1);
}
context.put("sd_uid", "");
@@ -70,15 +67,16 @@ public class SecurityDomainLogin extends BaseServlet {
context.put("host", u.getHost());
context.put("sdhost", CMS.getEESSLHost());
if (subsystem.equals("KRA")) {
- subsystem = "DRM";
+ subsystem = "DRM";
}
context.put("subsystem", subsystem);
// The "securitydomain.name" property ONLY resides in the "CS.cfg"
// associated with the CS subsystem hosting the security domain.
IConfigStore cs = CMS.getConfigStore();
String sdname = cs.getString("securitydomain.name", "");
- context.put("name", sdname);
- template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm");
+ context.put("name", sdname);
+ template = Velocity
+ .getTemplate("admin/console/config/securitydomainloginpanel.vm");
} catch (Exception e) {
System.err.println("Exception caught: " + e.getMessage());
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
index 90a6aeb0..e43fa913 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
@@ -39,19 +38,19 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class SecurityDomainPanel extends WizardPanelBase {
- public SecurityDomainPanel() {}
+ public SecurityDomainPanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException {
+ public void init(ServletConfig config, int panelno) throws ServletException {
setPanelNo(panelno);
setName("Security Domain");
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Security Domain");
setId(id);
@@ -72,15 +71,16 @@ public class SecurityDomainPanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -88,8 +88,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
context.put("title", "Security Domain");
IConfigStore config = CMS.getConfigStore();
String errorString = "";
@@ -99,10 +98,12 @@ public class SecurityDomainPanel extends WizardPanelBase {
String systemdService = "";
try {
- default_admin_url = config.getString("preop.securitydomain.admin_url", "");
+ default_admin_url = config.getString(
+ "preop.securitydomain.admin_url", "");
name = config.getString("preop.securitydomain.name", "");
cstype = config.getString("cs.type", "");
- systemdService = config.getString("pkicreate.systemd.servicename", "");
+ systemdService = config.getString("pkicreate.systemd.servicename",
+ "");
} catch (Exception e) {
CMS.debug(e.toString());
}
@@ -136,7 +137,8 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("https_ee_port", CMS.getEESSLPort());
context.put("https_admin_port", CMS.getAdminPort());
context.put("sdomainAdminURL", default_admin_url);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
context.put("panel", "admin/console/config/securitydomainpanel.vm");
context.put("errorString", errorString);
@@ -157,18 +159,19 @@ public class SecurityDomainPanel extends WizardPanelBase {
while (st.hasMoreTokens()) {
count++;
String n = st.nextToken();
- if (first) { //skip the hostname
+ if (first) { // skip the hostname
first = false;
continue;
}
if (count == numTokens) // skip the last element (e.g. com)
continue;
- sb.append((defaultDomain.length()==0)? "":" ");
+ sb.append((defaultDomain.length() == 0) ? "" : " ");
sb.append(capitalize(n));
}
- defaultDomain = sb.toString() + " "+ "Domain";
+ defaultDomain = sb.toString() + " " + "Domain";
name = defaultDomain;
- CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name);
+ CMS.debug("SecurityDomainPanel: defaultDomain generated:"
+ + name);
} catch (MalformedURLException e) {
errorString = "Malformed URL";
// not being able to come up with default domain name is ok
@@ -176,54 +179,53 @@ public class SecurityDomainPanel extends WizardPanelBase {
}
context.put("sdomainName", name);
- if( default_admin_url != null ) {
+ if (default_admin_url != null) {
String r = null;
try {
// check to see if "default" security domain exists
// on local machine
- URL u = new URL( default_admin_url );
+ URL u = new URL(default_admin_url);
String hostname = u.getHost();
int port = u.getPort();
- ConfigCertApprovalCallback
- certApprovalCallback = new ConfigCertApprovalCallback();
- r = pingCS( hostname, port, true, certApprovalCallback );
+ ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+ r = pingCS(hostname, port, true, certApprovalCallback);
} catch (Exception e) {
- CMS.debug( "SecurityDomainPanel: exception caught: "
- + e.toString() );
+ CMS.debug("SecurityDomainPanel: exception caught: "
+ + e.toString());
}
-
- if( r != null ) {
+
+ if (r != null) {
// "default" security domain exists on local machine;
// fill "sdomainURL" in with "default" security domain
// as an initial "guess"
- CMS.debug( "SecurityDomainPanel: pingCS returns: "+r );
- context.put( "sdomainURL", default_admin_url );
+ CMS.debug("SecurityDomainPanel: pingCS returns: " + r);
+ context.put("sdomainURL", default_admin_url);
} else {
// "default" security domain does NOT exist on local machine;
// leave "sdomainURL" blank
- CMS.debug( "SecurityDomainPanel: pingCS no successful response" );
- context.put( "sdomainURL", "" );
+ CMS.debug("SecurityDomainPanel: pingCS no successful response");
+ context.put("sdomainURL", "");
}
}
// Information for "existing" Security Domain CAs
String initDaemon = "pki-cad";
String instanceId = "&lt;security_domain_instance_name&gt;";
- String os = System.getProperty( "os.name" );
- if( os.equalsIgnoreCase( "Linux" ) ) {
- if (! systemdService.equals("")) {
- context.put( "initCommand", "/usr/bin/pkicontrol" );
- context.put( "instanceId", "ca " + systemdService );
+ String os = System.getProperty("os.name");
+ if (os.equalsIgnoreCase("Linux")) {
+ if (!systemdService.equals("")) {
+ context.put("initCommand", "/usr/bin/pkicontrol");
+ context.put("instanceId", "ca " + systemdService);
} else {
- context.put( "initCommand", "/sbin/service " + initDaemon );
- context.put( "instanceId", instanceId );
+ context.put("initCommand", "/sbin/service " + initDaemon);
+ context.put("instanceId", instanceId);
}
} else {
- /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
- context.put( "initCommand", "/etc/init.d/" + initDaemon );
- context.put( "instanceId", instanceId );
+ /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
+ context.put("initCommand", "/etc/init.d/" + initDaemon);
+ context.put("instanceId", instanceId);
}
}
@@ -231,7 +233,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
if (s.length() == 0) {
return s;
} else {
- return s.substring(0,1).toUpperCase() + s.substring(1);
+ return s.substring(0, 1).toUpperCase() + s.substring(1);
}
}
@@ -239,62 +241,59 @@ public class SecurityDomainPanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
-
+ HttpServletResponse response, Context context) throws IOException {
+
String select = HttpInput.getID(request, "choice");
if (select.equals("newdomain")) {
- String name = HttpInput.getSecurityDomainName(request, "sdomainName");
+ String name = HttpInput.getSecurityDomainName(request,
+ "sdomainName");
if (name == null || name.equals("")) {
initParams(request, context);
context.put("updateStatus", "validate-failure");
- throw new IOException("Missing name value for the security domain");
+ throw new IOException(
+ "Missing name value for the security domain");
}
} else if (select.equals("existingdomain")) {
- CMS.debug( "SecurityDomainPanel: validating "
- + "SSL Admin HTTPS . . ." );
- String admin_url = HttpInput.getURL( request, "sdomainURL" );
- if( admin_url == null || admin_url.equals("") ) {
- initParams( request, context );
+ CMS.debug("SecurityDomainPanel: validating "
+ + "SSL Admin HTTPS . . .");
+ String admin_url = HttpInput.getURL(request, "sdomainURL");
+ if (admin_url == null || admin_url.equals("")) {
+ initParams(request, context);
context.put("updateStatus", "validate-failure");
- throw new IOException( "Missing SSL Admin HTTPS url value "
- + "for the security domain" );
+ throw new IOException("Missing SSL Admin HTTPS url value "
+ + "for the security domain");
} else {
String r = null;
try {
- URL u = new URL( admin_url );
+ URL u = new URL(admin_url);
String hostname = u.getHost();
int admin_port = u.getPort();
- ConfigCertApprovalCallback
- certApprovalCallback = new ConfigCertApprovalCallback();
- r = pingCS( hostname, admin_port, true,
- certApprovalCallback );
- } catch( Exception e ) {
- CMS.debug( "SecurityDomainPanel: exception caught: "
- + e.toString() );
+ ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+ r = pingCS(hostname, admin_port, true, certApprovalCallback);
+ } catch (Exception e) {
+ CMS.debug("SecurityDomainPanel: exception caught: "
+ + e.toString());
context.put("updateStatus", "validate-failure");
- throw new IOException( "Illegal SSL Admin HTTPS url value "
- + "for the security domain" );
+ throw new IOException("Illegal SSL Admin HTTPS url value "
+ + "for the security domain");
}
if (r != null) {
- CMS.debug("SecurityDomainPanel: pingAdminCS returns: "
- + r );
- context.put( "sdomainURL", admin_url );
+ CMS.debug("SecurityDomainPanel: pingAdminCS returns: " + r);
+ context.put("sdomainURL", admin_url);
} else {
- CMS.debug( "SecurityDomainPanel: pingAdminCS "
- + "no successful response for SSL Admin HTTPS" );
- context.put( "sdomainURL", "" );
+ CMS.debug("SecurityDomainPanel: pingAdminCS "
+ + "no successful response for SSL Admin HTTPS");
+ context.put("sdomainURL", "");
}
}
}
}
- public void initParams(HttpServletRequest request, Context context)
- throws IOException
- {
+ public void initParams(HttpServletRequest request, Context context)
+ throws IOException {
IConfigStore config = CMS.getConfigStore();
try {
context.put("cstype", config.getString("cs.type"));
@@ -306,7 +305,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("check_newdomain", "checked");
context.put("check_existingdomain", "");
} else if (select.equals("existingdomain")) {
- context.put("check_newdomain", "");
+ context.put("check_newdomain", "");
context.put("check_existingdomain", "checked");
}
@@ -325,8 +324,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
String errorString = "";
String select = HttpInput.getID(request, "choice");
@@ -340,29 +338,28 @@ public class SecurityDomainPanel extends WizardPanelBase {
if (select.equals("newdomain")) {
config.putString("preop.securitydomain.select", "new");
config.putString("securitydomain.select", "new");
- config.putString("preop.securitydomain.name",
- HttpInput.getDomainName(request, "sdomainName"));
- config.putString("securitydomain.name",
- HttpInput.getDomainName(request, "sdomainName"));
- config.putString("securitydomain.host",
- CMS.getEENonSSLHost());
- config.putString("securitydomain.httpport",
- CMS.getEENonSSLPort());
- config.putString("securitydomain.httpsagentport",
- CMS.getAgentPort());
- config.putString("securitydomain.httpseeport",
- CMS.getEESSLPort());
- config.putString("securitydomain.httpsadminport",
- CMS.getAdminPort());
-
- // make sure the subsystem certificate is issued by the security
+ config.putString("preop.securitydomain.name",
+ HttpInput.getDomainName(request, "sdomainName"));
+ config.putString("securitydomain.name",
+ HttpInput.getDomainName(request, "sdomainName"));
+ config.putString("securitydomain.host", CMS.getEENonSSLHost());
+ config.putString("securitydomain.httpport", CMS.getEENonSSLPort());
+ config.putString("securitydomain.httpsagentport",
+ CMS.getAgentPort());
+ config.putString("securitydomain.httpseeport", CMS.getEESSLPort());
+ config.putString("securitydomain.httpsadminport",
+ CMS.getAdminPort());
+
+ // make sure the subsystem certificate is issued by the security
// domain
config.putString("preop.cert.subsystem.type", "local");
- config.putString("preop.cert.subsystem.profile", "subsystemCert.profile");
-
+ config.putString("preop.cert.subsystem.profile",
+ "subsystemCert.profile");
+
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
String instanceRoot = "";
try {
@@ -377,37 +374,38 @@ public class SecurityDomainPanel extends WizardPanelBase {
// make sure the subsystem certificate is issued by the security
// domain
config.putString("preop.cert.subsystem.type", "remote");
- config.putString("preop.cert.subsystem.profile", "caInternalAuthSubsystemCert");
+ config.putString("preop.cert.subsystem.profile",
+ "caInternalAuthSubsystemCert");
String admin_url = HttpInput.getURL(request, "sdomainURL");
String hostname = "";
int admin_port = -1;
- if( admin_url != null ) {
+ if (admin_url != null) {
try {
- URL admin_u = new URL( admin_url );
+ URL admin_u = new URL(admin_url);
hostname = admin_u.getHost();
admin_port = admin_u.getPort();
- } catch( MalformedURLException e ) {
+ } catch (MalformedURLException e) {
errorString = "Malformed SSL Admin HTTPS URL";
context.put("updateStatus", "failure");
- throw new IOException( errorString );
+ throw new IOException(errorString);
}
- context.put( "sdomainURL", admin_url );
- config.putString( "securitydomain.host", hostname );
- config.putInteger( "securitydomain.httpsadminport",
- admin_port );
+ context.put("sdomainURL", admin_url);
+ config.putString("securitydomain.host", hostname);
+ config.putInteger("securitydomain.httpsadminport", admin_port);
}
try {
config.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
- updateCertChain( config, "securitydomain", hostname, admin_port,
- true, context, certApprovalCallback );
+ updateCertChain(config, "securitydomain", hostname, admin_port,
+ true, context, certApprovalCallback);
} else {
CMS.debug("SecurityDomainPanel: invalid choice " + select);
errorString = "Invalid choice";
@@ -425,7 +423,8 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("wizardname", config.getString("preop.wizard.name"));
context.put("panelname", "Security Domain Configuration");
context.put("systemname", config.getString("preop.system.name"));
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
context.put("errorString", errorString);
context.put("updateStatus", "success");
@@ -435,8 +434,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
* If validate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
IConfigStore config = CMS.getConfigStore();
String default_admin_url = "";
try {
@@ -445,33 +443,35 @@ public class SecurityDomainPanel extends WizardPanelBase {
}
try {
- default_admin_url = config.getString("preop.securitydomain.admin_url", "");
- } catch (Exception e) {}
+ default_admin_url = config.getString(
+ "preop.securitydomain.admin_url", "");
+ } catch (Exception e) {
+ }
- if( default_admin_url != null ) {
+ if (default_admin_url != null) {
String r = null;
try {
// check to see if "default" security domain exists
// on local machine
- URL u = new URL( default_admin_url );
+ URL u = new URL(default_admin_url);
String hostname = u.getHost();
int port = u.getPort();
- ConfigCertApprovalCallback
- certApprovalCallback = new ConfigCertApprovalCallback();
- r = pingCS( hostname, port, true, certApprovalCallback );
- } catch (Exception e) {}
-
- if( r != null ) {
+ ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+ r = pingCS(hostname, port, true, certApprovalCallback);
+ } catch (Exception e) {
+ }
+
+ if (r != null) {
// "default" security domain exists on local machine;
// refill "sdomainURL" in with "default" security domain
// as an initial "guess"
- context.put( "sdomainURL", default_admin_url );
+ context.put("sdomainURL", default_admin_url);
} else {
// "default" security domain does NOT exist on local machine;
// leave "sdomainURL" blank
- context.put( "sdomainURL", "" );
+ context.put("sdomainURL", "");
}
}
@@ -482,20 +482,21 @@ public class SecurityDomainPanel extends WizardPanelBase {
context.put("https_ee_port", CMS.getEESSLPort());
context.put("https_admin_port", CMS.getAdminPort());
context.put("sdomainAdminURL",
- config.getString("preop.securitydomain.admin_url"));
- } catch (EBaseException e) {}
+ config.getString("preop.securitydomain.admin_url"));
+ } catch (EBaseException e) {
+ }
// Information for "existing" Security Domain CAs
String initDaemon = "pki-cad";
String instanceId = "&lt;security_domain_instance_name&gt;";
- String os = System.getProperty( "os.name" );
- if( os.equalsIgnoreCase( "Linux" ) ) {
- context.put( "initCommand", "/sbin/service " + initDaemon );
- context.put( "instanceId", instanceId );
+ String os = System.getProperty("os.name");
+ if (os.equalsIgnoreCase("Linux")) {
+ context.put("initCommand", "/sbin/service " + initDaemon);
+ context.put("instanceId", instanceId);
} else {
- /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
- context.put( "initCommand", "/etc/init.d/" + initDaemon );
- context.put( "instanceId", instanceId );
+ /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
+ context.put("initCommand", "/etc/init.d/" + initDaemon);
+ context.put("instanceId", instanceId);
}
context.put("title", "Security Domain");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
index 3d3530f2..f881ba7c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
@@ -27,8 +27,7 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable;
/**
* This object stores the values for IP, uid and group based on the cookie id.
*/
-public class SecurityDomainSessionTable
- implements ISecurityDomainSessionTable {
+public class SecurityDomainSessionTable implements ISecurityDomainSessionTable {
private Hashtable m_sessions;
private long m_timeToLive;
@@ -38,8 +37,7 @@ public class SecurityDomainSessionTable
m_timeToLive = timeToLive;
}
- public int addEntry(String sessionId, String ip,
- String uid, String group) {
+ public int addEntry(String sessionId, String ip, String uid, String group) {
Vector v = new Vector();
v.addElement(ip);
v.addElement(uid);
@@ -65,30 +63,30 @@ public class SecurityDomainSessionTable
}
public String getIP(String sessionId) {
- Vector v = (Vector)m_sessions.get(sessionId);
+ Vector v = (Vector) m_sessions.get(sessionId);
if (v != null)
- return (String)v.elementAt(0);
+ return (String) v.elementAt(0);
return null;
}
public String getUID(String sessionId) {
- Vector v = (Vector)m_sessions.get(sessionId);
+ Vector v = (Vector) m_sessions.get(sessionId);
if (v != null)
- return (String)v.elementAt(1);
+ return (String) v.elementAt(1);
return null;
}
public String getGroup(String sessionId) {
- Vector v = (Vector)m_sessions.get(sessionId);
+ Vector v = (Vector) m_sessions.get(sessionId);
if (v != null)
- return (String)v.elementAt(2);
+ return (String) v.elementAt(2);
return null;
}
public long getBeginTime(String sessionId) {
- Vector v = (Vector)m_sessions.get(sessionId);
- if (v != null) {
- Long n = (Long)v.elementAt(3);
+ Vector v = (Vector) m_sessions.get(sessionId);
+ if (v != null) {
+ Long n = (Long) v.elementAt(3);
if (n != null)
return n.longValue();
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
index c3a1e325..05769dc5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
@@ -28,8 +28,7 @@ import com.netscape.certsrv.logging.ILogger;
public class SessionTimer extends TimerTask {
private ISecurityDomainSessionTable m_sessiontable = null;
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
- private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
- "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+ private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
public SessionTimer(ISecurityDomainSessionTable table) {
super();
@@ -39,32 +38,27 @@ public class SessionTimer extends TimerTask {
public void run() {
Enumeration keys = m_sessiontable.getSessionIds();
while (keys.hasMoreElements()) {
- String sessionId = (String)keys.nextElement();
+ String sessionId = (String) keys.nextElement();
long beginTime = m_sessiontable.getBeginTime(sessionId);
Date nowDate = new Date();
long nowTime = nowDate.getTime();
long timeToLive = m_sessiontable.getTimeToLive();
- if ((nowTime-beginTime) > timeToLive) {
+ if ((nowTime - beginTime) > timeToLive) {
m_sessiontable.removeEntry(sessionId);
CMS.debug("SessionTimer run: successfully remove the session id entry from the table.");
-
+
// audit message
- String auditParams = "operation;;expire_token+token;;" + sessionId;
+ String auditParams = "operation;;expire_token+token;;"
+ + sessionId;
String auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
- "system",
- ILogger.SUCCESS,
- auditParams);
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE, "system",
+ ILogger.SUCCESS, auditParams);
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- auditMessage);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY,
+ auditMessage);
-
}
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
index 0e6a507a..a096963c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
@@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase {
private String default_rsa_key_size;
private boolean mShowSigning = false;
- public SizePanel() {}
+ public SizePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Key Pairs");
setId(id);
@@ -69,25 +69,30 @@ public class SizePanel extends WizardPanelBase {
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
- Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE,
- "default,custom", null, /* no default parameter */
+
+ Descriptor choiceDesc = new Descriptor(
+ IDescriptor.CHOICE,
+ "default,custom",
+ null, /* no default parameter */
"If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'.");
set.add("choice", choiceDesc);
-
- Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
- null, /* no default parameter */
- "Custom Key Size");
+
+ Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /*
+ * no
+ * constraint
+ */
+ null, /* no default parameter */
+ "Custom Key Size");
set.add("custom_size", customSizeDesc);
-
+
return set;
}
public void cleanUp() throws IOException {
IConfigStore cs = CMS.getConfigStore();
- /* clean up if necessary*/
+ /* clean up if necessary */
try {
boolean done = cs.getBoolean("preop.SizePanel.done");
cs.putBoolean("preop.SizePanel.done", false);
@@ -105,7 +110,8 @@ public class SizePanel extends WizardPanelBase {
} else {
return true;
}
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
@@ -114,11 +120,10 @@ public class SizePanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
CMS.debug("SizePanel: display()");
try {
- initParams(request, context);
+ initParams(request, context);
} catch (IOException e) {
}
@@ -134,12 +139,14 @@ public class SizePanel extends WizardPanelBase {
}
try {
- default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256");
+ default_ecc_curve_name = config.getString("keys.ecc.curve.default",
+ "nistp256");
} catch (Exception e) {
}
try {
- default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048");
+ default_rsa_key_size = config.getString("keys.rsa.keysize.default",
+ "2048");
} catch (Exception e) {
}
@@ -152,12 +159,12 @@ public class SizePanel extends WizardPanelBase {
while (st.hasMoreTokens()) {
String certTag = st.nextToken();
- String nn = config.getString(
- PCERT_PREFIX + certTag + ".nickname");
+ String nn = config.getString(PCERT_PREFIX + certTag
+ + ".nickname");
Cert c = new Cert(token, nn, certTag);
- String s = config.getString(
- PCERT_PREFIX + certTag + ".keysize.select", "default");
+ String s = config.getString(PCERT_PREFIX + certTag
+ + ".keysize.select", "default");
if (s.equals("default")) {
c.setKeyOption("default");
@@ -166,26 +173,25 @@ public class SizePanel extends WizardPanelBase {
c.setKeyOption("custom");
}
- s = config.getString(
- PCERT_PREFIX + certTag + ".keysize.custom_size",
- default_rsa_key_size);
+ s = config.getString(PCERT_PREFIX + certTag
+ + ".keysize.custom_size", default_rsa_key_size);
c.setCustomKeysize(s);
- s = config.getString(
- PCERT_PREFIX + certTag + ".curvename.custom_name",
- default_ecc_curve_name);
+ s = config.getString(PCERT_PREFIX + certTag
+ + ".curvename.custom_name", default_ecc_curve_name);
c.setCustomCurvename(s);
- boolean signingRequired = config.getBoolean(
- PCERT_PREFIX + certTag + ".signing.required",
- false);
+ boolean signingRequired = config.getBoolean(PCERT_PREFIX
+ + certTag + ".signing.required", false);
c.setSigningRequired(signingRequired);
- if (signingRequired) mShowSigning = true;
+ if (signingRequired)
+ mShowSigning = true;
- String userfriendlyname = config.getString(
- PCERT_PREFIX + certTag + ".userfriendlyname");
+ String userfriendlyname = config.getString(PCERT_PREFIX
+ + certTag + ".userfriendlyname");
c.setUserFriendlyName(userfriendlyname);
- boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + certTag
+ + ".enable", true);
c.setEnable(enable);
mCerts.addElement(c);
}// while
@@ -206,16 +212,15 @@ public class SizePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException, NumberFormatException {
+ HttpServletResponse response, Context context) throws IOException,
+ NumberFormatException {
CMS.debug("SizePanel: update()");
boolean hasErr = false;
IConfigStore config = CMS.getConfigStore();
@@ -236,13 +241,15 @@ public class SizePanel extends WizardPanelBase {
if (select1.equals("clone")) {
// preset the sslserver dn for cloning case
try {
- String val = config.getString("preop.cert.sslserver.dn", "");
- config.putString("preop.cert.sslserver.dn", val+",o=clone");
+ String val = config
+ .getString("preop.cert.sslserver.dn", "");
+ config.putString("preop.cert.sslserver.dn", val
+ + ",o=clone");
} catch (Exception ee) {
}
}
}
-
+
String token = "";
try {
token = config.getString(PRE_CONF_CA_TOKEN, "");
@@ -251,13 +258,17 @@ public class SizePanel extends WizardPanelBase {
while (c.hasMoreElements()) {
Cert cert = (Cert) c.nextElement();
String ct = cert.getCertTag();
- boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+ boolean enable = config.getBoolean(PCERT_PREFIX + ct
+ + ".enable", true);
if (!enable)
continue;
- String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc
+ String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa
+ // or
+ // ecc
- String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm");
+ String keyalgorithm = HttpInput.getString(request, ct
+ + "_keyalgorithm");
if (keyalgorithm == null) {
if (keytype != null && keytype.equals("ecc")) {
keyalgorithm = "SHA256withEC";
@@ -266,7 +277,8 @@ public class SizePanel extends WizardPanelBase {
}
}
- String signingalgorithm = HttpInput.getString(request, ct + "_signingalgorithm");
+ String signingalgorithm = HttpInput.getString(request, ct
+ + "_signingalgorithm");
if (signingalgorithm == null) {
signingalgorithm = keyalgorithm;
}
@@ -275,114 +287,136 @@ public class SizePanel extends WizardPanelBase {
if (select == null) {
CMS.debug("SizePanel: " + ct + "_choice not found");
- throw new IOException(
- "SizePanel: " + ct + "_choice not found");
+ throw new IOException("SizePanel: " + ct
+ + "_choice not found");
}
- CMS.debug(
- "SizePanel: update() keysize choice selected:" + select);
- String oldkeysize =
- config.getString(PCERT_PREFIX+ct+".keysize.size", "");
- String oldkeytype =
- config.getString(PCERT_PREFIX + ct + ".keytype", "");
- String oldkeyalgorithm =
- config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
- String oldsigningalgorithm =
- config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
- String oldcurvename =
- config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+ CMS.debug("SizePanel: update() keysize choice selected:"
+ + select);
+ String oldkeysize = config.getString(PCERT_PREFIX + ct
+ + ".keysize.size", "");
+ String oldkeytype = config.getString(PCERT_PREFIX + ct
+ + ".keytype", "");
+ String oldkeyalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".keyalgorithm", "");
+ String oldsigningalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".signingalgorithm", "");
+ String oldcurvename = config.getString(PCERT_PREFIX + ct
+ + ".curvename.name", "");
if (select.equals("default")) {
// XXXrenaming these...keep for now just in case
config.putString("preop.keysize.select", "default");
if (keytype != null && keytype.equals("ecc")) {
- config.putString("preop.curvename.custom_name",
- default_ecc_curve_name);
- config.putString("preop.curvename.name", default_ecc_curve_name);
+ config.putString("preop.curvename.custom_name",
+ default_ecc_curve_name);
+ config.putString("preop.curvename.name",
+ default_ecc_curve_name);
} else {
- config.putString("preop.keysize.custom_size",
- default_rsa_key_size);
- config.putString("preop.keysize.size", default_rsa_key_size);
+ config.putString("preop.keysize.custom_size",
+ default_rsa_key_size);
+ config.putString("preop.keysize.size",
+ default_rsa_key_size);
}
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
- config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
- config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm);
+ config.putString(PCERT_PREFIX + ct + ".keyalgorithm",
+ keyalgorithm);
+ config.putString(PCERT_PREFIX + ct + ".signingalgorithm",
+ signingalgorithm);
config.putString(PCERT_PREFIX + ct + ".keysize.select",
"default");
if (keytype != null && keytype.equals("ecc")) {
- config.putString(PCERT_PREFIX + ct +
- ".curvename.custom_name",
- default_ecc_curve_name);
- config.putString(PCERT_PREFIX + ct + ".curvename.name",
- default_ecc_curve_name);
+ config.putString(PCERT_PREFIX + ct
+ + ".curvename.custom_name",
+ default_ecc_curve_name);
+ config.putString(PCERT_PREFIX + ct + ".curvename.name",
+ default_ecc_curve_name);
} else {
- config.putString(PCERT_PREFIX + ct +
- ".keysize.custom_size",
- default_rsa_key_size);
- config.putString(PCERT_PREFIX + ct + ".keysize.size",
- default_rsa_key_size);
+ config.putString(PCERT_PREFIX + ct
+ + ".keysize.custom_size", default_rsa_key_size);
+ config.putString(PCERT_PREFIX + ct + ".keysize.size",
+ default_rsa_key_size);
}
} else if (select.equals("custom")) {
// XXXrenaming these...keep for now just in case
config.putString("preop.keysize.select", "custom");
if (keytype != null && keytype.equals("ecc")) {
- config.putString("preop.curvename.name",
- HttpInput.getString(request, ct + "_custom_curvename"));
- config.putString("preop.curvename.custom_name",
- HttpInput.getString(request, ct + "_custom_curvename"));
+ config.putString(
+ "preop.curvename.name",
+ HttpInput.getString(request, ct
+ + "_custom_curvename"));
+ config.putString(
+ "preop.curvename.custom_name",
+ HttpInput.getString(request, ct
+ + "_custom_curvename"));
} else {
- config.putString("preop.keysize.size",
- HttpInput.getKeySize(request, ct + "_custom_size", keytype));
- config.putString("preop.keysize.custom_size",
- HttpInput.getKeySize(request, ct + "_custom_size", keytype));
+ config.putString(
+ "preop.keysize.size",
+ HttpInput.getKeySize(request, ct
+ + "_custom_size", keytype));
+ config.putString(
+ "preop.keysize.custom_size",
+ HttpInput.getKeySize(request, ct
+ + "_custom_size", keytype));
}
config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
- config.putString(PCERT_PREFIX + ct + ".keyalgorithm", keyalgorithm);
- config.putString(PCERT_PREFIX + ct + ".signingalgorithm", signingalgorithm);
+ config.putString(PCERT_PREFIX + ct + ".keyalgorithm",
+ keyalgorithm);
+ config.putString(PCERT_PREFIX + ct + ".signingalgorithm",
+ signingalgorithm);
config.putString(PCERT_PREFIX + ct + ".keysize.select",
"custom");
if (keytype != null && keytype.equals("ecc")) {
- config.putString(PCERT_PREFIX + ct + ".curvename.custom_name",
- HttpInput.getString(request, ct + "_custom_curvename"));
- config.putString(PCERT_PREFIX + ct + ".curvename.name",
- HttpInput.getString(request, ct + "_custom_curvename"));
+ config.putString(
+ PCERT_PREFIX + ct + ".curvename.custom_name",
+ HttpInput.getString(request, ct
+ + "_custom_curvename"));
+ config.putString(
+ PCERT_PREFIX + ct + ".curvename.name",
+ HttpInput.getString(request, ct
+ + "_custom_curvename"));
} else {
- config.putString(PCERT_PREFIX + ct + ".keysize.custom_size",
- HttpInput.getKeySize(request, ct + "_custom_size"));
- config.putString(PCERT_PREFIX + ct + ".keysize.size",
- HttpInput.getKeySize(request, ct + "_custom_size"));
+ config.putString(
+ PCERT_PREFIX + ct + ".keysize.custom_size",
+ HttpInput.getKeySize(request, ct
+ + "_custom_size"));
+ config.putString(
+ PCERT_PREFIX + ct + ".keysize.size",
+ HttpInput.getKeySize(request, ct
+ + "_custom_size"));
}
} else {
CMS.debug("SizePanel: invalid choice " + select);
throw new IOException("invalid choice " + select);
}
- String newkeysize =
- config.getString(PCERT_PREFIX+ct+".keysize.size", "");
- String newkeytype =
- config.getString(PCERT_PREFIX + ct + ".keytype", "");
- String newkeyalgorithm =
- config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
- String newsigningalgorithm =
- config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
- String newcurvename =
- config.getString(PCERT_PREFIX+ct+".curvename.name", "");
-
- if (!oldkeysize.equals(newkeysize) ||
- !oldkeytype.equals(newkeytype) ||
- !oldkeyalgorithm.equals(newkeyalgorithm) ||
- !oldsigningalgorithm.equals(newsigningalgorithm) ||
- !oldcurvename.equals(newcurvename))
+ String newkeysize = config.getString(PCERT_PREFIX + ct
+ + ".keysize.size", "");
+ String newkeytype = config.getString(PCERT_PREFIX + ct
+ + ".keytype", "");
+ String newkeyalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".keyalgorithm", "");
+ String newsigningalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".signingalgorithm", "");
+ String newcurvename = config.getString(PCERT_PREFIX + ct
+ + ".curvename.name", "");
+
+ if (!oldkeysize.equals(newkeysize)
+ || !oldkeytype.equals(newkeytype)
+ || !oldkeyalgorithm.equals(newkeyalgorithm)
+ || !oldsigningalgorithm.equals(newsigningalgorithm)
+ || !oldcurvename.equals(newcurvename))
hasChanged = true;
}// while
try {
config.commit(false);
- } catch (EBaseException e) {
- CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString());
+ } catch (EBaseException e) {
+ CMS.debug("SizePanel: update() Exception caught at config commit: "
+ + e.toString());
}
val1 = HttpInput.getID(request, "generateKeyPair");
@@ -393,19 +427,20 @@ public class SizePanel extends WizardPanelBase {
context.put("updateStatus", "success");
return;
}
- } catch (IOException e) {
+ } catch (IOException e) {
CMS.debug("SizePanel: update() IOException caught: " + e.toString());
context.put("updateStatus", "failure");
throw e;
} catch (NumberFormatException e) {
- CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString());
+ CMS.debug("SizePanel: update() NumberFormatException caught: "
+ + e.toString());
context.put("updateStatus", "failure");
throw e;
- } catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("SizePanel: update() Exception caught: " + e.toString());
}
- // generate key pair
+ // generate key pair
Enumeration c = mCerts.elements();
while (c.hasMoreElements()) {
@@ -414,8 +449,9 @@ public class SizePanel extends WizardPanelBase {
String friendlyName = ct;
boolean enable = true;
try {
- enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
- friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct);
+ enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
+ friendlyName = config.getString(PCERT_PREFIX + ct
+ + ".userfriendlyname", ct);
} catch (Exception e) {
}
@@ -423,17 +459,19 @@ public class SizePanel extends WizardPanelBase {
continue;
try {
- String keytype = config.getString(PCERT_PREFIX + ct + ".keytype");
- String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm");
-
+ String keytype = config.getString(PCERT_PREFIX + ct
+ + ".keytype");
+ String keyalgorithm = config.getString(PCERT_PREFIX + ct
+ + ".keyalgorithm");
+
if (keytype.equals("rsa")) {
- int keysize = config.getInteger(
- PCERT_PREFIX + ct + ".keysize.size");
+ int keysize = config.getInteger(PCERT_PREFIX + ct
+ + ".keysize.size");
createRSAKeyPair(token, keysize, config, ct);
} else {
- String curveName = config.getString(
- PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
+ String curveName = config.getString(PCERT_PREFIX + ct
+ + ".curvename.name", default_ecc_curve_name);
createECCKeyPair(token, curveName, config, ct);
}
config.commit(false);
@@ -441,40 +479,41 @@ public class SizePanel extends WizardPanelBase {
CMS.debug(e);
CMS.debug("SizePanel: key generation failure: " + e.toString());
context.put("updateStatus", "failure");
- throw new IOException("key generation failure for the certificate: " + friendlyName +
- ". See the logs for details.");
+ throw new IOException(
+ "key generation failure for the certificate: "
+ + friendlyName + ". See the logs for details.");
}
} // while
if (hasErr == false) {
- config.putBoolean("preop.SizePanel.done", true);
- try {
- config.commit(false);
- } catch (EBaseException e) {
- CMS.debug(
- "SizePanel: update() Exception caught at config commit: "
- + e.toString());
- }
- }
+ config.putBoolean("preop.SizePanel.done", true);
+ try {
+ config.commit(false);
+ } catch (EBaseException e) {
+ CMS.debug("SizePanel: update() Exception caught at config commit: "
+ + e.toString());
+ }
+ }
CMS.debug("SizePanel: update() done");
context.put("updateStatus", "success");
}
- public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct)
- throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
- {
- CMS.debug("Generating ECC key pair with curvename="+ curveName +
- ", token="+token);
+ public void createECCKeyPair(String token, String curveName,
+ IConfigStore config, String ct) throws NoSuchAlgorithmException,
+ NoSuchTokenException, TokenException,
+ CryptoManager.NotInitializedException {
+ CMS.debug("Generating ECC key pair with curvename=" + curveName
+ + ", token=" + token);
KeyPair pair = null;
/*
- * default ssl server cert to ECDHE unless stated otherwise
- * note: IE only supports "ECDHE", but "ECDH" is more efficient
- *
+ * default ssl server cert to ECDHE unless stated otherwise note: IE
+ * only supports "ECDHE", but "ECDH" is more efficient
+ *
* for "ECDHE", server.xml should have the following for ciphers:
* +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
* -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *
+ *
* for "ECDH", server.xml should have the following for ciphers:
* -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
* +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
@@ -487,49 +526,45 @@ public class SizePanel extends WizardPanelBase {
}
// ECDHE needs "SIGN" but no "DERIVE"
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
- };
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = { org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE };
// ECDH needs "DERIVE" but no any kind of "SIGN"
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
- org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
- };
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+ org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER, };
do {
- if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
- CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- pair = CryptoUtil.generateECCKeyPair(token, curveName,
- null,
- ECDH_usages_mask);
- } else {
- if (ct.equals("sslserver")) {
- CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
- }
- pair = CryptoUtil.generateECCKeyPair(token, curveName,
- null,
- usages_mask);
- }
-
- // XXX - store curve , w
- byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
- String kid = CryptoUtil.byte2string(id);
- config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-
- // try to locate the private key
- org.mozilla.jss.crypto.PrivateKey privk =
- CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
- if (privk == null) {
- CMS.debug("Found bad ECC key id " + kid);
- pair = null;
+ if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
+ CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ pair = CryptoUtil.generateECCKeyPair(token, curveName, null,
+ ECDH_usages_mask);
+ } else {
+ if (ct.equals("sslserver")) {
+ CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+ }
+ pair = CryptoUtil.generateECCKeyPair(token, curveName, null,
+ usages_mask);
+ }
+
+ // XXX - store curve , w
+ byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate())
+ .getUniqueID();
+ String kid = CryptoUtil.byte2string(id);
+ config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+
+ // try to locate the private key
+ org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil
+ .findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+ if (privk == null) {
+ CMS.debug("Found bad ECC key id " + kid);
+ pair = null;
}
} while (pair == null);
- CMS.debug("Public key class " + pair.getPublic().getClass().getName());
+ CMS.debug("Public key class " + pair.getPublic().getClass().getName());
byte encoded[] = pair.getPublic().getEncoded();
config.putString(PCERT_PREFIX + ct + ".pubkey.encoded",
- CryptoUtil.byte2string(encoded));
+ CryptoUtil.byte2string(encoded));
String keyAlgo = "";
try {
@@ -537,35 +572,39 @@ public class SizePanel extends WizardPanelBase {
} catch (Exception e1) {
}
- setSigningAlgorithm(ct, keyAlgo, config);
+ setSigningAlgorithm(ct, keyAlgo, config);
}
- public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct)
- throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
- {
+ public void createRSAKeyPair(String token, int keysize,
+ IConfigStore config, String ct) throws NoSuchAlgorithmException,
+ NoSuchTokenException, TokenException,
+ CryptoManager.NotInitializedException {
/* generate key pair */
KeyPair pair = null;
do {
- pair = CryptoUtil.generateRSAKeyPair(token, keysize);
- byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
- String kid = CryptoUtil.byte2string(id);
- config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
- // try to locate the private key
- org.mozilla.jss.crypto.PrivateKey privk =
- CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
- if (privk == null) {
- CMS.debug("Found bad RSA key id " + kid);
- pair = null;
+ pair = CryptoUtil.generateRSAKeyPair(token, keysize);
+ byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate())
+ .getUniqueID();
+ String kid = CryptoUtil.byte2string(id);
+ config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+ // try to locate the private key
+ org.mozilla.jss.crypto.PrivateKey privk = CryptoUtil
+ .findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+ if (privk == null) {
+ CMS.debug("Found bad RSA key id " + kid);
+ pair = null;
}
} while (pair == null);
- byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus().toByteArray();
- byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray();
+ byte modulus[] = ((RSAPublicKey) pair.getPublic()).getModulus()
+ .toByteArray();
+ byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent()
+ .toByteArray();
config.putString(PCERT_PREFIX + ct + ".pubkey.modulus",
- CryptoUtil.byte2string(modulus));
+ CryptoUtil.byte2string(modulus));
config.putString(PCERT_PREFIX + ct + ".pubkey.exponent",
- CryptoUtil.byte2string(exponent));
+ CryptoUtil.byte2string(exponent));
String keyAlgo = "";
try {
@@ -573,41 +612,39 @@ public class SizePanel extends WizardPanelBase {
} catch (Exception e1) {
}
- setSigningAlgorithm(ct, keyAlgo, config);
+ setSigningAlgorithm(ct, keyAlgo, config);
}
- public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) {
+ public void setSigningAlgorithm(String ct, String keyAlgo,
+ IConfigStore config) {
String systemType = "";
try {
- systemType = config.getString("preop.system.name");
+ systemType = config.getString("preop.system.name");
} catch (Exception e1) {
}
if (systemType.equalsIgnoreCase("CA")) {
- if (ct.equals("signing")) {
- config.putString("ca.signing.defaultSigningAlgorithm",
- keyAlgo);
- config.putString("ca.crl.MasterCRL.signingAlgorithm",
- keyAlgo);
- } else if (ct.equals("ocsp_signing")) {
- config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
- keyAlgo);
- }
+ if (ct.equals("signing")) {
+ config.putString("ca.signing.defaultSigningAlgorithm", keyAlgo);
+ config.putString("ca.crl.MasterCRL.signingAlgorithm", keyAlgo);
+ } else if (ct.equals("ocsp_signing")) {
+ config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
+ keyAlgo);
+ }
} else if (systemType.equalsIgnoreCase("OCSP")) {
- if (ct.equals("signing")) {
- config.putString("ocsp.signing.defaultSigningAlgorithm",
- keyAlgo);
- }
- } else if (systemType.equalsIgnoreCase("KRA") ||
- systemType.equalsIgnoreCase("DRM")) {
- if (ct.equals("transport")) {
+ if (ct.equals("signing")) {
+ config.putString("ocsp.signing.defaultSigningAlgorithm",
+ keyAlgo);
+ }
+ } else if (systemType.equalsIgnoreCase("KRA")
+ || systemType.equalsIgnoreCase("DRM")) {
+ if (ct.equals("transport")) {
config.putString("kra.transportUnit.signingAlgorithm", keyAlgo);
- }
+ }
}
}
public void initParams(HttpServletRequest request, Context context)
- throws IOException
- {
+ throws IOException {
IConfigStore config = CMS.getConfigStore();
String s = "";
try {
@@ -619,10 +656,13 @@ public class SizePanel extends WizardPanelBase {
s = config.getString("preop.hierarchy.select", "root");
context.put("hselect", s);
- s = config.getString("preop.ecc.algorithm.list", "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC");
+ s = config.getString("preop.ecc.algorithm.list",
+ "SHA256withEC,SHA1withEC,SHA384withEC,SHA512withEC");
context.put("ecclist", s);
- s = config.getString("preop.rsa.algorithm.list", "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA");
+ s = config
+ .getString("preop.rsa.algorithm.list",
+ "SHA256withRSA,SHA1withRSA,SHA512withRSA,MD5withRSA,MD2withRSA");
context.put("rsalist", s);
s = config.getString("keys.ecc.curve.list", "nistp256");
@@ -635,7 +675,8 @@ public class SizePanel extends WizardPanelBase {
context.put("subsystemtype", s);
} catch (Exception e) {
- CMS.debug("SizePanel(): initParams: unable to set all initial parameters:" + e);
+ CMS.debug("SizePanel(): initParams: unable to set all initial parameters:"
+ + e);
}
}
@@ -643,10 +684,9 @@ public class SizePanel extends WizardPanelBase {
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
try {
- initParams(request, context);
+ initParams(request, context);
} catch (IOException e) {
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
index cf59e07c..b1c16d65 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
@@ -51,6 +51,7 @@ public class TokenAuthenticate extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -58,13 +59,14 @@ public class TokenAuthenticate extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
- IConfigStore config = CMS.getConfigStore();
+ IConfigStore config = CMS.getConfigStore();
String sessionId = httpReq.getParameter("sessionID");
CMS.debug("TokenAuthentication: sessionId=" + sessionId);
@@ -85,9 +87,9 @@ public class TokenAuthenticate extends CMSServlet {
CMS.debug("TokenAuthentication: found session");
if (checkIP) {
String hostname = table.getIP(sessionId);
- if (! hostname.equals(givenHost)) {
- CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost="
- + givenHost + " are different");
+ if (!hostname.equals(givenHost)) {
+ CMS.debug("TokenAuthentication: hostname=" + hostname
+ + " and givenHost=" + givenHost + " are different");
CMS.debug("TokenAuthenticate authenticate failed, wrong hostname.");
outputError(httpResp, "Error: Failed Authentication");
return;
@@ -122,7 +124,15 @@ public class TokenAuthenticate extends CMSServlet {
}
}
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
index cf699c61..b71cbb3c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class UpdateConnector extends CMSServlet {
/**
@@ -62,6 +60,7 @@ public class UpdateConnector extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -71,7 +70,7 @@ public class UpdateConnector extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
CMS.debug("UpdateConnector: processing...");
@@ -85,9 +84,9 @@ public class UpdateConnector extends CMSServlet {
CMS.debug("UpdateConnector authentication successful.");
} catch (Exception e) {
CMS.debug("UpdateConnector: authentication failed.");
- log(ILogger.LL_FAILURE,
+ log(ILogger.LL_FAILURE,
CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
- e.toString()));
+ e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -100,19 +99,19 @@ public class UpdateConnector extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
CMS.debug("UpdateConnector authorization successful.");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
@@ -125,33 +124,35 @@ public class UpdateConnector extends CMSServlet {
Enumeration list = httpReq.getParameterNames();
while (list.hasMoreElements()) {
- String name = (String)list.nextElement();
+ String name = (String) list.nextElement();
String val = httpReq.getParameter(name);
if (name != null && name.startsWith("ca.connector")) {
- CMS.debug("Adding connector update name=" + name + " val=" + val);
+ CMS.debug("Adding connector update name=" + name + " val="
+ + val);
cs.putString(name, val);
} else {
- CMS.debug("Skipping connector update name=" + name + " val=" + val);
+ CMS.debug("Skipping connector update name=" + name + " val="
+ + val);
}
}
-
- try {
+
+ try {
String nickname = cs.getString("ca.subsystem.nickname", "");
String tokenname = cs.getString("ca.subsystem.tokenname", "");
if (!tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname+":"+nickname;
+ nickname = tokenname + ":" + nickname;
cs.putString("ca.connector.KRA.nickName", nickname);
cs.commit(false);
} catch (Exception e) {
}
// start the connector
- try {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem("ca");
- ICAService caService = (ICAService)ca.getCAService();
- IConnector kraConnector = caService.getConnector(
- cs.getSubStore("ca.connector.KRA"));
+ try {
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem("ca");
+ ICAService caService = (ICAService) ca.getCAService();
+ IConnector kraConnector = caService.getConnector(cs
+ .getSubStore("ca.connector.KRA"));
caService.setKRAConnector(kraConnector);
kraConnector.start();
} catch (Exception e) {
@@ -173,14 +174,22 @@ public class UpdateConnector extends CMSServlet {
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {// do nothing
+ }
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
index c9fe27ef..57c58df3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
@@ -55,7 +54,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class UpdateDomainXML extends CMSServlet {
/**
@@ -64,10 +62,8 @@ public class UpdateDomainXML extends CMSServlet {
private static final long serialVersionUID = 4059169588555717548L;
private final static String SUCCESS = "0";
private final static String FAILED = "1";
- private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
- "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
- "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+ private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE = "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE = "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
public UpdateDomainXML() {
super();
@@ -75,6 +71,7 @@ public class UpdateDomainXML extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -101,20 +98,19 @@ public class UpdateDomainXML extends CMSServlet {
status = FAILED;
CMS.debug("Failed to delete entry" + e.toString());
}
- } catch (Exception e) {
- CMS.debug("Failed to delete entry" + e.toString());
- } finally {
+ } catch (Exception e) {
+ CMS.debug("Failed to delete entry" + e.toString());
+ } finally {
try {
- if ((conn != null) && (connFactory!= null)) {
+ if ((conn != null) && (connFactory != null)) {
CMS.debug("Releasing ldap connection");
connFactory.returnConn(conn);
}
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Error releasing the ldap connection" + e.toString());
}
- }
- return status;
+ }
+ return status;
}
private String modify_ldap(String dn, LDAPModification mod) {
@@ -135,23 +131,21 @@ public class UpdateDomainXML extends CMSServlet {
status = FAILED;
CMS.debug("Failed to modify entry" + e.toString());
}
- } catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Failed to modify entry" + e.toString());
- } finally {
+ } finally {
try {
- if ((conn != null) && (connFactory!= null)) {
+ if ((conn != null) && (connFactory != null)) {
CMS.debug("Releasing ldap connection");
connFactory.returnConn(conn);
}
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Error releasing the ldap connection" + e.toString());
}
- }
- return status;
+ }
+ return status;
}
-
private String add_to_ldap(LDAPEntry entry, String dn) {
CMS.debug("UpdateDomainXML: add_to_ldap: starting");
String status = SUCCESS;
@@ -172,37 +166,38 @@ public class UpdateDomainXML extends CMSServlet {
conn.delete(dn);
conn.add(entry);
} catch (LDAPException ee) {
- CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString());
+ CMS.debug("UpdateDomainXML: Error when replacing existing entry "
+ + ee.toString());
status = FAILED;
}
} else {
- CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString());
+ CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "
+ + e.toString());
status = FAILED;
}
} catch (Exception e) {
CMS.debug("Failed to add entry" + e.toString());
} finally {
try {
- if ((conn != null) && (connFactory!= null)) {
+ if ((conn != null) && (connFactory != null)) {
CMS.debug("Releasing ldap connection");
connFactory.returnConn(conn);
}
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Error releasing the ldap connection" + e.toString());
}
- }
- return status;
+ }
+ return status;
}
-
-
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
- * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+ * <li>http.param op 'displayIND' - display pretty-print of certificate
+ * chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -219,7 +214,7 @@ public class UpdateDomainXML extends CMSServlet {
authToken = authenticate(cmsReq);
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
return;
}
@@ -233,19 +228,18 @@ public class UpdateDomainXML extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, AUTH_FAILURE, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- outputError(httpResp,
- AUTH_FAILURE,
- "Error: Encountered problem during authorization.");
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ outputError(httpResp, AUTH_FAILURE,
+ "Error: Encountered problem during authorization.");
return;
}
if (authzToken == null) {
@@ -272,7 +266,7 @@ public class UpdateDomainXML extends CMSServlet {
String missing = "";
if ((host == null) || host.equals("")) {
missing += " host ";
- }
+ }
if ((name == null) || name.equals("")) {
missing += " name ";
}
@@ -286,20 +280,20 @@ public class UpdateDomainXML extends CMSServlet {
clone = "false";
}
- if (! missing.equals("")) {
- CMS.debug("UpdateDomainXML process: required parameters:" + missing +
- "not provided in request");
- outputError(httpResp, "Error: required parameters: " + missing +
- "not provided in request");
+ if (!missing.equals("")) {
+ CMS.debug("UpdateDomainXML process: required parameters:" + missing
+ + "not provided in request");
+ outputError(httpResp, "Error: required parameters: " + missing
+ + "not provided in request");
return;
}
String auditMessage = null;
String auditSubjectID = auditSubjectID();
- String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+
- "+clone;;"+clone+"+type;;"+type;
+ String auditParams = "host;;" + host + "+name;;" + name + "+sport;;"
+ + sport + "+clone;;" + clone + "+type;;" + type;
if (operation != null) {
- auditParams += "+operation;;"+operation;
+ auditParams += "+operation;;" + operation;
} else {
auditParams += "+operation;;add";
}
@@ -312,8 +306,7 @@ public class UpdateDomainXML extends CMSServlet {
try {
basedn = cs.getString("internaldb.basedn");
secstore = cs.getString("securitydomain.store");
- }
- catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script");
}
@@ -326,13 +319,14 @@ public class UpdateDomainXML extends CMSServlet {
String listName = type + "List";
String cn = host + ":";
- if ((adminsport!= null) && (adminsport != "")) {
+ if ((adminsport != null) && (adminsport != "")) {
cn += adminsport;
} else {
cn += sport;
}
- String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain," + basedn;
+ String dn = "cn=" + cn + ",cn=" + listName + ",ou=Security Domain,"
+ + basedn;
CMS.debug("UpdateDomainXML: updating LDAP entry: " + dn);
LDAPAttributeSet attrs = null;
@@ -356,69 +350,69 @@ public class UpdateDomainXML extends CMSServlet {
attrs.add(new LDAPAttribute("SecureEEClientAuthPort", eecaport));
}
if ((domainmgr != null) && (!domainmgr.equals(""))) {
- attrs.add(new LDAPAttribute("DomainManager", domainmgr.toUpperCase()));
+ attrs.add(new LDAPAttribute("DomainManager", domainmgr
+ .toUpperCase()));
}
attrs.add(new LDAPAttribute("clone", clone.toUpperCase()));
attrs.add(new LDAPAttribute("SubsystemName", name));
entry = new LDAPEntry(dn, attrs);
-
- if ((operation != null) && (operation.equals("remove"))) {
- status = remove_from_ldap(dn);
- String adminUserDN;
- if ((agentsport != null) && (!agentsport.equals(""))) {
- adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn;
- } else {
- adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
- }
- String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" +
- "+resource;;"+adminUserDN;
- if (status.equals(SUCCESS)) {
- // remove the user for this subsystem's admin
- status2 = remove_from_ldap(adminUserDN);
+
+ if ((operation != null) && (operation.equals("remove"))) {
+ status = remove_from_ldap(dn);
+ String adminUserDN;
+ if ((agentsport != null) && (!agentsport.equals(""))) {
+ adminUserDN = "uid=" + type + "-" + host + "-" + agentsport
+ + ",ou=People," + basedn;
+ } else {
+ adminUserDN = "uid=" + type + "-" + host + "-" + sport
+ + ",ou=People," + basedn;
+ }
+ String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML"
+ + "+resource;;" + adminUserDN;
+ if (status.equals(SUCCESS)) {
+ // remove the user for this subsystem's admin
+ status2 = remove_from_ldap(adminUserDN);
+ if (status2.equals(SUCCESS)) {
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.SUCCESS,
+ userAuditParams);
+ audit(auditMessage);
+
+ // remove this user from the subsystem group
+ userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER"
+ + "+source;;UpdateDomainXML"
+ + "+resource;;Subsystem Group+user;;"
+ + adminUserDN;
+ dn = "cn=Subsystem Group, ou=groups," + basedn;
+ LDAPModification mod = new LDAPModification(
+ LDAPModification.DELETE, new LDAPAttribute(
+ "uniqueMember", adminUserDN));
+ status2 = modify_ldap(dn, mod);
if (status2.equals(SUCCESS)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- userAuditParams);
- audit(auditMessage);
-
- // remove this user from the subsystem group
- userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" +
- "+source;;UpdateDomainXML" +
- "+resource;;Subsystem Group+user;;"+adminUserDN;
- dn = "cn=Subsystem Group, ou=groups," + basedn;
- LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
- new LDAPAttribute("uniqueMember", adminUserDN));
- status2 = modify_ldap(dn, mod);
- if (status2.equals(SUCCESS)) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.SUCCESS,
- userAuditParams);
- } else {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- userAuditParams);
- }
- audit(auditMessage);
- } else { // error deleting user
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.SUCCESS,
+ userAuditParams);
+ } else {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
- auditSubjectID,
- ILogger.FAILURE,
- userAuditParams);
- audit(auditMessage);
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE,
+ userAuditParams);
}
+ audit(auditMessage);
+ } else { // error deleting user
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+ auditSubjectID, ILogger.FAILURE,
+ userAuditParams);
+ audit(auditMessage);
}
+ }
} else {
- status = add_to_ldap(entry, dn);
+ status = add_to_ldap(entry, dn);
}
- }
- else {
+ } else {
// update the domain.xml file
String path = CMS.getConfigStore().getString("instanceRoot", "")
+ "/conf/domain.xml";
@@ -430,7 +424,7 @@ public class UpdateDomainXML extends CMSServlet {
CMS.debug("UpdateDomainXML: Inserting new domain info");
XMLObject parser = new XMLObject(new FileInputStream(path));
Node n = parser.getContainer(list);
- int count =0;
+ int count = 0;
if ((operation != null) && (operation.equals("remove"))) {
// delete node
@@ -440,15 +434,19 @@ public class UpdateDomainXML extends CMSServlet {
for (int i = 0; i < len; i++) {
Node nn = (Node) nodeList.item(i);
- Vector v_name = parser.getValuesFromContainer(nn, "SubsystemName");
- Vector v_host = parser.getValuesFromContainer(nn, "Host");
- Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort");
- if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host))
- && (v_adminport.elementAt(0).equals(adminsport))) {
- Node parent = nn.getParentNode();
- Node remNode = parent.removeChild(nn);
- count --;
- break;
+ Vector v_name = parser.getValuesFromContainer(nn,
+ "SubsystemName");
+ Vector v_host = parser.getValuesFromContainer(nn,
+ "Host");
+ Vector v_adminport = parser.getValuesFromContainer(nn,
+ "SecureAdminPort");
+ if ((v_name.elementAt(0).equals(name))
+ && (v_host.elementAt(0).equals(host))
+ && (v_adminport.elementAt(0).equals(adminsport))) {
+ Node parent = nn.getParentNode();
+ Node remNode = parent.removeChild(nn);
+ count--;
+ break;
}
}
} else {
@@ -457,39 +455,44 @@ public class UpdateDomainXML extends CMSServlet {
parser.addItemToContainer(parent, "SubsystemName", name);
parser.addItemToContainer(parent, "Host", host);
parser.addItemToContainer(parent, "SecurePort", sport);
- parser.addItemToContainer(parent, "SecureAgentPort", agentsport);
- parser.addItemToContainer(parent, "SecureAdminPort", adminsport);
- parser.addItemToContainer(parent, "SecureEEClientAuthPort", eecaport);
+ parser.addItemToContainer(parent, "SecureAgentPort",
+ agentsport);
+ parser.addItemToContainer(parent, "SecureAdminPort",
+ adminsport);
+ parser.addItemToContainer(parent, "SecureEEClientAuthPort",
+ eecaport);
parser.addItemToContainer(parent, "UnSecurePort", httpport);
- parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase());
- parser.addItemToContainer(parent, "Clone", clone.toUpperCase());
- count ++;
+ parser.addItemToContainer(parent, "DomainManager",
+ domainmgr.toUpperCase());
+ parser.addItemToContainer(parent, "Clone",
+ clone.toUpperCase());
+ count++;
}
- //update count
+ // update count
String countS = "";
NodeList nlist = n.getChildNodes();
Node countnode = null;
- for (int i=0; i<nlist.getLength(); i++) {
- Element nn = (Element)nlist.item(i);
+ for (int i = 0; i < nlist.getLength(); i++) {
+ Element nn = (Element) nlist.item(i);
String tagname = nn.getTagName();
if (tagname.equals("SubsystemCount")) {
countnode = nn;
NodeList nlist1 = nn.getChildNodes();
Node nn1 = nlist1.item(0);
- countS = nn1.getNodeValue();
+ countS = nn1.getNodeValue();
break;
}
}
- CMS.debug("UpdateDomainXML process: SubsystemCount="+countS);
+ CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS);
try {
- count += Integer.parseInt(countS);
+ count += Integer.parseInt(countS);
} catch (Exception ee) {
}
Node nn2 = n.removeChild(countnode);
- parser.addItemToContainer(n, "SubsystemCount", ""+count);
+ parser.addItemToContainer(n, "SubsystemCount", "" + count);
// recreate domain.xml
CMS.debug("UpdateDomainXML: Recreating domain.xml");
@@ -503,28 +506,24 @@ public class UpdateDomainXML extends CMSServlet {
}
}
-
+
if (status.equals(SUCCESS)) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams);
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+ auditSubjectID, ILogger.SUCCESS, auditParams);
} else {
// what if already exists or already deleted
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams);
+ LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
+ auditSubjectID, ILogger.FAILURE, auditParams);
}
audit(auditMessage);
- if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
- status = SUCCESS;
- } else {
- status = FAILED;
- }
+ if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
+ status = SUCCESS;
+ } else {
+ status = FAILED;
+ }
try {
// send success status back to the requestor
@@ -537,24 +536,34 @@ public class UpdateDomainXML extends CMSServlet {
outputResult(httpResp, "application/xml", cb);
} catch (Exception e) {
- CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString());
+ CMS.debug("UpdateDomainXML: Failed to send the XML output"
+ + e.toString());
}
}
protected String securityDomainXMLtoLDAP(String xmltag) {
- if (xmltag.equals("Host")) return "host";
- else return xmltag;
+ if (xmltag.equals("Host"))
+ return "host";
+ else
+ return xmltag;
}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
- protected void setDefaultTemplates(ServletConfig sc) {}
-
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {// do nothing
+ }
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
index 0a1787aa..f563c9f6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class UpdateNumberRange extends CMSServlet {
/**
@@ -55,8 +53,7 @@ public class UpdateNumberRange extends CMSServlet {
private final static String SUCCESS = "0";
private final static String FAILED = "1";
private final static String AUTH_FAILURE = "2";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER =
- "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER = "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
public UpdateNumberRange() {
super();
@@ -64,6 +61,7 @@ public class UpdateNumberRange extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -73,11 +71,13 @@ public class UpdateNumberRange extends CMSServlet {
}
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
* <li>http.param op 'downloadBIN' - return the binary certificate chain
- * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+ * <li>http.param op 'displayIND' - display pretty-print of certificate
+ * chain components
* </ul>
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -96,18 +96,18 @@ public class UpdateNumberRange extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
if (authzToken == null) {
@@ -131,13 +131,13 @@ public class UpdateNumberRange extends CMSServlet {
BigInteger oneNum = new BigInteger("1");
String endNumConfig = null;
String cloneNumConfig = null;
- String nextEndConfig = null;
+ String nextEndConfig = null;
int radix = 10;
IRepository repo = null;
if (cstype.equals("KRA")) {
- IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(
- IKeyRecoveryAuthority.ID);
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(IKeyRecoveryAuthority.ID);
if (type.equals("request")) {
repo = kra.getRequestQueue().getRequestRepository();
} else if (type.equals("serialNo")) {
@@ -146,8 +146,8 @@ public class UpdateNumberRange extends CMSServlet {
repo = kra.getReplicaRepository();
}
} else { // CA
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
- ICertificateAuthority.ID);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(ICertificateAuthority.ID);
if (type.equals("request")) {
repo = ca.getRequestQueue().getRequestRepository();
} else if (type.equals("serialNo")) {
@@ -157,26 +157,28 @@ public class UpdateNumberRange extends CMSServlet {
}
}
- // checkRanges for replicaID - we do this each time a replica is created.
- // This needs to be done beforehand to ensure that we always have enough
+ // checkRanges for replicaID - we do this each time a replica is
+ // created.
+ // This needs to be done beforehand to ensure that we always have
+ // enough
// replica numbers
if (type.equals("replicaId")) {
- CMS.debug("Checking replica number ranges");
- repo.checkRanges();
+ CMS.debug("Checking replica number ranges");
+ repo.checkRanges();
}
-
+
if (type.equals("request")) {
radix = 10;
endNumConfig = "dbs.endRequestNumber";
cloneNumConfig = "dbs.requestCloneTransferNumber";
nextEndConfig = "dbs.nextEndRequestNumber";
} else if (type.equals("serialNo")) {
- radix=16;
+ radix = 16;
endNumConfig = "dbs.endSerialNumber";
cloneNumConfig = "dbs.serialCloneTransferNumber";
nextEndConfig = "dbs.nextEndSerialNumber";
} else if (type.equals("replicaId")) {
- radix=10;
+ radix = 10;
endNumConfig = "dbs.endReplicaNumber";
cloneNumConfig = "dbs.replicaCloneTransferNumber";
nextEndConfig = "dbs.nextEndReplicaNumber";
@@ -192,11 +194,11 @@ public class UpdateNumberRange extends CMSServlet {
String nextEndNumStr = cs.getString(nextEndConfig, "");
BigInteger endNum2 = new BigInteger(nextEndNumStr, radix);
CMS.debug("Transferring from the end of on-deck range");
- String newValStr = endNum2.subtract(decrement).toString(radix);
- repo.setNextMaxSerial(newValStr);
- cs.putString(nextEndConfig, newValStr);
- beginNum = endNum2.subtract(decrement).add(oneNum);
- endNum = endNum2;
+ String newValStr = endNum2.subtract(decrement).toString(radix);
+ repo.setNextMaxSerial(newValStr);
+ cs.putString(nextEndConfig, newValStr);
+ beginNum = endNum2.subtract(decrement).add(oneNum);
+ endNum = endNum2;
} else {
CMS.debug("Transferring from the end of the current range");
String newValStr = beginNum.subtract(oneNum).toString(radix);
@@ -204,22 +206,19 @@ public class UpdateNumberRange extends CMSServlet {
cs.putString(endNumConfig, newValStr);
}
-
- if( beginNum == null ) {
- CMS.debug( "UpdateNumberRange::process() - " +
- "beginNum is null!" );
+ if (beginNum == null) {
+ CMS.debug("UpdateNumberRange::process() - "
+ + "beginNum is null!");
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams);
+ LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
+ auditSubjectID, ILogger.FAILURE, auditParams);
audit(auditMessage);
return;
}
// Enable serial number management in master for certs and requests
if (type.equals("replicaId")) {
- repo.setEnableSerialMgmt(true);
+ repo.setEnableSerialMgmt(true);
}
// insert info
@@ -230,45 +229,51 @@ public class UpdateNumberRange extends CMSServlet {
Node root = xmlObj.createRoot("XMLResponse");
xmlObj.addItemToContainer(root, "Status", SUCCESS);
- xmlObj.addItemToContainer(root, "beginNumber", beginNum.toString(radix));
+ xmlObj.addItemToContainer(root, "beginNumber",
+ beginNum.toString(radix));
xmlObj.addItemToContainer(root, "endNumber", endNum.toString(radix));
byte[] cb = xmlObj.toByteArray();
outputResult(httpResp, "application/xml", cb);
cs.commit(false);
- auditParams += "+beginNumber;;" + beginNum.toString(radix) +
- "+endNumber;;" + endNum.toString(radix);
+ auditParams += "+beginNumber;;" + beginNum.toString(radix)
+ + "+endNumber;;" + endNum.toString(radix);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams);
+ LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID,
+ ILogger.SUCCESS, auditParams);
audit(auditMessage);
} catch (Exception e) {
- CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString());
+ CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "
+ + e.toString());
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams);
+ LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER, auditSubjectID,
+ ILogger.FAILURE, auditParams);
audit(auditMessage);
outputError(httpResp, "Error: Failed to update number range.");
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {// do nothing
+ }
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
index 2339c4c7..266633cb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
@@ -40,7 +40,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
import com.netscape.cmsutil.xml.XMLObject;
-
public class UpdateOCSPConfig extends CMSServlet {
/**
@@ -57,6 +56,7 @@ public class UpdateOCSPConfig extends CMSServlet {
/**
* initialize the servlet.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
- "modify");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "modify");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp, "Error: Not authorized");
return;
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
outputError(httpResp,
- "Error: Encountered problem during authorization.");
+ "Error: Encountered problem during authorization.");
return;
}
if (authzToken == null) {
@@ -107,32 +107,38 @@ public class UpdateOCSPConfig extends CMSServlet {
try {
nickname = cs.getString("ca.subsystem.nickname", "");
String tokenname = cs.getString("ca.subsystem.tokenname", "");
- if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
- nickname = tokenname+":"+nickname;
+ if (!tokenname.equals("internal")
+ && !tokenname.equals("Internal Key Storage Token"))
+ nickname = tokenname + ":" + nickname;
} catch (Exception e) {
}
- CMS.debug("UpdateOCSPConfig process: nickname="+nickname);
+ CMS.debug("UpdateOCSPConfig process: nickname=" + nickname);
String ocsphost = httpReq.getParameter("ocsp_host");
String ocspport = httpReq.getParameter("ocsp_port");
try {
cs.putString("ca.publish.enable", "true");
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.host",
- ocsphost);
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.port",
- ocspport);
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName",
- nickname);
+ cs.putString("ca.publish.publisher.instance.OCSPPublisher.host",
+ ocsphost);
+ cs.putString("ca.publish.publisher.instance.OCSPPublisher.port",
+ ocspport);
+ cs.putString(
+ "ca.publish.publisher.instance.OCSPPublisher.nickName",
+ nickname);
cs.putString("ca.publish.publisher.instance.OCSPPublisher.path",
- "/ocsp/agent/ocsp/addCRL");
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher");
- cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true");
+ "/ocsp/agent/ocsp/addCRL");
+ cs.putString(
+ "ca.publish.publisher.instance.OCSPPublisher.pluginName",
+ "OCSPPublisher");
+ cs.putString(
+ "ca.publish.publisher.instance.OCSPPublisher.enableClientAuth",
+ "true");
cs.putString("ca.publish.rule.instance.ocsprule.enable", "true");
cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap");
cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule");
- cs.putString("ca.publish.rule.instance.ocsprule.publisher",
- "OCSPPublisher");
+ cs.putString("ca.publish.rule.instance.ocsprule.publisher",
+ "OCSPPublisher");
cs.putString("ca.publish.rule.instance.ocsprule.type", "crl");
cs.commit(false);
// insert info
@@ -147,19 +153,28 @@ public class UpdateOCSPConfig extends CMSServlet {
outputResult(httpResp, "application/xml", cb);
} catch (Exception e) {
- CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString());
+ CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "
+ + e.toString());
outputError(httpResp, "Error: Failed to update OCSP configuration.");
}
}
- protected void setDefaultTemplates(ServletConfig sc) {}
+ protected void setDefaultTemplates(ServletConfig sc) {
+ }
- protected void renderTemplate(
- CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
- throws IOException {// do nothing
- }
+ protected void renderTemplate(CMSRequest cmsReq, String templateName,
+ ICMSTemplateFiller filler) throws IOException {// do nothing
+ }
- protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+ protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+ // nothing,
+ // ie, it
+ // will
+ // not
+ // return
+ // the
+ // default
+ // javascript.
}
/**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
index 7b1c9959..ff545b71 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.IOException;
import javax.servlet.ServletConfig;
@@ -35,13 +34,14 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
public class WelcomePanel extends WizardPanelBase {
- public WelcomePanel() {}
+ public WelcomePanel() {
+ }
/**
* Initializes this panel.
*/
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
setPanelNo(panelno);
setName("Welcome");
setId(id);
@@ -52,19 +52,20 @@ public class WelcomePanel extends WizardPanelBase {
cs.putBoolean("preop.welcome.done", false);
}
- public boolean isPanelDone() {
+ public boolean isPanelDone() {
IConfigStore cs = CMS.getConfigStore();
try {
return cs.getBoolean("preop.welcome.done");
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
return false;
}
public PropertySet getUsage() {
PropertySet set = new PropertySet();
-
+
/* XXX */
-
+
return set;
}
@@ -72,25 +73,21 @@ public class WelcomePanel extends WizardPanelBase {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
IConfigStore cs = CMS.getConfigStore();
CMS.debug("WelcomePanel: display()");
context.put("title", "Welcome");
try {
context.put("cstype", cs.getString("cs.type"));
context.put("wizardname", cs.getString("preop.wizard.name"));
- context.put("panelname",
- cs.getString("preop.system.fullname") + " Configuration Wizard");
- context.put("systemname",
- cs.getString("preop.system.name"));
- context.put("fullsystemname",
- cs.getString("preop.system.fullname"));
- context.put("productname",
- cs.getString("preop.product.name"));
- context.put("productversion",
- cs.getString("preop.product.version"));
- } catch (EBaseException e) {}
+ context.put("panelname", cs.getString("preop.system.fullname")
+ + " Configuration Wizard");
+ context.put("systemname", cs.getString("preop.system.name"));
+ context.put("fullsystemname", cs.getString("preop.system.fullname"));
+ context.put("productname", cs.getString("preop.product.name"));
+ context.put("productversion", cs.getString("preop.product.version"));
+ } catch (EBaseException e) {
+ }
context.put("panel", "admin/console/config/welcomepanel.vm");
}
@@ -98,27 +95,29 @@ public class WelcomePanel extends WizardPanelBase {
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
IConfigStore cs = CMS.getConfigStore();
try {
cs.putBoolean("preop.welcome.done", true);
cs.commit(false);
- } catch (EBaseException e) {}
+ } catch (EBaseException e) {
+ }
}
/**
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {/* This should never be called */}
+ HttpServletResponse response, Context context) {/*
+ * This should never
+ * be called
+ */
+ }
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
index 06eb63ff..1faca0f8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
import org.apache.velocity.app.Velocity;
import org.apache.velocity.context.Context;
-
public class WelcomeServlet extends BaseServlet {
/**
@@ -34,8 +32,7 @@ public class WelcomeServlet extends BaseServlet {
private static final long serialVersionUID = 1179761802633506502L;
public Template process(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {
+ HttpServletResponse response, Context context) {
Template template = null;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
index a2a7d5df..570c5158 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.csadmin;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.ConnectException;
@@ -79,8 +78,8 @@ public class WizardPanelBase implements IWizardPanel {
public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group";
/**
- * Definition for "preop" static variables in CS.cfg
- * -- "preop" config parameters should not assumed to exist after configuation
+ * Definition for "preop" static variables in CS.cfg -- "preop" config
+ * parameters should not assumed to exist after configuation
*/
public static final String PRE_CONF_CA_TOKEN = "preop.module.token";
@@ -95,15 +94,12 @@ public class WizardPanelBase implements IWizardPanel {
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException
- {
+ public void init(ServletConfig config, int panelno) throws ServletException {
mPanelNo = panelno;
}
- public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
- throws ServletException
- {
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException {
mPanelNo = panelno;
}
@@ -142,7 +138,7 @@ public class WizardPanelBase implements IWizardPanel {
return set;
}
-
+
/**
* Should we skip this panel?
*/
@@ -186,30 +182,29 @@ public class WizardPanelBase implements IWizardPanel {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {}
+ HttpServletResponse response, Context context) {
+ }
/**
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {
+ HttpServletResponse response, Context context) throws IOException {
}
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context) throws IOException {}
+ HttpServletResponse response, Context context) throws IOException {
+ }
/**
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context) {}
+ HttpServletResponse response, Context context) {
+ }
/**
* Retrieves locale based on the request.
@@ -233,15 +228,17 @@ public class WizardPanelBase implements IWizardPanel {
try {
instanceID = config.getString("instanceId", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
String nickname = certTag + "Cert cert-" + instanceID;
String preferredNickname = null;
try {
- preferredNickname = config.getString(
- PCERT_PREFIX + certTag + ".nickname", null);
- } catch (Exception e) {}
+ preferredNickname = config.getString(PCERT_PREFIX + certTag
+ + ".nickname", null);
+ } catch (Exception e) {
+ }
if (preferredNickname != null) {
nickname = preferredNickname;
@@ -250,37 +247,41 @@ public class WizardPanelBase implements IWizardPanel {
}
public void updateDomainXML(String hostname, int port, boolean https,
- String servlet, String uri) throws IOException {
- CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port);
+ String servlet, String uri) throws IOException {
+ CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname
+ + " port=" + port);
IConfigStore cs = CMS.getConfigStore();
String nickname = "";
String tokenname = "";
try {
nickname = cs.getString("preop.cert.subsystem.nickname", "");
tokenname = cs.getString("preop.module.token", "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
- if (!tokenname.equals("") &&
- !tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal")) {
- nickname = tokenname+":"+nickname;
+ if (!tokenname.equals("")
+ && !tokenname.equals("Internal Key Storage Token")
+ && !tokenname.equals("internal")) {
+ nickname = tokenname + ":" + nickname;
}
CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname);
CMS.debug("WizardPanelBase: start sending updateDomainXML request");
- String c = getHttpResponse(hostname, port, https, servlet, uri, nickname);
+ String c = getHttpResponse(hostname, port, https, servlet, uri,
+ nickname);
CMS.debug("WizardPanelBase: done sending updateDomainXML request");
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject obj = null;
try {
obj = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateDomainXML() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateDomainXML() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = obj.getValue("Status");
@@ -291,7 +292,7 @@ public class WizardPanelBase implements IWizardPanel {
} else {
String error = obj.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString());
throw e;
@@ -302,21 +303,21 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public int getSubsystemCount( String hostname, int https_admin_port,
- boolean https, String type )
- throws IOException {
+ public int getSubsystemCount(String hostname, int https_admin_port,
+ boolean https, String type) throws IOException {
CMS.debug("WizardPanelBase getSubsystemCount start");
String c = getDomainXML(hostname, https_admin_port, true);
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject obj = new XMLObject(bis);
- String containerName = type+"List";
+ String containerName = type + "List";
Node n = obj.getContainer(containerName);
NodeList nlist = n.getChildNodes();
String countS = "";
- for (int i=0; i<nlist.getLength(); i++) {
- Element nn = (Element)nlist.item(i);
+ for (int i = 0; i < nlist.getLength(); i++) {
+ Element nn = (Element) nlist.item(i);
String tagname = nn.getTagName();
if (tagname.equals("SubsystemCount")) {
NodeList nlist1 = nn.getChildNodes();
@@ -325,7 +326,8 @@ public class WizardPanelBase implements IWizardPanel {
break;
}
}
- CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS);
+ CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="
+ + countS);
int num = 0;
if (countS != null && !countS.equals("")) {
@@ -337,7 +339,7 @@ public class WizardPanelBase implements IWizardPanel {
return num;
} catch (Exception e) {
- CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString());
+ CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString());
throw new IOException(e.toString());
}
}
@@ -345,23 +347,23 @@ public class WizardPanelBase implements IWizardPanel {
return -1;
}
- public String getDomainXML( String hostname, int https_admin_port,
- boolean https )
- throws IOException {
+ public String getDomainXML(String hostname, int https_admin_port,
+ boolean https) throws IOException {
CMS.debug("WizardPanelBase getDomainXML start");
- String c = getHttpResponse( hostname, https_admin_port, https,
- "/ca/admin/ca/getDomainXML", null, null );
+ String c = getHttpResponse(hostname, https_admin_port, https,
+ "/ca/admin/ca/getDomainXML", null, null);
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getDomainXML() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getDomainXML() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -371,15 +373,14 @@ public class WizardPanelBase implements IWizardPanel {
if (status.equals(SUCCESS)) {
String domainInfo = parser.getValue("DomainInfo");
- CMS.debug(
- "WizardPanelBase getDomainXML: domainInfo="
- + domainInfo);
- return domainInfo;
+ CMS.debug("WizardPanelBase getDomainXML: domainInfo="
+ + domainInfo);
+ return domainInfo;
} else {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: getDomainXML: " + e.toString());
throw e;
@@ -392,29 +393,29 @@ public class WizardPanelBase implements IWizardPanel {
return null;
}
- public String getSubsystemCert(String host, int port, boolean https)
- throws IOException {
+ public String getSubsystemCert(String host, int port, boolean https)
+ throws IOException {
CMS.debug("WizardPanelBase getSubsystemCert start");
- String c = getHttpResponse(host, port, https,
- "/ca/admin/ca/getSubsystemCert", null, null);
+ String c = getHttpResponse(host, port, https,
+ "/ca/admin/ca/getSubsystemCert", null, null);
if (c != null) {
try {
- ByteArrayInputStream bis =
- new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getSubsystemCert() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getSubsystemCert() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
if (status.equals(SUCCESS)) {
String s = parser.getValue("Cert");
return s;
} else
- return null;
+ return null;
} catch (Exception e) {
}
}
@@ -423,87 +424,90 @@ public class WizardPanelBase implements IWizardPanel {
}
public void updateConnectorInfo(String host, int port, boolean https,
- String content) throws IOException {
+ String content) throws IOException {
CMS.debug("WizardPanelBase updateConnectorInfo start");
- String c = getHttpResponse(host, port, https,
- "/ca/admin/ca/updateConnector", content, null);
+ String c = getHttpResponse(host, port, https,
+ "/ca/admin/ca/updateConnector", content, null);
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateConnectorInfo() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateConnectorInfo() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
- CMS.debug("WizardPanelBase updateConnectorInfo: status=" + status);
+ CMS.debug("WizardPanelBase updateConnectorInfo: status="
+ + status);
if (!status.equals(SUCCESS)) {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
- CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString());
+ CMS.debug("WizardPanelBase: updateConnectorInfo: "
+ + e.toString());
throw e;
} catch (Exception e) {
- CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString());
+ CMS.debug("WizardPanelBase: updateConnectorInfo: "
+ + e.toString());
throw new IOException(e.toString());
}
}
}
- public String getCertChainUsingSecureAdminPort( String hostname,
- int https_admin_port,
- boolean https,
- ConfigCertApprovalCallback
- certApprovalCallback )
- throws IOException {
+ public String getCertChainUsingSecureAdminPort(String hostname,
+ int https_admin_port, boolean https,
+ ConfigCertApprovalCallback certApprovalCallback) throws IOException {
CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start");
- String c = getHttpResponse( hostname, https_admin_port, https,
- "/ca/admin/ca/getCertChain", null, null,
- certApprovalCallback );
+ String c = getHttpResponse(hostname, https_admin_port, https,
+ "/ca/admin/ca/getCertChain", null, null, certApprovalCallback);
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
- CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status=" + status);
+ CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: status="
+ + status);
if (status.equals(SUCCESS)) {
String certchain = parser.getValue("ChainBase64");
certchain = CryptoUtil.normalizeCertStr(certchain);
- CMS.debug(
- "WizardPanelBase getCertChainUsingSecureAdminPort: certchain="
- + certchain);
- return certchain;
+ CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort: certchain="
+ + certchain);
+ return certchain;
} else {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
- CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString());
+ CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: "
+ + e.toString());
throw e;
} catch (Exception e) {
- CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString());
+ CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: "
+ + e.toString());
throw new IOException(e.toString());
}
}
@@ -511,52 +515,51 @@ public class WizardPanelBase implements IWizardPanel {
return null;
}
- public String getCertChainUsingSecureEEPort( String hostname,
- int https_ee_port,
- boolean https,
- ConfigCertApprovalCallback
- certApprovalCallback )
- throws IOException {
+ public String getCertChainUsingSecureEEPort(String hostname,
+ int https_ee_port, boolean https,
+ ConfigCertApprovalCallback certApprovalCallback) throws IOException {
CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start");
- String c = getHttpResponse( hostname, https_ee_port, https,
- "/ca/ee/ca/getCertChain", null, null,
- certApprovalCallback );
+ String c = getHttpResponse(hostname, https_ee_port, https,
+ "/ca/ee/ca/getCertChain", null, null, certApprovalCallback);
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
- CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status=" + status);
+ CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: status="
+ + status);
if (status.equals(SUCCESS)) {
String certchain = parser.getValue("ChainBase64");
certchain = CryptoUtil.normalizeCertStr(certchain);
- CMS.debug(
- "WizardPanelBase getCertChainUsingSecureEEPort: certchain="
- + certchain);
- return certchain;
+ CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort: certchain="
+ + certchain);
+ return certchain;
} else {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
- CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString());
+ CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: "
+ + e.toString());
throw e;
} catch (Exception e) {
- CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString());
+ CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: "
+ + e.toString());
throw new IOException(e.toString());
}
}
@@ -564,41 +567,44 @@ public class WizardPanelBase implements IWizardPanel {
return null;
}
- public boolean updateConfigEntries(String hostname, int port, boolean https,
- String servlet, String uri, IConfigStore config,
- HttpServletResponse response) throws IOException {
+ public boolean updateConfigEntries(String hostname, int port,
+ boolean https, String servlet, String uri, IConfigStore config,
+ HttpServletResponse response) throws IOException {
CMS.debug("WizardPanelBase updateConfigEntries start");
String c = getHttpResponse(hostname, port, https, servlet, uri, null);
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateConfigEntries() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateConfigEntries() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
- CMS.debug("WizardPanelBase updateConfigEntries: status=" + status);
+ CMS.debug("WizardPanelBase updateConfigEntries: status="
+ + status);
if (status.equals(SUCCESS)) {
String cstype = "";
try {
cstype = config.getString("cs.type", "");
} catch (Exception e) {
- CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString());
+ CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: "
+ + e.toString());
}
-
- Document doc = parser.getDocument();
+
+ Document doc = parser.getDocument();
NodeList list = doc.getElementsByTagName("name");
int len = list.getLength();
- for (int i=0; i<len; i++) {
+ for (int i = 0; i < len; i++) {
Node n = list.item(i);
NodeList nn = n.getChildNodes();
String name = nn.item(0).getNodeValue();
@@ -606,73 +612,104 @@ public class WizardPanelBase implements IWizardPanel {
nn = parent.getChildNodes();
int len1 = nn.getLength();
String v = "";
- for (int j=0; j<len1; j++) {
+ for (int j = 0; j < len1; j++) {
Node nv = nn.item(j);
String val = nv.getNodeName();
if (val.equals("value")) {
NodeList n2 = nv.getChildNodes();
if (n2.getLength() > 0)
- v = n2.item(0).getNodeValue();
- break;
+ v = n2.item(0).getNodeValue();
+ break;
}
}
if (name.equals("internaldb.ldapconn.host")) {
- config.putString("preop.internaldb.master.hostname", v);
+ config.putString(
+ "preop.internaldb.master.hostname", v);
} else if (name.equals("internaldb.ldapconn.port")) {
config.putString("preop.internaldb.master.port", v);
} else if (name.equals("internaldb.ldapauth.bindDN")) {
- config.putString("preop.internaldb.master.binddn", v);
+ config.putString("preop.internaldb.master.binddn",
+ v);
} else if (name.equals("internaldb.basedn")) {
config.putString(name, v);
- config.putString("preop.internaldb.master.basedn", v);
+ config.putString("preop.internaldb.master.basedn",
+ v);
} else if (name.equals("internaldb.ldapauth.password")) {
- config.putString("preop.internaldb.master.bindpwd", v);
- } else if (name.equals("internaldb.replication.password")) {
- config.putString("preop.internaldb.master.replicationpwd", v);
+ config.putString("preop.internaldb.master.bindpwd",
+ v);
+ } else if (name
+ .equals("internaldb.replication.password")) {
+ config.putString(
+ "preop.internaldb.master.replicationpwd", v);
} else if (name.equals("instanceId")) {
config.putString("preop.master.instanceId", v);
} else if (name.equals("cloning.cert.signing.nickname")) {
config.putString("preop.master.signing.nickname", v);
config.putString("preop.cert.signing.nickname", v);
} else if (name.equals("cloning.ocsp_signing.nickname")) {
- config.putString("preop.master.ocsp_signing.nickname", v);
- config.putString("preop.cert.ocsp_signing.nickname", v);
+ config.putString(
+ "preop.master.ocsp_signing.nickname", v);
+ config.putString(
+ "preop.cert.ocsp_signing.nickname", v);
} else if (name.equals("cloning.subsystem.nickname")) {
- config.putString("preop.master.subsystem.nickname", v);
+ config.putString("preop.master.subsystem.nickname",
+ v);
config.putString("preop.cert.subsystem.nickname", v);
} else if (name.equals("cloning.transport.nickname")) {
- config.putString("preop.master.transport.nickname", v);
+ config.putString("preop.master.transport.nickname",
+ v);
config.putString("kra.transportUnit.nickName", v);
config.putString("preop.cert.transport.nickname", v);
} else if (name.equals("cloning.storage.nickname")) {
config.putString("preop.master.storage.nickname", v);
config.putString("kra.storageUnit.nickName", v);
config.putString("preop.cert.storage.nickname", v);
- } else if (name.equals("cloning.audit_signing.nickname")) {
- config.putString("preop.master.audit_signing.nickname", v);
- config.putString("preop.cert.audit_signing.nickname", v);
+ } else if (name
+ .equals("cloning.audit_signing.nickname")) {
+ config.putString(
+ "preop.master.audit_signing.nickname", v);
+ config.putString(
+ "preop.cert.audit_signing.nickname", v);
config.putString(name, v);
} else if (name.startsWith("cloning.ca")) {
- config.putString(name.replaceFirst("cloning", "preop"), v);
+ config.putString(
+ name.replaceFirst("cloning", "preop"), v);
} else if (name.equals("cloning.signing.keyalgorithm")) {
- config.putString(name.replaceFirst("cloning", "preop.cert"), v);
+ config.putString(
+ name.replaceFirst("cloning", "preop.cert"),
+ v);
if (cstype.equals("CA")) {
- config.putString("ca.crl.MasterCRL.signingAlgorithm", v);
- config.putString("ca.signing.defaultSigningAlgorithm", v);
+ config.putString(
+ "ca.crl.MasterCRL.signingAlgorithm", v);
+ config.putString(
+ "ca.signing.defaultSigningAlgorithm", v);
} else if (cstype.equals("OCSP")) {
- config.putString("ocsp.signing.defaultSigningAlgorithm", v);
+ config.putString(
+ "ocsp.signing.defaultSigningAlgorithm",
+ v);
}
- } else if (name.equals("cloning.transport.keyalgorithm")) {
- config.putString(name.replaceFirst("cloning", "preop.cert"), v);
- config.putString("kra.transportUnit.signingAlgorithm", v);
- } else if (name.equals("cloning.ocsp_signing.keyalgorithm")) {
- config.putString(name.replaceFirst("cloning", "preop.cert"), v);
+ } else if (name
+ .equals("cloning.transport.keyalgorithm")) {
+ config.putString(
+ name.replaceFirst("cloning", "preop.cert"),
+ v);
+ config.putString(
+ "kra.transportUnit.signingAlgorithm", v);
+ } else if (name
+ .equals("cloning.ocsp_signing.keyalgorithm")) {
+ config.putString(
+ name.replaceFirst("cloning", "preop.cert"),
+ v);
if (cstype.equals("CA")) {
- config.putString("ca.ocsp_signing.defaultSigningAlgorithm", v);
+ config.putString(
+ "ca.ocsp_signing.defaultSigningAlgorithm",
+ v);
}
} else if (name.startsWith("cloning")) {
- config.putString(name.replaceFirst("cloning", "preop.cert"), v);
+ config.putString(
+ name.replaceFirst("cloning", "preop.cert"),
+ v);
} else {
config.putString(name, v);
}
@@ -686,12 +723,14 @@ public class WizardPanelBase implements IWizardPanel {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
- CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString());
+ CMS.debug("WizardPanelBase: updateConfigEntries: "
+ + e.toString());
throw e;
} catch (Exception e) {
- CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString());
+ CMS.debug("WizardPanelBase: updateConfigEntries: "
+ + e.toString());
throw new IOException(e.toString());
}
}
@@ -707,15 +746,16 @@ public class WizardPanelBase implements IWizardPanel {
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::authenticate() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::authenticate() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -729,7 +769,7 @@ public class WizardPanelBase implements IWizardPanel {
} else {
String error = parser.getValue("Error");
return false;
- }
+ }
} catch (Exception e) {
CMS.debug("WizardPanelBase: authenticate: " + e.toString());
throw new IOException(e.toString());
@@ -739,26 +779,27 @@ public class WizardPanelBase implements IWizardPanel {
return false;
}
- public void updateOCSPConfig(String hostname, int port, boolean https,
- String content, HttpServletResponse response)
- throws IOException {
+ public void updateOCSPConfig(String hostname, int port, boolean https,
+ String content, HttpServletResponse response) throws IOException {
CMS.debug("WizardPanelBase updateOCSPConfig start");
- String c = getHttpResponse(hostname, port, https,
- "/ca/ee/ca/updateOCSPConfig", content, null);
+ String c = getHttpResponse(hostname, port, https,
+ "/ca/ee/ca/updateOCSPConfig", content, null);
if (c == null || c.equals("")) {
CMS.debug("WizardPanelBase updateOCSPConfig: content is null.");
- throw new IOException("The server you want to contact is not available");
+ throw new IOException(
+ "The server you want to contact is not available");
} else {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateOCSPConfig() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateOCSPConfig() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -774,7 +815,7 @@ public class WizardPanelBase implements IWizardPanel {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString());
throw e;
@@ -785,11 +826,11 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public void updateNumberRange(String hostname, int port, boolean https,
- String content, String type, HttpServletResponse response)
- throws IOException {
- CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname +
- " port=" + port);
+ public void updateNumberRange(String hostname, int port, boolean https,
+ String content, String type, HttpServletResponse response)
+ throws IOException {
+ CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname
+ + " port=" + port);
IConfigStore cs = CMS.getConfigStore();
String cstype = "";
try {
@@ -798,23 +839,25 @@ public class WizardPanelBase implements IWizardPanel {
}
cstype = toLowerCaseSubsystemType(cstype);
- String c = getHttpResponse(hostname, port, https,
- "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null);
+ String c = getHttpResponse(hostname, port, https, "/" + cstype + "/ee/"
+ + cstype + "/updateNumberRange", content, null);
if (c == null || c.equals("")) {
CMS.debug("WizardPanelBase updateNumberRange: content is null.");
- throw new IOException("The server you want to contact is not available");
+ throw new IOException(
+ "The server you want to contact is not available");
} else {
- CMS.debug("content="+c);
+ CMS.debug("content=" + c);
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::updateNumberRange() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::updateNumberRange() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -843,7 +886,7 @@ public class WizardPanelBase implements IWizardPanel {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString());
CMS.debug(e);
@@ -856,24 +899,24 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public int getPort(String hostname, int port, boolean https,
- String portServlet, boolean sport)
- throws IOException {
+ public int getPort(String hostname, int port, boolean https,
+ String portServlet, boolean sport) throws IOException {
CMS.debug("WizardPanelBase getPort start");
String c = getHttpResponse(hostname, port, https, portServlet,
"secure=" + sport, null);
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getPort() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getPort() - " + "Exception="
+ + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -889,7 +932,7 @@ public class WizardPanelBase implements IWizardPanel {
String error = parser.getValue("Error");
throw new IOException(error);
- }
+ }
} catch (IOException e) {
CMS.debug("WizardPanelBase: getPort: " + e.toString());
throw e;
@@ -903,14 +946,16 @@ public class WizardPanelBase implements IWizardPanel {
}
public String getHttpResponse(String hostname, int port, boolean secure,
- String uri, String content, String clientnickname) throws IOException {
- return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null);
+ String uri, String content, String clientnickname)
+ throws IOException {
+ return getHttpResponse(hostname, port, secure, uri, content,
+ clientnickname, null);
}
- public String getHttpResponse(String hostname, int port, boolean secure,
- String uri, String content, String clientnickname,
- SSLCertificateApprovalCallback certApprovalCallback)
- throws IOException {
+ public String getHttpResponse(String hostname, int port, boolean secure,
+ String uri, String content, String clientnickname,
+ SSLCertificateApprovalCallback certApprovalCallback)
+ throws IOException {
HttpClient httpclient = null;
String c = null;
@@ -939,7 +984,8 @@ public class WizardPanelBase implements IWizardPanel {
if (content != null && content.length() > 0) {
String content_c = content;
- httprequest.setHeader("content-length", "" + content_c.length());
+ httprequest
+ .setHeader("content-length", "" + content_c.length());
httprequest.setContent(content_c);
}
HttpResponse httpresponse = httpclient.send(httprequest);
@@ -947,7 +993,8 @@ public class WizardPanelBase implements IWizardPanel {
c = httpresponse.getContent();
} catch (ConnectException e) {
CMS.debug("WizardPanelBase getHttpResponse: " + e.toString());
- throw new IOException("The server you tried to contact is not running.");
+ throw new IOException(
+ "The server you tried to contact is not running.");
} catch (Exception e) {
CMS.debug("WizardPanelBase getHttpResponse: " + e.toString());
throw new IOException(e.toString());
@@ -960,56 +1007,55 @@ public class WizardPanelBase implements IWizardPanel {
return c;
}
- public boolean isSDHostDomainMaster (IConfigStore config) {
- String dm="false";
+ public boolean isSDHostDomainMaster(IConfigStore config) {
+ String dm = "false";
try {
String hostname = config.getString("securitydomain.host");
- int httpsadminport = config.getInteger("securitydomain.httpsadminport");
+ int httpsadminport = config
+ .getInteger("securitydomain.httpsadminport");
CMS.debug("Getting domain.xml from CA...");
String c = getDomainXML(hostname, httpsadminport, true);
CMS.debug("Getting DomainMaster from security domain");
- ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
- XMLObject parser = new XMLObject( bis );
+ ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ XMLObject parser = new XMLObject(bis);
Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName( "CA" );
+ NodeList nodeList = doc.getElementsByTagName("CA");
int len = nodeList.getLength();
- for( int i = 0; i < len; i++ ) {
- Vector v_hostname =
- parser.getValuesFromContainer( nodeList.item(i),
- "Host" );
-
- Vector v_https_admin_port =
- parser.getValuesFromContainer( nodeList.item(i),
- "SecureAdminPort" );
-
- Vector v_domain_mgr =
- parser.getValuesFromContainer( nodeList.item(i),
- "DomainManager" );
-
- if( v_hostname.elementAt( 0 ).equals( hostname ) &&
- v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) {
- dm = v_domain_mgr.elementAt( 0 ).toString();
+ for (int i = 0; i < len; i++) {
+ Vector v_hostname = parser.getValuesFromContainer(
+ nodeList.item(i), "Host");
+
+ Vector v_https_admin_port = parser.getValuesFromContainer(
+ nodeList.item(i), "SecureAdminPort");
+
+ Vector v_domain_mgr = parser.getValuesFromContainer(
+ nodeList.item(i), "DomainManager");
+
+ if (v_hostname.elementAt(0).equals(hostname)
+ && v_https_admin_port.elementAt(0).equals(
+ Integer.toString(httpsadminport))) {
+ dm = v_domain_mgr.elementAt(0).toString();
break;
}
}
} catch (Exception e) {
- CMS.debug( e.toString() );
+ CMS.debug(e.toString());
}
return dm.equalsIgnoreCase("true");
}
-
- public Vector getMasterUrlListFromSecurityDomain( IConfigStore config,
- String type,
- String portType ) {
+
+ public Vector getMasterUrlListFromSecurityDomain(IConfigStore config,
+ String type, String portType) {
Vector v = new Vector();
try {
String hostname = config.getString("securitydomain.host");
- int httpsadminport = config.getInteger("securitydomain.httpsadminport");
+ int httpsadminport = config
+ .getInteger("securitydomain.httpsadminport");
CMS.debug("Getting domain.xml from CA...");
String c = getDomainXML(hostname, httpsadminport, true);
@@ -1026,13 +1072,13 @@ public class WizardPanelBase implements IWizardPanel {
list = "TKSList";
}
- CMS.debug( "Getting " + portType + " from Security Domain ..." );
- if( !portType.equals( "UnSecurePort" ) &&
- !portType.equals( "SecureAgentPort" ) &&
- !portType.equals( "SecurePort" ) &&
- !portType.equals( "SecureAdminPort" ) ) {
- CMS.debug( "getPortFromSecurityDomain: " +
- "unknown port type " + portType );
+ CMS.debug("Getting " + portType + " from Security Domain ...");
+ if (!portType.equals("UnSecurePort")
+ && !portType.equals("SecureAgentPort")
+ && !portType.equals("SecurePort")
+ && !portType.equals("SecureAdminPort")) {
+ CMS.debug("getPortFromSecurityDomain: " + "unknown port type "
+ + portType);
return v;
}
@@ -1042,16 +1088,15 @@ public class WizardPanelBase implements IWizardPanel {
NodeList nodeList = doc.getElementsByTagName(type);
// save domain name in cfg
- config.putString("securitydomain.name",
- parser.getValue("Name"));
+ config.putString("securitydomain.name", parser.getValue("Name"));
int len = nodeList.getLength();
CMS.debug("Len " + len);
for (int i = 0; i < len; i++) {
- Vector v_clone = parser.getValuesFromContainer(nodeList.item(i),
- "Clone");
- String clone = (String)v_clone.elementAt(0);
+ Vector v_clone = parser.getValuesFromContainer(
+ nodeList.item(i), "Clone");
+ String clone = (String) v_clone.elementAt(0);
if (clone.equalsIgnoreCase("true"))
continue;
Vector v_name = parser.getValuesFromContainer(nodeList.item(i),
@@ -1061,11 +1106,8 @@ public class WizardPanelBase implements IWizardPanel {
Vector v_port = parser.getValuesFromContainer(nodeList.item(i),
portType);
- v.addElement( v_name.elementAt(0)
- + " - https://"
- + v_host.elementAt(0)
- + ":"
- + v_port.elementAt(0) );
+ v.addElement(v_name.elementAt(0) + " - https://"
+ + v_host.elementAt(0) + ":" + v_port.elementAt(0));
}
} catch (Exception e) {
CMS.debug(e.toString());
@@ -1074,14 +1116,14 @@ public class WizardPanelBase implements IWizardPanel {
return v;
}
- public Vector getUrlListFromSecurityDomain( IConfigStore config,
- String type,
- String portType ) {
+ public Vector getUrlListFromSecurityDomain(IConfigStore config,
+ String type, String portType) {
Vector v = new Vector();
try {
String hostname = config.getString("securitydomain.host");
- int httpsadminport = config.getInteger("securitydomain.httpsadminport");
+ int httpsadminport = config
+ .getInteger("securitydomain.httpsadminport");
CMS.debug("Getting domain.xml from CA...");
String c = getDomainXML(hostname, httpsadminport, true);
@@ -1098,13 +1140,13 @@ public class WizardPanelBase implements IWizardPanel {
list = "TKSList";
}
- CMS.debug( "Getting " + portType + " from Security Domain ..." );
- if( !portType.equals( "UnSecurePort" ) &&
- !portType.equals( "SecureAgentPort" ) &&
- !portType.equals( "SecurePort" ) &&
- !portType.equals( "SecureAdminPort" ) ) {
- CMS.debug( "getPortFromSecurityDomain: " +
- "unknown port type " + portType );
+ CMS.debug("Getting " + portType + " from Security Domain ...");
+ if (!portType.equals("UnSecurePort")
+ && !portType.equals("SecureAgentPort")
+ && !portType.equals("SecurePort")
+ && !portType.equals("SecureAdminPort")) {
+ CMS.debug("getPortFromSecurityDomain: " + "unknown port type "
+ + portType);
return v;
}
@@ -1114,8 +1156,7 @@ public class WizardPanelBase implements IWizardPanel {
NodeList nodeList = doc.getElementsByTagName(type);
// save domain name in cfg
- config.putString("securitydomain.name",
- parser.getValue("Name"));
+ config.putString("securitydomain.name", parser.getValue("Name"));
int len = nodeList.getLength();
@@ -1127,22 +1168,20 @@ public class WizardPanelBase implements IWizardPanel {
"Host");
Vector v_port = parser.getValuesFromContainer(nodeList.item(i),
portType);
- Vector v_admin_port = parser.getValuesFromContainer(nodeList.item(i),
- "SecureAdminPort");
+ Vector v_admin_port = parser.getValuesFromContainer(
+ nodeList.item(i), "SecureAdminPort");
- if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) {
+ if (v_host.elementAt(0).equals(hostname)
+ && v_admin_port.elementAt(0).equals(
+ new Integer(httpsadminport).toString())) {
// add security domain CA to the beginning of list
- v.add( 0, v_name.elementAt(0)
- + " - https://"
- + v_host.elementAt(0)
- + ":"
- + v_port.elementAt(0) );
+ v.add(0,
+ v_name.elementAt(0) + " - https://"
+ + v_host.elementAt(0) + ":"
+ + v_port.elementAt(0));
} else {
- v.addElement( v_name.elementAt(0)
- + " - https://"
- + v_host.elementAt(0)
- + ":"
- + v_port.elementAt(0) );
+ v.addElement(v_name.elementAt(0) + " - https://"
+ + v_host.elementAt(0) + ":" + v_port.elementAt(0));
}
}
} catch (Exception e) {
@@ -1154,155 +1193,147 @@ public class WizardPanelBase implements IWizardPanel {
// Given an HTTPS Hostname and EE port,
// retrieve the associated HTTPS Admin port
- public String getSecurityDomainAdminPort( IConfigStore config,
- String hostname,
- String https_ee_port,
- String cstype ) {
+ public String getSecurityDomainAdminPort(IConfigStore config,
+ String hostname, String https_ee_port, String cstype) {
String https_admin_port = new String();
try {
- String sd_hostname = config.getString( "securitydomain.host" );
- int sd_httpsadminport =
- config.getInteger( "securitydomain.httpsadminport" );
-
- CMS.debug( "Getting domain.xml from CA ..." );
- String c = getDomainXML( sd_hostname, sd_httpsadminport, true );
-
- CMS.debug( "Getting associated HTTPS Admin port from " +
- "HTTPS Hostname '" + hostname +
- "' and EE port '" + https_ee_port + "'" );
- ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
- XMLObject parser = new XMLObject( bis );
+ String sd_hostname = config.getString("securitydomain.host");
+ int sd_httpsadminport = config
+ .getInteger("securitydomain.httpsadminport");
+
+ CMS.debug("Getting domain.xml from CA ...");
+ String c = getDomainXML(sd_hostname, sd_httpsadminport, true);
+
+ CMS.debug("Getting associated HTTPS Admin port from "
+ + "HTTPS Hostname '" + hostname + "' and EE port '"
+ + https_ee_port + "'");
+ ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ XMLObject parser = new XMLObject(bis);
Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() );
+ NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase());
int len = nodeList.getLength();
- for( int i = 0; i < len; i++ ) {
- Vector v_hostname =
- parser.getValuesFromContainer( nodeList.item(i),
- "Host" );
-
- Vector v_https_ee_port =
- parser.getValuesFromContainer( nodeList.item(i),
- "SecurePort" );
-
- Vector v_https_admin_port =
- parser.getValuesFromContainer( nodeList.item(i),
- "SecureAdminPort" );
-
- if( v_hostname.elementAt( 0 ).equals( hostname ) &&
- v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) {
- https_admin_port =
- v_https_admin_port.elementAt( 0 ).toString();
+ for (int i = 0; i < len; i++) {
+ Vector v_hostname = parser.getValuesFromContainer(
+ nodeList.item(i), "Host");
+
+ Vector v_https_ee_port = parser.getValuesFromContainer(
+ nodeList.item(i), "SecurePort");
+
+ Vector v_https_admin_port = parser.getValuesFromContainer(
+ nodeList.item(i), "SecureAdminPort");
+
+ if (v_hostname.elementAt(0).equals(hostname)
+ && v_https_ee_port.elementAt(0).equals(https_ee_port)) {
+ https_admin_port = v_https_admin_port.elementAt(0)
+ .toString();
break;
}
}
} catch (Exception e) {
- CMS.debug( e.toString() );
+ CMS.debug(e.toString());
}
- return( https_admin_port );
+ return (https_admin_port);
}
- public String getSecurityDomainPort( IConfigStore config,
- String portType ) {
+ public String getSecurityDomainPort(IConfigStore config, String portType) {
String port = new String();
try {
- String hostname = config.getString( "securitydomain.host" );
- int httpsadminport =
- config.getInteger( "securitydomain.httpsadminport" );
-
- CMS.debug( "Getting domain.xml from CA ..." );
- String c = getDomainXML( hostname, httpsadminport, true );
-
- CMS.debug( "Getting " + portType + " from Security Domain ..." );
- if( !portType.equals( "UnSecurePort" ) &&
- !portType.equals( "SecureAgentPort" ) &&
- !portType.equals( "SecurePort" ) &&
- !portType.equals( "SecureAdminPort" ) ) {
- CMS.debug( "getPortFromSecurityDomain: " +
- "unknown port type " + portType );
+ String hostname = config.getString("securitydomain.host");
+ int httpsadminport = config
+ .getInteger("securitydomain.httpsadminport");
+
+ CMS.debug("Getting domain.xml from CA ...");
+ String c = getDomainXML(hostname, httpsadminport, true);
+
+ CMS.debug("Getting " + portType + " from Security Domain ...");
+ if (!portType.equals("UnSecurePort")
+ && !portType.equals("SecureAgentPort")
+ && !portType.equals("SecurePort")
+ && !portType.equals("SecureAdminPort")) {
+ CMS.debug("getPortFromSecurityDomain: " + "unknown port type "
+ + portType);
return "";
}
- ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
- XMLObject parser = new XMLObject( bis );
+ ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ XMLObject parser = new XMLObject(bis);
Document doc = parser.getDocument();
- NodeList nodeList = doc.getElementsByTagName( "CA" );
+ NodeList nodeList = doc.getElementsByTagName("CA");
int len = nodeList.getLength();
- for( int i = 0; i < len; i++ ) {
- Vector v_admin_port =
- parser.getValuesFromContainer( nodeList.item(i),
- "SecureAdminPort" );
+ for (int i = 0; i < len; i++) {
+ Vector v_admin_port = parser.getValuesFromContainer(
+ nodeList.item(i), "SecureAdminPort");
Vector v_port = null;
- if( portType.equals( "UnSecurePort" ) ) {
- v_port = parser.getValuesFromContainer( nodeList.item(i),
- "UnSecurePort" );
- } else if( portType.equals( "SecureAgentPort" ) ) {
- v_port = parser.getValuesFromContainer( nodeList.item(i),
- "SecureAgentPort" );
- } else if( portType.equals( "SecurePort" ) ) {
- v_port = parser.getValuesFromContainer( nodeList.item(i),
- "SecurePort" );
- } else if( portType.equals( "SecureAdminPort" ) ) {
- v_port = parser.getValuesFromContainer( nodeList.item(i),
- "SecureAdminPort" );
+ if (portType.equals("UnSecurePort")) {
+ v_port = parser.getValuesFromContainer(nodeList.item(i),
+ "UnSecurePort");
+ } else if (portType.equals("SecureAgentPort")) {
+ v_port = parser.getValuesFromContainer(nodeList.item(i),
+ "SecureAgentPort");
+ } else if (portType.equals("SecurePort")) {
+ v_port = parser.getValuesFromContainer(nodeList.item(i),
+ "SecurePort");
+ } else if (portType.equals("SecureAdminPort")) {
+ v_port = parser.getValuesFromContainer(nodeList.item(i),
+ "SecureAdminPort");
}
- if( ( v_port != null ) &&
- ( v_admin_port.elementAt( 0 ).equals(
- Integer.toString( httpsadminport ) ) ) ) {
- port = v_port.elementAt( 0 ).toString();
+ if ((v_port != null)
+ && (v_admin_port.elementAt(0).equals(Integer
+ .toString(httpsadminport)))) {
+ port = v_port.elementAt(0).toString();
break;
}
}
} catch (Exception e) {
- CMS.debug( e.toString() );
+ CMS.debug(e.toString());
}
- return( port );
+ return (port);
}
- public String pingCS( String hostname, int port, boolean https,
- SSLCertificateApprovalCallback certApprovalCallback )
- throws IOException {
- CMS.debug( "WizardPanelBase pingCS: started" );
+ public String pingCS(String hostname, int port, boolean https,
+ SSLCertificateApprovalCallback certApprovalCallback)
+ throws IOException {
+ CMS.debug("WizardPanelBase pingCS: started");
- String c = getHttpResponse( hostname, port, https,
- "/ca/admin/ca/getStatus",
- null, null, certApprovalCallback );
+ String c = getHttpResponse(hostname, port, https,
+ "/ca/admin/ca/getStatus", null, null, certApprovalCallback);
- if( c != null ) {
+ if (c != null) {
try {
- ByteArrayInputStream bis = new
- ByteArrayInputStream( c.getBytes() );
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
String state = null;
try {
- parser = new XMLObject( bis );
- CMS.debug( "WizardPanelBase pingCS: got XML parsed" );
- state = parser.getValue( "State" );
+ parser = new XMLObject(bis);
+ CMS.debug("WizardPanelBase pingCS: got XML parsed");
+ state = parser.getValue("State");
- if( state != null ) {
- CMS.debug( "WizardPanelBase pingCS: state=" + state );
+ if (state != null) {
+ CMS.debug("WizardPanelBase pingCS: state=" + state);
}
} catch (Exception e) {
- CMS.debug( "WizardPanelBase: pingCS: parser failed"
- + e.toString() );
+ CMS.debug("WizardPanelBase: pingCS: parser failed"
+ + e.toString());
}
return state;
- } catch( Exception e ) {
- CMS.debug( "WizardPanelBase: pingCS: " + e.toString() );
- throw new IOException( e.toString() );
+ } catch (Exception e) {
+ CMS.debug("WizardPanelBase: pingCS: " + e.toString());
+ throw new IOException(e.toString());
}
}
- CMS.debug( "WizardPanelBase pingCS: stopped" );
+ CMS.debug("WizardPanelBase pingCS: stopped");
return null;
}
@@ -1311,7 +1342,7 @@ public class WizardPanelBase implements IWizardPanel {
if (s.equals("CA")) {
x = "ca";
} else if (s.equals("KRA")) {
- x = "kra";
+ x = "kra";
} else if (s.equals("OCSP")) {
x = "ocsp";
} else if (s.equals("TKS")) {
@@ -1321,25 +1352,26 @@ public class WizardPanelBase implements IWizardPanel {
return x;
}
- public void getTokenInfo(IConfigStore config, String type, String host,
- int https_ee_port, boolean https, Context context,
- ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+ public void getTokenInfo(IConfigStore config, String type, String host,
+ int https_ee_port, boolean https, Context context,
+ ConfigCertApprovalCallback certApprovalCallback) throws IOException {
CMS.debug("WizardPanelBase getTokenInfo start");
- String uri = "/"+type+"/ee/"+type+"/getTokenInfo";
- CMS.debug("WizardPanelBase getTokenInfo: uri="+uri);
+ String uri = "/" + type + "/ee/" + type + "/getTokenInfo";
+ CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri);
String c = getHttpResponse(host, https_ee_port, https, uri, null, null,
- certApprovalCallback);
+ certApprovalCallback);
if (c != null) {
try {
- ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+ ByteArrayInputStream bis = new ByteArrayInputStream(
+ c.getBytes());
XMLObject parser = null;
try {
parser = new XMLObject(bis);
} catch (Exception e) {
- CMS.debug( "WizardPanelBase::getTokenInfo() - "
- + "Exception="+e.toString() );
- throw new IOException( e.toString() );
+ CMS.debug("WizardPanelBase::getTokenInfo() - "
+ + "Exception=" + e.toString());
+ throw new IOException(e.toString());
}
String status = parser.getValue("Status");
@@ -1350,7 +1382,7 @@ public class WizardPanelBase implements IWizardPanel {
Document doc = parser.getDocument();
NodeList list = doc.getElementsByTagName("name");
int len = list.getLength();
- for (int i=0; i<len; i++) {
+ for (int i = 0; i < len; i++) {
Node n = list.item(i);
NodeList nn = n.getChildNodes();
String name = nn.item(0).getNodeValue();
@@ -1358,30 +1390,35 @@ public class WizardPanelBase implements IWizardPanel {
nn = parent.getChildNodes();
int len1 = nn.getLength();
String v = "";
- for (int j=0; j<len1; j++) {
+ for (int j = 0; j < len1; j++) {
Node nv = nn.item(j);
String val = nv.getNodeName();
if (val.equals("value")) {
NodeList n2 = nv.getChildNodes();
if (n2.getLength() > 0)
v = n2.item(0).getNodeValue();
- break;
+ break;
}
}
- if (name.equals("cloning.signing.nickname")) {
+ if (name.equals("cloning.signing.nickname")) {
config.putString("preop.master.signing.nickname", v);
config.putString(type + ".cert.signing.nickname", v);
config.putString(name, v);
} else if (name.equals("cloning.ocsp_signing.nickname")) {
- config.putString("preop.master.ocsp_signing.nickname", v);
- config.putString(type + ".cert.ocsp_signing.nickname", v);
+ config.putString(
+ "preop.master.ocsp_signing.nickname", v);
+ config.putString(type
+ + ".cert.ocsp_signing.nickname", v);
config.putString(name, v);
} else if (name.equals("cloning.subsystem.nickname")) {
- config.putString("preop.master.subsystem.nickname", v);
- config.putString(type + ".cert.subsystem.nickname", v);
+ config.putString("preop.master.subsystem.nickname",
+ v);
+ config.putString(type + ".cert.subsystem.nickname",
+ v);
config.putString(name, v);
} else if (name.equals("cloning.transport.nickname")) {
- config.putString("preop.master.transport.nickname", v);
+ config.putString("preop.master.transport.nickname",
+ v);
config.putString("kra.transportUnit.nickName", v);
config.putString("kra.cert.transport.nickname", v);
config.putString(name, v);
@@ -1390,35 +1427,45 @@ public class WizardPanelBase implements IWizardPanel {
config.putString("kra.storageUnit.nickName", v);
config.putString("kra.cert.storage.nickname", v);
config.putString(name, v);
- } else if (name.equals("cloning.audit_signing.nickname")) {
- config.putString("preop.master.audit_signing.nickname", v);
- config.putString(type + ".cert.audit_signing.nickname", v);
+ } else if (name
+ .equals("cloning.audit_signing.nickname")) {
+ config.putString(
+ "preop.master.audit_signing.nickname", v);
+ config.putString(type
+ + ".cert.audit_signing.nickname", v);
config.putString(name, v);
} else if (name.equals("cloning.module.token")) {
config.putString("preop.module.token", v);
} else if (name.startsWith("cloning.ca")) {
- config.putString(name.replaceFirst("cloning", "preop"), v);
+ config.putString(
+ name.replaceFirst("cloning", "preop"), v);
} else if (name.startsWith("cloning")) {
- config.putString(name.replaceFirst("cloning", "preop.cert"), v);
+ config.putString(
+ name.replaceFirst("cloning", "preop.cert"),
+ v);
} else {
config.putString(name, v);
}
}
// reset nicknames for system cert verification
- String token = config.getString("preop.module.token",
- "Internal Key Storage Token");
- if (! token.equals("Internal Key Storage Token")) {
+ String token = config.getString("preop.module.token",
+ "Internal Key Storage Token");
+ if (!token.equals("Internal Key Storage Token")) {
String certlist = config.getString("preop.cert.list");
StringTokenizer t1 = new StringTokenizer(certlist, ",");
while (t1.hasMoreTokens()) {
String tag = t1.nextToken();
- if (tag.equals("sslserver")) continue;
- config.putString(type + ".cert." + tag + ".nickname",
- token + ":" +
- config.getString(type + ".cert." + tag + ".nickname", ""));
- }
+ if (tag.equals("sslserver"))
+ continue;
+ config.putString(
+ type + ".cert." + tag + ".nickname",
+ token
+ + ":"
+ + config.getString(type + ".cert."
+ + tag + ".nickname", ""));
+ }
}
} else {
String error = parser.getValue("Error");
@@ -1431,7 +1478,7 @@ public class WizardPanelBase implements IWizardPanel {
CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString());
throw new IOException(e.toString());
}
- }
+ }
}
public void importCertChain(String id) throws IOException {
@@ -1442,31 +1489,32 @@ public class WizardPanelBase implements IWizardPanel {
try {
pkcs7 = config.getString(configName, "");
- } catch (Exception e) {}
+ } catch (Exception e) {
+ }
if (pkcs7.length() > 0) {
try {
CryptoUtil.importCertificateChain(pkcs7);
} catch (Exception e) {
- CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString());
+ CMS.debug("DisplayCertChainPanel importCertChain: Exception: "
+ + e.toString());
}
}
}
public void updateCertChain(IConfigStore config, String name, String host,
- int https_admin_port, boolean https, Context context) throws IOException {
- updateCertChain( config, name, host, https_admin_port,
- https, context, null );
+ int https_admin_port, boolean https, Context context)
+ throws IOException {
+ updateCertChain(config, name, host, https_admin_port, https, context,
+ null);
}
public void updateCertChain(IConfigStore config, String name, String host,
- int https_admin_port, boolean https, Context context,
- ConfigCertApprovalCallback certApprovalCallback) throws IOException {
- String certchain = getCertChainUsingSecureAdminPort( host,
- https_admin_port,
- https,
- certApprovalCallback );
- config.putString("preop."+name+".pkcs7", certchain);
+ int https_admin_port, boolean https, Context context,
+ ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+ String certchain = getCertChainUsingSecureAdminPort(host,
+ https_admin_port, https, certApprovalCallback);
+ config.putString("preop." + name + ".pkcs7", certchain);
byte[] decoded = CryptoUtil.base64Decode(certchain);
java.security.cert.X509Certificate[] b_certchain = null;
@@ -1474,8 +1522,7 @@ public class WizardPanelBase implements IWizardPanel {
try {
b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
} catch (Exception e) {
- context.put("errorString",
- "Failed to get the certificate chain.");
+ context.put("errorString", "Failed to get the certificate chain.");
return;
}
@@ -1483,7 +1530,7 @@ public class WizardPanelBase implements IWizardPanel {
if (b_certchain != null) {
size = b_certchain.length;
}
- config.putInteger("preop."+name+".certchain.size", size);
+ config.putInteger("preop." + name + ".certchain.size", size);
for (int i = 0; i < size; i++) {
byte[] bb = null;
@@ -1491,11 +1538,11 @@ public class WizardPanelBase implements IWizardPanel {
bb = b_certchain[i].getEncoded();
} catch (Exception e) {
context.put("errorString",
- "Failed to get the der-encoded certificate chain.");
+ "Failed to get the der-encoded certificate chain.");
return;
}
- config.putString("preop."+name+".certchain." + i,
- CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+ config.putString("preop." + name + ".certchain." + i,
+ CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
}
try {
@@ -1504,16 +1551,13 @@ public class WizardPanelBase implements IWizardPanel {
}
}
- public void updateCertChainUsingSecureEEPort( IConfigStore config,
- String name, String host,
- int https_ee_port,
- boolean https,
- Context context,
- ConfigCertApprovalCallback certApprovalCallback ) throws IOException {
- String certchain = getCertChainUsingSecureEEPort( host, https_ee_port,
- https,
- certApprovalCallback);
- config.putString("preop."+name+".pkcs7", certchain);
+ public void updateCertChainUsingSecureEEPort(IConfigStore config,
+ String name, String host, int https_ee_port, boolean https,
+ Context context, ConfigCertApprovalCallback certApprovalCallback)
+ throws IOException {
+ String certchain = getCertChainUsingSecureEEPort(host, https_ee_port,
+ https, certApprovalCallback);
+ config.putString("preop." + name + ".pkcs7", certchain);
byte[] decoded = CryptoUtil.base64Decode(certchain);
java.security.cert.X509Certificate[] b_certchain = null;
@@ -1521,8 +1565,7 @@ public class WizardPanelBase implements IWizardPanel {
try {
b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
} catch (Exception e) {
- context.put("errorString",
- "Failed to get the certificate chain.");
+ context.put("errorString", "Failed to get the certificate chain.");
return;
}
@@ -1530,7 +1573,7 @@ public class WizardPanelBase implements IWizardPanel {
if (b_certchain != null) {
size = b_certchain.length;
}
- config.putInteger("preop."+name+".certchain.size", size);
+ config.putInteger("preop." + name + ".certchain.size", size);
for (int i = 0; i < size; i++) {
byte[] bb = null;
@@ -1538,11 +1581,11 @@ public class WizardPanelBase implements IWizardPanel {
bb = b_certchain[i].getEncoded();
} catch (Exception e) {
context.put("errorString",
- "Failed to get the der-encoded certificate chain.");
+ "Failed to get the der-encoded certificate chain.");
return;
}
- config.putString("preop."+name+".certchain." + i,
- CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+ config.putString("preop." + name + ".certchain." + i,
+ CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
}
try {
@@ -1557,27 +1600,28 @@ public class WizardPanelBase implements IWizardPanel {
CryptoToken tok = cm.getTokenByName(tokenname);
CryptoStore store = tok.getCryptoStore();
String fullnickname = nickname;
- if (!tokenname.equals("") &&
- !tokenname.equals("Internal Key Storage Token") &&
- !tokenname.equals("internal"))
- fullnickname = tokenname+":"+nickname;
+ if (!tokenname.equals("")
+ && !tokenname.equals("Internal Key Storage Token")
+ && !tokenname.equals("internal"))
+ fullnickname = tokenname + ":" + nickname;
- CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname);
- org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname);
+ CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname);
+ org.mozilla.jss.crypto.X509Certificate cert = cm
+ .findCertByNickname(fullnickname);
if (store instanceof PK11Store) {
CMS.debug("WizardPanelBase deleteCert: this is pk11store");
- PK11Store pk11store = (PK11Store)store;
+ PK11Store pk11store = (PK11Store) store;
pk11store.deleteCertOnly(cert);
CMS.debug("WizardPanelBase deleteCert: cert deleted successfully");
}
} catch (Exception e) {
- CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString());
+ CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString());
}
}
public void deleteEntries(LDAPSearchResults res, LDAPConnection conn,
- String dn, String[] entries) {
+ String dn, String[] entries) {
String[] attrs = null;
LDAPSearchConstraints cons = null;
String filter = "objectclass=*";
@@ -1589,29 +1633,32 @@ public class WizardPanelBase implements IWizardPanel {
while (res.hasMoreElements()) {
LDAPEntry entry = res.next();
String dn1 = entry.getDN();
- LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs, true, cons);
+ LDAPSearchResults res1 = conn.search(dn1, 1, filter, attrs,
+ true, cons);
deleteEntries(res1, conn, dn1, entries);
deleteEntry(conn, dn1, entries);
}
}
} catch (Exception ee) {
- CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString());
+ CMS.debug("WizardPanelBase deleteEntries: Exception="
+ + ee.toString());
}
}
public void deleteEntry(LDAPConnection conn, String dn, String[] entries) {
try {
- for (int i=0; i<entries.length; i++) {
+ for (int i = 0; i < entries.length; i++) {
if (LDAPDN.equals(dn, entries[i])) {
- CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted.");
+ CMS.debug("WizardPanelBase deleteEntry: entry with this dn "
+ + dn + " is not deleted.");
return;
}
}
- CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn);
+ CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn);
conn.delete(dn);
} catch (Exception e) {
- CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString());
+ CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString());
}
}
@@ -1624,12 +1671,17 @@ public class WizardPanelBase implements IWizardPanel {
int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
int panel = getPanelNo();
String subsystem = cs.getString("cs.type", "");
- String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+ String urlVal = "https://" + cs_hostname + ":" + cs_port + "/"
+ + toLowerCaseSubsystemType(subsystem)
+ + "/admin/console/config/wizard?p=" + panel + "&subsystem="
+ + subsystem;
String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
- String sdurl = "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
+ String sdurl = "https://" + hostname + ":" + port
+ + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;
response.sendRedirect(sdurl);
} catch (Exception e) {
- CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString());
+ CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="
+ + e.toString());
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
index bbfa4b39..73f4e367 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
@@ -28,30 +28,24 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-public class AdminRequestFilter implements Filter
-{
+public class AdminRequestFilter implements Filter {
private static final String HTTPS_SCHEME = "https";
private static final String HTTPS_PORT = "https_port";
private static final String HTTPS_ROLE = "Admin";
private static final String PROXY_PORT = "proxy_port";
private FilterConfig config;
-
+
/* Create a new AdminRequestFilter */
- public AdminRequestFilter() {}
-
- public void init( FilterConfig filterConfig )
- throws ServletException
- {
+ public AdminRequestFilter() {
+ }
+
+ public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
}
-
- public void doFilter( ServletRequest request,
- ServletResponse response,
- FilterChain chain )
- throws java.io.IOException,
- ServletException
- {
+
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws java.io.IOException, ServletException {
String filterName = getClass().getName();
String scheme = null;
@@ -64,32 +58,32 @@ public class AdminRequestFilter implements Filter
String param_active = null;
// CMS.debug("Entering the admin filter");
- param_active = config.getInitParameter( "active");
+ param_active = config.getInitParameter("active");
- if( request instanceof HttpServletRequest ) {
- HttpServletResponse resp = ( HttpServletResponse ) response;
+ if (request instanceof HttpServletRequest) {
+ HttpServletResponse resp = (HttpServletResponse) response;
- // RFC 1738: verify that scheme is "https"
+ // RFC 1738: verify that scheme is "https"
scheme = request.getScheme();
- if( ! scheme.equals( HTTPS_SCHEME ) ) {
- msg = "The scheme MUST be '" + HTTPS_SCHEME
- + "', NOT '" + scheme + "'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+ if (!scheme.equals(HTTPS_SCHEME)) {
+ msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '"
+ + scheme + "'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
return;
}
// Always obtain an "https" port from request
port = request.getLocalPort();
- request_port = Integer.toString( port );
+ request_port = Integer.toString(port);
// Always obtain the "https" port passed in as a parameter
- param_https_port = config.getInitParameter( HTTPS_PORT );
- if( param_https_port == null ) {
- msg = "The <param-name> '" + HTTPS_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+ param_https_port = config.getInitParameter(HTTPS_PORT);
+ if (param_https_port == null) {
+ msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> "
+ + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
return;
}
@@ -97,29 +91,30 @@ public class AdminRequestFilter implements Filter
boolean bad_port = false;
// Compare the request and param "https" ports
- if( ! param_https_port.equals( request_port ) ) {
+ if (!param_https_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
- if (param_proxy_port != null) {
+ if (param_proxy_port != null) {
if (!param_proxy_port.equals(request_port)) {
msg = "Use HTTPS port '" + param_https_port
- + "' or proxy port '" + param_proxy_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' or proxy port '" + param_proxy_port
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTPS port '" + param_https_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null)
+ && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
return;
}
}
@@ -128,11 +123,9 @@ public class AdminRequestFilter implements Filter
// CMS.debug("Exiting the admin filter");
- chain.doFilter( request, response );
+ chain.doFilter(request, response);
}
-
- public void destroy()
- {
+
+ public void destroy() {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
index 1ae44a64..c9c651b6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
@@ -28,30 +28,24 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-public class AgentRequestFilter implements Filter
-{
+public class AgentRequestFilter implements Filter {
private static final String HTTPS_SCHEME = "https";
private static final String HTTPS_PORT = "https_port";
private static final String HTTPS_ROLE = "Agent";
private static final String PROXY_PORT = "proxy_port";
private FilterConfig config;
-
+
/* Create a new AgentRequestFilter */
- public AgentRequestFilter() {}
-
- public void init( FilterConfig filterConfig )
- throws ServletException
- {
+ public AgentRequestFilter() {
+ }
+
+ public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
}
-
- public void doFilter( ServletRequest request,
- ServletResponse response,
- FilterChain chain )
- throws java.io.IOException,
- ServletException
- {
+
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws java.io.IOException, ServletException {
String filterName = getClass().getName();
String scheme = null;
@@ -65,32 +59,32 @@ public class AgentRequestFilter implements Filter
String param_active = null;
// CMS.debug("Entering the agent filter");
- param_active = config.getInitParameter( "active");
+ param_active = config.getInitParameter("active");
- if( request instanceof HttpServletRequest ) {
- HttpServletResponse resp = ( HttpServletResponse ) response;
+ if (request instanceof HttpServletRequest) {
+ HttpServletResponse resp = (HttpServletResponse) response;
- // RFC 1738: verify that scheme is "https"
+ // RFC 1738: verify that scheme is "https"
scheme = request.getScheme();
- if( ! scheme.equals( HTTPS_SCHEME ) ) {
- msg = "The scheme MUST be '" + HTTPS_SCHEME
- + "', NOT '" + scheme + "'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+ if (!scheme.equals(HTTPS_SCHEME)) {
+ msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '"
+ + scheme + "'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
return;
}
// Always obtain an "https" port from request
port = request.getLocalPort();
- request_port = Integer.toString( port );
+ request_port = Integer.toString(port);
// Always obtain the "https" port passed in as a parameter
- param_https_port = config.getInitParameter( HTTPS_PORT );
- if( param_https_port == null ) {
- msg = "The <param-name> '" + HTTPS_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+ param_https_port = config.getInitParameter(HTTPS_PORT);
+ if (param_https_port == null) {
+ msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> "
+ + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
return;
}
@@ -98,29 +92,30 @@ public class AgentRequestFilter implements Filter
boolean bad_port = false;
// Compare the request and param "https" ports
- if( ! param_https_port.equals( request_port ) ) {
+ if (!param_https_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
if (param_proxy_port != null) {
if (!param_proxy_port.equals(request_port)) {
msg = "Use HTTPS port '" + param_https_port
- + "' or proxy port '" + param_proxy_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' or proxy port '" + param_proxy_port
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTPS port '" + param_https_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null)
+ && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
return;
}
}
@@ -128,11 +123,9 @@ public class AgentRequestFilter implements Filter
}
// CMS.debug("Exiting the Agent filter");
- chain.doFilter( request, response );
+ chain.doFilter(request, response);
}
-
- public void destroy()
- {
+
+ public void destroy() {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
index 8b53c6c6..023d20dd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
@@ -28,30 +28,24 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-public class EEClientAuthRequestFilter implements Filter
-{
+public class EEClientAuthRequestFilter implements Filter {
private static final String HTTPS_SCHEME = "https";
private static final String HTTPS_PORT = "https_port";
private static final String HTTPS_ROLE = "EE Client Auth";
private static final String PROXY_PORT = "proxy_port";
private FilterConfig config;
-
+
/* Create a new EEClientAuthRequestFilter */
- public EEClientAuthRequestFilter() {}
-
- public void init( FilterConfig filterConfig )
- throws ServletException
- {
+ public EEClientAuthRequestFilter() {
+ }
+
+ public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
}
-
- public void doFilter( ServletRequest request,
- ServletResponse response,
- FilterChain chain )
- throws java.io.IOException,
- ServletException
- {
+
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws java.io.IOException, ServletException {
String filterName = getClass().getName();
String scheme = null;
@@ -64,32 +58,32 @@ public class EEClientAuthRequestFilter implements Filter
String param_proxy_port = null;
// CMS.debug("Entering the EECA filter");
- param_active = config.getInitParameter( "active");
+ param_active = config.getInitParameter("active");
- if( request instanceof HttpServletRequest ) {
- HttpServletResponse resp = ( HttpServletResponse ) response;
+ if (request instanceof HttpServletRequest) {
+ HttpServletResponse resp = (HttpServletResponse) response;
- // RFC 1738: verify that scheme is "https"
+ // RFC 1738: verify that scheme is "https"
scheme = request.getScheme();
- if( ! scheme.equals( HTTPS_SCHEME ) ) {
- msg = "The scheme MUST be '" + HTTPS_SCHEME
- + "', NOT '" + scheme + "'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+ if (!scheme.equals(HTTPS_SCHEME)) {
+ msg = "The scheme MUST be '" + HTTPS_SCHEME + "', NOT '"
+ + scheme + "'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
return;
}
// Always obtain an "https" port from request
port = request.getLocalPort();
- request_port = Integer.toString( port );
+ request_port = Integer.toString(port);
// Always obtain the "https" port passed in as a parameter
- param_https_port = config.getInitParameter( HTTPS_PORT );
- if( param_https_port == null ) {
- msg = "The <param-name> '" + HTTPS_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+ param_https_port = config.getInitParameter(HTTPS_PORT);
+ if (param_https_port == null) {
+ msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> "
+ + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
return;
}
@@ -97,41 +91,40 @@ public class EEClientAuthRequestFilter implements Filter
boolean bad_port = false;
// Compare the request and param "https" ports
- if( ! param_https_port.equals( request_port ) ) {
+ if (!param_https_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
if (param_proxy_port != null) {
if (!param_proxy_port.equals(request_port)) {
msg = "Use HTTPS port '" + param_https_port
- + "' or proxy port '" + param_proxy_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' or proxy port '" + param_proxy_port
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTPS port '" + param_https_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null)
+ && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
return;
}
}
}
}
- // CMS.debug("exiting the EECA filter");
+ // CMS.debug("exiting the EECA filter");
- chain.doFilter( request, response );
+ chain.doFilter(request, response);
}
-
- public void destroy()
- {
+
+ public void destroy() {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
index f66cf087..2461f1a0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
@@ -28,8 +28,7 @@ import javax.servlet.http.HttpServletResponse;
import com.netscape.certsrv.apps.CMS;
-public class EERequestFilter implements Filter
-{
+public class EERequestFilter implements Filter {
private static final String HTTP_SCHEME = "http";
private static final String HTTP_PORT = "http_port";
private static final String HTTP_ROLE = "EE";
@@ -40,22 +39,17 @@ public class EERequestFilter implements Filter
private static final String PROXY_HTTP_PORT = "proxy_http_port";
private FilterConfig config;
-
+
/* Create a new EERequestFilter */
- public EERequestFilter() {}
-
- public void init( FilterConfig filterConfig )
- throws ServletException
- {
+ public EERequestFilter() {
+ }
+
+ public void init(FilterConfig filterConfig) throws ServletException {
this.config = filterConfig;
}
-
- public void doFilter( ServletRequest request,
- ServletResponse response,
- FilterChain chain )
- throws java.io.IOException,
- ServletException
- {
+
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws java.io.IOException, ServletException {
String filterName = getClass().getName();
String scheme = null;
@@ -70,45 +64,43 @@ public class EERequestFilter implements Filter
String param_active = null;
// CMS.debug("Entering the EE filter");
- param_active = config.getInitParameter( "active");
+ param_active = config.getInitParameter("active");
- if( request instanceof HttpServletRequest ) {
- HttpServletResponse resp = ( HttpServletResponse ) response;
+ if (request instanceof HttpServletRequest) {
+ HttpServletResponse resp = (HttpServletResponse) response;
- // RFC 1738: verify that scheme is either "http" or "https"
+ // RFC 1738: verify that scheme is either "http" or "https"
scheme = request.getScheme();
- if( ( ! scheme.equals( HTTP_SCHEME ) ) &&
- ( ! scheme.equals( HTTPS_SCHEME ) ) ) {
- msg = "The scheme MUST be either '" + HTTP_SCHEME
- + "' or '" + HTTPS_SCHEME
- + "', NOT '" + scheme + "'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
- return;
+ if ((!scheme.equals(HTTP_SCHEME)) && (!scheme.equals(HTTPS_SCHEME))) {
+ msg = "The scheme MUST be either '" + HTTP_SCHEME + "' or '"
+ + HTTPS_SCHEME + "', NOT '" + scheme + "'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
+ return;
}
// Always obtain either an "http" or an "https" port from request
port = request.getLocalPort();
- request_port = Integer.toString( port );
+ request_port = Integer.toString(port);
// Always obtain the "http" port passed in as a parameter
- param_http_port = config.getInitParameter( HTTP_PORT );
- if( param_http_port == null ) {
- msg = "The <param-name> '" + HTTP_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
- return;
+ param_http_port = config.getInitParameter(HTTP_PORT);
+ if (param_http_port == null) {
+ msg = "The <param-name> '" + HTTP_PORT + "' </param-name> "
+ + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
+ return;
}
// Always obtain the "https" port passed in as a parameter
- param_https_port = config.getInitParameter( HTTPS_PORT );
- if( param_https_port == null ) {
- msg = "The <param-name> '" + HTTPS_PORT
- + "' </param-name> " + "MUST be specified in 'web.xml'!";
- CMS.debug( filterName + ": " + msg );
- resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
- return;
+ param_https_port = config.getInitParameter(HTTPS_PORT);
+ if (param_https_port == null) {
+ msg = "The <param-name> '" + HTTPS_PORT + "' </param-name> "
+ + "MUST be specified in 'web.xml'!";
+ CMS.debug(filterName + ": " + msg);
+ resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
+ return;
}
param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT);
@@ -119,58 +111,64 @@ public class EERequestFilter implements Filter
// the request and param "http" ports;
// otherwise, if the scheme is "https", compare
// the request and param "https" ports
- if( scheme.equals( HTTP_SCHEME ) ) {
- if( ! param_http_port.equals( request_port ) ) {
+ if (scheme.equals(HTTP_SCHEME)) {
+ if (!param_http_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
- if (param_proxy_http_port != null) {
+ if (param_proxy_http_port != null) {
if (!param_proxy_http_port.equals(request_port)) {
msg = "Use HTTP port '" + param_http_port
- + "' or proxy port '" + param_proxy_http_port
- + "' instead of '" + request_port
- + "' when performing " + HTTP_ROLE + " tasks!";
+ + "' or proxy port '"
+ + param_proxy_http_port + "' instead of '"
+ + request_port + "' when performing "
+ + HTTP_ROLE + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTP port '" + param_http_port
- + "' instead of '" + request_port
- + "' when performing " + HTTP_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTP_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null)
+ && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND,
+ msg);
return;
}
}
}
- } else if( scheme.equals( HTTPS_SCHEME ) ) {
- if( ! param_https_port.equals( request_port ) ) {
+ } else if (scheme.equals(HTTPS_SCHEME)) {
+ if (!param_https_port.equals(request_port)) {
String uri = ((HttpServletRequest) request).getRequestURI();
- if (param_proxy_port != null) {
+ if (param_proxy_port != null) {
if (!param_proxy_port.equals(request_port)) {
msg = "Use HTTPS port '" + param_https_port
- + "' or proxy port '" + param_proxy_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' or proxy port '" + param_proxy_port
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE
+ + " tasks!";
bad_port = true;
}
} else {
msg = "Use HTTPS port '" + param_https_port
- + "' instead of '" + request_port
- + "' when performing " + HTTPS_ROLE + " tasks!";
+ + "' instead of '" + request_port
+ + "' when performing " + HTTPS_ROLE + " tasks!";
bad_port = true;
}
if (bad_port) {
- CMS.debug( filterName + ": " + msg );
- CMS.debug( filterName + ": uri is " + uri);
- if ((param_active != null) &&(param_active.equals("false"))) {
+ CMS.debug(filterName + ": " + msg);
+ CMS.debug(filterName + ": uri is " + uri);
+ if ((param_active != null)
+ && (param_active.equals("false"))) {
CMS.debug("Filter is disabled .. continuing");
} else {
- resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+ resp.sendError(HttpServletResponse.SC_NOT_FOUND,
+ msg);
return;
}
}
@@ -180,11 +178,9 @@ public class EERequestFilter implements Filter
}
// CMS.debug("Exiting the EE filter");
- chain.doFilter( request, response );
+ chain.doFilter(request, response);
}
-
- public void destroy()
- {
+
+ public void destroy() {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
index 166036a9..6281050f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -43,13 +42,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * A class representing a recoverKey servlet. This servlet
- * shows key information and presents a list of text boxes
- * so that recovery agents can type in their identifiers
- * and passwords.
- *
+ * A class representing a recoverKey servlet. This servlet shows key information
+ * and presents a list of text boxes so that recovery agents can type in their
+ * identifiers and passwords.
+ *
* @version $Revision$, $Date$
*/
public class ConfirmRecoverBySerial extends CMSServlet {
@@ -59,8 +56,7 @@ public class ConfirmRecoverBySerial extends CMSServlet {
*/
private static final long serialVersionUID = 2221819191344494389L;
private final static String INFO = "recoverBySerial";
- private final static String TPL_FILE =
- "confirmRecoverBySerial.template";
+ private final static String TPL_FILE = "confirmRecoverBySerial.template";
private final static String IN_SERIALNO = "serialNumber";
private final static String OUT_SERIALNO = IN_SERIALNO;
@@ -95,22 +91,20 @@ public class ConfirmRecoverBySerial extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
- * Serves HTTP request. The format of this request is
- * as follows:
- * confirmRecoverBySerial?
- * [serialNumber=<serialno>]
+ * Serves HTTP request. The format of this request is as follows:
+ * confirmRecoverBySerial? [serialNumber=<serialno>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
// Note that we should try to handle all the exceptions
- // instead of passing it up back to the servlet
+ // instead of passing it up back to the servlet
// framework.
-
+
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
@@ -123,9 +117,10 @@ public class ConfirmRecoverBySerial extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -136,8 +131,7 @@ public class ConfirmRecoverBySerial extends CMSServlet {
try {
if (req.getParameter(IN_SERIALNO) != null) {
- seqNum = Integer.parseInt(
- req.getParameter(IN_SERIALNO));
+ seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO));
}
// make sure this page, which contains password
@@ -147,8 +141,10 @@ public class ConfirmRecoverBySerial extends CMSServlet {
process(argSet, header, seqNum, req, resp, locale[0]);
} catch (NumberFormatException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(
+ OUT_ERROR,
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR",
+ e.toString()));
}
try {
@@ -157,10 +153,10 @@ public class ConfirmRecoverBySerial extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
@@ -168,21 +164,17 @@ public class ConfirmRecoverBySerial extends CMSServlet {
/**
* Requests for a list of agent passwords.
*/
- private void process(CMSTemplateParams argSet,
- IArgBlock header, int seq,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ private void process(CMSTemplateParams argSet, IArgBlock header, int seq,
+ HttpServletRequest req, HttpServletResponse resp, Locale locale) {
try {
header.addIntegerValue(OUT_SERIALNO, seq);
header.addIntegerValue(OUT_M,
- mRecoveryService.getNoOfRequiredAgents());
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
+ mRecoveryService.getNoOfRequiredAgents());
+ header.addStringValue(OUT_OP, req.getParameter(OUT_OP));
+ header.addStringValue(OUT_SERVICE_URL, req.getRequestURI());
IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(
- Integer.toString(seq)));
+ Integer.toString(seq)));
KeyRecordParser.fillRecordIntoArg(rec, header);
} catch (EBaseException e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
index 510f1ac3..de298e90 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -44,11 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Display a specific Key Archival Request
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class DisplayBySerial extends CMSServlet {
@@ -78,7 +76,7 @@ public class DisplayBySerial extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "displayBySerial.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -94,8 +92,8 @@ public class DisplayBySerial extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -103,7 +101,7 @@ public class DisplayBySerial extends CMSServlet {
* <ul>
* <li>http.param serialNumber serial number of the key archival request
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -115,14 +113,14 @@ public class DisplayBySerial extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -137,13 +135,14 @@ public class DisplayBySerial extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
// Note that we should try to handle all the exceptions
- // instead of passing it up back to the servlet
+ // instead of passing it up back to the servlet
// framework.
IArgBlock header = CMS.createArgBlock();
@@ -153,13 +152,14 @@ public class DisplayBySerial extends CMSServlet {
try {
if (req.getParameter(IN_SERIALNO) != null) {
- seqNum = Integer.parseInt(
- req.getParameter(IN_SERIALNO));
+ seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO));
}
process(argSet, header, seqNum, req, resp, locale[0]);
} catch (NumberFormatException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(
+ OUT_ERROR,
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR",
+ e.toString()));
}
try {
@@ -168,27 +168,23 @@ public class DisplayBySerial extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
/**
* Display information about a particular key.
*/
- private void process(CMSTemplateParams argSet,
- IArgBlock header, int seq,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ private void process(CMSTemplateParams argSet, IArgBlock header, int seq,
+ HttpServletRequest req, HttpServletResponse resp, Locale locale) {
try {
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
- IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
- BigInteger(Integer.toString(seq)));
+ header.addStringValue(OUT_OP, req.getParameter(OUT_OP));
+ header.addStringValue(OUT_SERVICE_URL, req.getRequestURI());
+ IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(
+ Integer.toString(seq)));
KeyRecordParser.fillRecordIntoArg(rec, header);
} catch (EBaseException e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
index 2ef78c64..f261d0d9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Locale;
@@ -45,11 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Display a Specific Key Archival Request, and initiate
- * key recovery process
- *
+ * Display a Specific Key Archival Request, and initiate key recovery process
+ *
* @version $Revision$, $Date$
*/
public class DisplayBySerialForRecovery extends CMSServlet {
@@ -80,7 +77,7 @@ public class DisplayBySerialForRecovery extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "displayBySerialForRecovery.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -95,17 +92,17 @@ public class DisplayBySerialForRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
* <ul>
- * <li>http.param serialNumber request ID of key archival request
- * <li>http.param publicKeyData
+ * <li>http.param serialNumber request ID of key archival request
+ * <li>http.param publicKeyData
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -117,14 +114,14 @@ public class DisplayBySerialForRecovery extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -139,13 +136,14 @@ public class DisplayBySerialForRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
// Note that we should try to handle all the exceptions
- // instead of passing it up back to the servlet
+ // instead of passing it up back to the servlet
// framework.
IArgBlock header = CMS.createArgBlock();
@@ -156,15 +154,15 @@ public class DisplayBySerialForRecovery extends CMSServlet {
try {
if (req.getParameter(IN_SERIALNO) != null) {
- seqNum = Integer.parseInt(
- req.getParameter(IN_SERIALNO));
+ seqNum = Integer.parseInt(req.getParameter(IN_SERIALNO));
}
- process(argSet, header,
- req.getParameter("publicKeyData"),
- seqNum, req, resp, locale[0]);
+ process(argSet, header, req.getParameter("publicKeyData"), seqNum,
+ req, resp, locale[0]);
} catch (NumberFormatException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(
+ OUT_ERROR,
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR",
+ e.toString()));
} catch (Exception e) {
e.printStackTrace();
System.out.println(e.toString());
@@ -175,10 +173,10 @@ public class DisplayBySerialForRecovery extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
@@ -187,24 +185,20 @@ public class DisplayBySerialForRecovery extends CMSServlet {
* Display information about a particular key.
*/
private synchronized void process(CMSTemplateParams argSet,
- IArgBlock header, String publicKeyData, int seq,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ IArgBlock header, String publicKeyData, int seq,
+ HttpServletRequest req, HttpServletResponse resp, Locale locale) {
try {
header.addIntegerValue("noOfRequiredAgents",
- mService.getNoOfRequiredAgents());
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addStringValue("keySplitting",
- CMS.getConfigStore().getString("kra.keySplitting"));
- header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
+ mService.getNoOfRequiredAgents());
+ header.addStringValue(OUT_OP, req.getParameter(OUT_OP));
+ header.addStringValue("keySplitting", CMS.getConfigStore()
+ .getString("kra.keySplitting"));
+ header.addStringValue(OUT_SERVICE_URL, req.getRequestURI());
if (publicKeyData != null) {
- header.addStringValue("publicKeyData",
- publicKeyData);
+ header.addStringValue("publicKeyData", publicKeyData);
}
- IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
- BigInteger(Integer.toString(seq)));
+ IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(
+ Integer.toString(seq)));
KeyRecordParser.fillRecordIntoArg(rec, header);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
index d4baf181..adcb6127 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
@@ -34,11 +33,9 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Retrieve Transport Certificate used to
- * wrap Private key Archival requests
- *
+ * Retrieve Transport Certificate used to wrap Private key Archival requests
+ *
* @version $Revision$, $Date$
*/
public class DisplayTransport extends CMSServlet {
@@ -67,13 +64,13 @@ public class DisplayTransport extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -86,8 +83,8 @@ public class DisplayTransport extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (Exception e) {
// do nothing for now
}
@@ -98,31 +95,29 @@ public class DisplayTransport extends CMSServlet {
}
try {
- IKeyRecoveryAuthority kra =
- (IKeyRecoveryAuthority) mAuthority;
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) mAuthority;
ITransportKeyUnit tu = kra.getTransportKeyUnit();
- org.mozilla.jss.crypto.X509Certificate transportCert =
- tu.getCertificate();
+ org.mozilla.jss.crypto.X509Certificate transportCert = tu
+ .getCertificate();
resp.setStatus(HttpServletResponse.SC_OK);
resp.setContentType("text/html");
- String content = "";
+ String content = "";
content += "<HTML><PRE>";
- String mime64 =
- "-----BEGIN CERTIFICATE-----\n" +
- CMS.BtoA(transportCert.getEncoded()) +
- "-----END CERTIFICATE-----\n";
+ String mime64 = "-----BEGIN CERTIFICATE-----\n"
+ + CMS.BtoA(transportCert.getEncoded())
+ + "-----END CERTIFICATE-----\n";
content += mime64;
content += "</PRE></HTML>";
resp.setContentType("text/html");
resp.getOutputStream().write(content.getBytes());
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
index 9fbad7a6..14cc265f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Hashtable;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * View the Key Recovery Request
- *
+ * View the Key Recovery Request
+ *
* @version $Revision$, $Date$
*/
public class ExamineRecovery extends CMSServlet {
@@ -100,8 +98,8 @@ public class ExamineRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -109,7 +107,7 @@ public class ExamineRecovery extends CMSServlet {
* <ul>
* <li>http.param recoveryID recovery request ID
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
@@ -123,14 +121,14 @@ public class ExamineRecovery extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -145,9 +143,10 @@ public class ExamineRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -158,96 +157,84 @@ public class ExamineRecovery extends CMSServlet {
EBaseException error = null;
try {
- process(argSet, header,
- req.getParameter("recoveryID"),
- req, resp, locale[0]);
+ process(argSet, header, req.getParameter("recoveryID"), req, resp,
+ locale[0]);
} catch (EBaseException e) {
error = e;
} catch (Exception e) {
- error = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
+ error = new EBaseException(CMS.getUserMessage(
+ "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
/*
- catch (NumberFormatException e) {
- error = eBaseException(
-
- header.addStringValue(OUT_ERROR,
- MessageFormatter.getLocalizedString(
- locale[0],
- BaseResources.class.getName(),
- BaseResources.INTERNAL_ERROR_1,
- e.toString()));
- }
+ * catch (NumberFormatException e) { error = eBaseException(
+ *
+ * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString(
+ * locale[0], BaseResources.class.getName(),
+ * BaseResources.INTERNAL_ERROR_1, e.toString())); }
*/
try {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- ServletOutputStream out = resp.getOutputStream();
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ ServletOutputStream out = resp.getOutputStream();
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
/**
- * Recovers a key. The p12 will be protected by the password
- * provided by the administrator.
+ * Recovers a key. The p12 will be protected by the password provided by the
+ * administrator.
*/
- private void process(CMSTemplateParams argSet,
- IArgBlock header, String recoveryID,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ String recoveryID, HttpServletRequest req,
+ HttpServletResponse resp, Locale locale) throws EBaseException {
try {
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
- header.addStringValue("keySplitting",
- CMS.getConfigStore().getString("kra.keySplitting"));
- Hashtable params = mService.getRecoveryParams(
- recoveryID);
+ header.addStringValue(OUT_OP, req.getParameter(OUT_OP));
+ header.addStringValue(OUT_SERVICE_URL, req.getRequestURI());
+ header.addStringValue("keySplitting", CMS.getConfigStore()
+ .getString("kra.keySplitting"));
+ Hashtable params = mService.getRecoveryParams(recoveryID);
if (params == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
}
- String keyID = (String)params.get("keyID");
- header.addStringValue("serialNumber", keyID);
+ String keyID = (String) params.get("keyID");
+ header.addStringValue("serialNumber", keyID);
header.addStringValue("recoveryID", recoveryID);
- IKeyRepository mKeyDB =
- ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
- IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
- BigInteger(keyID));
+ IKeyRepository mKeyDB = ((IKeyRecoveryAuthority) mAuthority)
+ .getKeyRepository();
+ IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(
+ keyID));
KeyRecordParser.fillRecordIntoArg(rec, header);
-
} catch (EBaseException e) {
log(ILogger.LL_FAILURE, "Error e " + e);
throw e;
- }
+ }
/*
- catch (Exception e) {
- header.addStringValue(OUT_ERROR, e.toString());
- }
+ * catch (Exception e) { header.addStringValue(OUT_ERROR, e.toString());
+ * }
*/
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
index 4bd4d45b..e1bb0c1a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Check to see if a Key Recovery Request has been approved
- *
+ *
* @version $Revision$, $Date$
*/
public class GetApprovalStatus extends CMSServlet {
@@ -79,9 +77,9 @@ public class GetApprovalStatus extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template files
- * "getApprovalStatus.template" and "finishRecovery.template"
- * to process the response.
- *
+ * "getApprovalStatus.template" and "finishRecovery.template" to process the
+ * response.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -95,8 +93,8 @@ public class GetApprovalStatus extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -104,7 +102,7 @@ public class GetApprovalStatus extends CMSServlet {
* <ul>
* <li>http.param recoveryID request ID to check
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -117,8 +115,8 @@ public class GetApprovalStatus extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (Exception e) {
// do nothing for now
}
@@ -147,54 +145,52 @@ public class GetApprovalStatus extends CMSServlet {
Hashtable params = mService.getRecoveryParams(recoveryID);
if (params == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
}
- header.addStringValue("serialNumber",
- (String) params.get("keyID"));
+ header.addStringValue("serialNumber", (String) params.get("keyID"));
int requiredNumber = mService.getNoOfRequiredAgents();
header.addIntegerValue("noOfRequiredAgents", requiredNumber);
- Vector dc = ((IKeyRecoveryAuthority) mService).getAppAgents(recoveryID);
+ Vector dc = ((IKeyRecoveryAuthority) mService)
+ .getAppAgents(recoveryID);
Enumeration agents = dc.elements();
while (agents.hasMoreElements()) {
IArgBlock rarg = CMS.createArgBlock();
- rarg.addStringValue("agentName", ((Credential) agents.nextElement()).getIdentifier());
+ rarg.addStringValue("agentName",
+ ((Credential) agents.nextElement()).getIdentifier());
argSet.addRepeatRecord(rarg);
}
if (dc.size() >= requiredNumber) {
// got all approval, return pk12
- byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID);
+ byte pkcs12[] = ((IKeyRecoveryAuthority) mService)
+ .getPk12(recoveryID);
if (pkcs12 != null) {
rComplete = 1;
- header.addStringValue(OUT_STATUS, "complete");
+ header.addStringValue(OUT_STATUS, "complete");
/*
- mService.destroyRecoveryParams(recoveryID);
- try {
- resp.setContentType("application/x-pkcs12");
- resp.getOutputStream().write(pkcs12);
- return;
- } catch (IOException e) {
- header.addStringValue(OUT_ERROR,
- MessageFormatter.getLocalizedString(
- locale[0],
- BaseResources.class.getName(),
- BaseResources.INTERNAL_ERROR_1,
- e.toString()));
- }
+ * mService.destroyRecoveryParams(recoveryID); try {
+ * resp.setContentType("application/x-pkcs12");
+ * resp.getOutputStream().write(pkcs12); return; } catch
+ * (IOException e) { header.addStringValue(OUT_ERROR,
+ * MessageFormatter.getLocalizedString( locale[0],
+ * BaseResources.class.getName(),
+ * BaseResources.INTERNAL_ERROR_1, e.toString())); }
*/
- } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
- // error in recovery process
- header.addStringValue(OUT_ERROR,
- ((IKeyRecoveryAuthority) mService).getError(recoveryID));
+ } else if (((IKeyRecoveryAuthority) mService)
+ .getError(recoveryID) != null) {
+ // error in recovery process
+ header.addStringValue(OUT_ERROR,
+ ((IKeyRecoveryAuthority) mService)
+ .getError(recoveryID));
rComplete = 1;
} else {
// pk12 hasn't been created yet.
@@ -207,19 +203,21 @@ public class GetApprovalStatus extends CMSServlet {
try {
if (rComplete == 1) {
- mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH;
+ mFormPath = "/" + ((IAuthority) mService).getId() + "/"
+ + TPL_FINISH;
} else {
- mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE;
- }
+ mFormPath = "/" + ((IAuthority) mService).getId() + "/"
+ + TPL_FILE;
+ }
if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
ServletOutputStream out = resp.getOutputStream();
@@ -227,10 +225,10 @@ public class GetApprovalStatus extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
index cea08af3..f9c4d588 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Locale;
@@ -42,11 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Get the recovered key in PKCS#12 format
- * - for asynchronous key recovery only
- *
+ * Get the recovered key in PKCS#12 format - for asynchronous key recovery only
+ *
*/
public class GetAsyncPk12 extends CMSServlet {
@@ -67,13 +64,9 @@ public class GetAsyncPk12 extends CMSServlet {
private com.netscape.certsrv.kra.IKeyService mService = null;
private final static String OUT_STATUS = "status";
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
private String mFormPath = null;
@@ -87,7 +80,7 @@ public class GetAsyncPk12 extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "finishAsyncRecovery.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -103,8 +96,8 @@ public class GetAsyncPk12 extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -112,7 +105,7 @@ public class GetAsyncPk12 extends CMSServlet {
* <ul>
* <li>http.param reqID request id for recovery
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -128,14 +121,14 @@ public class GetAsyncPk12 extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "download");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "download");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -150,9 +143,10 @@ public class GetAsyncPk12 extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -173,28 +167,26 @@ public class GetAsyncPk12 extends CMSServlet {
agent = (String) sContext.get(SessionContext.USER_ID);
}
- if (agent == null ) {
- CMS.debug( "GetAsyncPk12::process() - agent is null!" );
- throw new EBaseException( "agent is null" );
+ if (agent == null) {
+ CMS.debug("GetAsyncPk12::process() - agent is null!");
+ throw new EBaseException("agent is null");
}
String initAgent = "undefined";
initAgent = mService.getInitAgentAsyncKeyRecovery(reqID);
if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) {
- log(ILogger.LL_SECURITY,
- CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3",
- reqID, initAgent));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC",
- reqID, initAgent));
+ log(ILogger.LL_SECURITY, CMS.getLogMessage(
+ "CMSGW_INVALID_AGENT_ASYNC_3", reqID, initAgent));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_INVALID_AGENT_ASYNC", reqID, initAgent));
}
// The async recovery request must be in "approved" state
- // i.e. all required # of recovery agents approved
+ // i.e. all required # of recovery agents approved
if (mService.isApprovedAsyncKeyRecovery(reqID) != true) {
CMS.debug("GetAsyncPk12::process() - # required recovery agents not met");
- throw new EBaseException( "# required recovery agents not met" );
+ throw new EBaseException("# required recovery agents not met");
}
String password = req.getParameter(IN_PASSWORD);
@@ -202,11 +194,11 @@ public class GetAsyncPk12 extends CMSServlet {
if (password == null || password.equals("")) {
header.addStringValue(OUT_ERROR, "PKCS12 password not found");
- throw new EBaseException( "PKCS12 password not found" );
+ throw new EBaseException("PKCS12 password not found");
}
if (passwordAgain == null || !passwordAgain.equals(password)) {
header.addStringValue(OUT_ERROR, "PKCS12 password not matched");
- throw new EBaseException( "PKCS12 password not matched" );
+ throw new EBaseException("PKCS12 password not matched");
}
// got all approval, return pk12
@@ -218,24 +210,22 @@ public class GetAsyncPk12 extends CMSServlet {
resp.getOutputStream().write(pkcs12);
mRenderResult = false;
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
- agent,
- ILogger.SUCCESS,
- reqID,
- "");
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+ agent, ILogger.SUCCESS, reqID, "");
- audit(auditMessage);
+ audit(auditMessage);
return;
} catch (IOException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(OUT_ERROR, CMS.getUserMessage(
+ locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
} else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) {
- // error in recovery process
- header.addStringValue(OUT_ERROR,
- ((IKeyRecoveryAuthority) mService).getError(reqID));
+ // error in recovery process
+ header.addStringValue(OUT_ERROR,
+ ((IKeyRecoveryAuthority) mService).getError(reqID));
} else {
// pk12 hasn't been created yet. Shouldn't get here
}
@@ -244,12 +234,10 @@ public class GetAsyncPk12 extends CMSServlet {
}
if ((agent != null) && (reqID != null)) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
- agent,
- ILogger.FAILURE,
- reqID,
- "");
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+ agent, ILogger.FAILURE, reqID, "");
audit(auditMessage);
}
@@ -260,10 +248,10 @@ public class GetAsyncPk12 extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
index b3651774..284ef7bb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Hashtable;
import java.util.Locale;
@@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Get the recovered key in PKCS#12 format
- *
+ *
* @version $Revision$, $Date$
*/
public class GetPk12 extends CMSServlet {
@@ -66,13 +64,9 @@ public class GetPk12 extends CMSServlet {
private com.netscape.certsrv.kra.IKeyService mService = null;
private final static String OUT_STATUS = "status";
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
- private final static String
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+ private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
private String mFormPath = null;
@@ -86,7 +80,7 @@ public class GetPk12 extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "finishRecovery.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -102,8 +96,8 @@ public class GetPk12 extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -111,7 +105,7 @@ public class GetPk12 extends CMSServlet {
* <ul>
* <li>http.param recoveryID ID of request to recover
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -127,14 +121,14 @@ public class GetPk12 extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "download");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "download");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -149,9 +143,10 @@ public class GetPk12 extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -169,10 +164,10 @@ public class GetPk12 extends CMSServlet {
Hashtable params = mService.getRecoveryParams(recoveryID);
if (params == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
}
// only the init DRM agent can get the pkcs12
@@ -181,29 +176,27 @@ public class GetPk12 extends CMSServlet {
agent = (String) sContext.get(SessionContext.USER_ID);
}
- if (agent == null ) {
- CMS.debug( "GetPk12::process() - agent is null!" );
- throw new EBaseException( "agent is null" );
+ if (agent == null) {
+ CMS.debug("GetPk12::process() - agent is null!");
+ throw new EBaseException("agent is null");
}
- String initAgent = (String) params.get("agent");
+ String initAgent = (String) params.get("agent");
if (!agent.equals(initAgent)) {
log(ILogger.LL_SECURITY,
-
- CMS.getLogMessage("CMSGW_INVALID_AGENT_3",
- recoveryID,
+
+ CMS.getLogMessage("CMSGW_INVALID_AGENT_3", recoveryID,
initAgent));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_AGENT",
- agent, initAgent, recoveryID));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_INVALID_AGENT", agent, initAgent, recoveryID));
}
- header.addStringValue("serialNumber",
- (String) params.get("keyID"));
+ header.addStringValue("serialNumber", (String) params.get("keyID"));
// got all approval, return pk12
- byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID);
+ byte pkcs12[] = ((IKeyRecoveryAuthority) mService)
+ .getPk12(recoveryID);
if (pkcs12 != null) {
mService.destroyRecoveryParams(recoveryID);
@@ -212,24 +205,22 @@ public class GetPk12 extends CMSServlet {
resp.getOutputStream().write(pkcs12);
mRenderResult = false;
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
- agent,
- ILogger.SUCCESS,
- recoveryID,
- "");
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+ agent, ILogger.SUCCESS, recoveryID, "");
audit(auditMessage);
return;
} catch (IOException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(OUT_ERROR, CMS.getUserMessage(
+ locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
} else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
// error in recovery process
- header.addStringValue(OUT_ERROR,
- ((IKeyRecoveryAuthority) mService).getError(recoveryID));
+ header.addStringValue(OUT_ERROR,
+ ((IKeyRecoveryAuthority) mService).getError(recoveryID));
} else {
// pk12 hasn't been created yet. Shouldn't get here
}
@@ -238,12 +229,10 @@ public class GetPk12 extends CMSServlet {
}
if ((agent != null) && (recoveryID != null)) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
- agent,
- ILogger.FAILURE,
- recoveryID,
- "");
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+ agent, ILogger.FAILURE, recoveryID, "");
audit(auditMessage);
}
@@ -254,10 +243,10 @@ public class GetPk12 extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
index a868f47c..0acfd2ff 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
@@ -40,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Approve an asynchronous key recovery request
- *
+ *
*/
public class GrantAsyncRecovery extends CMSServlet {
@@ -68,8 +67,7 @@ public class GrantAsyncRecovery extends CMSServlet {
private IKeyService mService = null;
private String mFormPath = null;
- private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
- "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
+ private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
/**
* Constructs EA servlet.
@@ -81,7 +79,7 @@ public class GrantAsyncRecovery extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* 'grantAsyncRecovery.template' to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -98,8 +96,8 @@ public class GrantAsyncRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
@@ -107,9 +105,9 @@ public class GrantAsyncRecovery extends CMSServlet {
* <ul>
* <li>http.param reqID request ID of the request to approve
* <li>http.param agentID User ID of the agent approving the request
-
+ *
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -124,14 +122,14 @@ public class GrantAsyncRecovery extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "recover");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "recover");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -146,9 +144,10 @@ public class GrantAsyncRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -159,15 +158,16 @@ public class GrantAsyncRecovery extends CMSServlet {
String agentID = authToken.getInString("uid");
CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID);
- CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID"));
+ CMS.debug("GrantAsyncRecovery: process() request id="
+ + req.getParameter("reqID"));
try {
- process(argSet, header,
- req.getParameter("reqID"),
- agentID,
- req, resp, locale[0]);
+ process(argSet, header, req.getParameter("reqID"), agentID, req,
+ resp, locale[0]);
} catch (NumberFormatException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(
+ OUT_ERROR,
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR",
+ e.toString()));
}
try {
ServletOutputStream out = resp.getOutputStream();
@@ -175,10 +175,10 @@ public class GrantAsyncRecovery extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
@@ -186,12 +186,13 @@ public class GrantAsyncRecovery extends CMSServlet {
/**
* Update agent approval list
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used
* whenever DRM agents login as recovery agents to approve key recovery
* requests
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
* @param reqID string containing the recovery request ID
@@ -200,11 +201,9 @@ public class GrantAsyncRecovery extends CMSServlet {
* @param resp HTTP servlet response
* @param locale the system locale
*/
- private void process(CMSTemplateParams argSet,
- IArgBlock header, String reqID,
- String agentID,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ String reqID, String agentID, HttpServletRequest req,
+ HttpServletResponse resp, Locale locale) {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequestID = reqID;
@@ -233,10 +232,8 @@ public class GrantAsyncRecovery extends CMSServlet {
}
try {
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
+ header.addStringValue(OUT_OP, req.getParameter(OUT_OP));
+ header.addStringValue(OUT_SERVICE_URL, req.getRequestURI());
// update approving agent list
mService.addAgentAsyncKeyRecovery(reqID, agentID);
@@ -246,11 +243,9 @@ public class GrantAsyncRecovery extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequestID,
- auditAgentID);
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
+ auditSubjectID, ILogger.SUCCESS, auditRequestID,
+ auditAgentID);
audit(auditMessage);
@@ -259,11 +254,9 @@ public class GrantAsyncRecovery extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequestID,
- auditAgentID);
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
+ auditSubjectID, ILogger.FAILURE, auditRequestID,
+ auditAgentID);
audit(auditMessage);
} catch (Exception e) {
@@ -271,14 +264,11 @@ public class GrantAsyncRecovery extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequestID,
- auditAgentID);
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
+ auditSubjectID, ILogger.FAILURE, auditRequestID,
+ auditAgentID);
audit(auditMessage);
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
index 9a7238be..51d2a02d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Hashtable;
import java.util.Locale;
@@ -42,10 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Approve a key recovery request
- *
+ *
* @version $Revision$, $Date$
*/
public class GrantRecovery extends CMSServlet {
@@ -73,8 +71,7 @@ public class GrantRecovery extends CMSServlet {
private IKeyService mService = null;
private String mFormPath = null;
- private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
- "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
+ private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN = "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
/**
* Constructs EA servlet.
@@ -86,7 +83,7 @@ public class GrantRecovery extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* 'grantRecovery.template' to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -103,19 +100,19 @@ public class GrantRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
* <ul>
* <li>http.param recoveryID ID of the request to approve
- * <li>http.param agentID User ID of the agent approving the request
- * <li>http.param agentPWD Password of the agent approving the request
-
+ * <li>http.param agentID User ID of the agent approving the request
+ * <li>http.param agentPWD Password of the agent approving the request
+ *
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -128,14 +125,14 @@ public class GrantRecovery extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "recover");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "recover");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -150,9 +147,10 @@ public class GrantRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -166,14 +164,13 @@ public class GrantRecovery extends CMSServlet {
agentID = req.getParameter("agentID");
}
try {
- process(argSet, header,
- req.getParameter("recoveryID"),
- agentID,
- req.getParameter("agentPWD"),
- req, resp, locale[0]);
+ process(argSet, header, req.getParameter("recoveryID"), agentID,
+ req.getParameter("agentPWD"), req, resp, locale[0]);
} catch (NumberFormatException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(
+ OUT_ERROR,
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR",
+ e.toString()));
}
try {
ServletOutputStream out = resp.getOutputStream();
@@ -181,24 +178,25 @@ public class GrantRecovery extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
/**
- * Recovers a key. The p12 will be protected by the password
- * provided by the administrator.
+ * Recovers a key. The p12 will be protected by the password provided by the
+ * administrator.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used
* whenever DRM agents login as recovery agents to approve key recovery
* requests
* </ul>
+ *
* @param argSet CMS template parameters
* @param header argument block
* @param recoveryID string containing the recovery ID
@@ -208,11 +206,9 @@ public class GrantRecovery extends CMSServlet {
* @param resp HTTP servlet response
* @param locale the system locale
*/
- private void process(CMSTemplateParams argSet,
- IArgBlock header, String recoveryID,
- String agentID, String agentPWD,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ String recoveryID, String agentID, String agentPWD,
+ HttpServletRequest req, HttpServletResponse resp, Locale locale) {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRecoveryID = recoveryID;
@@ -241,45 +237,35 @@ public class GrantRecovery extends CMSServlet {
}
try {
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
+ header.addStringValue(OUT_OP, req.getParameter(OUT_OP));
+ header.addStringValue(OUT_SERVICE_URL, req.getRequestURI());
Hashtable h = mService.getRecoveryParams(recoveryID);
if (h == null) {
- header.addStringValue(OUT_ERROR,
- "No such token found");
+ header.addStringValue(OUT_ERROR, "No such token found");
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
- auditSubjectID,
- ILogger.FAILURE,
- auditRecoveryID,
- auditAgentID);
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
+ auditSubjectID, ILogger.FAILURE, auditRecoveryID,
+ auditAgentID);
audit(auditMessage);
return;
}
- header.addStringValue("serialNumber",
- (String) h.get("keyID"));
+ header.addStringValue("serialNumber", (String) h.get("keyID"));
mService.addDistributedCredential(recoveryID, agentID, agentPWD);
- header.addStringValue("agentID",
- agentID);
- header.addStringValue("recoveryID",
- recoveryID);
+ header.addStringValue("agentID", agentID);
+ header.addStringValue("recoveryID", recoveryID);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRecoveryID,
- auditAgentID);
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
+ auditSubjectID, ILogger.SUCCESS, auditRecoveryID,
+ auditAgentID);
audit(auditMessage);
@@ -288,11 +274,9 @@ public class GrantRecovery extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
- auditSubjectID,
- ILogger.FAILURE,
- auditRecoveryID,
- auditAgentID);
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
+ auditSubjectID, ILogger.FAILURE, auditRecoveryID,
+ auditAgentID);
audit(auditMessage);
} catch (Exception e) {
@@ -300,14 +284,11 @@ public class GrantRecovery extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
- auditSubjectID,
- ILogger.FAILURE,
- auditRecoveryID,
- auditAgentID);
+ LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN,
+ auditSubjectID, ILogger.FAILURE, auditRecoveryID,
+ auditAgentID);
audit(auditMessage);
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
index 9ce8585f..5fa88e5e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.util.Date;
import com.netscape.certsrv.apps.CMS;
@@ -28,7 +27,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord;
/**
* Output a 'pretty print' of a Key Archival record
- *
+ *
* @version $Revision$, $Date$
*/
public class KeyRecordParser {
@@ -44,28 +43,23 @@ public class KeyRecordParser {
public final static String OUT_RECOVERED_BY = "recoveredBy";
public final static String OUT_RECOVERED_ON = "recoveredOn";
-
/**
* Fills key record into argument block.
*/
- public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg)
- throws EBaseException {
+ public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg)
+ throws EBaseException {
if (rec == null)
return;
- rarg.addStringValue(OUT_STATE,
- rec.getState().toString());
- rarg.addStringValue(OUT_OWNER_NAME,
- rec.getOwnerName());
- rarg.addIntegerValue(OUT_SERIALNO,
- rec.getSerialNumber().intValue());
- rarg.addStringValue(OUT_KEY_ALGORITHM,
- rec.getAlgorithm());
- // Possible Enhancement: sun's BASE64Encode is not
+ rarg.addStringValue(OUT_STATE, rec.getState().toString());
+ rarg.addStringValue(OUT_OWNER_NAME, rec.getOwnerName());
+ rarg.addIntegerValue(OUT_SERIALNO, rec.getSerialNumber().intValue());
+ rarg.addStringValue(OUT_KEY_ALGORITHM, rec.getAlgorithm());
+ // Possible Enhancement: sun's BASE64Encode is not
// fast. We may may to have our native implmenetation.
IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
rarg.addStringValue(OUT_PUBLIC_KEY,
- pp.toHexString(rec.getPublicKeyData(), 0, 20));
+ pp.toHexString(rec.getPublicKeyData(), 0, 20));
Integer keySize = rec.getKeySize();
if (keySize == null) {
@@ -73,17 +67,13 @@ public class KeyRecordParser {
} else {
rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue());
}
- rarg.addStringValue(OUT_ARCHIVED_BY,
- rec.getArchivedBy());
- rarg.addLongValue(OUT_ARCHIVED_ON,
- rec.getCreateTime().getTime() / 1000);
+ rarg.addStringValue(OUT_ARCHIVED_BY, rec.getArchivedBy());
+ rarg.addLongValue(OUT_ARCHIVED_ON, rec.getCreateTime().getTime() / 1000);
Date dateOfRevocation[] = rec.getDateOfRevocation();
if (dateOfRevocation != null) {
- rarg.addStringValue(OUT_RECOVERED_BY,
- "null");
- rarg.addStringValue(OUT_RECOVERED_ON,
- "null");
+ rarg.addStringValue(OUT_RECOVERED_BY, "null");
+ rarg.addStringValue(OUT_RECOVERED_ON, "null");
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
index edcd2bdf..484bebc5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Hashtable;
@@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert;
/**
* A class representing a recoverBySerial servlet.
- *
+ *
* @version $Revision$, $Date$
*/
public class RecoverBySerial extends CMSServlet {
@@ -108,22 +107,17 @@ public class RecoverBySerial extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Serves HTTP request. The format of this request is as follows:
- * recoverBySerial?
- * [serialNumber=<number>]
- * [uid#=<uid>]
- * [pwd#=<password>]
- * [localAgents=yes|null]
- * [recoveryID=recoveryID]
- * [pkcs12Password=<password of pkcs12>]
- * [pkcs12PasswordAgain=<password of pkcs12>]
- * [pkcs12Delivery=<delivery mechanism for pkcs12>]
- * [cert=<encryption certificate>]
+ * recoverBySerial? [serialNumber=<number>] [uid#=<uid>] [pwd#=<password>]
+ * [localAgents=yes|null] [recoveryID=recoveryID] [pkcs12Password=<password
+ * of pkcs12>] [pkcs12PasswordAgain=<password of pkcs12>]
+ * [pkcs12Delivery=<delivery mechanism for pkcs12>] [cert=<encryption
+ * certificate>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -134,14 +128,14 @@ public class RecoverBySerial extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "recover");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "recover");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -156,9 +150,10 @@ public class RecoverBySerial extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -189,54 +184,53 @@ public class RecoverBySerial extends CMSServlet {
ctx = SessionContext.getContext();
/*
- When Recovery is first initiated, if it is in asynch mode,
- no pkcs#12 password is needed.
- The initiating agent uid will be recorded in the recovery
- request.
- Later, as approving agents submit their approvals, they will
- also be listed in the request.
+ * When Recovery is first initiated, if it is in asynch mode, no
+ * pkcs#12 password is needed. The initiating agent uid will be
+ * recorded in the recovery request. Later, as approving agents
+ * submit their approvals, they will also be listed in the request.
*/
- if ((initAsyncRecovery != null) &&
- initAsyncRecovery.equalsIgnoreCase("ON")) {
- process(form, argSet, header,
- req.getParameter(IN_SERIALNO),
- req.getParameter(IN_CERT),
- req, resp, locale[0]);
-
- int requiredNumber = mService.getNoOfRequiredAgents();
- header.addIntegerValue("noOfRequiredAgents", requiredNumber);
+ if ((initAsyncRecovery != null)
+ && initAsyncRecovery.equalsIgnoreCase("ON")) {
+ process(form, argSet, header, req.getParameter(IN_SERIALNO),
+ req.getParameter(IN_CERT), req, resp, locale[0]);
+
+ int requiredNumber = mService.getNoOfRequiredAgents();
+ header.addIntegerValue("noOfRequiredAgents", requiredNumber);
} else {
String recoveryID = req.getParameter("recoveryID");
if (recoveryID != null && !recoveryID.equals("")) {
- ctx.put(SessionContext.RECOVERY_ID,
- req.getParameter("recoveryID"));
+ ctx.put(SessionContext.RECOVERY_ID,
+ req.getParameter("recoveryID"));
+ }
+ byte pkcs12[] = process(form, argSet, header,
+ req.getParameter(IN_SERIALNO),
+ req.getParameter("localAgents"),
+ req.getParameter(IN_PASSWORD),
+ req.getParameter(IN_PASSWORD_AGAIN),
+ req.getParameter(IN_CERT),
+ req.getParameter(IN_DELIVERY),
+ req.getParameter(IN_NICKNAME), req, resp, locale[0]);
+
+ if (pkcs12 != null) {
+ // resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentType("application/x-pkcs12");
+ // resp.setContentLength(pkcs12.length);
+ resp.getOutputStream().write(pkcs12);
+ mRenderResult = false;
+ return;
}
- byte pkcs12[] = process(form, argSet, header,
- req.getParameter(IN_SERIALNO),
- req.getParameter("localAgents"),
- req.getParameter(IN_PASSWORD),
- req.getParameter(IN_PASSWORD_AGAIN),
- req.getParameter(IN_CERT),
- req.getParameter(IN_DELIVERY),
- req.getParameter(IN_NICKNAME),
- req, resp, locale[0]);
-
- if (pkcs12 != null) {
- //resp.setStatus(HttpServletResponse.SC_OK);
- resp.setContentType("application/x-pkcs12");
- //resp.setContentLength(pkcs12.length);
- resp.getOutputStream().write(pkcs12);
- mRenderResult = false;
- return;
- }
}
} catch (NumberFormatException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(
+ OUT_ERROR,
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR",
+ e.toString()));
} catch (IOException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(
+ OUT_ERROR,
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR",
+ e.toString()));
} finally {
SessionContext.releaseContext();
}
@@ -248,10 +242,10 @@ public class RecoverBySerial extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -260,10 +254,9 @@ public class RecoverBySerial extends CMSServlet {
/**
* Async Key Recovery - request initiation
*/
- private void process(CMSTemplate form, CMSTemplateParams argSet,
- IArgBlock header, String seq, String cert,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ private void process(CMSTemplate form, CMSTemplateParams argSet,
+ IArgBlock header, String seq, String cert, HttpServletRequest req,
+ HttpServletResponse resp, Locale locale) {
// seq is the key id
if (seq == null) {
@@ -290,38 +283,35 @@ public class RecoverBySerial extends CMSServlet {
SessionContext sContext = SessionContext.getContext();
try {
- String reqID = mService.initAsyncKeyRecovery(
- new BigInteger(seq), x509cert,
- (String) sContext.get(SessionContext.USER_ID));
+ String reqID = mService.initAsyncKeyRecovery(new BigInteger(seq),
+ x509cert, (String) sContext.get(SessionContext.USER_ID));
header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO));
header.addStringValue("requestID", reqID);
} catch (EBaseException e) {
- String error =
- "Failed to recover key for key id " +
- seq + ".\nException: " + e.toString();
+ String error = "Failed to recover key for key id " + seq
+ + ".\nException: " + e.toString();
- CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, error);
+ CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA,
+ ILogger.LL_FAILURE, error);
try {
((IKeyRecoveryAuthority) mService).createError(seq, error);
} catch (EBaseException eb) {
- CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+ CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA,
+ ILogger.LL_FAILURE, eb.toString());
}
}
return;
}
/**
- * Recovers a key. The p12 will be protected by the password
- * provided by the administrator.
+ * Recovers a key. The p12 will be protected by the password provided by the
+ * administrator.
*/
private byte[] process(CMSTemplate form, CMSTemplateParams argSet,
- IArgBlock header, String seq, String localAgents,
- String password, String passwordAgain,
- String cert, String delivery, String nickname,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale) {
+ IArgBlock header, String seq, String localAgents, String password,
+ String passwordAgain, String cert, String delivery,
+ String nickname, HttpServletRequest req, HttpServletResponse resp,
+ Locale locale) {
if (seq == null) {
header.addStringValue(OUT_ERROR, "sequence number not found");
return null;
@@ -360,65 +350,64 @@ public class RecoverBySerial extends CMSServlet {
if (sContext != null) {
agent = (String) sContext.get(SessionContext.USER_ID);
}
- if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
- if (localAgents == null) {
- String recoveryID = req.getParameter("recoveryID");
+ if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
+ if (localAgents == null) {
+ String recoveryID = req.getParameter("recoveryID");
- if (recoveryID == null || recoveryID.equals("")) {
- header.addStringValue(OUT_ERROR, "No recovery ID specified");
- return null;
- }
- Hashtable params = mService.createRecoveryParams(recoveryID);
+ if (recoveryID == null || recoveryID.equals("")) {
+ header.addStringValue(OUT_ERROR,
+ "No recovery ID specified");
+ return null;
+ }
+ Hashtable params = mService
+ .createRecoveryParams(recoveryID);
- params.put("keyID", req.getParameter(IN_SERIALNO));
+ params.put("keyID", req.getParameter(IN_SERIALNO));
- header.addStringValue("recoveryID", recoveryID);
+ header.addStringValue("recoveryID", recoveryID);
- params.put("agent", agent);
+ params.put("agent", agent);
- // new thread to wait for pk12
- Thread waitThread = new WaitApprovalThread(recoveryID,
- seq, password, x509cert, delivery, nickname,
- SessionContext.getContext());
-
- waitThread.start();
- return null;
- } else {
- Vector v = new Vector();
-
- for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
- String uid = req.getParameter(IN_UID + i);
- String pwd = req.getParameter(IN_PWD + i);
+ // new thread to wait for pk12
+ Thread waitThread = new WaitApprovalThread(recoveryID, seq,
+ password, x509cert, delivery, nickname,
+ SessionContext.getContext());
- if (uid != null && pwd != null && !uid.equals("") &&
- !pwd.equals("")) {
- v.addElement(new Credential(uid, pwd));
- } else {
- header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
+ waitThread.start();
+ return null;
+ } else {
+ Vector v = new Vector();
+
+ for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
+ String uid = req.getParameter(IN_UID + i);
+ String pwd = req.getParameter(IN_PWD + i);
+
+ if (uid != null && pwd != null && !uid.equals("")
+ && !pwd.equals("")) {
+ v.addElement(new Credential(uid, pwd));
+ } else {
+ header.addStringValue(OUT_ERROR,
+ "Uid(s) or password(s) are not provided");
+ return null;
+ }
+ }
+ if (v.size() != mService.getNoOfRequiredAgents()) {
+ header.addStringValue(OUT_ERROR,
+ "Uid(s) or password(s) are not provided");
return null;
}
+ creds = new Credential[v.size()];
+ v.copyInto(creds);
}
- if (v.size() != mService.getNoOfRequiredAgents()) {
- header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
- return null;
- }
- creds = new Credential[v.size()];
- v.copyInto(creds);
- }
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addIntegerValue(OUT_SERIALNO,
- Integer.parseInt(seq));
- header.addStringValue(OUT_SERVICE_URL,
- req.getRequestURI());
- byte pkcs12[] = mService.doKeyRecovery(
- new BigInteger(seq),
- creds, password, x509cert,
- delivery, nickname, agent);
-
- return pkcs12;
- } else {
+ header.addStringValue(OUT_OP, req.getParameter(OUT_OP));
+ header.addIntegerValue(OUT_SERIALNO, Integer.parseInt(seq));
+ header.addStringValue(OUT_SERVICE_URL, req.getRequestURI());
+ byte pkcs12[] = mService.doKeyRecovery(new BigInteger(seq),
+ creds, password, x509cert, delivery, nickname, agent);
+
+ return pkcs12;
+ } else {
String recoveryID = req.getParameter("recoveryID");
if (recoveryID == null || recoveryID.equals("")) {
@@ -434,13 +423,13 @@ public class RecoverBySerial extends CMSServlet {
params.put("agent", agent);
// new thread to wait for pk12
- Thread waitThread = new WaitApprovalThread(recoveryID,
- seq, password, x509cert, delivery, nickname,
+ Thread waitThread = new WaitApprovalThread(recoveryID, seq,
+ password, x509cert, delivery, nickname,
SessionContext.getContext());
waitThread.start();
return null;
- }
+ }
} catch (EBaseException e) {
header.addStringValue(OUT_ERROR, e.toString(locale));
} catch (Exception e) {
@@ -450,8 +439,8 @@ public class RecoverBySerial extends CMSServlet {
}
/**
- * Wait approval thread. Wait for recovery agents' approval
- * exit when required number of approval received
+ * Wait approval thread. Wait for recovery agents' approval exit when
+ * required number of approval received
*/
final class WaitApprovalThread extends Thread {
String theRecoveryID = null;
@@ -462,24 +451,24 @@ public class RecoverBySerial extends CMSServlet {
String theNickname = null;
SessionContext theSc = null;
- /**
+ /**
* Wait approval thread constructor including thread name
*/
public WaitApprovalThread(String recoveryID, String seq,
- String password, X509CertImpl cert,
- String delivery, String nickname, SessionContext sc) {
+ String password, X509CertImpl cert, String delivery,
+ String nickname, SessionContext sc) {
super();
- super.setName("waitApproval." + recoveryID + "-" +
- (Thread.activeCount() + 1));
+ super.setName("waitApproval." + recoveryID + "-"
+ + (Thread.activeCount() + 1));
theRecoveryID = recoveryID;
theSeq = seq;
thePassword = password;
theCert = cert;
theDelivery = delivery;
theNickname = nickname;
- theSc = sc;
+ theSc = sc;
}
-
+
public void run() {
SessionContext.setContext(theSc);
Credential creds[] = null;
@@ -487,17 +476,17 @@ public class RecoverBySerial extends CMSServlet {
try {
creds = mService.getDistributedCredentials(theRecoveryID);
} catch (EBaseException e) {
- String error =
- "Failed to get required approvals for recovery id " +
- theRecoveryID + ".\nException: " + e.toString();
+ String error = "Failed to get required approvals for recovery id "
+ + theRecoveryID + ".\nException: " + e.toString();
- CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, error);
+ CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA,
+ ILogger.LL_FAILURE, error);
try {
- ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
+ ((IKeyRecoveryAuthority) mService).createError(
+ theRecoveryID, error);
} catch (EBaseException eb) {
- CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+ CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA,
+ ILogger.LL_FAILURE, eb.toString());
}
return;
}
@@ -505,25 +494,24 @@ public class RecoverBySerial extends CMSServlet {
SessionContext sContext = SessionContext.getContext();
try {
- byte pkcs12[] = mService.doKeyRecovery(
- new BigInteger(theSeq),
- creds, thePassword, theCert,
- theDelivery, theNickname,
+ byte pkcs12[] = mService.doKeyRecovery(new BigInteger(theSeq),
+ creds, thePassword, theCert, theDelivery, theNickname,
(String) sContext.get(SessionContext.USER_ID));
- ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12);
+ ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID,
+ pkcs12);
} catch (EBaseException e) {
- String error =
- "Failed to recover key for recovery id " +
- theRecoveryID + ".\nException: " + e.toString();
+ String error = "Failed to recover key for recovery id "
+ + theRecoveryID + ".\nException: " + e.toString();
- CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, error);
+ CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA,
+ ILogger.LL_FAILURE, error);
try {
- ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
+ ((IKeyRecoveryAuthority) mService).createError(
+ theRecoveryID, error);
} catch (EBaseException eb) {
- CMS.getLogger().log(ILogger.EV_SYSTEM,
- ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+ CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_KRA,
+ ILogger.LL_FAILURE, eb.toString());
}
}
return;
@@ -531,4 +519,3 @@ public class RecoverBySerial extends CMSServlet {
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
index c0fdd02e..923ef031 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -48,7 +47,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
/**
* Retrieve archived keys matching search criteria
- *
+ *
* @version $Revision$, $Date$
*/
public class SrchKey extends CMSServlet {
@@ -74,7 +73,7 @@ public class SrchKey extends CMSServlet {
private final static String OUT_ERROR = "errorDetails";
private final static String OUT_ARCHIVER = "archiverName";
private final static String OUT_SERVICE_URL = "serviceURL";
- private final static String OUT_TOTAL_COUNT = "totalRecordCount";
+ private final static String OUT_TOTAL_COUNT = "totalRecordCount";
private final static String OUT_TEMPLATE = "templateName";
private IKeyRepository mKeyDB = null;
@@ -93,20 +92,20 @@ public class SrchKey extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "srchKey.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
- /* maxReturns doesn't seem to do anything useful in this
- servlet!!! */
+ /*
+ * maxReturns doesn't seem to do anything useful in this servlet!!!
+ */
try {
- String tmp =
- sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
+ String tmp = sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
- if (tmp == null)
+ if (tmp == null)
mMaxReturns = 100;
else
mMaxReturns = Integer.parseInt(tmp);
@@ -132,20 +131,20 @@ public class SrchKey extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
* <ul>
- * <li>http.param maxCount maximum number of matches to show in result
- * <li>http.param maxResults maximum number of matches to run in ldapsearch
- * <li>http.param queryFilter ldap-style filter to search with
+ * <li>http.param maxCount maximum number of matches to show in result
+ * <li>http.param maxResults maximum number of matches to run in ldapsearch
+ * <li>http.param queryFilter ldap-style filter to search with
* <li>http.param querySentinel ID of first request to show
- * <li>http.param timeLimit number of seconds to limit ldap search to
+ * <li>http.param timeLimit number of seconds to limit ldap search to
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -158,14 +157,14 @@ public class SrchKey extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "list");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -180,9 +179,10 @@ public class SrchKey extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
// process query if authentication is successful
@@ -197,12 +197,10 @@ public class SrchKey extends CMSServlet {
try {
if (req.getParameter(IN_MAXCOUNT) != null) {
- maxCount = Integer.parseInt(
- req.getParameter(IN_MAXCOUNT));
+ maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
}
if (req.getParameter(IN_SENTINEL) != null) {
- sentinel = Integer.parseInt(
- req.getParameter(IN_SENTINEL));
+ sentinel = Integer.parseInt(req.getParameter(IN_SENTINEL));
}
String maxResultsStr = req.getParameter("maxResults");
@@ -212,12 +210,13 @@ public class SrchKey extends CMSServlet {
if (timeLimitStr != null && timeLimitStr.length() > 0)
timeLimit = Integer.parseInt(timeLimitStr);
- process(argSet, header, ctx, maxCount, maxResults,
- timeLimit, sentinel,
- req.getParameter(IN_FILTER), req, resp, locale[0]);
+ process(argSet, header, ctx, maxCount, maxResults, timeLimit,
+ sentinel, req.getParameter(IN_FILTER), req, resp, locale[0]);
} catch (NumberFormatException e) {
- header.addStringValue(OUT_ERROR,
- CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ header.addStringValue(
+ OUT_ERROR,
+ CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR",
+ e.toString()));
}
try {
@@ -226,10 +225,10 @@ public class SrchKey extends CMSServlet {
resp.setContentType("text/html");
form.renderOutput(out, argSet);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
cmsReq.setStatus(CMSRequest.SUCCESS);
}
@@ -237,54 +236,47 @@ public class SrchKey extends CMSServlet {
/**
* Process the key search.
*/
- private void process(CMSTemplateParams argSet,
- IArgBlock header, IArgBlock ctx,
- int maxCount, int maxResults, int timeLimit, int sentinel, String filter,
- HttpServletRequest req, HttpServletResponse resp, Locale locale) {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ IArgBlock ctx, int maxCount, int maxResults, int timeLimit,
+ int sentinel, String filter, HttpServletRequest req,
+ HttpServletResponse resp, Locale locale) {
try {
// Fill header
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addStringValue(OUT_ARCHIVER,
- mAuthName.toString());
+ header.addStringValue(OUT_OP, req.getParameter(OUT_OP));
+ header.addStringValue(OUT_ARCHIVER, mAuthName.toString());
// STRANGE: IE does not like the following:
- // header.addStringValue(OUT_SERVICE_URL,
- // req.getRequestURI());
+ // header.addStringValue(OUT_SERVICE_URL,
+ // req.getRequestURI());
// XXX
- header.addStringValue(OUT_SERVICE_URL,
- "/kra?");
- header.addStringValue(OUT_TEMPLATE,
- TPL_FILE);
- header.addStringValue(OUT_FILTER,
- filter);
+ header.addStringValue(OUT_SERVICE_URL, "/kra?");
+ header.addStringValue(OUT_TEMPLATE, TPL_FILE);
+ header.addStringValue(OUT_FILTER, filter);
if (timeLimit == -1 || timeLimit > mTimeLimits) {
- CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
+ CMS.debug("Resetting timelimit from " + timeLimit + " to "
+ + mTimeLimits);
timeLimit = mTimeLimits;
}
CMS.debug("Start searching ... timelimit=" + timeLimit);
- Enumeration e = mKeyDB.searchKeys(filter,
- maxResults, timeLimit);
+ Enumeration e = mKeyDB.searchKeys(filter, maxResults, timeLimit);
int count = 0;
if (e == null) {
- header.addStringValue(OUT_SENTINEL,
- null);
+ header.addStringValue(OUT_SENTINEL, null);
} else {
while (e.hasMoreElements()) {
- IKeyRecord rec = (IKeyRecord)
- e.nextElement();
+ IKeyRecord rec = (IKeyRecord) e.nextElement();
// rec is null when we specify maxResults
// DS will return an err=4, which triggers
// a LDAPException.SIZE_LIMIT_ExCEEDED
// in DSSearchResults.java
if (rec != null) {
- IArgBlock rarg = CMS.createArgBlock();
+ IArgBlock rarg = CMS.createArgBlock();
- KeyRecordParser.fillRecordIntoArg(rec, rarg);
- argSet.addRepeatRecord(rarg);
- count++;
+ KeyRecordParser.fillRecordIntoArg(rec, rarg);
+ argSet.addRepeatRecord(rarg);
+ count++;
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
index 56a1817e..c8ccfadf 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.key;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -48,8 +47,8 @@ import com.netscape.cms.servlet.common.ECMSGWException;
/**
* Retrieve archived keys matching given public key material
- *
- *
+ *
+ *
* @version $Revision$, $Date$
*/
public class SrchKeyForRecovery extends CMSServlet {
@@ -75,7 +74,7 @@ public class SrchKeyForRecovery extends CMSServlet {
private final static String OUT_ERROR = "errorDetails";
private final static String OUT_ARCHIVER = "archiverName";
private final static String OUT_SERVICE_URL = "serviceURL";
- private final static String OUT_TOTAL_COUNT = "totalRecordCount";
+ private final static String OUT_TOTAL_COUNT = "totalRecordCount";
private final static String OUT_TEMPLATE = "templateName";
private IKeyRepository mKeyDB = null;
@@ -94,7 +93,7 @@ public class SrchKeyForRecovery extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "srchKeyForRecovery.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -102,10 +101,9 @@ public class SrchKeyForRecovery extends CMSServlet {
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
try {
- String tmp =
- sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
+ String tmp = sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
- if (tmp == null)
+ if (tmp == null)
mMaxReturns = 100;
else
mMaxReturns = Integer.parseInt(tmp);
@@ -131,20 +129,20 @@ public class SrchKeyForRecovery extends CMSServlet {
/**
* Returns serlvet information.
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
/**
* Process the HTTP request.
* <ul>
- * <li>http.param maxCount maximum number of matches to show in result
- * <li>http.param maxResults maximum number of matches to run in ldapsearch
+ * <li>http.param maxCount maximum number of matches to show in result
+ * <li>http.param maxResults maximum number of matches to run in ldapsearch
* <li>http.param publicKeyData public key data to search on
* <li>http.param querySentinel ID of first request to show
- * <li>http.param timeLimit number of seconds to limit ldap search to
+ * <li>http.param timeLimit number of seconds to limit ldap search to
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
@@ -157,14 +155,14 @@ public class SrchKeyForRecovery extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "list");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -179,11 +177,12 @@ public class SrchKeyForRecovery extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
-
+
// process query if authentication is successful
IArgBlock header = CMS.createArgBlock();
IArgBlock ctx = CMS.createArgBlock();
@@ -197,12 +196,10 @@ public class SrchKeyForRecovery extends CMSServlet {
try {
if (req.getParameter(IN_MAXCOUNT) != null) {
- maxCount = Integer.parseInt(
- req.getParameter(IN_MAXCOUNT));
+ maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
}
if (req.getParameter(IN_SENTINEL) != null) {
- sentinel = Integer.parseInt(
- req.getParameter(IN_SENTINEL));
+ sentinel = Integer.parseInt(req.getParameter(IN_SENTINEL));
}
String maxResultsStr = req.getParameter("maxResults");
@@ -212,76 +209,71 @@ public class SrchKeyForRecovery extends CMSServlet {
if (timeLimitStr != null && timeLimitStr.length() > 0)
timeLimit = Integer.parseInt(timeLimitStr);
- process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel,
- req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]);
+ process(argSet, header, ctx, maxCount, maxResults, timeLimit,
+ sentinel, req.getParameter("publicKeyData"),
+ req.getParameter(IN_FILTER), req, resp, locale[0]);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT"));
}
/*
- catch (Exception e) {
- error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e);
- }
+ * catch (Exception e) { error = new
+ * EBaseException(BaseResources.INTERNAL_ERROR_1, e); }
*/
try {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- ServletOutputStream out = resp.getOutputStream();
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ ServletOutputStream out = resp.getOutputStream();
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
/**
* Process the key search.
*/
- private void process(CMSTemplateParams argSet,
- IArgBlock header, IArgBlock ctx,
- int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData,
- String filter,
- HttpServletRequest req, HttpServletResponse resp, Locale locale)
- throws EBaseException {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ IArgBlock ctx, int maxCount, int maxResults, int timeLimit,
+ int sentinel, String publicKeyData, String filter,
+ HttpServletRequest req, HttpServletResponse resp, Locale locale)
+ throws EBaseException {
try {
// Fill header
- header.addStringValue(OUT_OP,
- req.getParameter(OUT_OP));
- header.addStringValue(OUT_ARCHIVER,
- mAuthName.toString());
+ header.addStringValue(OUT_OP, req.getParameter(OUT_OP));
+ header.addStringValue(OUT_ARCHIVER, mAuthName.toString());
// STRANGE: IE does not like the following:
- // header.addStringValue(OUT_SERVICE_URL,
- // req.getRequestURI());
+ // header.addStringValue(OUT_SERVICE_URL,
+ // req.getRequestURI());
// XXX
- header.addStringValue(OUT_SERVICE_URL,
- "/kra?");
- header.addStringValue(OUT_TEMPLATE,
- TPL_FILE);
- header.addStringValue(OUT_FILTER,
- filter);
+ header.addStringValue(OUT_SERVICE_URL, "/kra?");
+ header.addStringValue(OUT_TEMPLATE, TPL_FILE);
+ header.addStringValue(OUT_FILTER, filter);
if (publicKeyData != null) {
- header.addStringValue("publicKeyData",
- publicKeyData);
+ header.addStringValue("publicKeyData", publicKeyData);
}
if (timeLimit == -1 || timeLimit > mTimeLimits) {
- CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
+ CMS.debug("Resetting timelimit from " + timeLimit + " to "
+ + mTimeLimits);
timeLimit = mTimeLimits;
}
CMS.debug("Start searching ... timelimit=" + timeLimit);
@@ -289,22 +281,20 @@ public class SrchKeyForRecovery extends CMSServlet {
int count = 0;
if (e == null) {
- header.addStringValue(OUT_SENTINEL,
- null);
+ header.addStringValue(OUT_SENTINEL, null);
} else {
while (e.hasMoreElements()) {
- IKeyRecord rec = (IKeyRecord)
- e.nextElement();
+ IKeyRecord rec = (IKeyRecord) e.nextElement();
// rec is null when we specify maxResults
// DS will return an err=4, which triggers
- // a LDAPException.SIZE_LIMIT_ExCEEDED
+ // a LDAPException.SIZE_LIMIT_ExCEEDED
// in DSSearchResults.java
if (rec != null) {
- IArgBlock rarg = CMS.createArgBlock();
+ IArgBlock rarg = CMS.createArgBlock();
- KeyRecordParser.fillRecordIntoArg(rec, rarg);
- argSet.addRepeatRecord(rarg);
- count++;
+ KeyRecordParser.fillRecordIntoArg(rec, rarg);
+ argSet.addRepeatRecord(rarg);
+ count++;
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
index c365d0f8..f228b2da 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
@@ -46,22 +45,19 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cmsutil.util.Cert;
-
/**
* Configure the CA to respond to OCSP requests for a CA
- *
+ *
* @version $Revision$ $Date$
*/
public class AddCAServlet extends CMSServlet {
-
+
/**
*
*/
private static final long serialVersionUID = 1065151608542115340L;
- public static final String BEGIN_HEADER =
- "-----BEGIN CERTIFICATE-----";
- public static final String END_HEADER =
- "-----END CERTIFICATE-----";
+ public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----";
+ public static final String END_HEADER = "-----END CERTIFICATE-----";
public static final BigInteger BIG_ZERO = new BigInteger("0");
public static final Long MINUS_ONE = Long.valueOf(-1);
@@ -70,10 +66,8 @@ public class AddCAServlet extends CMSServlet {
private String mFormPath = null;
private IOCSPAuthority mOCSPAuthority = null;
- private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST =
- "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
- private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
+ private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST = "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
+ private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
public AddCAServlet() {
super();
@@ -82,7 +76,7 @@ public class AddCAServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "addCA.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -100,19 +94,18 @@ public class AddCAServlet extends CMSServlet {
/**
* Process the HTTP request.
* <ul>
- * <li>http.param cert ca certificate. The format is base-64, DER
- * encoded, wrapped with -----BEGIN CERTIFICATE-----,
- * -----END CERTIFICATE----- strings
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when
- * a CA is attempted to be added to the OCSP responder
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED
- * used when an add CA request to the OCSP Responder is processed
+ * <li>http.param cert ca certificate. The format is base-64, DER encoded,
+ * wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE-----
+ * strings
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA
+ * is attempted to be added to the OCSP responder
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used
+ * when an add CA request to the OCSP Responder is processed
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
String auditMessage = null;
@@ -125,8 +118,8 @@ public class AddCAServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "add");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "add");
} catch (Exception e) {
// do nothing for now
}
@@ -143,20 +136,21 @@ public class AddCAServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
- if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
- auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+ if (auditSubjectID.equals(ILogger.NONROLEUSER)
+ || auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
String uid = authToken.getInString(IAuthToken.USER_ID);
if (uid != null) {
- CMS.debug("AddCAServlet: auditSubjectID set to "+uid);
+ CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
auditSubjectID = uid;
}
}
@@ -164,47 +158,42 @@ public class AddCAServlet extends CMSServlet {
if (b64 == null) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, auditSubjectID,
+ ILogger.FAILURE, ILogger.SIGNED_AUDIT_EMPTY_VALUE);
- audit( auditMessage );
+ audit(auditMessage);
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT"));
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
+ "CMS_GW_MISSING_CA_CERT"));
}
auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim()));
// record the fact that a request to add CA is made
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditCA);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST, auditSubjectID,
+ ILogger.SUCCESS, auditCA);
- audit( auditMessage );
+ audit(auditMessage);
if (b64.indexOf(BEGIN_HEADER) == -1) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER"));
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
+ "CMS_GW_MISSING_CERT_HEADER"));
}
if (b64.indexOf(END_HEADER) == -1) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER"));
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
+ "CMS_GW_MISSING_CERT_FOOTER"));
}
IDefStore defStore = mOCSPAuthority.getDefaultStore();
@@ -215,17 +204,15 @@ public class AddCAServlet extends CMSServlet {
try {
X509Certificate cert = Cert.mapCert(b64);
- if( cert == null ) {
- CMS.debug( "AddCAServlet::process() - cert is null!" );
+ if (cert == null) {
+ CMS.debug("AddCAServlet::process() - cert is null!");
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
- throw new EBaseException( "cert is null" );
+ throw new EBaseException("cert is null");
} else {
certs = new X509Certificate[1];
}
@@ -239,7 +226,8 @@ public class AddCAServlet extends CMSServlet {
try {
// this could be a chain
certs = Cert.mapCertFromPKCS7(b64);
- if (certs[0].getSubjectDN().getName().equals(certs[0].getIssuerDN().getName())) {
+ if (certs[0].getSubjectDN().getName()
+ .equals(certs[0].getIssuerDN().getName())) {
leafCert = certs[certs.length - 1];
} else {
leafCert = certs[0];
@@ -247,15 +235,13 @@ public class AddCAServlet extends CMSServlet {
auditCASubjectDN = leafCert.getSubjectDN().getName();
} catch (Exception e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+ CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
}
}
if (certs != null && certs.length > 0) {
@@ -264,32 +250,29 @@ public class AddCAServlet extends CMSServlet {
// (2) store certificate (and certificate chain) into
// database
ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
- leafCert.getSubjectDN().getName(),
- BIG_ZERO,
- MINUS_ONE, null, null);
+ leafCert.getSubjectDN().getName(), BIG_ZERO, MINUS_ONE,
+ null, null);
try {
- rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
+ rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT,
+ leafCert.getEncoded());
} catch (Exception e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
// error
}
defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
- log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName());
+ log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate "
+ + leafCert.getSubjectDN().getName());
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditCASubjectDN);
+ LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS, auditCASubjectDN);
- audit( auditMessage );
+ audit(auditMessage);
}
try {
@@ -297,18 +280,18 @@ public class AddCAServlet extends CMSServlet {
String error = null;
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
index 029d396b..0f8ad1b4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CRLException;
@@ -55,10 +54,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cmsutil.util.Cert;
-
/**
* Update the OCSP responder with a new CRL
- *
+ *
* @version $Revision$ $Date$
*/
public class AddCRLServlet extends CMSServlet {
@@ -67,19 +65,15 @@ public class AddCRLServlet extends CMSServlet {
*
*/
private static final long serialVersionUID = 1476080474638590902L;
- public static final String BEGIN_HEADER =
- "-----BEGIN CERTIFICATE REVOCATION LIST-----";
- public static final String END_HEADER =
- "-----END CERTIFICATE REVOCATION LIST-----";
+ public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE REVOCATION LIST-----";
+ public static final String END_HEADER = "-----END CERTIFICATE REVOCATION LIST-----";
private final static String TPL_FILE = "addCRL.template";
private String mFormPath = null;
private IOCSPAuthority mOCSPAuthority = null;
- private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL =
- "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3";
- private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION =
- "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2";
+ private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL = "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3";
+ private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION = "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2";
public AddCRLServlet() {
super();
@@ -88,7 +82,7 @@ public class AddCRLServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "addCRL.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -105,31 +99,32 @@ public class AddCRLServlet extends CMSServlet {
/**
* Process the HTTP request.
* <P>
- *
+ *
* <ul>
* <li>http.param crl certificate revocation list, base-64, DER encoded
- * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----,
- * -----END CERTIFICATE REVOCATION LIST----- strings
+ * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END
+ * CERTIFICATE REVOCATION LIST----- strings
* <li>http.param noui if true, use minimal hardcoded text response
* <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are
* retrieved by the OCSP Responder ("agent" or "EE")
* <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is
* retrieved and validation process occurs ("agent" or "EE")
* </ul>
+ *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
protected synchronized void process(CMSRequest cmsReq)
- throws EBaseException {
+ throws EBaseException {
boolean CRLFetched = false;
boolean CRLValidated = false;
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("add_crl", true /* main action */);
+ statsSub.startTiming("add_crl", true /* main action */);
}
try {
@@ -142,7 +137,7 @@ public class AddCRLServlet extends CMSServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "add");
+ mAuthzResourceName, "add");
} catch (Exception e) {
// do nothing for now
}
@@ -152,42 +147,39 @@ public class AddCRLServlet extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID,
+ ILogger.FAILURE, auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
return;
}
- if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
- auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+ if (auditSubjectID.equals(ILogger.NONROLEUSER)
+ || auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
if (authToken != null) {
String uid = authToken.getInString(IAuthToken.USER_ID);
if (uid != null) {
- CMS.debug("AddCAServlet: auditSubjectID set to "+uid);
+ CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
auditSubjectID = uid;
}
- }
+ }
}
log(ILogger.LL_INFO, "AddCRLServlet");
String b64 = cmsReq.getHttpReq().getParameter("crl");
- if (CMS.debugOn()) CMS.debug("AddCRLServlet: b64=" + b64);
+ if (CMS.debugOn())
+ CMS.debug("AddCRLServlet: b64=" + b64);
if (b64 == null) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID,
+ ILogger.FAILURE, auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_CRL"));
+ CMS.getUserMessage("CMS_GW_MISSING_CRL"));
}
String nouiParm = cmsReq.getHttpReq().getParameter("noui");
@@ -208,21 +200,18 @@ public class AddCRLServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
- e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID,
+ ILogger.FAILURE, auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -231,35 +220,31 @@ public class AddCRLServlet extends CMSServlet {
if (b64.indexOf(BEGIN_HEADER) == -1) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER"));
+ CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID,
+ ILogger.FAILURE, auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
- "CMS_GW_MISSING_CRL_HEADER"));
+ "CMS_GW_MISSING_CRL_HEADER"));
}
if (b64.indexOf(END_HEADER) == -1) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER"));
+ CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID,
+ ILogger.FAILURE, auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
- "CMS_GW_MISSING_CRL_FOOTER"));
+ "CMS_GW_MISSING_CRL_FOOTER"));
}
IDefStore defStore = mOCSPAuthority.getDefaultStore();
@@ -270,30 +255,28 @@ public class AddCRLServlet extends CMSServlet {
long startTime = CMS.getCurrentDate().getTime();
CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime);
if (statsSub != null) {
- statsSub.startTiming("decode_crl");
+ statsSub.startTiming("decode_crl");
}
- crl = mapCRL1( b64 );
+ crl = mapCRL1(b64);
if (statsSub != null) {
- statsSub.endTiming("decode_crl");
+ statsSub.endTiming("decode_crl");
}
long endTime = CMS.getCurrentDate().getTime();
- CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime +
- " diff=" + (endTime - startTime));
+ CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime
+ + " diff=" + (endTime - startTime));
// Retrieve the actual CRL number
BigInteger crlNum = crl.getCRLNumber();
- if( crlNum != null ) {
+ if (crlNum != null) {
auditCRLNum = crlNum.toString();
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.SUCCESS,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID,
+ ILogger.SUCCESS, auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
// acknowledge that the CRL has been retrieved
CRLFetched = true;
@@ -302,121 +285,117 @@ public class AddCRLServlet extends CMSServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID,
+ ILogger.FAILURE, auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+ CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
}
- log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " +
- crl.getIssuerDN().getName());
+ log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN "
+ + crl.getIssuerDN().getName());
ICRLIssuingPointRecord pt = null;
try {
- pt = defStore.readCRLIssuingPoint(
- crl.getIssuerDN().getName());
+ pt = defStore.readCRLIssuingPoint(crl.getIssuerDN().getName());
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
- crl.getIssuerDN().getName()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crl.getIssuerDN()
+ .getName()));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_CRL_VALIDATION, auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+ CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
}
- log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " +
- pt.getThisUpdate());
+ log(ILogger.LL_INFO,
+ "AddCRLServlet: IssuingPoint " + pt.getThisUpdate());
// verify CRL
byte caCertData[] = pt.getCACert();
if (caCertData != null) {
- try {
- X509CertImpl caCert = new X509CertImpl(caCertData);
- CMS.debug("AddCRLServlet: start verify");
-
- CryptoManager cmanager = CryptoManager.getInstance();
- org.mozilla.jss.crypto.X509Certificate jssCert = null;
try {
- jssCert = cmanager.importCACertPackage(
- caCert.getEncoded());
- } catch (Exception e2) {
- CMS.debug("AddCRLServlet: importCACertPackage " +
- e2.toString());
- throw new EBaseException( e2.toString() );
- }
+ X509CertImpl caCert = new X509CertImpl(caCertData);
+ CMS.debug("AddCRLServlet: start verify");
- if (statsSub != null) {
- statsSub.startTiming("verify_crl");
- }
- crl.verify(jssCert.getPublicKey(), "Mozilla-JSS");
- if (statsSub != null) {
- statsSub.endTiming("verify_crl");
- }
- CMS.debug("AddCRLServlet: done verify");
+ CryptoManager cmanager = CryptoManager.getInstance();
+ org.mozilla.jss.crypto.X509Certificate jssCert = null;
+ try {
+ jssCert = cmanager.importCACertPackage(caCert
+ .getEncoded());
+ } catch (Exception e2) {
+ CMS.debug("AddCRLServlet: importCACertPackage "
+ + e2.toString());
+ throw new EBaseException(e2.toString());
+ }
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
- auditSubjectID,
- ILogger.SUCCESS );
+ if (statsSub != null) {
+ statsSub.startTiming("verify_crl");
+ }
+ crl.verify(jssCert.getPublicKey(), "Mozilla-JSS");
+ if (statsSub != null) {
+ statsSub.endTiming("verify_crl");
+ }
+ CMS.debug("AddCRLServlet: done verify");
- audit( auditMessage );
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+ auditSubjectID, ILogger.SUCCESS);
- // acknowledge that the CRL has been validated
- CRLValidated = true;
- } catch (Exception e) {
- CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString());
- CMS.debug(e);
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
- crl.getIssuerDN().getName()));
+ audit(auditMessage);
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
- auditSubjectID,
- ILogger.FAILURE );
+ // acknowledge that the CRL has been validated
+ CRLValidated = true;
+ } catch (Exception e) {
+ CMS.debug("AddCRLServlet: failed to verify CRL "
+ + e.toString());
+ CMS.debug(e);
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_NO_CRL_ISSUING_POINT_FOUND", crl
+ .getIssuerDN().getName()));
- audit( auditMessage );
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+ auditSubjectID, ILogger.FAILURE);
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
- }
+ audit(auditMessage);
+
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+ }
}
- if ((pt.getThisUpdate() != null) &&
- (pt.getThisUpdate().getTime() >=
- crl.getThisUpdate().getTime())) {
+ if ((pt.getThisUpdate() != null)
+ && (pt.getThisUpdate().getTime() >= crl.getThisUpdate()
+ .getTime())) {
// error, the uploaded CRL is older than the current
CMS.debug("AddCRLServlet: no update, CRL is older");
log(ILogger.LL_INFO,
- "AddCRLServlet: no update, received CRL is older " +
- "than current CRL");
+ "AddCRLServlet: no update, received CRL is older "
+ + "than current CRL");
if (noUI) {
try {
resp.setContentType("application/text");
- resp.getOutputStream().write("status=1\n".getBytes());
+ resp.getOutputStream().write("status=1\n".getBytes());
resp.getOutputStream().write(
- "error=Sent CRL is older than the current CRL\n".getBytes());
+ "error=Sent CRL is older than the current CRL\n"
+ .getBytes());
resp.getOutputStream().flush();
cmsReq.setStatus(CMSRequest.SUCCESS);
- // NOTE: The signed audit events
- // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
- // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
- // already been logged at this point!
+ // NOTE: The signed audit events
+ // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
+ // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
+ // already been logged at this point!
return;
} catch (Exception e) {
@@ -424,26 +403,28 @@ public class AddCRLServlet extends CMSServlet {
} else {
CMS.debug("AddCRLServlet: CRL is older");
- // NOTE: The signed audit events
- // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
- // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
- // already been logged at this point!
+ // NOTE: The signed audit events
+ // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
+ // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
+ // already been logged at this point!
- throw new ECMSGWException(CMS.getUserMessage(
- "CMS_GW_OLD_CRL_ERROR"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_OLD_CRL_ERROR"));
}
}
if (crl.isDeltaCRL()) {
CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported.");
- log(ILogger.LL_INFO, "AddCRLServlet: no update, "+
- CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
+ log(ILogger.LL_INFO,
+ "AddCRLServlet: no update, "
+ + CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
if (noUI) {
try {
resp.setContentType("application/text");
- resp.getOutputStream().write("status=1\n".getBytes());
+ resp.getOutputStream().write("status=1\n".getBytes());
resp.getOutputStream().write(
- "error=Delta CRLs are not supported.\n".getBytes());
+ "error=Delta CRLs are not supported.\n"
+ .getBytes());
resp.getOutputStream().flush();
cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -451,7 +432,8 @@ public class AddCRLServlet extends CMSServlet {
} catch (Exception e) {
}
} else {
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
}
}
@@ -465,26 +447,25 @@ public class AddCRLServlet extends CMSServlet {
IRepositoryRecord repRec = defStore.createRepositoryRecord();
- repRec.set(IRepositoryRecord.ATTR_SERIALNO,
- new BigInteger(Long.toString(crl.getThisUpdate().getTime())));
+ repRec.set(
+ IRepositoryRecord.ATTR_SERIALNO,
+ new BigInteger(Long.toString(crl.getThisUpdate().getTime())));
try {
- defStore.addRepository(
- crl.getIssuerDN().getName(),
- Long.toString(crl.getThisUpdate().getTime()),
- repRec);
- log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " +
- Long.toString(crl.getThisUpdate().getTime()));
+ defStore.addRepository(crl.getIssuerDN().getName(),
+ Long.toString(crl.getThisUpdate().getTime()), repRec);
+ log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated "
+ + Long.toString(crl.getThisUpdate().getTime()));
} catch (Exception e) {
- CMS.debug("AddCRLServlet: add repository e=" + e.toString());
+ CMS.debug("AddCRLServlet: add repository e=" + e.toString());
}
- log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " +
- Long.toString(crl.getThisUpdate().getTime()));
+ log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository "
+ + Long.toString(crl.getThisUpdate().getTime()));
if (defStore.waitOnCRLUpdate()) {
defStore.updateCRL(crl);
} else {
- // when the CRL large, the thread is terminiated by the
- // servlet framework before it can finish its work
+ // when the CRL large, the thread is terminiated by the
+ // servlet framework before it can finish its work
UpdateCRLThread uct = new UpdateCRLThread(defStore, crl);
uct.start();
@@ -496,64 +477,61 @@ public class AddCRLServlet extends CMSServlet {
if (noUI) {
CMS.debug("AddCRLServlet: return result noUI=true");
resp.setContentType("application/text");
- resp.getOutputStream().write("status=0".getBytes());
+ resp.getOutputStream().write("status=0".getBytes());
resp.getOutputStream().flush();
cmsReq.setStatus(CMSRequest.SUCCESS);
} else {
CMS.debug("AddCRLServlet: return result noUI=false");
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
}
} catch (IOException e) {
CMS.debug("AddCRLServlet: return result error=" + e.toString());
- mOCSPAuthority.log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
- e.toString()));
+ mOCSPAuthority.log(
+ ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+ e.toString()));
- // NOTE: The signed audit events
- // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
- // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
- // already been logged at this point!
+ // NOTE: The signed audit events
+ // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
+ // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
+ // already been logged at this point!
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
- } catch( EBaseException eAudit1 ) {
- if( !CRLFetched ) {
+ } catch (EBaseException eAudit1) {
+ if (!CRLFetched) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditCRLNum );
+ LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL, auditSubjectID,
+ ILogger.FAILURE, auditCRLNum);
- audit( auditMessage );
+ audit(auditMessage);
} else {
- if( !CRLValidated ) {
+ if (!CRLValidated) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+ auditSubjectID, ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
}
}
throw eAudit1;
}
if (statsSub != null) {
- statsSub.endTiming("add_crl");
+ statsSub.endTiming("add_crl");
}
}
- public X509CRLImpl mapCRL1(String mime64)
- throws IOException {
+ public X509CRLImpl mapCRL1(String mime64) throws IOException {
mime64 = Cert.stripCRLBrackets(mime64.trim());
byte rawPub[] = CMS.AtoB(mime64);
@@ -568,21 +546,19 @@ public class AddCRLServlet extends CMSServlet {
}
}
-
class UpdateCRLThread extends Thread {
private IDefStore mDefStore = null;
private X509CRL mCRL = null;
- public UpdateCRLThread(
- IDefStore defStore, X509CRL crl) {
+ public UpdateCRLThread(IDefStore defStore, X509CRL crl) {
mDefStore = defStore;
mCRL = crl;
}
public void run() {
try {
- if (!((X509CRLImpl)mCRL).areEntriesIncluded())
- mCRL = new X509CRLImpl(((X509CRLImpl)mCRL).getEncoded());
+ if (!((X509CRLImpl) mCRL).areEntriesIncluded())
+ mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded());
mDefStore.updateCRL(mCRL);
} catch (CRLException e) {
} catch (X509ExtensionException e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
index 3e5d1f49..47236045 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509Certificate;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cmsutil.util.Cert;
-
/**
- * Check the status of a specific certificate
- *
+ * Check the status of a specific certificate
+ *
* @version $Revision$ $Date$
*/
public class CheckCertServlet extends CMSServlet {
@@ -60,10 +58,8 @@ public class CheckCertServlet extends CMSServlet {
*
*/
private static final long serialVersionUID = 7782198059640825050L;
- public static final String BEGIN_HEADER =
- "-----BEGIN CERTIFICATE-----";
- public static final String END_HEADER =
- "-----END CERTIFICATE-----";
+ public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----";
+ public static final String END_HEADER = "-----END CERTIFICATE-----";
public static final String ATTR_STATUS = "status";
public static final String ATTR_ISSUERDN = "issuerDN";
@@ -85,7 +81,7 @@ public class CheckCertServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "checkCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -102,14 +98,13 @@ public class CheckCertServlet extends CMSServlet {
/**
* Process the HTTP request.
* <ul>
- * <li>http.param cert certificate to check. Base64, DER encoded, wrapped
- * in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
+ * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in
+ * -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
@@ -118,8 +113,8 @@ public class CheckCertServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "validate");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "validate");
} catch (Exception e) {
// do nothing for now
}
@@ -136,9 +131,10 @@ public class CheckCertServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -151,12 +147,14 @@ public class CheckCertServlet extends CMSServlet {
if (b64.indexOf(BEGIN_HEADER) == -1) {
// error
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER"));
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
+ "CMS_GW_MISSING_CERT_HEADER"));
}
if (b64.indexOf(END_HEADER) == -1) {
// error
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER"));
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
+ "CMS_GW_MISSING_CERT_FOOTER"));
}
X509Certificate cert = null;
@@ -164,23 +162,27 @@ public class CheckCertServlet extends CMSServlet {
try {
cert = Cert.mapCert(b64);
} catch (Exception e) {
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR"));
}
if (cert == null) {
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DECODING_CERT_ERROR"));
}
- ICRLIssuingPointRecord pt = defStore.readCRLIssuingPoint(
- cert.getIssuerDN().getName());
+ ICRLIssuingPointRecord pt = defStore.readCRLIssuingPoint(cert
+ .getIssuerDN().getName());
header.addStringValue(ATTR_ISSUERDN, cert.getIssuerDN().getName());
header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName());
- header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16));
+ header.addStringValue(ATTR_SERIALNO, "0x"
+ + cert.getSerialNumber().toString(16));
try {
- X509CRLImpl crl = null;
+ X509CRLImpl crl = null;
- crl = new X509CRLImpl(pt.getCRL());
- X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber());
+ crl = new X509CRLImpl(pt.getCRL());
+ X509CRLEntry crlentry = crl.getRevokedCertificate(cert
+ .getSerialNumber());
if (crlentry == null) {
if (defStore.isNotFoundGood()) {
@@ -194,25 +196,27 @@ public class CheckCertServlet extends CMSServlet {
} catch (Exception e) {
header.addStringValue(ATTR_STATUS, STATUS_UNKNOWN);
}
- log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status " + cert.getIssuerDN().getName() + " " + cert.getSerialNumber().toString());
+ log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Checked Certificate Status "
+ + cert.getIssuerDN().getName() + " "
+ + cert.getSerialNumber().toString());
try {
ServletOutputStream out = resp.getOutputStream();
String error = null;
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
index 704c759c..e9530c74 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.util.Locale;
@@ -41,11 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Retrieve information about the number of OCSP requests the OCSP
- * has serviced
- *
+ * Retrieve information about the number of OCSP requests the OCSP has serviced
+ *
* @version $Revision$, $Date$
*/
public class GetOCSPInfo extends CMSServlet {
@@ -61,9 +58,9 @@ public class GetOCSPInfo extends CMSServlet {
}
/**
- * initialize the servlet. This servlet uses the template
- * file "getOCSPInfo.template" to render the result page.
- *
+ * initialize the servlet. This servlet uses the template file
+ * "getOCSPInfo.template" to render the result page.
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -79,14 +76,12 @@ public class GetOCSPInfo extends CMSServlet {
}
-
/**
- * Process the HTTP request.
- *
+ * Process the HTTP request.
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -94,14 +89,14 @@ public class GetOCSPInfo extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -113,9 +108,10 @@ public class GetOCSPInfo extends CMSServlet {
IArgBlock args = cmsReq.getHttpParams();
if (!(mAuthority instanceof IOCSPService)) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -126,10 +122,11 @@ public class GetOCSPInfo extends CMSServlet {
try {
form = getTemplate(mFormPath, httpReq, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
return;
}
@@ -147,8 +144,9 @@ public class GetOCSPInfo extends CMSServlet {
header.addLongValue("totalData", ca.getOCSPTotalData());
long secs = 0;
if (ca.getOCSPRequestTotalTime() != 0) {
- secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime();
- }
+ secs = (ca.getNumOCSPRequest() * 1000)
+ / ca.getOCSPRequestTotalTime();
+ }
header.addLongValue("ReqSec", secs);
try {
ServletOutputStream out = httpResp.getOutputStream();
@@ -157,10 +155,10 @@ public class GetOCSPInfo extends CMSServlet {
form.renderOutput(out, argSet);
cmsReq.setStatus(CMSRequest.SUCCESS);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
- cmsReq.setError(new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ cmsReq.setError(new ECMSGWException(CMS
+ .getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
cmsReq.setStatus(CMSRequest.ERROR);
}
cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
index 063d8513..d74938b8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Date;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Show the list of CA's that the OCSP responder can service
- *
+ *
* @version $Revision$ $Date$
*/
public class ListCAServlet extends CMSServlet {
@@ -57,10 +55,8 @@ public class ListCAServlet extends CMSServlet {
*
*/
private static final long serialVersionUID = 3764395161795483452L;
- public static final String BEGIN_HEADER =
- "-----BEGIN CERTIFICATE-----";
- public static final String END_HEADER =
- "-----END CERTIFICATE-----";
+ public static final String BEGIN_HEADER = "-----BEGIN CERTIFICATE-----";
+ public static final String END_HEADER = "-----END CERTIFICATE-----";
private final static String TPL_FILE = "listCAs.template";
private String mFormPath = null;
@@ -73,7 +69,7 @@ public class ListCAServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "listCAs.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -89,11 +85,10 @@ public class ListCAServlet extends CMSServlet {
/**
* Process the HTTP request.
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
@@ -102,8 +97,8 @@ public class ListCAServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "list");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "list");
} catch (Exception e) {
// do nothing for now
}
@@ -120,9 +115,10 @@ public class ListCAServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -133,12 +129,12 @@ public class ListCAServlet extends CMSServlet {
Enumeration recs = defStore.searchAllCRLIssuingPointRecord(100);
// show the current CRL number if present
- header.addStringValue("stateCount",
- Integer.toString(defStore.getStateCount()));
+ header.addStringValue("stateCount",
+ Integer.toString(defStore.getStateCount()));
while (recs.hasMoreElements()) {
- ICRLIssuingPointRecord rec =
- (ICRLIssuingPointRecord) recs.nextElement();
+ ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord) recs
+ .nextElement();
IArgBlock rarg = CMS.createArgBlock();
String thisId = rec.getId();
@@ -163,17 +159,17 @@ public class ListCAServlet extends CMSServlet {
rarg.addLongValue("NumRevoked", 0);
} else {
if (rc.longValue() == -1) {
- rarg.addStringValue("NumRevoked", "UNKNOWN");
- } else {
- rarg.addLongValue("NumRevoked", rc.longValue());
+ rarg.addStringValue("NumRevoked", "UNKNOWN");
+ } else {
+ rarg.addLongValue("NumRevoked", rc.longValue());
}
}
BigInteger crlNumber = rec.getCRLNumber();
if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) {
- rarg.addStringValue("CRLNumber", "UNKNOWN");
+ rarg.addStringValue("CRLNumber", "UNKNOWN");
} else {
- rarg.addStringValue("CRLNumber", crlNumber.toString());
+ rarg.addStringValue("CRLNumber", crlNumber.toString());
}
rarg.addLongValue("ReqCount", defStore.getReqCount(thisId));
@@ -185,18 +181,18 @@ public class ListCAServlet extends CMSServlet {
String error = null;
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
index cfc91975..c1f8b3d0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
@@ -47,11 +46,10 @@ import com.netscape.cmsutil.ocsp.ResponseData;
import com.netscape.cmsutil.ocsp.SingleResponse;
import com.netscape.cmsutil.ocsp.TBSRequest;
-
/**
- * Process OCSP messages, According to RFC 2560
- * See http://www.ietf.org/rfc/rfc2560.txt
- *
+ * Process OCSP messages, According to RFC 2560 See
+ * http://www.ietf.org/rfc/rfc2560.txt
+ *
* @version $Revision$ $Date$
*/
public class OCSPServlet extends CMSServlet {
@@ -65,7 +63,7 @@ public class OCSPServlet extends CMSServlet {
public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize";
public final static String PROP_ID = "ID";
- private int m_maxRequestSize=5000;
+ private int m_maxRequestSize = 5000;
public OCSPServlet() {
super();
@@ -74,43 +72,43 @@ public class OCSPServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
super.init(sc);
String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE);
if (s != null) {
- try {
- m_maxRequestSize = Integer.parseInt(s);
- } catch (Exception e) {}
- }
+ try {
+ m_maxRequestSize = Integer.parseInt(s);
+ } catch (Exception e) {
+ }
+ }
}
/**
- * Process the HTTP request.
- * This method is invoked when the OCSP service receives a OCSP
- * request. Based on RFC 2560, the request should have the OCSP
- * request in the HTTP body as binary blob.
- *
+ * Process the HTTP request. This method is invoked when the OCSP service
+ * receives a OCSP request. Based on RFC 2560, the request should have the
+ * OCSP request in the HTTP body as binary blob.
+ *
* @param cmsReq the object holding the request and response information
*/
protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest httpReq = cmsReq.getHttpReq();
HttpServletResponse httpResp = cmsReq.getHttpResp();
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("ocsp", true /* main action */);
+ statsSub.startTiming("ocsp", true /* main action */);
}
IAuthToken authToken = authenticate(cmsReq);
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "submit");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "submit");
} catch (Exception e) {
// do nothing for now
}
@@ -119,12 +117,12 @@ public class OCSPServlet extends CMSServlet {
cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
-
+
CMS.debug("Servlet Path=" + httpReq.getServletPath());
CMS.debug("RequestURI=" + httpReq.getRequestURI());
- String pathInfo = httpReq.getPathInfo();
+ String pathInfo = httpReq.getPathInfo();
if (pathInfo != null && pathInfo.indexOf('%') != -1) {
- pathInfo = URLDecoder.decode(pathInfo);
+ pathInfo = URLDecoder.decode(pathInfo);
}
CMS.debug("PathInfo=" + pathInfo);
@@ -136,46 +134,50 @@ public class OCSPServlet extends CMSServlet {
String method = httpReq.getMethod();
CMS.debug("Method=" + method);
if (method != null && method.equals("POST")) {
- int reqlen = httpReq.getContentLength();
-
- if (reqlen == -1) {
- throw new Exception("OCSPServlet: Content-Length not supplied");
- }
- if (reqlen == 0) {
- throw new Exception("OCSPServlet: Invalid Content-Length");
- }
- if (reqlen > m_maxRequestSize) {
- throw new Exception("OCSPServlet: Client sending too much OCSP request data ("+reqlen+")");
- }
-
- // for debugging
- reqbuf = new byte[reqlen];
- int bytesread = 0;
- boolean partial = false;
-
- while (bytesread < reqlen) {
- int r = is.read(reqbuf, bytesread, reqlen - bytesread);
- if (r == -1) {
- throw new Exception("OCSPServlet: Client did not supply enough OCSP data");
+ int reqlen = httpReq.getContentLength();
+
+ if (reqlen == -1) {
+ throw new Exception(
+ "OCSPServlet: Content-Length not supplied");
+ }
+ if (reqlen == 0) {
+ throw new Exception("OCSPServlet: Invalid Content-Length");
+ }
+ if (reqlen > m_maxRequestSize) {
+ throw new Exception(
+ "OCSPServlet: Client sending too much OCSP request data ("
+ + reqlen + ")");
}
- bytesread += r;
- if (partial == false) {
- if (bytesread < reqlen) {
- partial = true;
+
+ // for debugging
+ reqbuf = new byte[reqlen];
+ int bytesread = 0;
+ boolean partial = false;
+
+ while (bytesread < reqlen) {
+ int r = is.read(reqbuf, bytesread, reqlen - bytesread);
+ if (r == -1) {
+ throw new Exception(
+ "OCSPServlet: Client did not supply enough OCSP data");
+ }
+ bytesread += r;
+ if (partial == false) {
+ if (bytesread < reqlen) {
+ partial = true;
+ }
}
}
- }
- is = new ByteArrayInputStream(reqbuf);
+ is = new ByteArrayInputStream(reqbuf);
} else {
- // GET method
- if ( (pathInfo == null) ||
- (pathInfo.equals( "" ) ) ||
- (pathInfo.substring(1) == null) ||
- (pathInfo.substring(1).equals( "" ) ) ) {
- throw new Exception("OCSPServlet: OCSP request not provided in GET method");
- }
- is = new ByteArrayInputStream(
- com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1)));
+ // GET method
+ if ((pathInfo == null) || (pathInfo.equals(""))
+ || (pathInfo.substring(1) == null)
+ || (pathInfo.substring(1).equals(""))) {
+ throw new Exception(
+ "OCSPServlet: OCSP request not provided in GET method");
+ }
+ is = new ByteArrayInputStream(
+ com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1)));
}
// (1) retrieve OCSP request
@@ -183,22 +185,20 @@ public class OCSPServlet extends CMSServlet {
OCSPResponse response = null;
try {
- OCSPRequest.Template reqTemplate =
- new OCSPRequest.Template();
+ OCSPRequest.Template reqTemplate = new OCSPRequest.Template();
- if ( (is == null) ||
- (is.toString().equals( "" ) ) ) {
- throw new Exception( "OCSPServlet: OCSP request is "
- + "empty or malformed");
+ if ((is == null) || (is.toString().equals(""))) {
+ throw new Exception("OCSPServlet: OCSP request is "
+ + "empty or malformed");
}
ocspReq = (OCSPRequest) reqTemplate.decode(is);
- if ( (ocspReq == null) ||
- (ocspReq.toString().equals( "" ) ) ) {
- throw new Exception( "OCSPServlet: Decoded OCSP request "
- + "is empty or malformed");
+ if ((ocspReq == null) || (ocspReq.toString().equals(""))) {
+ throw new Exception("OCSPServlet: Decoded OCSP request "
+ + "is empty or malformed");
}
response = ((IOCSPService) mAuthority).validate(ocspReq);
- } catch (Exception e) {;
+ } catch (Exception e) {
+ ;
CMS.debug("OCSPServlet: " + e.toString());
}
@@ -216,48 +216,54 @@ public class OCSPServlet extends CMSServlet {
// we can validate the response
if (CMS.debugOn()) {
CMS.debug("OCSPServlet: OCSP Request:");
- CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq)));
+ CMS.debug("OCSPServlet: "
+ + CMS.BtoA(ASN1Util.encode(ocspReq)));
TBSRequest tbsReq = ocspReq.getTBSRequest();
for (int i = 0; i < tbsReq.getRequestCount(); i++) {
- com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
- CMS.debug("Serial Number: " + req.getCertID().getSerialNumber());
+ com.netscape.cmsutil.ocsp.Request req = tbsReq
+ .getRequestAt(i);
+ CMS.debug("Serial Number: "
+ + req.getCertID().getSerialNumber());
}
CMS.debug("OCSPServlet: OCSP Response Size:");
- CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length));
+ CMS.debug("OCSPServlet: "
+ + Integer.toString(respbytes.length));
CMS.debug("OCSPServlet: OCSP Response Data:");
CMS.debug("OCSPServlet: " + CMS.BtoA(respbytes));
ResponseBytes rbytes = response.getResponseBytes();
if (rbytes == null) {
CMS.debug("Response bytes is null");
} else if (rbytes.getObjectIdentifier().equals(
- ResponseBytes.OCSP_BASIC)) {
- BasicOCSPResponse basicRes = (BasicOCSPResponse)
- BasicOCSPResponse.getTemplate().decode(
- new ByteArrayInputStream(rbytes.getResponse().toByteArray()));
+ ResponseBytes.OCSP_BASIC)) {
+ BasicOCSPResponse basicRes = (BasicOCSPResponse) BasicOCSPResponse
+ .getTemplate().decode(
+ new ByteArrayInputStream(rbytes
+ .getResponse().toByteArray()));
if (basicRes == null) {
CMS.debug("Basic Res is null");
} else {
ResponseData data = basicRes.getResponseData();
for (int i = 0; i < data.getResponseCount(); i++) {
SingleResponse res = data.getResponseAt(i);
- CMS.debug("Serial Number: " +
- res.getCertID().getSerialNumber() +
- " Status: " +
- res.getCertStatus().getClass().getName());
+ CMS.debug("Serial Number: "
+ + res.getCertID().getSerialNumber()
+ + " Status: "
+ + res.getCertStatus().getClass()
+ .getName());
}
}
}
}
httpResp.setContentType("application/ocsp-response");
-
+
httpResp.setContentLength(respbytes.length);
OutputStream ooss = httpResp.getOutputStream();
ooss.write(respbytes);
ooss.flush();
if (statsSub != null) {
- statsSub.endTiming("ocsp");
+ statsSub.endTiming("ocsp");
}
mRenderResult = false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
index 3ec72bb8..6a639e2f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.ocsp;
-
import java.io.IOException;
import java.util.Locale;
@@ -41,11 +40,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Configure the CA to no longer respond to OCSP requests for a CA
- *
- * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $
+ *
+ * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep
+ * 2010) $
*/
public class RemoveCAServlet extends CMSServlet {
@@ -57,13 +56,10 @@ public class RemoveCAServlet extends CMSServlet {
private String mFormPath = null;
private IOCSPAuthority mOCSPAuthority = null;
- private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST =
- "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3";
- private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3";
+ private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST = "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3";
+ private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3";
- private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3";
+ private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3";
public RemoveCAServlet() {
super();
@@ -72,7 +68,7 @@ public class RemoveCAServlet extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "addCA.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -90,18 +86,19 @@ public class RemoveCAServlet extends CMSServlet {
/**
* Process the HTTP request.
* <ul>
- * <li>http.param ca id. The format is string.
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when
- * a CA is attempted to be removed from the OCSP responder
- * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS
- * and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when
- * a remove CA request to the OCSP Responder is processed successfully or not.
+ * <li>http.param ca id. The format is string.
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a
+ * CA is attempted to be removed from the OCSP responder
+ * <li>signed.audit
+ * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and
+ * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used
+ * when a remove CA request to the OCSP Responder is processed successfully
+ * or not.
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
HttpServletResponse resp = cmsReq.getHttpResp();
String auditMessage = null;
@@ -114,8 +111,8 @@ public class RemoveCAServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "add");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "add");
} catch (Exception e) {
// do nothing for now
}
@@ -132,89 +129,87 @@ public class RemoveCAServlet extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
- if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
- auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+ if (auditSubjectID.equals(ILogger.NONROLEUSER)
+ || auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
String uid = authToken.getInString(IAuthToken.USER_ID);
if (uid != null) {
- CMS.debug("RemoveCAServlet: auditSubjectID set to "+uid);
+ CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid);
auditSubjectID = uid;
}
}
- String caID = cmsReq.getHttpReq().getParameter("caID");
-
+ String caID = cmsReq.getHttpReq().getParameter("caID");
- if (caID == null) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
- auditSubjectID,
- ILogger.FAILURE,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ if (caID == null) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
+ auditSubjectID, ILogger.FAILURE,
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE);
- throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID"));
- }
+ throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
+ "CMS_GW_MISSING_CA_ID"));
+ }
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- caID);
+ auditMessage = CMS.getLogMessage(
+ LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST, auditSubjectID,
+ ILogger.SUCCESS, caID);
- audit( auditMessage );
+ audit(auditMessage);
- IDefStore defStore = mOCSPAuthority.getDefaultStore();
+ IDefStore defStore = mOCSPAuthority.getDefaultStore();
- try {
- defStore.deleteCRLIssuingPointRecord(caID);
+ try {
+ defStore.deleteCRLIssuingPointRecord(caID);
- } catch (EBaseException e) {
+ } catch (EBaseException e) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
- auditSubjectID,
- ILogger.FAILURE,
- caID);
- audit( auditMessage );
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
+ auditSubjectID, ILogger.FAILURE, caID);
+ audit(auditMessage);
- CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID);
- throw new EBaseException(e.toString());
+ CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: "
+ + caID);
+ throw new EBaseException(e.toString());
}
- CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID);
+ CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: "
+ + caID);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,
- auditSubjectID,
- ILogger.SUCCESS,
- caID);
- audit( auditMessage );
+ LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,
+ auditSubjectID, ILogger.SUCCESS, caID);
+ audit(auditMessage);
try {
ServletOutputStream out = resp.getOutputStream();
String error = null;
String xmlOutput = req.getParameter("xml");
- if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
- } else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
- }
+ if (xmlOutput != null && xmlOutput.equals("true")) {
+ outputXML(resp, argSet);
+ } else {
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
index 1e44dad1..2d3f1874 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Process CMC messages according to RFC 2797
- * See http://www.ietf.org/rfc/rfc2797.txt
- *
+ * Process CMC messages according to RFC 2797 See
+ * http://www.ietf.org/rfc/rfc2797.txt
+ *
* @version $Revision$, $Date$
*/
public class CMCProcessor extends PKIProcessor {
@@ -87,56 +85,56 @@ public class CMCProcessor extends PKIProcessor {
super();
}
- public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) {
+ public CMCProcessor(CMSRequest cmsReq, CMSServlet servlet,
+ boolean doEnforcePop) {
super(cmsReq, servlet);
enforcePop = doEnforcePop;
}
- public void process(CMSRequest cmsReq)
- throws EBaseException {
+ public void process(CMSRequest cmsReq) throws EBaseException {
}
- public void fillCertInfo(
- String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public void fillCertInfo(String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
}
- public X509CertInfo[] fillCertInfoArray(
- String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ public X509CertInfo[] fillCertInfoArray(String protocolString,
+ IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!");
String cmc = protocolString;
try {
byte[] cmcBlob = CMS.AtoB(cmc);
- ByteArrayInputStream cmcBlobIn =
- new ByteArrayInputStream(cmcBlob);
+ ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(cmcBlob);
- org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
- org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+ org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo
+ .getTemplate().decode(cmcBlobIn);
- if
- (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent())
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
+ if (!cmcReq.getContentType().equals(
+ org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA)
+ || !cmcReq.hasContent())
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
- SignedData cmcFullReq = (SignedData)
- cmcReq.getInterpretedContent();
+ SignedData cmcFullReq = (SignedData) cmcReq.getInterpretedContent();
EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
OBJECT_IDENTIFIER id = ci.getContentType();
- if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) {
+ if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData)
+ || !ci.hasContent()) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
+ CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
}
OCTET_STRING content = ci.getContent();
- ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
+ ByteArrayInputStream s = new ByteArrayInputStream(
+ content.toByteArray());
PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
SEQUENCE reqSequence = pkiData.getReqSequence();
@@ -144,10 +142,11 @@ public class CMCProcessor extends PKIProcessor {
int numReqs = reqSequence.size();
X509CertInfo[] certInfoArray = new X509CertInfo[numReqs];
String[] reqIdArray = new String[numReqs];
-
+
for (int i = 0; i < numReqs; i++) {
// decode message.
- TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i);
+ TaggedRequest taggedRequest = (TaggedRequest) reqSequence
+ .elementAt(i);
TaggedRequest.Type type = taggedRequest.getType();
@@ -157,35 +156,37 @@ public class CMCProcessor extends PKIProcessor {
reqIdArray[i] = String.valueOf(p10Id);
- CertificationRequest p10 =
- tcr.getCertificationRequest();
+ CertificationRequest p10 = tcr.getCertificationRequest();
// transfer to sun class
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
p10.encode(ostream);
- PKCS10Processor pkcs10Processor = new PKCS10Processor(mRequest, mServlet);
+ PKCS10Processor pkcs10Processor = new PKCS10Processor(
+ mRequest, mServlet);
try {
PKCS10 pkcs10 = new PKCS10(ostream.toByteArray());
- //xxx do we need to do anything else?
+ // xxx do we need to do anything else?
X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
- pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams);
+ pkcs10Processor.fillCertInfo(pkcs10, certInfo,
+ authToken, httpParams);
- /* fillPKCS10(pkcs10,certInfo,
- authToken, httpParams);
+ /*
+ * fillPKCS10(pkcs10,certInfo, authToken, httpParams);
*/
certInfoArray[i] = certInfo;
} catch (Exception e) {
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_PKCS10_ERROR", e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_PKCS10_ERROR", e.toString()));
}
} else if (type.equals(TaggedRequest.CRMF)) {
- CRMFProcessor crmfProc = new CRMFProcessor(mRequest, mServlet, enforcePop);
+ CRMFProcessor crmfProc = new CRMFProcessor(mRequest,
+ mServlet, enforcePop);
CertReqMsg crm = taggedRequest.getCrm();
CertRequest certReq = crm.getCertReq();
@@ -195,10 +196,12 @@ public class CMCProcessor extends PKIProcessor {
reqIdArray[i] = String.valueOf(srcId);
- certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams);
+ certInfoArray[i] = crmfProc.processIndividualRequest(crm,
+ authToken, httpParams);
} else {
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
}
}
@@ -208,13 +211,11 @@ public class CMCProcessor extends PKIProcessor {
Hashtable digs = new Hashtable();
for (int i = 0; i < numDig; i++) {
- AlgorithmIdentifier dai =
- (AlgorithmIdentifier) dais.elementAt(i);
- String name =
- DigestAlgorithm.fromOID(dai.getOID()).toString();
+ AlgorithmIdentifier dai = (AlgorithmIdentifier) dais
+ .elementAt(i);
+ String name = DigestAlgorithm.fromOID(dai.getOID()).toString();
- MessageDigest md =
- MessageDigest.getInstance(name);
+ MessageDigest md = MessageDigest.getInstance(name);
byte[] digest = md.digest(content.toByteArray());
@@ -225,9 +226,8 @@ public class CMCProcessor extends PKIProcessor {
int numSis = sis.size();
for (int i = 0; i < numSis; i++) {
- org.mozilla.jss.pkix.cms.SignerInfo si =
- (org.mozilla.jss.pkix.cms.SignerInfo)
- sis.elementAt(i);
+ org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis
+ .elementAt(i);
String name = si.getDigestAlgorithm().toString();
byte[] digest = (byte[]) digs.get(name);
@@ -243,9 +243,10 @@ public class CMCProcessor extends PKIProcessor {
SignerIdentifier sid = si.getSignerIdentifier();
- if
- (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
- IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber();
+ if (sid.getType().equals(
+ SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
+ IssuerAndSerialNumber issuerAndSerialNumber = sid
+ .getIssuerAndSerialNumber();
// find from the certs in the signedData
X509Certificate cert = null;
@@ -254,21 +255,23 @@ public class CMCProcessor extends PKIProcessor {
int numCerts = certs.size();
for (int j = 0; j < numCerts; j++) {
- Certificate certJss =
- (Certificate) certs.elementAt(j);
- CertificateInfo certI =
- certJss.getInfo();
+ Certificate certJss = (Certificate) certs
+ .elementAt(j);
+ CertificateInfo certI = certJss.getInfo();
Name issuer = certI.getIssuer();
byte[] issuerB = ASN1Util.encode(issuer);
INTEGER sn = certI.getSerialNumber();
- if (
- new String(issuerB).equals(new
- String(ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
- && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
- ByteArrayOutputStream os = new
- ByteArrayOutputStream();
+ if (new String(issuerB)
+ .equals(new String(ASN1Util
+ .encode(issuerAndSerialNumber
+ .getIssuer())))
+ && sn.toString().equals(
+ issuerAndSerialNumber
+ .getSerialNumber()
+ .toString())) {
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
certJss.encode(os);
cert = new X509CertImpl(os.toByteArray());
@@ -295,8 +298,7 @@ public class CMCProcessor extends PKIProcessor {
keyType = PrivateKey.DSA;
} else {
}
- PK11PubKey pubK =
- PK11PubKey.fromRaw(keyType,
+ PK11PubKey pubK = PK11PubKey.fromRaw(keyType,
((X509Key) signKey).getKey());
si.verify(digest, id, pubK);
@@ -309,21 +311,25 @@ public class CMCProcessor extends PKIProcessor {
PublicKey signKey = null;
while (signKey == null && j < numReqs) {
- X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j].get(X509CertInfo.KEY)).get(CertificateX509Key.KEY);
+ X509Key subjectKeyInfo = (X509Key) ((CertificateX509Key) certInfoArray[j]
+ .get(X509CertInfo.KEY))
+ .get(CertificateX509Key.KEY);
MessageDigest md = MessageDigest.getInstance("SHA-1");
md.update(subjectKeyInfo.getEncoded());
byte[] skib = md.digest();
- if (new String(skib).equals(new String(ski.toByteArray()))) {
+ if (new String(skib).equals(new String(ski
+ .toByteArray()))) {
signKey = subjectKeyInfo;
}
j++;
}
if (signKey == null) {
- throw new
- ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
- "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request."));
+ throw new ECMSGWException(
+ CMS.getUserMessage(
+ "CMS_GW_CMC_ERROR",
+ "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request."));
} else {
PrivateKey.Type keyType = null;
String alg = signKey.getAlgorithm();
@@ -334,8 +340,7 @@ public class CMCProcessor extends PKIProcessor {
keyType = PrivateKey.DSA;
} else {
}
- PK11PubKey pubK = PK11PubKey.fromRaw(
- keyType,
+ PK11PubKey pubK = PK11PubKey.fromRaw(keyType,
((X509Key) signKey).getKey());
si.verify(digest, id, pubK);
@@ -351,8 +356,8 @@ public class CMCProcessor extends PKIProcessor {
int numControls = controls.size();
for (int i = 0; i < numControls; i++) {
- TaggedAttribute control =
- (TaggedAttribute) controls.elementAt(i);
+ TaggedAttribute control = (TaggedAttribute) controls
+ .elementAt(i);
OBJECT_IDENTIFIER type = control.getType();
SET values = control.getValues();
int numVals = values.size();
@@ -363,10 +368,9 @@ public class CMCProcessor extends PKIProcessor {
if (numVals > 0)
vals = new String[numVals];
for (int j = 0; j < numVals; j++) {
- ANY val = (ANY)
- values.elementAt(j);
- INTEGER transId = (INTEGER) ((ANY) val).decodeWith(
- INTEGER.getTemplate());
+ ANY val = (ANY) values.elementAt(j);
+ INTEGER transId = (INTEGER) ((ANY) val)
+ .decodeWith(INTEGER.getTemplate());
if (transId != null) {
vals[j] = transId.toString();
@@ -374,17 +378,15 @@ public class CMCProcessor extends PKIProcessor {
}
if (vals != null)
req.setExtData(IRequest.CMC_TRANSID, vals);
- } else if
- (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+ } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
String[] vals = null;
if (numVals > 0)
vals = new String[numVals];
for (int j = 0; j < numVals; j++) {
- ANY val = (ANY)
- values.elementAt(j);
- OCTET_STRING nonce = (OCTET_STRING)
- ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
+ ANY val = (ANY) values.elementAt(j);
+ OCTET_STRING nonce = (OCTET_STRING) ((ANY) val)
+ .decodeWith(OCTET_STRING.getTemplate());
if (nonce != null) {
vals[j] = new String(nonce.toByteArray());
@@ -409,27 +411,31 @@ public class CMCProcessor extends PKIProcessor {
return certInfoArray;
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
} catch (InvalidBERException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
} catch (InvalidKeyException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
- }catch (Exception e) {
+ CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString()));
+ CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+ } catch (Exception e) {
+ throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
+ e.toString()));
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
index 27648758..99b4c2b3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
@@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * Process CRMF requests, according to RFC 2511
- * See http://www.ietf.org/rfc/rfc2511.txt
- *
+ * Process CRMF requests, according to RFC 2511 See
+ * http://www.ietf.org/rfc/rfc2511.txt
+ *
* @version $Revision$, $Date$
*/
public class CRMFProcessor extends PKIProcessor {
@@ -69,37 +67,36 @@ public class CRMFProcessor extends PKIProcessor {
private boolean enforcePop = false;
- private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
- "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+ private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION = "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
public CRMFProcessor() {
super();
}
- public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet, boolean doEnforcePop) {
+ public CRMFProcessor(CMSRequest cmsReq, CMSServlet servlet,
+ boolean doEnforcePop) {
super(cmsReq, servlet);
enforcePop = doEnforcePop;
mRequest = cmsReq;
}
- public void process(CMSRequest cmsReq)
- throws EBaseException {
+ public void process(CMSRequest cmsReq) throws EBaseException {
}
/**
* Verify Proof of Possession (POP)
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof
* of possession is checked during certificate enrollment
* </ul>
+ *
* @param certReqMsg the certificate request message
* @exception EBaseException an error has occurred
*/
- private void verifyPOP(CertReqMsg certReqMsg)
- throws EBaseException {
+ private void verifyPOP(CertReqMsg certReqMsg) throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -118,59 +115,55 @@ public class CRMFProcessor extends PKIProcessor {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.SUCCESS );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID, ILogger.SUCCESS);
- audit( auditMessage );
+ audit(auditMessage);
} catch (Exception e) {
CMS.debug("CRMFProcessor: Failed POP verify!");
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+ CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID, ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+ CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
}
}
} else {
if (enforcePop == true) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+ CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+ auditSubjectID, ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
throw new ECMSGWException(
- CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+ CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
}
}
- } catch( EBaseException eAudit1 ) {
+ } catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
- auditSubjectID,
- ILogger.FAILURE );
+ LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION, auditSubjectID,
+ ILogger.FAILURE);
- audit( auditMessage );
+ audit(auditMessage);
}
}
- public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg,
+ IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
CMS.debug("CRMFProcessor::processIndividualRequest!");
try {
@@ -196,38 +189,39 @@ public class CRMFProcessor extends PKIProcessor {
// field suggested notBefore and notAfter in CRMF
// Tech Support #383184
- if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) {
- CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter());
+ if (certTemplate.getNotBefore() != null
+ || certTemplate.getNotAfter() != null) {
+ CertificateValidity certValidity = new CertificateValidity(
+ certTemplate.getNotBefore(), certTemplate.getNotAfter());
certInfo.set(X509CertInfo.VALIDITY, certValidity);
}
if (certTemplate.hasSubject()) {
Name subjectdn = certTemplate.getSubject();
- ByteArrayOutputStream subjectEncStream =
- new ByteArrayOutputStream();
+ ByteArrayOutputStream subjectEncStream = new ByteArrayOutputStream();
subjectdn.encode(subjectEncStream);
byte[] subjectEnc = subjectEncStream.toByteArray();
X500Name subject = new X500Name(subjectEnc);
- certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subject));
- } else if (authToken == null ||
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ subject));
+ } else if (authToken == null
+ || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
// No subject name - error!
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
// get extensions
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
} catch (CertificateException e) {
extensions = null;
} catch (IOException e) {
@@ -242,35 +236,32 @@ public class CRMFProcessor extends PKIProcessor {
int numexts = certTemplate.numExtensions();
for (int j = 0; j < numexts; j++) {
- org.mozilla.jss.pkix.cert.Extension jssext =
- certTemplate.extensionAt(j);
+ org.mozilla.jss.pkix.cert.Extension jssext = certTemplate
+ .extensionAt(j);
boolean isCritical = jssext.getCritical();
- org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
- jssext.getExtnId();
+ org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = jssext
+ .getExtnId();
long[] numbers = jssoid.getNumbers();
int[] oidNumbers = new int[numbers.length];
for (int k = numbers.length - 1; k >= 0; k--) {
oidNumbers[k] = (int) numbers[k];
}
- ObjectIdentifier oid =
- new ObjectIdentifier(oidNumbers);
- org.mozilla.jss.asn1.OCTET_STRING jssvalue =
- jssext.getExtnValue();
- ByteArrayOutputStream jssvalueout =
- new ByteArrayOutputStream();
+ ObjectIdentifier oid = new ObjectIdentifier(oidNumbers);
+ org.mozilla.jss.asn1.OCTET_STRING jssvalue = jssext
+ .getExtnValue();
+ ByteArrayOutputStream jssvalueout = new ByteArrayOutputStream();
jssvalue.encode(jssvalueout);
byte[] extValue = jssvalueout.toByteArray();
- Extension ext =
- new Extension(oid, isCritical, extValue);
+ Extension ext = new Extension(oid, isCritical, extValue);
extensions.parseExtension(ext);
}
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
}
@@ -282,8 +273,8 @@ public class CRMFProcessor extends PKIProcessor {
// to have the control of the subject name
// formulation.
// -- CRMFfillCert
- if (authToken != null &&
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+ if (authToken != null
+ && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
// if authenticated override subect name, validity and
// extensions if any from authtoken.
fillCertInfoFromAuthToken(certInfo, authToken);
@@ -300,31 +291,34 @@ public class CRMFProcessor extends PKIProcessor {
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
- } /* catch (InvalidBERException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
- throw new ECMSGWException(
- CMSGWResources.ERROR_CRMF_TO_CERTINFO);
- } */ catch (InvalidKeyException e) {
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ } /*
+ * catch (InvalidBERException e) { log(ILogger.LL_FAILURE,
+ * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
+ * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO);
+ * }
+ */catch (InvalidKeyException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
- public X509CertInfo[] fillCertInfoArray(
- String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ public X509CertInfo[] fillCertInfoArray(String protocolString,
+ IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
CMS.debug("CRMFProcessor.fillCertInfoArray!");
@@ -332,11 +326,10 @@ public class CRMFProcessor extends PKIProcessor {
try {
byte[] crmfBlob = CMS.AtoB(crmf);
- ByteArrayInputStream crmfBlobIn =
- new ByteArrayInputStream(crmfBlob);
+ ByteArrayInputStream crmfBlobIn = new ByteArrayInputStream(crmfBlob);
- SEQUENCE crmfMsgs = (SEQUENCE)
- new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
+ SEQUENCE crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template(
+ new CertReqMsg.Template()).decode(crmfBlobIn);
int nummsgs = crmfMsgs.size();
X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -344,31 +337,33 @@ public class CRMFProcessor extends PKIProcessor {
for (int i = 0; i < nummsgs; i++) {
// decode message.
CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
-
+
CertRequest certReq = certReqMsg.getCertReq();
INTEGER certReqId = certReq.getCertReqId();
int srcId = certReqId.intValue();
req.setExtData(IRequest.CRMF_REQID, String.valueOf(srcId));
- certInfoArray[i] = processIndividualRequest(certReqMsg, authToken, httpParams);
+ certInfoArray[i] = processIndividualRequest(certReqMsg,
+ authToken, httpParams);
}
- //do_testbed_hack(nummsgs, certInfoArray, httpParams);
+ // do_testbed_hack(nummsgs, certInfoArray, httpParams);
return certInfoArray;
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
} catch (InvalidBERException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+ CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
index d021f653..6ecb87c8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
@@ -17,19 +17,16 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import com.netscape.certsrv.base.EBaseException;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* This represents the request parser.
- *
+ *
* @version $Revision$, $Date$
*/
public interface IPKIProcessor {
- public void process(CMSRequest cmsReq)
- throws EBaseException;
+ public void process(CMSRequest cmsReq) throws EBaseException;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
index cc035033..c78e0b7b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.IOException;
import java.security.cert.CertificateException;
@@ -37,11 +36,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * KeyGenProcess parses Certificate request matching the
- * KEYGEN tag format used by Netscape Communicator 4.x
- *
+ * KeyGenProcess parses Certificate request matching the KEYGEN tag format used
+ * by Netscape Communicator 4.x
+ *
* @version $Revision$, $Date$
*/
public class KeyGenProcessor extends PKIProcessor {
@@ -55,14 +53,11 @@ public class KeyGenProcessor extends PKIProcessor {
}
- public void process(CMSRequest cmsReq)
- throws EBaseException {
+ public void process(CMSRequest cmsReq) throws EBaseException {
}
- public void fillCertInfo(
- String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public void fillCertInfo(String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
CMS.debug("KeyGenProcessor: fillCertInfo");
@@ -72,28 +67,30 @@ public class KeyGenProcessor extends PKIProcessor {
KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo(
PKIProcessor.SUBJECT_KEYGEN_INFO, null);
-
+
// fill key
X509Key key = null;
key = keyGenInfo.getSPKI();
if (key == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
+ CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
}
try {
certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- "Could not set key into certInfo from keygen. Error " + e);
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+ "Could not set key into certInfo from keygen. Error " + e);
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
}
String authMgr = mServlet.getAuthMgr();
@@ -106,12 +103,13 @@ public class KeyGenProcessor extends PKIProcessor {
if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
// allow special case for agent gateway in admin enroll
// and bulk issuance.
- if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) &&
- !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
+ if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)
+ && !authMgr
+ .equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
}
fillCertInfoFromForm(certInfo, httpParams);
} else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
index 53d38455..19e343e6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.IOException;
import java.security.cert.CertificateException;
@@ -46,12 +45,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
- * PKCS10Processor process Certificate Requests in
- * PKCS10 format, as defined here:
- * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
- *
+ * PKCS10Processor process Certificate Requests in PKCS10 format, as defined
+ * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
+ *
* @version $Revision$, $Date$
*/
public class PKCS10Processor extends PKIProcessor {
@@ -61,7 +58,7 @@ public class PKCS10Processor extends PKIProcessor {
private final String USE_INTERNAL_PKCS10 = "internal";
public PKCS10Processor() {
-
+
super();
}
@@ -70,25 +67,20 @@ public class PKCS10Processor extends PKIProcessor {
}
- public void process(CMSRequest cmsReq)
- throws EBaseException {
+ public void process(CMSRequest cmsReq) throws EBaseException {
}
- public void fillCertInfo(
- PKCS10 pkcs10, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public void fillCertInfo(PKCS10 pkcs10, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
mPkcs10 = pkcs10;
-
- fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
+
+ fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
}
- public void fillCertInfo(
- String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ public void fillCertInfo(String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
PKCS10 p10 = null;
@@ -99,12 +91,13 @@ public class PKCS10Processor extends PKIProcessor {
} else if (protocolString.equals(USE_INTERNAL_PKCS10)) {
p10 = mPkcs10;
} else {
- CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" );
- throw new EBaseException( "p10 is null" );
+ CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!");
+ throw new EBaseException("p10 is null");
}
if (mServlet == null) {
- EBaseException ex = new ECMSGWException("Servlet property of PKCS10Processor is null.");
+ EBaseException ex = new ECMSGWException(
+ "Servlet property of PKCS10Processor is null.");
throw ex;
@@ -114,22 +107,24 @@ public class PKCS10Processor extends PKIProcessor {
X509Key key = p10.getSubjectPublicKeyInfo();
if (key == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10"));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_MISSING_KEY_IN_P10"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_P10"));
}
CertificateX509Key certKey = new CertificateX509Key(key);
try {
certInfo.set(X509CertInfo.KEY, certKey);
} catch (CertificateException e) {
- EBaseException ex = new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ EBaseException ex = new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
log(ILogger.LL_FAILURE, ex.toString());
throw ex;
} catch (IOException e) {
- EBaseException ex = new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ EBaseException ex = new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
log(ILogger.LL_FAILURE, ex.toString());
throw ex;
@@ -139,33 +134,34 @@ public class PKCS10Processor extends PKIProcessor {
if (subject != null) {
try {
- certInfo.set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(subject));
- log(ILogger.LL_INFO,
- "Setting subject name " + subject + " from p10.");
+ certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ subject));
+ log(ILogger.LL_INFO, "Setting subject name " + subject
+ + " from p10.");
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in X500 name parsing,
// this will catch it.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
}
- } else if (authToken == null ||
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+ } else if (authToken == null
+ || authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
+ CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
}
// fill extensions from pkcs 10 attributes if any.
@@ -176,45 +172,49 @@ public class PKCS10Processor extends PKIProcessor {
PKCS10Attributes p10Attrs = p10.getAttributes();
if (p10Attrs != null) {
- PKCS10Attribute p10Attr = (PKCS10Attribute)
- (p10Attrs.getAttribute(CertificateExtensions.NAME));
-
- if (p10Attr != null && p10Attr.getAttributeId().equals(
- PKCS9Attribute.EXTENSION_REQUEST_OID)) {
- Extensions exts0 = (Extensions)
- (p10Attr.getAttributeValue());
+ PKCS10Attribute p10Attr = (PKCS10Attribute) (p10Attrs
+ .getAttribute(CertificateExtensions.NAME));
+
+ if (p10Attr != null
+ && p10Attr.getAttributeId().equals(
+ PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+ Extensions exts0 = (Extensions) (p10Attr
+ .getAttributeValue());
DerOutputStream extOut = new DerOutputStream();
exts0.encode(extOut);
byte[] extB = extOut.toByteArray();
DerInputStream extIn = new DerInputStream(extB);
- CertificateExtensions exts = new CertificateExtensions(extIn);
+ CertificateExtensions exts = new CertificateExtensions(
+ extIn);
if (exts != null) {
certInfo.set(X509CertInfo.EXTENSIONS, exts);
}
}
}
- CMS.debug(
- "PKCS10Processor: Seted cert extensions from pkcs10. ");
+ CMS.debug("PKCS10Processor: Seted cert extensions from pkcs10. ");
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
} catch (Exception e) {
// if anything bad happens in extensions parsing,
// this will catch it.
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+ CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10",
+ e.toString()));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
}
// override pkcs10 attributes with authtoken attributes
@@ -222,9 +222,9 @@ public class PKCS10Processor extends PKIProcessor {
// adminEnroll is an exception
String authMgr = mServlet.getAuthMgr();
- if (authToken != null &&
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
- !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
+ if (authToken != null
+ && authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null
+ && !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
fillCertInfoFromAuthToken(certInfo, authToken);
}
@@ -233,12 +233,11 @@ public class PKCS10Processor extends PKIProcessor {
// from the http parameters.
if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) {
fillValidityFromForm(certInfo, httpParams);
- }
-
+ }
+
}
- private PKCS10 getPKCS10(IArgBlock httpParams)
- throws EBaseException {
+ private PKCS10 getPKCS10(IArgBlock httpParams) throws EBaseException {
PKCS10 pkcs10 = null;
@@ -246,17 +245,20 @@ public class PKCS10Processor extends PKIProcessor {
// support Enterprise 3.5.1 server where CERT_TYPE=csrCertType
// instead of certType
- certType = httpParams.getValueAsString(PKIProcessor.OLD_CERT_TYPE, null);
+ certType = httpParams
+ .getValueAsString(PKIProcessor.OLD_CERT_TYPE, null);
if (certType == null) {
- certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE, "client");
+ certType = httpParams.getValueAsString(PKIProcessor.CERT_TYPE,
+ "client");
} else {
// some policies may rely on the fact that
// CERT_TYPE is set. So for 3.5.1 or eariler
- // we need to set CERT_TYPE but not here.
+ // we need to set CERT_TYPE but not here.
}
if (certType.equals("client")) {
// coming from MSIE
- String p10b64 = httpParams.getValueAsString(PKIProcessor.PKCS10_REQUEST, null);
+ String p10b64 = httpParams.getValueAsString(
+ PKIProcessor.PKCS10_REQUEST, null);
if (p10b64 != null) {
try {
@@ -266,18 +268,20 @@ public class PKCS10Processor extends PKIProcessor {
} catch (Exception e) {
// ok, if the above fails, it could
// be a PKCS10 with header
- pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
+ pkcs10 = httpParams.getValueAsPKCS10(
+ PKIProcessor.PKCS10_REQUEST, false, null);
// e.printStackTrace();
}
}
- //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
+ // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
} else {
try {
// coming from server cut & paste blob.
- pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
- }catch (Exception ex) {
+ pkcs10 = httpParams.getValueAsPKCS10(
+ PKIProcessor.PKCS10_REQUEST, false, null);
+ } catch (Exception ex) {
ex.printStackTrace();
}
}
@@ -286,4 +290,4 @@ public class PKCS10Processor extends PKIProcessor {
}
-}
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
index 625808d7..b81b6831 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.processors;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Date;
@@ -42,10 +41,9 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Process Certificate Requests
- *
+ *
* @version $Revision$, $Date$
*/
public class PKIProcessor implements IPKIProcessor {
@@ -57,7 +55,7 @@ public class PKIProcessor implements IPKIProcessor {
public static final String PKCS10_REQUEST = "pkcs10Request";
public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo";
- protected CMSRequest mRequest = null;
+ protected CMSRequest mRequest = null;
protected HttpServletRequest httpReq = null;
protected String mServletId = null;
@@ -83,31 +81,27 @@ public class PKIProcessor implements IPKIProcessor {
}
- public void process(CMSRequest cmsReq)
- throws EBaseException {
+ public void process(CMSRequest cmsReq) throws EBaseException {
}
- protected void fillCertInfo(
- String protocolString, X509CertInfo certInfo,
- IAuthToken authToken, IArgBlock httpParams)
- throws EBaseException {
+ protected void fillCertInfo(String protocolString, X509CertInfo certInfo,
+ IAuthToken authToken, IArgBlock httpParams) throws EBaseException {
}
- protected X509CertInfo[] fillCertInfoArray(
- String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
- throws EBaseException {
+ protected X509CertInfo[] fillCertInfoArray(String protocolString,
+ IAuthToken authToken, IArgBlock httpParams, IRequest req)
+ throws EBaseException {
return null;
}
/**
- * fill subject name, validity, extensions from authoken if any,
- * overriding what was in pkcs10.
- * fill subject name, extensions from http input if not authenticated.
- * requests not authenticated will need to be approved by an agent.
+ * fill subject name, validity, extensions from authoken if any, overriding
+ * what was in pkcs10. fill subject name, extensions from http input if not
+ * authenticated. requests not authenticated will need to be approved by an
+ * agent.
*/
- public static void fillCertInfoFromAuthToken(
- X509CertInfo certInfo, IAuthToken authToken)
- throws EBaseException {
+ public static void fillCertInfoFromAuthToken(X509CertInfo certInfo,
+ IAuthToken authToken) throws EBaseException {
// override subject, validity and extensions from auth token
// CA determines algorithm, version and issuer.
// take key from keygen, cmc, pkcs10 or crmf.
@@ -115,61 +109,62 @@ public class PKIProcessor implements IPKIProcessor {
CMS.debug("PKIProcessor: fillCertInfoFromAuthToken");
// subject name.
try {
- String subjectname =
- authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
+ String subjectname = authToken
+ .getInString(AuthToken.TOKEN_CERT_SUBJECT);
if (subjectname != null) {
- CertificateSubjectName certSubject = (CertificateSubjectName)
- new CertificateSubjectName(new X500Name(subjectname));
+ CertificateSubjectName certSubject = (CertificateSubjectName) new CertificateSubjectName(
+ new X500Name(subjectname));
certInfo.set(X509CertInfo.SUBJECT, certSubject);
- log(ILogger.LL_INFO,
- "cert subject set to " + certSubject + " from authtoken");
+ log(ILogger.LL_INFO, "cert subject set to " + certSubject
+ + " from authtoken");
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
- e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
// validity
try {
CertificateValidity validity = null;
- Date notBefore =
- authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
- Date notAfter =
- authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+ Date notBefore = authToken
+ .getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+ Date notAfter = authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
if (notBefore != null && notAfter != null) {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
- log(ILogger.LL_INFO,
- "cert validity set to " + validity + " from authtoken");
+ log(ILogger.LL_INFO, "cert validity set to " + validity
+ + " from authtoken");
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
}
// extensions
try {
- CertificateExtensions extensions =
- authToken.getInCertExts(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = authToken
+ .getInCertExts(X509CertInfo.EXTENSIONS);
if (extensions != null) {
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -177,73 +172,78 @@ public class PKIProcessor implements IPKIProcessor {
}
} catch (CertificateException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
} catch (IOException e) {
log(ILogger.LL_WARN,
- CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
}
}
/**
- * fill subject name, extension from form.
- * this is done for unauthenticated requests.
- * unauthenticated requests must be approved by agents so these will
- * all be seen by and agent.
+ * fill subject name, extension from form. this is done for unauthenticated
+ * requests. unauthenticated requests must be approved by agents so these
+ * will all be seen by and agent.
*/
- public static void fillCertInfoFromForm(
- X509CertInfo certInfo, IArgBlock httpParams)
- throws EBaseException {
+ public static void fillCertInfoFromForm(X509CertInfo certInfo,
+ IArgBlock httpParams) throws EBaseException {
CMS.debug("PKIProcessor: fillCertInfoFromForm");
// subject name.
try {
- String subject = httpParams.getValueAsString(PKIProcessor.SUBJECT_NAME, null);
+ String subject = httpParams.getValueAsString(
+ PKIProcessor.SUBJECT_NAME, null);
if (subject == null) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
+ CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
}
X500Name x500name = new X500Name(subject);
- certInfo.set(
- X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
+ certInfo.set(X509CertInfo.SUBJECT, new CertificateSubjectName(
+ x500name));
fillValidityFromForm(certInfo, httpParams);
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IllegalArgumentException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
+ CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
}
// requested extensions.
// let polcies form extensions from http input.
}
- public static void fillValidityFromForm(
- X509CertInfo certInfo, IArgBlock httpParams)
- throws EBaseException {
+ public static void fillValidityFromForm(X509CertInfo certInfo,
+ IArgBlock httpParams) throws EBaseException {
CMS.debug("PKIProcessor: fillValidityFromForm!");
try {
- String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null);
- String notValidAfterStr = httpParams.getValueAsString("notValidAfter", null);
+ String notValidBeforeStr = httpParams.getValueAsString(
+ "notValidBefore", null);
+ String notValidAfterStr = httpParams.getValueAsString(
+ "notValidAfter", null);
if (notValidBeforeStr != null && notValidAfterStr != null) {
long notValidBefore = 0;
@@ -266,44 +266,46 @@ public class PKIProcessor implements IPKIProcessor {
if (notBefore != null && notAfter != null) {
validity = new CertificateValidity(notBefore, notAfter);
certInfo.set(X509CertInfo.VALIDITY, validity);
- log(ILogger.LL_INFO,
- "cert validity set to " + validity + " from authtoken");
+ log(ILogger.LL_INFO, "cert validity set to " + validity
+ + " from authtoken");
}
}
}
} catch (CertificateException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+ CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+ CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
}
}
/**
* log according to authority category.
*/
- public static void log(int event, int level, String msg) {
+ public static void log(int event, int level, String msg) {
CMS.getLogger().log(event, ILogger.S_OTHER, level,
- "PKIProcessor " + ": " + msg);
+ "PKIProcessor " + ": " + msg);
}
public static void log(int level, String msg) {
CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
- "PKIProcessor " + ": " + msg);
+ "PKIProcessor " + ": " + msg);
}
/**
* Signed Audit Log
- *
- * This method is inherited by all extended "CMSServlet"s,
- * and is called to store messages to the signed audit log.
+ *
+ * This method is inherited by all extended "CMSServlet"s, and is called to
+ * store messages to the signed audit log.
* <P>
- *
+ *
* @param msg signed audit log message
*/
protected void audit(String msg) {
@@ -314,21 +316,17 @@ public class PKIProcessor implements IPKIProcessor {
return;
}
- mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
- null,
- ILogger.S_SIGNED_AUDIT,
- ILogger.LL_SECURITY,
- msg);
+ mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT, null,
+ ILogger.S_SIGNED_AUDIT, ILogger.LL_SECURITY, msg);
}
/**
* Signed Audit Log Subject ID
- *
- * This method is inherited by all extended "CMSServlet"s,
- * and is called to obtain the "SubjectID" for
- * a signed audit log message.
+ *
+ * This method is inherited by all extended "CMSServlet"s, and is called to
+ * obtain the "SubjectID" for a signed audit log message.
* <P>
- *
+ *
* @return id string containing the signed audit log message SubjectID
*/
protected String auditSubjectID() {
@@ -343,8 +341,7 @@ public class PKIProcessor implements IPKIProcessor {
SessionContext auditContext = SessionContext.getExistingContext();
if (auditContext != null) {
- subjectID = (String)
- auditContext.get(SessionContext.USER_ID);
+ subjectID = (String) auditContext.get(SessionContext.USER_ID);
if (subjectID != null) {
subjectID = subjectID.trim();
@@ -358,4 +355,3 @@ public class PKIProcessor implements IPKIProcessor {
return subjectID;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
index da24d2c2..4ac119dc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Toggle the approval state of a profile
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileApproveServlet extends ProfileServlet {
@@ -59,10 +57,9 @@ public class ProfileApproveServlet extends ProfileServlet {
*/
private static final long serialVersionUID = 3956879326742839550L;
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
- private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL =
- "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL = "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
private final static String OP_APPROVE = "approve";
private final static String OP_DISAPPROVE = "disapprove";
@@ -73,7 +70,7 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -84,13 +81,14 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Process the HTTP request.
* <P>
- *
+ *
* <ul>
* <li>http.param profileId the id of the profile to change
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an
* agent approves/disapproves a cert profile set by the administrator for
* automatic approval
* </ul>
+ *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
@@ -126,20 +124,18 @@ public class ProfileApproveServlet extends ProfileServlet {
auditSubjectID = auditSubjectID();
CMS.debug(e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHENTICATION_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -150,30 +146,28 @@ public class ProfileApproveServlet extends ProfileServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "approve");
+ mAuthzResourceName, "approve");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -193,17 +187,15 @@ public class ProfileApproveServlet extends ProfileServlet {
if (ps == null) {
CMS.debug("ProfileApproveServlet: ProfileSubsystem not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -214,20 +206,18 @@ public class ProfileApproveServlet extends ProfileServlet {
IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
if (authority == null) {
- CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId +
- " not found");
+ CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId
+ + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -236,20 +226,18 @@ public class ProfileApproveServlet extends ProfileServlet {
IRequestQueue queue = authority.getRequestQueue();
if (queue == null) {
- CMS.debug("ProfileApproveServlet: Request Queue of " +
- mAuthorityId + " not found");
+ CMS.debug("ProfileApproveServlet: Request Queue of "
+ + mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -265,60 +253,54 @@ public class ProfileApproveServlet extends ProfileServlet {
try {
if (ps.isProfileEnable(profileId)) {
- if (ps.checkOwner()) {
- if (ps.getProfileEnableBy(profileId).equals(userid)) {
- ps.disableProfile(profileId);
- } else {
- // only enableBy can disable profile
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_OWNER"));
- outputTemplate(request, response, args);
-
- // store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
+ if (ps.checkOwner()) {
+ if (ps.getProfileEnableBy(profileId).equals(userid)) {
+ ps.disableProfile(profileId);
+ } else {
+ // only enableBy can disable profile
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(
+ locale, "CMS_PROFILE_NOT_OWNER"));
+ outputTemplate(request, response, args);
+
+ // store a message in the signed audit log file
+ auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ auditSubjectID, ILogger.FAILURE,
+ auditProfileID, auditProfileOp);
- audit(auditMessage);
+ audit(auditMessage);
- return;
+ return;
+ }
+ } else {
+ ps.disableProfile(profileId);
}
- } else {
- ps.disableProfile(profileId);
- }
} else {
ps.enableProfile(profileId, userid);
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.SUCCESS,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.SUCCESS, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
} catch (EProfileException e) {
// profile not enabled
- CMS.debug("ProfileApproveServlet: profile not error " +
- e.toString());
+ CMS.debug("ProfileApproveServlet: profile not error "
+ + e.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ auditSubjectID, ILogger.FAILURE, auditProfileID,
+ auditProfileOp);
audit(auditMessage);
@@ -327,37 +309,34 @@ public class ProfileApproveServlet extends ProfileServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- auditSubjectID,
- ILogger.FAILURE,
- auditProfileID,
- auditProfileOp);
+ LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL, auditSubjectID,
+ ILogger.FAILURE, auditProfileID, auditProfileOp);
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
// } catch( ServletException eAudit2 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditProfileID,
- // auditProfileOp );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditProfileID,
+ // auditProfileOp );
//
- // audit( auditMessage );
+ // audit( auditMessage );
//
- // // rethrow the specific exception to be handled later
- // throw eAudit2;
+ // // rethrow the specific exception to be handled later
+ // throw eAudit2;
}
try {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileApproveServlet: profile not found " +
- e.toString());
+ CMS.debug("ProfileApproveServlet: profile not found "
+ + e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, e.toString());
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -385,14 +364,13 @@ public class ProfileApproveServlet extends ProfileServlet {
while (policyIds.hasMoreElements()) {
String id = (String) policyIds.nextElement();
- IProfilePolicy policy = (IProfilePolicy)
- profile.getProfilePolicy(setId, id);
+ IProfilePolicy policy = (IProfilePolicy) profile
+ .getProfilePolicy(setId, id);
// (3) query all the profile policies
// (4) default plugins convert request parameters
- // into string http parameters
- handlePolicy(list, response, locale,
- id, policy);
+ // into string http parameters
+ handlePolicy(list, response, locale, id, policy);
}
ArgSet setArg = new ArgSet();
@@ -403,8 +381,8 @@ public class ProfileApproveServlet extends ProfileServlet {
args.set(ARG_POLICY_SET_LIST, setlist);
args.set(ARG_PROFILE_ID, profileId);
- args.set(ARG_PROFILE_IS_ENABLED,
- Boolean.toString(ps.isProfileEnable(profileId)));
+ args.set(ARG_PROFILE_IS_ENABLED,
+ Boolean.toString(ps.isProfileEnable(profileId)));
args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
args.set(ARG_PROFILE_NAME, profile.getName(locale));
args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
@@ -413,8 +391,8 @@ public class ProfileApproveServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
- private void handlePolicy(ArgList list, ServletResponse response,
- Locale locale, String id, IProfilePolicy policy) {
+ private void handlePolicy(ArgList list, ServletResponse response,
+ Locale locale, String id, IProfilePolicy policy) {
ArgSet set = new ArgSet();
set.set(ARG_POLICY_ID, id);
@@ -434,19 +412,19 @@ public class ProfileApproveServlet extends ProfileServlet {
String defName = (String) defNames.nextElement();
IDescriptor defDesc = def.getValueDescriptor(locale, defName);
if (defDesc == null) {
- CMS.debug("defName=" + defName);
+ CMS.debug("defName=" + defName);
} else {
- String defSyntax = defDesc.getSyntax();
- String defConstraint = defDesc.getConstraint();
- String defValueName = defDesc.getDescription(locale);
- String defValue = null;
-
- defset.set(ARG_DEF_ID, defName);
- defset.set(ARG_DEF_SYNTAX, defSyntax);
- defset.set(ARG_DEF_CONSTRAINT, defConstraint);
- defset.set(ARG_DEF_NAME, defValueName);
- defset.set(ARG_DEF_VAL, defValue);
- deflist.add(defset);
+ String defSyntax = defDesc.getSyntax();
+ String defConstraint = defDesc.getConstraint();
+ String defValueName = defDesc.getDescription(locale);
+ String defValue = null;
+
+ defset.set(ARG_DEF_ID, defName);
+ defset.set(ARG_DEF_SYNTAX, defSyntax);
+ defset.set(ARG_DEF_CONSTRAINT, defConstraint);
+ defset.set(ARG_DEF_NAME, defValueName);
+ defset.set(ARG_DEF_VAL, defValue);
+ deflist.add(defset);
}
}
}
@@ -463,11 +441,11 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Signed Audit Log Profile ID
- *
- * This method is called to obtain the "ProfileID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "ProfileID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param req HTTP request
* @return id string containing the signed audit log message ProfileID
*/
@@ -493,14 +471,14 @@ public class ProfileApproveServlet extends ProfileServlet {
/**
* Signed Audit Log Profile Operation
- *
- * This method is called to obtain the "Profile Operation" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "Profile Operation" for a signed
+ * audit log message.
* <P>
- *
+ *
* @param req HTTP request
- * @return operation string containing either OP_APPROVE, OP_DISAPPROVE,
- * or SIGNED_AUDIT_EMPTY_VALUE
+ * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or
+ * SIGNED_AUDIT_EMPTY_VALUE
*/
private String auditProfileOp(HttpServletRequest req) {
// if no signed audit object exists, bail
@@ -508,13 +486,12 @@ public class ProfileApproveServlet extends ProfileServlet {
return null;
}
- if (mProfileSubId == null ||
- mProfileSubId.equals("")) {
+ if (mProfileSubId == null || mProfileSubId.equals("")) {
mProfileSubId = IProfileSubsystem.ID;
}
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem) CMS
+ .getSubsystem(mProfileSubId);
if (ps == null) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -533,4 +510,3 @@ public class ProfileApproveServlet extends ProfileServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
index 4da41f7a..ded3dff8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -38,10 +37,9 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* List all enabled profiles.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileListServlet extends ProfileServlet {
@@ -53,7 +51,7 @@ public class ProfileListServlet extends ProfileServlet {
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
public ProfileListServlet() {
super();
@@ -62,7 +60,7 @@ public class ProfileListServlet extends ProfileServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -72,7 +70,7 @@ public class ProfileListServlet extends ProfileServlet {
/**
* Process the HTTP request.
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -89,20 +87,20 @@ public class ProfileListServlet extends ProfileServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "list");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -114,18 +112,18 @@ public class ProfileListServlet extends ProfileServlet {
mProfileSubId = IProfileSubsystem.ID;
}
CMS.debug("ProfileListServlet: SubId=" + mProfileSubId);
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem) CMS
+ .getSubsystem(mProfileSubId);
if (ps == null) {
- CMS.debug("ProfileListServlet: ProfileSubsystem " +
- mProfileSubId + " not found");
+ CMS.debug("ProfileListServlet: ProfileSubsystem " + mProfileSubId
+ + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
- }
+ }
ArgList list = new ArgList();
Enumeration e = ps.getProfileIds();
@@ -139,13 +137,13 @@ public class ProfileListServlet extends ProfileServlet {
profile = ps.getProfile(id);
} catch (EBaseException e1) {
// skip bad profile
- CMS.debug("ProfileListServlet: profile " + id +
- " not found (skipped) " + e1.toString());
+ CMS.debug("ProfileListServlet: profile " + id
+ + " not found (skipped) " + e1.toString());
continue;
}
if (profile == null) {
- CMS.debug("ProfileListServlet: profile " + id +
- " not found (skipped)");
+ CMS.debug("ProfileListServlet: profile " + id
+ + " not found (skipped)");
continue;
}
@@ -155,16 +153,16 @@ public class ProfileListServlet extends ProfileServlet {
ArgSet profileArgs = new ArgSet();
profileArgs.set(ARG_PROFILE_IS_ENABLED,
- Boolean.toString(ps.isProfileEnable(id)));
+ Boolean.toString(ps.isProfileEnable(id)));
profileArgs.set(ARG_PROFILE_ENABLED_BY,
- ps.getProfileEnableBy(id));
+ ps.getProfileEnableBy(id));
profileArgs.set(ARG_PROFILE_ID, id);
- profileArgs.set(ARG_PROFILE_IS_VISIBLE,
- Boolean.toString(profile.isVisible()));
+ profileArgs.set(ARG_PROFILE_IS_VISIBLE,
+ Boolean.toString(profile.isVisible()));
profileArgs.set(ARG_PROFILE_NAME, name);
profileArgs.set(ARG_PROFILE_DESC, desc);
list.add(profileArgs);
-
+
}
}
args.set(ARG_RECORD, list);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
index a159c0f2..073d2cfb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
@@ -63,10 +62,9 @@ import com.netscape.certsrv.template.ArgSet;
import com.netscape.certsrv.util.IStatsSubsystem;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* This servlet approves profile-based request.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileProcessServlet extends ProfileServlet {
@@ -78,10 +76,8 @@ public class ProfileProcessServlet extends ProfileServlet {
private String mAuthorityId = null;
private Nonces mNonces = null;
- private final static String SIGNED_AUDIT_CERT_REQUEST_REASON =
- "requestNotes";
- private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ private final static String SIGNED_AUDIT_CERT_REQUEST_REASON = "requestNotes";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
public ProfileProcessServlet() {
}
@@ -103,9 +99,9 @@ public class ProfileProcessServlet extends ProfileServlet {
HttpServletRequest request = cmsReq.getHttpReq();
HttpServletResponse response = cmsReq.getHttpResp();
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("approval", true /* main action */);
+ statsSub.startTiming("approval", true /* main action */);
}
IAuthToken authToken = null;
@@ -119,13 +115,14 @@ public class ProfileProcessServlet extends ProfileServlet {
} catch (EBaseException e) {
CMS.debug("ProfileProcessServlet: " + e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHENTICATION_ERROR"));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -134,23 +131,23 @@ public class ProfileProcessServlet extends ProfileServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "approve");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "approve");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -164,18 +161,19 @@ public class ProfileProcessServlet extends ProfileServlet {
X509Certificate cert2 = getSSLClientCertificate(request);
if (cert1 == null) {
CMS.debug("ProfileProcessServlet: Unknown nonce");
- } else if (cert1 != null && cert2 != null && cert1.equals(cert2)) {
+ } else if (cert1 != null && cert2 != null
+ && cert1.equals(cert2)) {
nonceVerified = true;
mNonces.removeNonce(nonce);
}
} else {
CMS.debug("ProfileProcessServlet: Missing nonce");
}
- CMS.debug("ProfileProcessServlet: nonceVerified="+nonceVerified);
+ CMS.debug("ProfileProcessServlet: nonceVerified=" + nonceVerified);
if (!nonceVerified) {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
statsSub.endTiming("approval");
@@ -193,17 +191,17 @@ public class ProfileProcessServlet extends ProfileServlet {
mProfileSubId = IProfileSubsystem.ID;
}
CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId);
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem) CMS
+ .getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileProcessServlet: ProfileSubsystem not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -212,28 +210,28 @@ public class ProfileProcessServlet extends ProfileServlet {
IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
if (authority == null) {
- CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId +
- " not found");
+ CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId
+ + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
IRequestQueue queue = authority.getRequestQueue();
if (queue == null) {
- CMS.debug("ProfileProcessServlet: Request Queue of " +
- mAuthorityId + " not found");
+ CMS.debug("ProfileProcessServlet: Request Queue of " + mAuthorityId
+ + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -243,11 +241,11 @@ public class ProfileProcessServlet extends ProfileServlet {
if (requestId == null || requestId.equals("")) {
CMS.debug("ProfileProcessServlet: Request Id not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_REQUEST_ID_NOT_FOUND"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_REQUEST_ID_NOT_FOUND"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -259,8 +257,8 @@ public class ProfileProcessServlet extends ProfileServlet {
req = queue.findRequest(new RequestId(requestId));
} catch (EBaseException e) {
// request not found
- CMS.debug("ProfileProcessServlet: request not found requestId=" +
- requestId + " " + e.toString());
+ CMS.debug("ProfileProcessServlet: request not found requestId="
+ + requestId + " " + e.toString());
}
if (req == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -268,12 +266,12 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_REQUEST_NOT_FOUND", requestId));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
- // check if the request is in one of the terminal states
+ // check if the request is in one of the terminal states
if (!req.getRequestStatus().equals(RequestStatus.PENDING)) {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -281,7 +279,7 @@ public class ProfileProcessServlet extends ProfileServlet {
args.set(ARG_REQUEST_ID, requestId);
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -292,11 +290,11 @@ public class ProfileProcessServlet extends ProfileServlet {
if (profileId == null || profileId.equals("")) {
CMS.debug("ProfileProcessServlet: Profile Id not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_ID_NOT_FOUND"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_FOUND"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -305,24 +303,23 @@ public class ProfileProcessServlet extends ProfileServlet {
if (op == null) {
CMS.debug("ProfileProcessServlet: No op found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_OP_NOT_FOUND"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_OP_NOT_FOUND"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
-
IProfile profile = null;
try {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileProcessServlet: profile not found " +
- " " + " profileId=" + profileId + " " + e.toString());
+ CMS.debug("ProfileProcessServlet: profile not found " + " "
+ + " profileId=" + profileId + " " + e.toString());
}
if (profile == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -330,7 +327,7 @@ public class ProfileProcessServlet extends ProfileServlet {
"CMS_PROFILE_NOT_FOUND", profileId));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -344,16 +341,15 @@ public class ProfileProcessServlet extends ProfileServlet {
args.set(ARG_REQUEST_TYPE, req.getRequestType());
args.set(ARG_PROFILE_ID, profileId);
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_ID_NOT_ENABLED"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_PROFILE_ID_NOT_ENABLED"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
-
args.set(ARG_ERROR_CODE, "0");
args.set(ARG_ERROR_REASON, "");
@@ -361,21 +357,23 @@ public class ProfileProcessServlet extends ProfileServlet {
if (op.equals("assign")) {
String owner = req.getRequestOwner();
- // assigned owner
+ // assigned owner
if (owner != null && owner.length() > 0) {
if (!grantPermission(req, authToken)) {
CMS.debug("ProfileProcessServlet: Permission not granted to assign request.");
args.set(ARG_OP, op);
args.set(ARG_REQUEST_ID, req.getRequestId().toString());
- args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString());
+ args.set(ARG_REQUEST_STATUS, req.getRequestStatus()
+ .toString());
args.set(ARG_REQUEST_TYPE, req.getRequestType());
args.set(ARG_PROFILE_ID, profileId);
args.set(ARG_PROFILE_ID, profileId);
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_PROFILE_DENY_OPERATION"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
@@ -387,13 +385,16 @@ public class ProfileProcessServlet extends ProfileServlet {
checkProfileVersion(profile, req, locale);
updateValues(request, req, queue, profile, locale);
updateNotes(request, req);
- approveRequest(request, args, req, queue, profile, locale);
+ approveRequest(request, args, req, queue, profile,
+ locale);
} else if (op.equals("reject")) {
updateNotes(request, req);
- rejectRequest(request, args, req, queue, profile, locale);
+ rejectRequest(request, args, req, queue, profile,
+ locale);
} else if (op.equals("cancel")) {
updateNotes(request, req);
- cancelRequest(request, args, req, queue, profile, locale);
+ cancelRequest(request, args, req, queue, profile,
+ locale);
} else if (op.equals("update")) {
checkProfileVersion(profile, req, locale);
updateValues(request, req, queue, profile, locale);
@@ -401,27 +402,30 @@ public class ProfileProcessServlet extends ProfileServlet {
} else if (op.equals("validate")) {
updateValues(request, req, queue, profile, locale);
} else if (op.equals("unassign")) {
- unassignRequest(request, args, req, queue, profile, locale);
+ unassignRequest(request, args, req, queue, profile,
+ locale);
}
} else {
CMS.debug("ProfileProcessServlet: Permission not granted to approve/reject/cancel/update/validate/unassign request.");
args.set(ARG_OP, op);
args.set(ARG_REQUEST_ID, req.getRequestId().toString());
- args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString());
+ args.set(ARG_REQUEST_STATUS, req.getRequestStatus()
+ .toString());
args.set(ARG_REQUEST_TYPE, req.getRequestType());
args.set(ARG_PROFILE_ID, profileId);
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_PROFILE_DENY_OPERATION"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
}
// commit request to the storage
- if (!op.equals("validate")) {
+ if (!op.equals("validate")) {
try {
if (op.equals("approve")) {
queue.markAsServiced(req);
@@ -429,43 +433,47 @@ public class ProfileProcessServlet extends ProfileServlet {
queue.updateRequest(req);
}
} catch (EBaseException e) {
- CMS.debug("ProfileProcessServlet: Request commit error " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: Request commit error "
+ + e.toString());
// save request to disk
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
return;
}
}
} catch (ERejectException e) {
- CMS.debug("ProfileProcessServlet: execution rejected " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: execution rejected "
+ + e.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_REJECTED", e.toString()));
+ args.set(
+ ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_PROFILE_REJECTED",
+ e.toString()));
} catch (EDeferException e) {
- CMS.debug("ProfileProcessServlet: execution defered " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: execution defered "
+ + e.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_DEFERRED", e.toString()));
+ args.set(
+ ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_PROFILE_DEFERRED",
+ e.toString()));
} catch (EPropertyException e) {
- CMS.debug("ProfileProcessServlet: execution error " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: execution error " + e.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_PROPERTY_ERROR", e.toString()));
+ args.set(
+ ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_PROFILE_PROPERTY_ERROR",
+ e.toString()));
} catch (EProfileException e) {
- CMS.debug("ProfileProcessServlet: execution error " +
- e.toString());
+ CMS.debug("ProfileProcessServlet: execution error " + e.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
}
args.set(ARG_OP, op);
@@ -475,15 +483,15 @@ public class ProfileProcessServlet extends ProfileServlet {
args.set(ARG_PROFILE_ID, profileId);
outputTemplate(request, response, args);
if (statsSub != null) {
- statsSub.endTiming("approval");
+ statsSub.endTiming("approval");
}
}
-
+
public boolean grantPermission(IRequest req, IAuthToken token) {
try {
- boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable",
- false);
+ boolean enable = CMS.getConfigStore().getBoolean(
+ "request.assignee.enable", false);
if (!enable)
return true;
String owner = req.getRequestOwner();
@@ -496,32 +504,32 @@ public class ProfileProcessServlet extends ProfileServlet {
return true;
} catch (Exception e) {
}
-
+
return false;
}
/**
- * Check if the request creation time is older than the profile
- * lastModified attribute.
+ * Check if the request creation time is older than the profile lastModified
+ * attribute.
*/
- protected void checkProfileVersion(IProfile profile, IRequest req,
- Locale locale) throws EProfileException {
+ protected void checkProfileVersion(IProfile profile, IRequest req,
+ Locale locale) throws EProfileException {
IConfigStore profileConfig = profile.getConfigStore();
if (profileConfig != null) {
String lastModified = null;
try {
- lastModified = profileConfig.getString("lastModified","");
+ lastModified = profileConfig.getString("lastModified", "");
} catch (EBaseException e) {
- CMS.debug(e.toString());
- throw new EProfileException( e.toString() );
+ CMS.debug(e.toString());
+ throw new EProfileException(e.toString());
}
if (!lastModified.equals("")) {
Date profileModifiedAt = new Date(Long.parseLong(lastModified));
- CMS.debug("ProfileProcessServlet: Profile Last Modified=" +
- profileModifiedAt);
+ CMS.debug("ProfileProcessServlet: Profile Last Modified="
+ + profileModifiedAt);
Date reqCreatedAt = req.getCreationTime();
- CMS.debug("ProfileProcessServlet: Request Created At=" +
- reqCreatedAt);
+ CMS.debug("ProfileProcessServlet: Request Created At="
+ + reqCreatedAt);
if (profileModifiedAt.after(reqCreatedAt)) {
CMS.debug("Profile Newer Than Request");
throw new ERejectException("Profile Newer Than Request");
@@ -531,18 +539,16 @@ public class ProfileProcessServlet extends ProfileServlet {
}
protected void assignRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ IRequest req, IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
String id = auditSubjectID();
req.setRequestOwner(id);
}
protected void unassignRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ IRequest req, IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
req.setRequestOwner("");
}
@@ -552,13 +558,14 @@ public class ProfileProcessServlet extends ProfileServlet {
* <P>
*
* (Certificate Request Processed - a manual "agent" profile based cert
- * cancellation)
+ * cancellation)
* <P>
*
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
* certificate request has just been through the approval process
* </ul>
+ *
* @param request the servlet request
* @param args argument set
* @param req the certificate request
@@ -566,12 +573,11 @@ public class ProfileProcessServlet extends ProfileServlet {
* @param profile this profile
* @param locale the system locale
* @exception EProfileException an error related to this profile has
- * occurred
+ * occurred
*/
protected void cancelRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ IRequest req, IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(req);
@@ -582,25 +588,22 @@ public class ProfileProcessServlet extends ProfileServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_CANCELLATION,
- auditInfoValue);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID,
+ ILogger.SUCCESS, auditRequesterID,
+ ILogger.SIGNED_AUDIT_CANCELLATION, auditInfoValue);
audit(auditMessage);
// } catch( EProfileException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditRequesterID,
- // ILogger.SIGNED_AUDIT_CANCELLATION,
- // auditInfoValue );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditRequesterID,
+ // ILogger.SIGNED_AUDIT_CANCELLATION,
+ // auditInfoValue );
//
- // audit( auditMessage );
+ // audit( auditMessage );
// }
}
@@ -609,13 +612,14 @@ public class ProfileProcessServlet extends ProfileServlet {
* <P>
*
* (Certificate Request Processed - a manual "agent" profile based cert
- * rejection)
+ * rejection)
* <P>
*
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
* certificate request has just been through the approval process
* </ul>
+ *
* @param request the servlet request
* @param args argument set
* @param req the certificate request
@@ -623,12 +627,11 @@ public class ProfileProcessServlet extends ProfileServlet {
* @param profile this profile
* @param locale the system locale
* @exception EProfileException an error related to this profile has
- * occurred
+ * occurred
*/
protected void rejectRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ IRequest req, IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(req);
@@ -639,25 +642,22 @@ public class ProfileProcessServlet extends ProfileServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- auditInfoValue);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED, auditSubjectID,
+ ILogger.SUCCESS, auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION, auditInfoValue);
audit(auditMessage);
// } catch( EProfileException eAudit1 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditRequesterID,
- // ILogger.SIGNED_AUDIT_REJECTION,
- // auditInfoValue );
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditRequesterID,
+ // ILogger.SIGNED_AUDIT_REJECTION,
+ // auditInfoValue );
//
- // audit( auditMessage );
+ // audit( auditMessage );
// }
}
@@ -666,13 +666,14 @@ public class ProfileProcessServlet extends ProfileServlet {
* <P>
*
* (Certificate Request Processed - a manual "agent" profile based cert
- * acceptance)
+ * acceptance)
* <P>
*
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
* certificate request has just been through the approval process
* </ul>
+ *
* @param request the servlet request
* @param args argument set
* @param req the certificate request
@@ -680,12 +681,11 @@ public class ProfileProcessServlet extends ProfileServlet {
* @param profile this profile
* @param locale the system locale
* @exception EProfileException an error related to this profile has
- * occurred
+ * occurred
*/
- protected void approveRequest(ServletRequest request, ArgSet args,
- IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws EProfileException {
+ protected void approveRequest(ServletRequest request, ArgSet args,
+ IRequest req, IRequestQueue queue, IProfile profile, Locale locale)
+ throws EProfileException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = auditRequesterID(req);
@@ -700,42 +700,40 @@ public class ProfileProcessServlet extends ProfileServlet {
if (outputIds != null) {
while (outputIds.hasMoreElements()) {
String outputId = (String) outputIds.nextElement();
- IProfileOutput profileOutput = profile.getProfileOutput(
- outputId);
+ IProfileOutput profileOutput = profile
+ .getProfileOutput(outputId);
Enumeration outputNames = profileOutput.getValueNames();
if (outputNames != null) {
while (outputNames.hasMoreElements()) {
ArgSet outputset = new ArgSet();
- String outputName = (String)
- outputNames.nextElement();
- IDescriptor outputDesc =
- profileOutput.getValueDescriptor(locale,
- outputName);
+ String outputName = (String) outputNames
+ .nextElement();
+ IDescriptor outputDesc = profileOutput
+ .getValueDescriptor(locale, outputName);
if (outputDesc == null)
continue;
String outputSyntax = outputDesc.getSyntax();
- String outputConstraint =
- outputDesc.getConstraint();
- String outputValueName =
- outputDesc.getDescription(locale);
+ String outputConstraint = outputDesc
+ .getConstraint();
+ String outputValueName = outputDesc
+ .getDescription(locale);
String outputValue = null;
try {
outputValue = profileOutput.getValue(
- outputName,
- locale, req);
+ outputName, locale, req);
} catch (EProfileException e) {
- CMS.debug("ProfileSubmitServlet: " +
- e.toString());
+ CMS.debug("ProfileSubmitServlet: "
+ + e.toString());
}
outputset.set(ARG_OUTPUT_ID, outputName);
outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax);
outputset.set(ARG_OUTPUT_CONSTRAINT,
- outputConstraint);
+ outputConstraint);
outputset.set(ARG_OUTPUT_NAME, outputValueName);
outputset.set(ARG_OUTPUT_VAL, outputValue);
outputlist.add(outputset);
@@ -746,42 +744,37 @@ public class ProfileProcessServlet extends ProfileServlet {
args.set(ARG_OUTPUT_LIST, outputlist);
// retrieve the certificate
- X509CertImpl theCert = req.getExtDataInCert(
- IEnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl theCert = req
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue(theCert));
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue(theCert));
audit(auditMessage);
} catch (EProfileException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE);
audit(auditMessage);
CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute.");
throw new EProfileException(eAudit1.toString());
-
}
}
- protected void updateValues(ServletRequest request, IRequest req,
- IRequestQueue queue, IProfile profile, Locale locale)
- throws ERejectException, EDeferException, EPropertyException {
+ protected void updateValues(ServletRequest request, IRequest req,
+ IRequestQueue queue, IProfile profile, Locale locale)
+ throws ERejectException, EDeferException, EPropertyException {
String profileSetId = req.getExtDataInString("profileSetId");
Enumeration policies = profile.getProfilePolicies(profileSetId);
@@ -813,17 +806,16 @@ public class ProfileProcessServlet extends ProfileServlet {
}
}
- protected void validate(Locale locale, int count,
- IProfilePolicy policy, IRequest req, ServletRequest request)
- throws ERejectException, EDeferException {
+ protected void validate(Locale locale, int count, IProfilePolicy policy,
+ IRequest req, ServletRequest request) throws ERejectException,
+ EDeferException {
IPolicyConstraint con = policy.getConstraint();
con.validate(req);
}
- protected void setValue(Locale locale, int count,
- IProfilePolicy policy, IRequest req, ServletRequest request)
- throws EPropertyException {
+ protected void setValue(Locale locale, int count, IProfilePolicy policy,
+ IRequest req, ServletRequest request) throws EPropertyException {
// handle default policy
IPolicyDefault def = policy.getDefault();
Enumeration defNames = def.getValueNames();
@@ -838,11 +830,11 @@ public class ProfileProcessServlet extends ProfileServlet {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param request the actual request
* @return id string containing the signed audit log message RequesterID
*/
@@ -868,11 +860,11 @@ public class ProfileProcessServlet extends ProfileServlet {
/**
* Signed Audit Log Info Value
- *
- * This method is called to obtain the "reason" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "reason" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param request the actual request
* @return reason string containing the signed audit log message reason
*/
@@ -886,8 +878,8 @@ public class ProfileProcessServlet extends ProfileServlet {
if (request != null) {
// overwrite "reason" if and only if "info" != null
- String info =
- request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON);
+ String info = request
+ .getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON);
if (info != null) {
reason = info.trim();
@@ -904,11 +896,11 @@ public class ProfileProcessServlet extends ProfileServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param x509cert an X509CertImpl
* @return cert string containing the certificate
*/
@@ -941,7 +933,7 @@ public class ProfileProcessServlet extends ProfileServlet {
// extract all line separators from the "base64Data"
StringBuffer sb = new StringBuffer();
for (int i = 0; i < base64Data.length(); i++) {
- if (!Character.isWhitespace(base64Data.charAt(i))) {
+ if (!Character.isWhitespace(base64Data.charAt(i))) {
sb.append(base64Data.charAt(i));
}
}
@@ -961,4 +953,3 @@ public class ProfileProcessServlet extends ProfileServlet {
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
index 00840dd8..433dfdd7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.util.Enumeration;
import java.util.Locale;
import java.util.Random;
@@ -54,10 +53,9 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* This servlet allows reviewing of profile-based request.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileReviewServlet extends ProfileServlet {
@@ -69,7 +67,7 @@ public class ProfileReviewServlet extends ProfileServlet {
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
private Random mRandom = null;
private Nonces mNonces = null;
@@ -79,7 +77,7 @@ public class ProfileReviewServlet extends ProfileServlet {
/**
* initialize the servlet. This servlet uses the template file
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -101,7 +99,7 @@ public class ProfileReviewServlet extends ProfileServlet {
* <ul>
* <li>http.param requestId the ID of the profile to review
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -120,32 +118,33 @@ public class ProfileReviewServlet extends ProfileServlet {
} catch (EBaseException e) {
CMS.debug("ReviewReqServlet: " + e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHENTICATION_ERROR"));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
return;
- }
+ }
}
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -157,14 +156,14 @@ public class ProfileReviewServlet extends ProfileServlet {
mProfileSubId = IProfileSubsystem.ID;
}
CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId);
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem) CMS
+ .getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileReviewServlet: ProfileSubsystem not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -173,22 +172,22 @@ public class ProfileReviewServlet extends ProfileServlet {
IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
if (authority == null) {
- CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId +
- " not found");
+ CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId
+ + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
IRequestQueue queue = authority.getRequestQueue();
if (queue == null) {
- CMS.debug("ProfileReviewServlet: Request Queue of " +
- mAuthorityId + " not found");
+ CMS.debug("ProfileReviewServlet: Request Queue of " + mAuthorityId
+ + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -201,8 +200,8 @@ public class ProfileReviewServlet extends ProfileServlet {
req = queue.findRequest(new RequestId(requestId));
} catch (EBaseException e) {
// request not found
- CMS.debug("ProfileReviewServlet: request not found requestId=" +
- requestId + " " + e.toString());
+ CMS.debug("ProfileReviewServlet: request not found requestId="
+ + requestId + " " + e.toString());
}
if (req == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -214,16 +213,17 @@ public class ProfileReviewServlet extends ProfileServlet {
String profileId = req.getExtDataInString("profileId");
- CMS.debug("ProfileReviewServlet: requestId=" +
- requestId + " profileId=" + profileId);
+ CMS.debug("ProfileReviewServlet: requestId=" + requestId
+ + " profileId=" + profileId);
IProfile profile = null;
try {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileReviewServlet: profile not found requestId=" +
- requestId + " profileId=" + profileId + " " + e.toString());
+ CMS.debug("ProfileReviewServlet: profile not found requestId="
+ + requestId + " profileId=" + profileId + " "
+ + e.toString());
}
if (profile == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -232,27 +232,26 @@ public class ProfileReviewServlet extends ProfileServlet {
outputTemplate(request, response, args);
return;
}
-
+
String profileSetId = req.getExtDataInString("profileSetId");
CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId);
- Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)?
- profile.getProfilePolicyIds(profileSetId): null;
+ Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ? profile
+ .getProfilePolicyIds(profileSetId) : null;
int count = 0;
ArgList list = new ArgList();
if (policyIds != null) {
- while (policyIds.hasMoreElements()) {
+ while (policyIds.hasMoreElements()) {
String id = (String) policyIds.nextElement();
- IProfilePolicy policy = (IProfilePolicy)
- profile.getProfilePolicy(req.getExtDataInString("profileSetId"),
- id);
+ IProfilePolicy policy = (IProfilePolicy) profile
+ .getProfilePolicy(
+ req.getExtDataInString("profileSetId"), id);
// (3) query all the profile policies
// (4) default plugins convert request parameters into string
- // http parameters
- handlePolicy(list, response, locale,
- id, policy, req);
+ // http parameters
+ handlePolicy(list, response, locale, id, policy, req);
count++;
}
}
@@ -269,34 +268,33 @@ public class ProfileReviewServlet extends ProfileServlet {
args.set(ARG_REQUEST_TYPE, req.getRequestType());
args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString());
if (req.getRequestOwner() == null) {
- args.set(ARG_REQUEST_OWNER, "");
+ args.set(ARG_REQUEST_OWNER, "");
} else {
- args.set(ARG_REQUEST_OWNER, req.getRequestOwner());
+ args.set(ARG_REQUEST_OWNER, req.getRequestOwner());
}
args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString());
- args.set(ARG_REQUEST_MODIFICATION_TIME,
- req.getModificationTime().toString());
+ args.set(ARG_REQUEST_MODIFICATION_TIME, req.getModificationTime()
+ .toString());
args.set(ARG_PROFILE_ID, profileId);
- args.set(ARG_PROFILE_APPROVED_BY,
- req.getExtDataInString("profileApprovedBy"));
+ args.set(ARG_PROFILE_APPROVED_BY,
+ req.getExtDataInString("profileApprovedBy"));
args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId"));
if (profile.isVisible()) {
- args.set(ARG_PROFILE_IS_VISIBLE, "true");
+ args.set(ARG_PROFILE_IS_VISIBLE, "true");
} else {
- args.set(ARG_PROFILE_IS_VISIBLE, "false");
+ args.set(ARG_PROFILE_IS_VISIBLE, "false");
}
args.set(ARG_PROFILE_NAME, profile.getName(locale));
args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
- args.set(ARG_PROFILE_REMOTE_HOST,
- req.getExtDataInString("profileRemoteHost"));
- args.set(ARG_PROFILE_REMOTE_ADDR,
- req.getExtDataInString("profileRemoteAddr"));
+ args.set(ARG_PROFILE_REMOTE_HOST,
+ req.getExtDataInString("profileRemoteHost"));
+ args.set(ARG_PROFILE_REMOTE_ADDR,
+ req.getExtDataInString("profileRemoteAddr"));
if (req.getExtDataInString("requestNotes") == null) {
args.set(ARG_REQUEST_NOTES, "");
} else {
- args.set(ARG_REQUEST_NOTES,
- req.getExtDataInString("requestNotes"));
+ args.set(ARG_REQUEST_NOTES, req.getExtDataInString("requestNotes"));
}
args.set(ARG_RECORD, list);
@@ -322,17 +320,20 @@ public class ProfileReviewServlet extends ProfileServlet {
ArgSet inputset = new ArgSet();
String inputName = (String) inputNames.nextElement();
- IDescriptor inputDesc = profileInput.getValueDescriptor(locale, inputName);
+ IDescriptor inputDesc = profileInput
+ .getValueDescriptor(locale, inputName);
if (inputDesc == null)
continue;
String inputSyntax = inputDesc.getSyntax();
String inputConstraint = inputDesc.getConstraint();
- String inputValueName = inputDesc.getDescription(locale);
+ String inputValueName = inputDesc
+ .getDescription(locale);
String inputValue = null;
try {
- inputValue = profileInput.getValue(inputName, locale, req);
+ inputValue = profileInput.getValue(inputName,
+ locale, req);
} catch (EBaseException e) {
CMS.debug("ProfileReviewServlet: " + e.toString());
}
@@ -357,32 +358,31 @@ public class ProfileReviewServlet extends ProfileServlet {
if (outputIds != null) {
while (outputIds.hasMoreElements()) {
String outputId = (String) outputIds.nextElement();
- IProfileOutput profileOutput = profile.getProfileOutput(outputId
- );
+ IProfileOutput profileOutput = profile
+ .getProfileOutput(outputId);
Enumeration outputNames = profileOutput.getValueNames();
if (outputNames != null) {
while (outputNames.hasMoreElements()) {
ArgSet outputset = new ArgSet();
- String outputName = (String) outputNames.nextElement
- ();
- IDescriptor outputDesc =
- profileOutput.getValueDescriptor(locale, outputName);
+ String outputName = (String) outputNames.nextElement();
+ IDescriptor outputDesc = profileOutput
+ .getValueDescriptor(locale, outputName);
if (outputDesc == null)
continue;
String outputSyntax = outputDesc.getSyntax();
String outputConstraint = outputDesc.getConstraint();
- String outputValueName = outputDesc.getDescription(locale);
+ String outputValueName = outputDesc
+ .getDescription(locale);
String outputValue = null;
try {
outputValue = profileOutput.getValue(outputName,
- locale, req);
+ locale, req);
} catch (EProfileException e) {
- CMS.debug("ProfileSubmitServlet: " + e.toString(
- ));
+ CMS.debug("ProfileSubmitServlet: " + e.toString());
}
outputset.set(ARG_OUTPUT_ID, outputName);
@@ -401,9 +401,8 @@ public class ProfileReviewServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
- private void handlePolicy(ArgList list, ServletResponse response,
- Locale locale, String id, IProfilePolicy policy,
- IRequest req) {
+ private void handlePolicy(ArgList list, ServletResponse response,
+ Locale locale, String id, IProfilePolicy policy, IRequest req) {
ArgSet set = new ArgSet();
set.set(ARG_POLICY_ID, id);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
index 813af8f6..92aedb85 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.util.Enumeration;
import java.util.Locale;
@@ -48,10 +47,9 @@ import com.netscape.certsrv.template.ArgList;
import com.netscape.certsrv.template.ArgSet;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* Retrieve detailed information of a particular profile.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileSelectServlet extends ProfileServlet {
@@ -61,7 +59,7 @@ public class ProfileSelectServlet extends ProfileServlet {
*/
private static final long serialVersionUID = -3765390650830903602L;
private static final String PROP_AUTHORITY_ID = "authorityId";
- private String mAuthorityId = null;
+ private String mAuthorityId = null;
public ProfileSelectServlet() {
}
@@ -76,7 +74,7 @@ public class ProfileSelectServlet extends ProfileServlet {
* <ul>
* <li>http.param profileId the id of the profile to select
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -96,10 +94,11 @@ public class ProfileSelectServlet extends ProfileServlet {
} catch (EBaseException e) {
CMS.debug("ProcessReqServlet: " + e.toString());
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHENTICATION_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -108,20 +107,20 @@ public class ProfileSelectServlet extends ProfileServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -133,14 +132,14 @@ public class ProfileSelectServlet extends ProfileServlet {
mProfileSubId = IProfileSubsystem.ID;
}
CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId);
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem) CMS
+ .getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileSelectServlet: ProfileSubsystem not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -149,22 +148,22 @@ public class ProfileSelectServlet extends ProfileServlet {
IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
if (authority == null) {
- CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId +
- " not found");
+ CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId
+ + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
IRequestQueue queue = authority.getRequestQueue();
if (queue == null) {
- CMS.debug("ProfileSelectServlet: Request Queue of " +
- mAuthorityId + " not found");
+ CMS.debug("ProfileSelectServlet: Request Queue of " + mAuthorityId
+ + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -179,8 +178,8 @@ public class ProfileSelectServlet extends ProfileServlet {
profile = ps.getProfile(profileId);
} catch (EProfileException e) {
// profile not found
- CMS.debug("ProfileSelectServlet: profile not found profileId=" +
- profileId + " " + e.toString());
+ CMS.debug("ProfileSelectServlet: profile not found profileId="
+ + profileId + " " + e.toString());
}
if (profile == null) {
args.set(ARG_ERROR_CODE, "1");
@@ -189,7 +188,7 @@ public class ProfileSelectServlet extends ProfileServlet {
outputTemplate(request, response, args);
return;
}
-
+
ArgList setlist = new ArgList();
Enumeration policySetIds = profile.getProfilePolicySetIds();
@@ -203,14 +202,14 @@ public class ProfileSelectServlet extends ProfileServlet {
if (policyIds != null) {
while (policyIds.hasMoreElements()) {
String id = (String) policyIds.nextElement();
- IProfilePolicy policy = (IProfilePolicy)
- profile.getProfilePolicy(setId, id);
+ IProfilePolicy policy = (IProfilePolicy) profile
+ .getProfilePolicy(setId, id);
// (3) query all the profile policies
- // (4) default plugins convert request parameters into string
- // http parameters
- handlePolicy(list, response, locale,
- id, policy);
+ // (4) default plugins convert request parameters into
+ // string
+ // http parameters
+ handlePolicy(list, response, locale, id, policy);
}
}
ArgSet setArg = new ArgSet();
@@ -224,29 +223,31 @@ public class ProfileSelectServlet extends ProfileServlet {
args.set(ARG_PROFILE_ID, profileId);
args.set(ARG_PROFILE_IS_ENABLED,
- Boolean.toString(ps.isProfileEnable(profileId)));
+ Boolean.toString(ps.isProfileEnable(profileId)));
args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
args.set(ARG_PROFILE_NAME, profile.getName(locale));
- args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
- args.set(ARG_PROFILE_IS_VISIBLE,
- Boolean.toString(profile.isVisible()));
+ args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
+ args.set(ARG_PROFILE_IS_VISIBLE, Boolean.toString(profile.isVisible()));
args.set(ARG_ERROR_CODE, "0");
args.set(ARG_ERROR_REASON, "");
try {
- boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false);
- if (keyArchivalEnabled == true) {
- CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true");
-
- // output transport certificate if present
- args.set("transportCert",
- CMS.getConfigStore().getString("ca.connector.KRA.transportCert", ""));
- } else {
- CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false");
- args.set("transportCert", "");
- }
+ boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean(
+ "ca.connector.KRA.enable", false);
+ if (keyArchivalEnabled == true) {
+ CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true");
+
+ // output transport certificate if present
+ args.set(
+ "transportCert",
+ CMS.getConfigStore().getString(
+ "ca.connector.KRA.transportCert", ""));
+ } else {
+ CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false");
+ args.set("transportCert", "");
+ }
} catch (EBaseException e) {
- CMS.debug("ProfileSelectServlet: exception caught:"+e.toString());
+ CMS.debug("ProfileSelectServlet: exception caught:" + e.toString());
}
// build authentication
@@ -259,7 +260,7 @@ public class ProfileSelectServlet extends ProfileServlet {
// authenticator not installed correctly
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHENTICATION_MANAGER_NOT_FOUND",
+ "CMS_AUTHENTICATION_MANAGER_NOT_FOUND",
profile.getAuthenticatorId()));
outputTemplate(request, response, args);
return;
@@ -272,8 +273,8 @@ public class ProfileSelectServlet extends ProfileServlet {
while (authNames.hasMoreElements()) {
ArgSet authset = new ArgSet();
String authName = (String) authNames.nextElement();
- IDescriptor authDesc =
- authenticator.getValueDescriptor(locale, authName);
+ IDescriptor authDesc = authenticator.getValueDescriptor(
+ locale, authName);
if (authDesc == null)
continue;
@@ -291,8 +292,8 @@ public class ProfileSelectServlet extends ProfileServlet {
args.set(ARG_AUTH_LIST, authlist);
args.set(ARG_AUTH_NAME, authenticator.getName(locale));
args.set(ARG_AUTH_DESC, authenticator.getText(locale));
- args.set(ARG_AUTH_IS_SSL,
- Boolean.toString(authenticator.isSSLClientRequired()));
+ args.set(ARG_AUTH_IS_SSL,
+ Boolean.toString(authenticator.isSSLClientRequired()));
}
// build input list
@@ -309,10 +310,10 @@ public class ProfileSelectServlet extends ProfileServlet {
ArgSet inputpluginset = new ArgSet();
inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId);
- inputpluginset.set(ARG_INPUT_PLUGIN_NAME,
- profileInput.getName(locale));
- inputpluginset.set(ARG_INPUT_PLUGIN_DESC,
- profileInput.getText(locale));
+ inputpluginset.set(ARG_INPUT_PLUGIN_NAME,
+ profileInput.getName(locale));
+ inputpluginset.set(ARG_INPUT_PLUGIN_DESC,
+ profileInput.getText(locale));
inputPluginlist.add(inputpluginset);
Enumeration inputNames = profileInput.getValueNames();
@@ -320,15 +321,17 @@ public class ProfileSelectServlet extends ProfileServlet {
if (inputNames != null) {
while (inputNames.hasMoreElements()) {
ArgSet inputset = new ArgSet();
- String inputName = (String) inputNames.nextElement();
- IDescriptor inputDesc = profileInput.getValueDescriptor(
- locale, inputName);
+ String inputName = (String) inputNames
+ .nextElement();
+ IDescriptor inputDesc = profileInput
+ .getValueDescriptor(locale, inputName);
if (inputDesc == null)
continue;
String inputSyntax = inputDesc.getSyntax();
String inputConstraint = inputDesc.getConstraint();
- String inputValueName = inputDesc.getDescription(locale);
+ String inputValueName = inputDesc
+ .getDescription(locale);
String inputValue = null;
inputset.set(ARG_INPUT_PLUGIN_ID, inputId);
@@ -352,8 +355,8 @@ public class ProfileSelectServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
- private void handlePolicy(ArgList list, ServletResponse response,
- Locale locale, String id, IProfilePolicy policy) {
+ private void handlePolicy(ArgList list, ServletResponse response,
+ Locale locale, String id, IProfilePolicy policy) {
ArgSet set = new ArgSet();
set.set(ARG_POLICY_ID, id);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
index 46f3797d..a5f1c6c7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.FileReader;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.base.UserInfo;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cms.servlet.common.Utils;
-
/**
* This servlet is the base class of all profile servlets.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileServlet extends CMSServlet {
@@ -67,12 +65,9 @@ public class ProfileServlet extends CMSServlet {
public final static String ARG_REQUEST_ID = "requestId";
public final static String ARG_REQUEST_TYPE = "requestType";
public final static String ARG_REQUEST_STATUS = "requestStatus";
- public final static String ARG_REQUEST_OWNER =
- "requestOwner";
- public final static String ARG_REQUEST_CREATION_TIME =
- "requestCreationTime";
- public final static String ARG_REQUEST_MODIFICATION_TIME =
- "requestModificationTime";
+ public final static String ARG_REQUEST_OWNER = "requestOwner";
+ public final static String ARG_REQUEST_CREATION_TIME = "requestCreationTime";
+ public final static String ARG_REQUEST_MODIFICATION_TIME = "requestModificationTime";
public final static String ARG_REQUEST_NONCE = "nonce";
public final static String ARG_AUTH_ID = "authId";
@@ -166,18 +161,18 @@ public class ProfileServlet extends CMSServlet {
super();
}
- /**
- * initialize the servlet. Servlets implementing this method
- * must specify the template to use as a parameter called
- * "templatePath" in the servletConfig
- *
+ /**
+ * initialize the servlet. Servlets implementing this method must specify
+ * the template to use as a parameter called "templatePath" in the
+ * servletConfig
+ *
* @param sc servlet configuration, read from the web.xml file
*/
- public void init(ServletConfig sc) throws ServletException {
+ public void init(ServletConfig sc) throws ServletException {
super.init(sc);
mTemplate = sc.getServletContext().getRealPath(
- sc.getInitParameter(PROP_TEMPLATE));
+ sc.getInitParameter(PROP_TEMPLATE));
mGetClientCert = sc.getInitParameter(PROP_CLIENTAUTH);
mAuthMgr = sc.getInitParameter(PROP_AUTHMGR);
mAuthz = (IAuthzSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTHZ);
@@ -193,47 +188,44 @@ public class ProfileServlet extends CMSServlet {
}
}
- protected String escapeXML(String v)
- {
- if (v == null) {
- return "";
- }
- v = v.replaceAll("&", "&amp;");
- return v;
+ protected String escapeXML(String v) {
+ if (v == null) {
+ return "";
+ }
+ v = v.replaceAll("&", "&amp;");
+ return v;
}
- protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v)
- {
- ps.println("<" + name + ">");
- if (v != null) {
- if (v instanceof ArgList) {
- ArgList list = (ArgList)v;
- ps.println("<list>");
- for (int i = 0; i < list.size(); i++) {
- outputArgValueAsXML(ps, name, list.get(i));
- }
- ps.println("</list>");
- } else if (v instanceof ArgString) {
- ArgString str = (ArgString)v;
- ps.println(escapeXML(str.getValue()));
- } else if (v instanceof ArgSet) {
- ArgSet set = (ArgSet)v;
- ps.println("<set>");
- Enumeration names = set.getNames();
- while (names.hasMoreElements()) {
- String n = (String)names.nextElement();
+ protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) {
+ ps.println("<" + name + ">");
+ if (v != null) {
+ if (v instanceof ArgList) {
+ ArgList list = (ArgList) v;
+ ps.println("<list>");
+ for (int i = 0; i < list.size(); i++) {
+ outputArgValueAsXML(ps, name, list.get(i));
+ }
+ ps.println("</list>");
+ } else if (v instanceof ArgString) {
+ ArgString str = (ArgString) v;
+ ps.println(escapeXML(str.getValue()));
+ } else if (v instanceof ArgSet) {
+ ArgSet set = (ArgSet) v;
+ ps.println("<set>");
+ Enumeration names = set.getNames();
+ while (names.hasMoreElements()) {
+ String n = (String) names.nextElement();
outputArgValueAsXML(ps, n, set.get(n));
- }
- ps.println("</set>");
- } else {
- ps.println(v);
- }
+ }
+ ps.println("</set>");
+ } else {
+ ps.println(v);
}
- ps.println("</" + name + ">");
+ }
+ ps.println("</" + name + ">");
}
- protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args)
- {
+ protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) {
PrintStream ps = new PrintStream(bos);
ps.println("<xml>");
outputArgValueAsXML(ps, "output", args);
@@ -241,9 +233,8 @@ public class ProfileServlet extends CMSServlet {
ps.flush();
}
- public void outputTemplate(HttpServletRequest request,
- HttpServletResponse response, ArgSet args)
- throws EBaseException {
+ public void outputTemplate(HttpServletRequest request,
+ HttpServletResponse response, ArgSet args) throws EBaseException {
String xmlOutput = request.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
@@ -251,32 +242,30 @@ public class ProfileServlet extends CMSServlet {
ByteArrayOutputStream bos = new ByteArrayOutputStream();
outputThisAsXML(bos, args);
try {
- response.setContentLength(bos.size());
- bos.writeTo(response.getOutputStream());
+ response.setContentLength(bos.size());
+ bos.writeTo(response.getOutputStream());
} catch (Exception e) {
CMS.debug("outputTemplate error " + e);
}
return;
}
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("output_template");
+ statsSub.startTiming("output_template");
}
BufferedReader reader = null;
try {
- reader = new BufferedReader(
- new FileReader(mTemplate));
+ reader = new BufferedReader(new FileReader(mTemplate));
response.setContentType("text/html; charset=UTF-8");
PrintWriter writer = response.getWriter();
-
// output template
String line = null;
do {
- line = reader.readLine();
+ line = reader.readLine();
if (line != null) {
if (line.indexOf("<CMS_TEMPLATE>") == -1) {
writer.println(line);
@@ -287,21 +276,20 @@ public class ProfileServlet extends CMSServlet {
writer.println("</script>");
}
}
- }
- while (line != null);
+ } while (line != null);
reader.close();
} catch (IOException e) {
- CMS.debug(e);
- throw new EBaseException(e.toString());
+ CMS.debug(e);
+ throw new EBaseException(e.toString());
} finally {
- if (statsSub != null) {
- statsSub.endTiming("output_template");
- }
+ if (statsSub != null) {
+ statsSub.endTiming("output_template");
+ }
}
}
protected void outputArgList(PrintWriter writer, String name, ArgList list)
- throws IOException {
+ throws IOException {
String h_name = null;
@@ -311,7 +299,7 @@ public class ProfileServlet extends CMSServlet {
h_name = name.substring(name.indexOf('.') + 1);
}
writer.println(name + "Set = new Array;");
- // writer.println(h_name + "Count = 0;");
+ // writer.println(h_name + "Count = 0;");
for (int i = 0; i < list.size(); i++) {
writer.println(h_name + " = new Object;");
@@ -342,27 +330,29 @@ public class ProfileServlet extends CMSServlet {
char c = in[i];
/* presumably this gives better performance */
- if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) {
+ if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
out[j++] = c;
continue;
}
/* some inputs are coming in as '\' and 'n' */
/* see BZ 500736 for details */
- if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
- in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
- in[i+1] == '<' || in[i+1] == '>' ||
- in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
- if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
- (in[i+3] == 'c' || in[i+3] == 'e')) {
+ if ((c == 0x5c)
+ && ((i + 1) < l)
+ && (in[i + 1] == 'n' || in[i + 1] == 'r'
+ || in[i + 1] == 'f' || in[i + 1] == 't'
+ || in[i + 1] == '<' || in[i + 1] == '>'
+ || in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+ if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3'
+ && (in[i + 3] == 'c' || in[i + 3] == 'e')) {
out[j++] = '\\';
- out[j++] = in[i+1];
- out[j++] = in[i+2];
- out[j++] = in[i+3];
+ out[j++] = in[i + 1];
+ out[j++] = in[i + 2];
+ out[j++] = in[i + 3];
i += 3;
- } else {
+ } else {
out[j++] = '\\';
- out[j++] = in[i+1];
+ out[j++] = in[i + 1];
i++;
}
continue;
@@ -420,19 +410,19 @@ public class ProfileServlet extends CMSServlet {
return new String(out, 0, j);
}
- protected void outputArgString(PrintWriter writer, String name, ArgString str)
- throws IOException {
+ protected void outputArgString(PrintWriter writer, String name,
+ ArgString str) throws IOException {
String s = str.getValue();
// sub \n with "\n"
if (s != null) {
- s = escapeJavaScriptString(s);
+ s = escapeJavaScriptString(s);
}
writer.println(name + "=\"" + s + "\";");
}
protected void outputArgSet(PrintWriter writer, String name, ArgSet set)
- throws IOException {
+ throws IOException {
Enumeration e = set.getNames();
while (e.hasMoreElements()) {
@@ -456,7 +446,7 @@ public class ProfileServlet extends CMSServlet {
}
protected void outputData(PrintWriter writer, ArgSet set)
- throws IOException {
+ throws IOException {
if (set == null)
return;
Enumeration e = set.getNames();
@@ -485,13 +475,12 @@ public class ProfileServlet extends CMSServlet {
* log according to authority category.
*/
protected void log(int event, int level, String msg) {
- mLogger.log(event, mLogCategory, level,
- "Servlet " + mId + ": " + msg);
+ mLogger.log(event, mLogCategory, level, "Servlet " + mId + ": " + msg);
}
protected void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
- "Servlet " + mId + ": " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, "Servlet " + mId
+ + ": " + msg);
}
/**
@@ -506,14 +495,12 @@ public class ProfileServlet extends CMSServlet {
locale = Locale.getDefault();
} else {
locale = new Locale(UserInfo.getUserLanguage(lang),
- UserInfo.getUserCountry(lang));
+ UserInfo.getUserCountry(lang));
}
return locale;
}
- protected void renderResult(CMSRequest cmsReq)
- throws IOException {
+ protected void renderResult(CMSRequest cmsReq) throws IOException {
// do nothing
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
index b00b13a9..d24f7332 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.io.InputStream;
import java.io.OutputStream;
import java.security.cert.CertificateEncodingException;
@@ -65,10 +64,9 @@ import com.netscape.cms.servlet.common.AuthCredentials;
import com.netscape.cms.servlet.common.CMCOutputTemplate;
import com.netscape.cms.servlet.common.CMSRequest;
-
/**
* This servlet submits end-user request into the profile framework.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProfileSubmitCMCServlet extends ProfileServlet {
@@ -89,27 +87,24 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
private String requestBinary = null;
private String requestB64 = null;
- private final static String[]
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-
- /* 0 */ "automated profile cert request rejection: "
+ private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+ /* 0 */"automated profile cert request rejection: "
+ "indeterminate reason for inability to process "
- + "cert request due to an EBaseException"
- };
- private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ + "cert request due to an EBaseException" };
+ private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
public ProfileSubmitCMCServlet() {
}
/**
- * initialize the servlet. And instance of this servlet can
- * be set up to always issue certificates against a certain profile
- * by setting the 'profileId' configuration in the servletConfig
- * If not, the user must specify the profileID when submitting the request
+ * initialize the servlet. And instance of this servlet can be set up to
+ * always issue certificates against a certain profile by setting the
+ * 'profileId' configuration in the servletConfig If not, the user must
+ * specify the profileID when submitting the request
*
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -120,7 +115,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
mRenderResult = false;
}
- private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) {
+ private void setInputsIntoContext(HttpServletRequest request,
+ IProfile profile, IProfileContext ctx) {
// passing inputs into context
Enumeration inputIds = profile.getProfileInputIds();
@@ -143,7 +139,8 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
}
- private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) {
+ private void setCredentialsIntoContext(HttpServletRequest request,
+ IProfileAuthenticator authenticator, IProfileContext ctx) {
Enumeration authIds = authenticator.getValueNames();
if (authIds != null) {
@@ -158,7 +155,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
}
public IAuthToken authenticate(IProfileAuthenticator authenticator,
- HttpServletRequest request) throws EBaseException {
+ HttpServletRequest request) throws EBaseException {
AuthCredentials credentials = new AuthCredentials();
// build credential
@@ -177,19 +174,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
IAuthToken authToken = authenticator.authenticate(credentials);
SessionContext sc = SessionContext.getContext();
- if (sc != null) {
- sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
- String userid = authToken.getInString(IAuthToken.USER_ID);
- if (userid != null) {
- sc.put(SessionContext.USER_ID, userid);
- }
+ if (sc != null) {
+ sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+ String userid = authToken.getInString(IAuthToken.USER_ID);
+ if (userid != null) {
+ sc.put(SessionContext.USER_ID, userid);
+ }
}
return authToken;
}
- private void setInputsIntoRequest(HttpServletRequest request, IProfile
-profile, IRequest req) {
+ private void setInputsIntoRequest(HttpServletRequest request,
+ IProfile profile, IRequest req) {
Enumeration inputIds = profile.getProfileInputIds();
if (inputIds != null) {
@@ -203,7 +200,8 @@ profile, IRequest req) {
String inputName = (String) inputNames.nextElement();
if (request.getParameter(inputName) != null) {
- req.setExtData(inputName, request.getParameter(inputName));
+ req.setExtData(inputName,
+ request.getParameter(inputName));
}
}
}
@@ -216,7 +214,7 @@ profile, IRequest req) {
* <P>
*
* (Certificate Request Processed - either an automated "EE" profile based
- * cert acceptance, or an automated "EE" profile based cert rejection)
+ * cert acceptance, or an automated "EE" profile based cert rejection)
* <P>
*
* <ul>
@@ -224,6 +222,7 @@ profile, IRequest req) {
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
* certificate request has just been through the approval process
* </ul>
+ *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
@@ -233,8 +232,8 @@ profile, IRequest req) {
Locale locale = getLocale(request);
ArgSet args = new ArgSet();
- String cert_request_type =
- mServletConfig.getInitParameter("cert_request_type");
+ String cert_request_type = mServletConfig
+ .getInitParameter("cert_request_type");
String outputFormat = mServletConfig.getInitParameter("outputFormat");
int reqlen = request.getContentLength();
@@ -268,30 +267,30 @@ profile, IRequest req) {
while (paramNames.hasMoreElements()) {
String paramName = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
- // all sensitive parameters should be prefixed with
+ // all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( paramName.startsWith("__") ||
- paramName.endsWith("password") ||
- paramName.endsWith("passwd") ||
- paramName.endsWith("pwd") ||
- paramName.equalsIgnoreCase("admin_password_again") ||
- paramName.equalsIgnoreCase("directoryManagerPwd") ||
- paramName.equalsIgnoreCase("bindpassword") ||
- paramName.equalsIgnoreCase("bindpwd") ||
- paramName.equalsIgnoreCase("passwd") ||
- paramName.equalsIgnoreCase("password") ||
- paramName.equalsIgnoreCase("pin") ||
- paramName.equalsIgnoreCase("pwd") ||
- paramName.equalsIgnoreCase("pwdagain") ||
- paramName.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
- paramName + "='(sensitive)'");
+ if (paramName.startsWith("__")
+ || paramName.endsWith("password")
+ || paramName.endsWith("passwd")
+ || paramName.endsWith("pwd")
+ || paramName.equalsIgnoreCase("admin_password_again")
+ || paramName.equalsIgnoreCase("directoryManagerPwd")
+ || paramName.equalsIgnoreCase("bindpassword")
+ || paramName.equalsIgnoreCase("bindpwd")
+ || paramName.equalsIgnoreCase("passwd")
+ || paramName.equalsIgnoreCase("password")
+ || paramName.equalsIgnoreCase("pin")
+ || paramName.equalsIgnoreCase("pwd")
+ || paramName.equalsIgnoreCase("pwdagain")
+ || paramName.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("ProfileSubmitCMCServlet Input Parameter "
+ + paramName + "='(sensitive)'");
} else {
- CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
- paramName + "='" +
- request.getParameter(paramName) + "'");
+ CMS.debug("ProfileSubmitCMCServlet Input Parameter "
+ + paramName + "='"
+ + request.getParameter(paramName) + "'");
}
}
CMS.debug("End of ProfileSubmitCMCServlet Input Parameters");
@@ -303,8 +302,8 @@ profile, IRequest req) {
mProfileSubId = IProfileSubsystem.ID;
}
CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId);
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem) CMS
+ .getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found");
@@ -313,11 +312,12 @@ profile, IRequest req) {
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
+ s = new UTF8String(CMS.getUserMessage(locale,
+ "CMS_INTERNAL_ERROR"));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
@@ -331,14 +331,14 @@ profile, IRequest req) {
profileId = mProfileId;
}
- IProfile profile = null;
+ IProfile profile = null;
- try {
+ try {
CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId);
- profile = ps.getProfile(profileId);
- } catch (EProfileException e) {
- CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " +
- profileId + " " + e.toString());
+ profile = ps.getProfile(profileId);
+ } catch (EProfileException e) {
+ CMS.debug("ProfileSubmitCMCServlet: profile not found profileId "
+ + profileId + " " + e.toString());
}
if (profile == null) {
CMCOutputTemplate template = new CMCOutputTemplate();
@@ -346,27 +346,29 @@ profile, IRequest req) {
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
+ s = new UTF8String(CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_FOUND", profileId));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
if (!ps.isProfileEnable(profileId)) {
- CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId +
- " not enabled");
+ CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId
+ + " not enabled");
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String(CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
+ s = new UTF8String(CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_FOUND", profileId));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
@@ -386,8 +388,8 @@ profile, IRequest req) {
if (authenticator == null) {
CMS.debug("ProfileSubmitCMCServlet: authenticator not found");
} else {
- CMS.debug("ProfileSubmitCMCServlet: authenticator " +
- authenticator.getName() + " found");
+ CMS.debug("ProfileSubmitCMCServlet: authenticator "
+ + authenticator.getName() + " found");
setCredentialsIntoContext(request, authenticator, ctx);
}
@@ -403,39 +405,39 @@ profile, IRequest req) {
SessionContext context = SessionContext.getContext();
// insert profile context so that input parameter can be retrieved
- context.put("profileContext", ctx);
- context.put("sslClientCertProvider",
- new SSLClientCertProvider(request));
+ context.put("profileContext", ctx);
+ context.put("sslClientCertProvider", new SSLClientCertProvider(request));
CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider");
- if (authenticator != null) {
+ if (authenticator != null) {
try {
authToken = authenticate(authenticator, request);
// authentication success
} catch (EBaseException e) {
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
- seq.addElement(new INTEGER(0));
+ seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String(e.toString());
+ s = new UTF8String(e.toString());
} catch (Exception ee) {
}
- template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.BAD_REQUEST, s);
- CMS.debug("ProfileSubmitCMCServlet: authentication error " +
- e.toString());
+ template.createFullResponseWithFailedStatus(response, seq,
+ OtherInfo.BAD_REQUEST, s);
+ CMS.debug("ProfileSubmitCMCServlet: authentication error "
+ + e.toString());
return;
}
- //authorization only makes sense when request is authenticated
+ // authorization only makes sense when request is authenticated
AuthzToken authzToken = null;
if (authToken != null) {
CMS.debug("ProfileSubmitCMCServlet authToken not null");
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "submit");
+ mAuthzResourceName, "submit");
} catch (Exception e) {
- CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString());
+ CMS.debug("ProfileSubmitCMCServlet authorization failure: "
+ + e.toString());
}
}
@@ -446,20 +448,21 @@ profile, IRequest req) {
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String("ProfileSubmitCMCServlet authorization failure");
+ s = new UTF8String(
+ "ProfileSubmitCMCServlet authorization failure");
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.BAD_REQUEST, s);
+ OtherInfo.BAD_REQUEST, s);
return;
}
}
IRequest reqs[] = null;
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
// create request
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
try {
reqs = profile.createRequests(ctx, locale);
} catch (EProfileException e) {
@@ -473,7 +476,7 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
} catch (Throwable e) {
CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString());
@@ -482,21 +485,22 @@ profile, IRequest req) {
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String(CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
+ s = new UTF8String(CMS.getUserMessage(locale,
+ "CMS_INTERNAL_ERROR"));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
- TaggedAttribute attr =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
+ TaggedAttribute attr = (TaggedAttribute) (context
+ .get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
if (attr != null) {
boolean verifyAllow = true;
try {
verifyAllow = CMS.getConfigStore().getBoolean(
- "cmc.lraPopWitness.verify.allow", true);
+ "cmc.lraPopWitness.verify.allow", true);
} catch (EBaseException ee) {
}
@@ -505,18 +509,19 @@ profile, IRequest req) {
SET vals = attr.getValues();
if (vals.size() > 0) {
try {
- lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(),
- ASN1Util.encode(vals.elementAt(0))));
+ lraPop = (LraPopWitness) (ASN1Util.decode(
+ LraPopWitness.getTemplate(),
+ ASN1Util.encode(vals.elementAt(0))));
} catch (InvalidBERException e) {
- CMS.debug(
- CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
+ CMS.debug(CMS.getUserMessage(locale,
+ "CMS_PROFILE_ENCODING_ERROR"));
}
SEQUENCE bodyIds = lraPop.getBodyIds();
CMCOutputTemplate template = new CMCOutputTemplate();
- template.createFullResponseWithFailedStatus(response, bodyIds,
- OtherInfo.POP_FAILED, null);
+ template.createFullResponseWithFailedStatus(response,
+ bodyIds, OtherInfo.POP_FAILED, null);
return;
}
}
@@ -524,53 +529,54 @@ profile, IRequest req) {
// for CMC, requests may be zero. Then check if controls exist.
if (reqs == null) {
- Integer nums = (Integer)(context.get("numOfControls"));
+ Integer nums = (Integer) (context.get("numOfControls"));
CMCOutputTemplate template = new CMCOutputTemplate();
// if there is only one control GetCert, then simple response
- // must be returned.
+ // must be returned.
if (nums != null && nums.intValue() == 1) {
- TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+ TaggedAttribute attr1 = (TaggedAttribute) (context
+ .get(OBJECT_IDENTIFIER.id_cmc_getCert));
if (attr1 != null) {
template.createSimpleResponse(response, reqs);
} else
- template.createFullResponse(response, reqs,
- cert_request_type, null);
+ template.createFullResponse(response, reqs,
+ cert_request_type, null);
} else
- template.createFullResponse(response, reqs,
- cert_request_type, null);
+ template.createFullResponse(response, reqs, cert_request_type,
+ null);
return;
}
String errorCode = null;
- String errorReason = null;
+ String errorReason = null;
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
// populate request
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
for (int k = 0; k < reqs.length; k++) {
// adding parameters to request
setInputsIntoRequest(request, profile, reqs[k]);
// serial auth token into request
if (authToken != null) {
- Enumeration tokenNames = authToken.getElements();
- while (tokenNames.hasMoreElements()) {
- String tokenName = (String)tokenNames.nextElement();
- String[] vals = authToken.getInStringArray(tokenName);
- if (vals != null) {
- for (int i = 0; i < vals.length; i++) {
- reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
- tokenName + "[" + i + "]", vals[i]);
- }
- } else {
- String val = authToken.getInString(tokenName);
- if (val != null) {
- reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
- val);
- }
- }
- }
- }
+ Enumeration tokenNames = authToken.getElements();
+ while (tokenNames.hasMoreElements()) {
+ String tokenName = (String) tokenNames.nextElement();
+ String[] vals = authToken.getInStringArray(tokenName);
+ if (vals != null) {
+ for (int i = 0; i < vals.length; i++) {
+ reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName
+ + "[" + i + "]", vals[i]);
+ }
+ } else {
+ String val = authToken.getInString(tokenName);
+ if (val != null) {
+ reqs[k].setExtData(
+ ARG_AUTH_TOKEN + "." + tokenName, val);
+ }
+ }
+ }
+ }
// put profile framework parameters into the request
reqs[k].setExtData(ARG_PROFILE, "true");
@@ -585,11 +591,12 @@ profile, IRequest req) {
seq.addElement(new INTEGER(0));
UTF8String s = null;
try {
- s = new UTF8String(CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
+ s = new UTF8String(
+ CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
@@ -598,13 +605,13 @@ profile, IRequest req) {
reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
- CMS.debug("ProfileSubmitCMCServlet: request " +
- reqs[k].getRequestId().toString());
+ CMS.debug("ProfileSubmitCMCServlet: request "
+ + reqs[k].getRequestId().toString());
try {
CMS.debug("ProfileSubmitCMCServlet: populating request inputs");
// give authenticator a chance to populate the request
- if (authenticator != null) {
+ if (authenticator != null) {
authenticator.populate(authToken, reqs[k]);
}
profile.populateInput(ctx, reqs[k]);
@@ -620,12 +627,12 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.BAD_REQUEST, s);
+ OtherInfo.BAD_REQUEST, s);
return;
} catch (Throwable e) {
CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString());
- // throw new IOException("Profile " + profileId +
- // " cannot populate");
+ // throw new IOException("Profile " + profileId +
+ // " cannot populate");
CMCOutputTemplate template = new CMCOutputTemplate();
SEQUENCE seq = new SEQUENCE();
seq.addElement(new INTEGER(0));
@@ -635,7 +642,7 @@ profile, IRequest req) {
} catch (Exception ee) {
}
template.createFullResponseWithFailedStatus(response, seq,
- OtherInfo.INTERNAL_CA_ERROR, s);
+ OtherInfo.INTERNAL_CA_ERROR, s);
return;
}
}
@@ -647,28 +654,28 @@ profile, IRequest req) {
int responseType = 0;
try {
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
// submit request
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
int error_codes[] = null;
if (reqs != null && reqs.length > 0)
- error_codes = new int[reqs.length];
+ error_codes = new int[reqs.length];
for (int k = 0; k < reqs.length; k++) {
try {
// reset the "auditRequesterID"
auditRequesterID = auditRequesterID(reqs[k]);
-
// print request debug
if (reqs[k] != null) {
- Enumeration reqKeys = reqs[k].getExtDataKeys();
- while (reqKeys.hasMoreElements()) {
- String reqKey = (String)reqKeys.nextElement();
- String reqVal = reqs[k].getExtDataInString(reqKey);
- if (reqVal != null) {
- CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal);
+ Enumeration reqKeys = reqs[k].getExtDataKeys();
+ while (reqKeys.hasMoreElements()) {
+ String reqKey = (String) reqKeys.nextElement();
+ String reqVal = reqs[k].getExtDataInString(reqKey);
+ if (reqVal != null) {
+ CMS.debug("ProfileSubmitCMCServlet: key=$request."
+ + reqKey + "$ value=" + reqVal);
+ }
}
- }
}
profile.submit(authToken, reqs[k]);
@@ -678,16 +685,16 @@ profile, IRequest req) {
auditInfoCertValue = auditInfoCertValue(reqs[k]);
if (auditInfoCertValue != null) {
- if (!(auditInfoCertValue.equals(
- ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
+ if (!(auditInfoCertValue
+ .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue);
audit(auditMessage);
}
@@ -696,53 +703,50 @@ profile, IRequest req) {
// return defer message to the user
reqs[k].setRequestStatus(RequestStatus.PENDING);
// need to notify
- INotify notify = profile.getRequestQueue().getPendingNotify();
+ INotify notify = profile.getRequestQueue()
+ .getPendingNotify();
if (notify != null) {
- notify.notify(reqs[k]);
+ notify.notify(reqs[k]);
}
-
+
CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
errorCode = "2";
errorReason = CMS.getUserMessage(locale,
- "CMS_PROFILE_DEFERRED",
- e.toString());
+ "CMS_PROFILE_DEFERRED", e.toString());
} catch (ERejectException e) {
- // return error to the user
+ // return error to the user
reqs[k].setRequestStatus(RequestStatus.REJECTED);
CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
errorCode = "3";
errorReason = CMS.getUserMessage(locale,
- "CMS_PROFILE_REJECTED",
- e.toString());
+ "CMS_PROFILE_REJECTED", e.toString());
} catch (Throwable e) {
// return error to the user
CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
errorCode = "1";
errorReason = CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR");
+ "CMS_INTERNAL_ERROR");
}
- try {
+ try {
if (errorCode == null) {
profile.getRequestQueue().markAsServiced(reqs[k]);
} else {
profile.getRequestQueue().updateRequest(reqs[k]);
}
} catch (EBaseException e) {
- CMS.debug("ProfileSubmitCMCServlet: updateRequest " +
- e.toString());
+ CMS.debug("ProfileSubmitCMCServlet: updateRequest "
+ + e.toString());
}
if (errorCode != null) {
if (errorCode.equals("1")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- errorReason);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION, errorReason);
audit(auditMessage);
} else if (errorCode.equals("2")) {
@@ -752,12 +756,10 @@ profile, IRequest req) {
} else if (errorCode.equals("3")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- errorReason);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION, errorReason);
audit(auditMessage);
}
@@ -769,45 +771,47 @@ profile, IRequest req) {
if (errorCode != null) {
// create the CMC full enrollment response
CMCOutputTemplate template = new CMCOutputTemplate();
- template.createFullResponse(response, reqs, cert_request_type, error_codes);
+ template.createFullResponse(response, reqs, cert_request_type,
+ error_codes);
return;
}
- ///////////////////////////////////////////////
- // output output list
- ///////////////////////////////////////////////
-
- CMS.debug("ProfileSubmitCMCServlet: done serving");
- CMCOutputTemplate template = new CMCOutputTemplate();
- if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) {
-
- if (outputFormat != null &&outputFormat.equals("pkcs7")) {
- byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]);
- response.setContentType("application/pkcs7-mime");
- response.setContentLength(pkcs7.length);
- try {
- OutputStream os = response.getOutputStream();
- os.write(pkcs7);
- os.flush();
- } catch (Exception ee) {
- }
- return;
- }
- template.createSimpleResponse(response, reqs);
- } else if (cert_request_type.equals("cmc")) {
- Integer nums = (Integer)(context.get("numOfControls"));
- if (nums != null && nums.intValue() == 1) {
- TaggedAttribute attr1 =
- (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
- if (attr1 != null) {
- template.createSimpleResponse(response, reqs);
- return;
- }
- }
- template.createFullResponse(response, reqs, cert_request_type,
- error_codes);
- }
+ // /////////////////////////////////////////////
+ // output output list
+ // /////////////////////////////////////////////
+
+ CMS.debug("ProfileSubmitCMCServlet: done serving");
+ CMCOutputTemplate template = new CMCOutputTemplate();
+ if (cert_request_type.equals("pkcs10")
+ || cert_request_type.equals("crmf")) {
+
+ if (outputFormat != null && outputFormat.equals("pkcs7")) {
+ byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]);
+ response.setContentType("application/pkcs7-mime");
+ response.setContentLength(pkcs7.length);
+ try {
+ OutputStream os = response.getOutputStream();
+ os.write(pkcs7);
+ os.flush();
+ } catch (Exception ee) {
+ }
+ return;
+ }
+ template.createSimpleResponse(response, reqs);
+ } else if (cert_request_type.equals("cmc")) {
+ Integer nums = (Integer) (context.get("numOfControls"));
+ if (nums != null && nums.intValue() == 1) {
+ TaggedAttribute attr1 = (TaggedAttribute) (context
+ .get(OBJECT_IDENTIFIER.id_cmc_getCert));
+ if (attr1 != null) {
+ template.createSimpleResponse(response, reqs);
+ return;
+ }
+ }
+ template.createFullResponse(response, reqs, cert_request_type,
+ error_codes);
+ }
} finally {
SessionContext.releaseContext();
}
@@ -815,11 +819,11 @@ profile, IRequest req) {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param request the actual request
* @return id string containing the signed audit log message RequesterID
*/
@@ -845,11 +849,11 @@ profile, IRequest req) {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param request request containing an X509CertImpl
* @return cert string containing the certificate
*/
@@ -859,8 +863,8 @@ profile, IRequest req) {
return null;
}
- X509CertImpl x509cert = request.getExtDataInCert(
- IEnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl x509cert = request
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
if (x509cert == null) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 184a82b2..626b3578 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.profile;
-
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
@@ -72,10 +71,9 @@ import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.cmsutil.util.Cert;
import com.netscape.cmsutil.xml.XMLObject;
-
/**
* This servlet submits end-user request into the profile framework.
- *
+ *
* @author Christina Fu (renewal support)
* @version $Revision$, $Date$
*/
@@ -97,34 +95,27 @@ public class ProfileSubmitServlet extends ProfileServlet {
private String mReqType = null;
private String mAuthorityId = null;
- private final static String[]
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-
- /* 0 */ "automated profile cert request rejection: "
- + "indeterminate reason for inability to process "
- + "cert request due to an EBaseException"
- };
- private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
+ private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
- private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
- "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
- private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
- "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+ /* 0 */"automated profile cert request rejection: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to an EBaseException" };
+ private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL = "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+ private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS = "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
public ProfileSubmitServlet() {
}
/**
- * initialize the servlet. And instance of this servlet can
- * be set up to always issue certificates against a certain profile
- * by setting the 'profileId' configuration in the servletConfig
- * If not, the user must specify the profileID when submitting the request
+ * initialize the servlet. And instance of this servlet can be set up to
+ * always issue certificates against a certain profile by setting the
+ * 'profileId' configuration in the servletConfig If not, the user must
+ * specify the profileID when submitting the request
*
* "ImportCert.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -133,7 +124,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
mProfileId = sc.getInitParameter(PROP_PROFILE_ID);
}
- private void setInputsIntoContext(HttpServletRequest request, IProfile profile, IProfileContext ctx) {
+ private void setInputsIntoContext(HttpServletRequest request,
+ IProfile profile, IProfileContext ctx) {
// passing inputs into context
Enumeration inputIds = profile.getProfileInputIds();
@@ -146,9 +138,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
while (inputNames.hasMoreElements()) {
String inputName = (String) inputNames.nextElement();
if (request.getParameter(inputName) != null) {
- // all subject name parameters start with sn_, no other input parameters do
+ // all subject name parameters start with sn_, no other
+ // input parameters do
if (inputName.matches("^sn_.*")) {
- ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString());
+ ctx.set(inputName,
+ escapeValueRfc1779(
+ request.getParameter(inputName),
+ false).toString());
} else {
ctx.set(inputName, request.getParameter(inputName));
}
@@ -159,12 +155,12 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
- /*
- * fill input info from "request" to context.
- * This is expected to be used by renewal where the request
- * is retrieved from request record
+ /*
+ * fill input info from "request" to context. This is expected to be used by
+ * renewal where the request is retrieved from request record
*/
- private void setInputsIntoContext(IRequest request, IProfile profile, IProfileContext ctx, Locale locale) {
+ private void setInputsIntoContext(IRequest request, IProfile profile,
+ IProfileContext ctx, Locale locale) {
// passing inputs into context
Enumeration inputIds = profile.getProfileInputIds();
@@ -177,15 +173,19 @@ public class ProfileSubmitServlet extends ProfileServlet {
while (inputNames.hasMoreElements()) {
String inputName = (String) inputNames.nextElement();
String inputValue = "";
- CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getting input name= " + inputName);
+ CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getting input name= "
+ + inputName);
try {
- inputValue = profileInput.getValue(inputName, locale, request);
+ inputValue = profileInput.getValue(inputName, locale,
+ request);
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getvalue() failed: " + e.toString());
+ CMS.debug("ProfileSubmitServlet: setInputsIntoContext() getvalue() failed: "
+ + e.toString());
}
if (inputValue != null) {
- CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue);
+ CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"
+ + inputValue);
ctx.set(inputName, inputValue);
} else {
CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null");
@@ -196,9 +196,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
-
-
- private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) {
+ private void setCredentialsIntoContext(HttpServletRequest request,
+ IProfileAuthenticator authenticator, IProfileContext ctx) {
Enumeration authIds = authenticator.getValueNames();
if (authIds != null) {
@@ -206,8 +205,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
while (authIds.hasMoreElements()) {
String authName = (String) authIds.nextElement();
- CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+
- authName);
+ CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"
+ + authName);
if (request.getParameter(authName) != null) {
CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request");
ctx.set(authName, request.getParameter(authName));
@@ -232,7 +231,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
String n = t.substring(0, i);
if (n.equalsIgnoreCase("uid")) {
String v = t.substring(i + 1);
- CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v);
+ CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"
+ + v);
return v;
} else {
continue;
@@ -242,70 +242,74 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
/*
- * authenticate for renewal - more to add necessary params/values
- * to the session context
+ * authenticate for renewal - more to add necessary params/values to the
+ * session context
*/
public IAuthToken authenticate(IProfileAuthenticator authenticator,
- HttpServletRequest request, IRequest origReq, SessionContext context)
- throws EBaseException {
- IAuthToken authToken = authenticate(authenticator, request);
- // For renewal, fill in necessary params
- if (authToken!= null) {
- String ouid = origReq.getExtDataInString("auth_token.uid");
- // if the orig cert was manually approved, then there was
- // no auth token uid. Try to get the uid from the cert dn
- // itself, if possible
- if (ouid == null) {
- String sdn = (String) context.get("origSubjectDN");
- if (sdn != null) {
- ouid = getUidFromDN(sdn);
- if (ouid != null)
- CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
- }
- } else {
- CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token");
- }
- String auid = authToken.getInString("uid");
- if (auid != null) { // not through ssl client auth
- CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid);
- // authenticated with uid
- // put "orig_req.auth_token.uid" so that authz with
- // UserOrigReqAccessEvaluator will work
- if (ouid != null) {
- context.put("orig_req.auth_token.uid", ouid);
- CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid);
- } else {
- CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
- }
- } else { // through ssl client auth?
- CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:");
- // put in orig_req's uid
- if (ouid != null) {
- CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken");
- authToken.set("uid", ouid);
- context.put(SessionContext.USER_ID, ouid);
- } else {
- CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found");
-// throw new EBaseException("origReq uid not found");
- }
- }
-
- String userdn = origReq.getExtDataInString("auth_token.userdn");
- if (userdn != null) {
- CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken");
- authToken.set("userdn", userdn);
- } else {
- CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found");
-// throw new EBaseException("origReq userdn not found");
- }
+ HttpServletRequest request, IRequest origReq, SessionContext context)
+ throws EBaseException {
+ IAuthToken authToken = authenticate(authenticator, request);
+ // For renewal, fill in necessary params
+ if (authToken != null) {
+ String ouid = origReq.getExtDataInString("auth_token.uid");
+ // if the orig cert was manually approved, then there was
+ // no auth token uid. Try to get the uid from the cert dn
+ // itself, if possible
+ if (ouid == null) {
+ String sdn = (String) context.get("origSubjectDN");
+ if (sdn != null) {
+ ouid = getUidFromDN(sdn);
+ if (ouid != null)
+ CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
+ }
+ } else {
+ CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token");
+ }
+ String auid = authToken.getInString("uid");
+ if (auid != null) { // not through ssl client auth
+ CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"
+ + auid);
+ // authenticated with uid
+ // put "orig_req.auth_token.uid" so that authz with
+ // UserOrigReqAccessEvaluator will work
+ if (ouid != null) {
+ context.put("orig_req.auth_token.uid", ouid);
+ CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"
+ + ouid);
} else {
- CMS.debug("ProfileSubmitServlet: renewal: authToken null");
+ CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
}
- return authToken;
+ } else { // through ssl client auth?
+ CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:");
+ // put in orig_req's uid
+ if (ouid != null) {
+ CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:"
+ + ouid + ". Setting authtoken");
+ authToken.set("uid", ouid);
+ context.put(SessionContext.USER_ID, ouid);
+ } else {
+ CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found");
+ // throw new EBaseException("origReq uid not found");
+ }
+ }
+
+ String userdn = origReq.getExtDataInString("auth_token.userdn");
+ if (userdn != null) {
+ CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"
+ + userdn + ". Setting authtoken");
+ authToken.set("userdn", userdn);
+ } else {
+ CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found");
+ // throw new EBaseException("origReq userdn not found");
+ }
+ } else {
+ CMS.debug("ProfileSubmitServlet: renewal: authToken null");
+ }
+ return authToken;
}
public IAuthToken authenticate(IProfileAuthenticator authenticator,
- HttpServletRequest request) throws EBaseException {
+ HttpServletRequest request) throws EBaseException {
AuthCredentials credentials = new AuthCredentials();
// build credential
@@ -323,18 +327,19 @@ public class ProfileSubmitServlet extends ProfileServlet {
IAuthToken authToken = authenticator.authenticate(credentials);
SessionContext sc = SessionContext.getContext();
- if (sc != null) {
- sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
- String userid = authToken.getInString(IAuthToken.USER_ID);
- if (userid != null) {
- sc.put(SessionContext.USER_ID, userid);
- }
+ if (sc != null) {
+ sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+ String userid = authToken.getInString(IAuthToken.USER_ID);
+ if (userid != null) {
+ sc.put(SessionContext.USER_ID, userid);
+ }
}
return authToken;
}
- private void setInputsIntoRequest(HttpServletRequest request, IProfile profile, IRequest req) {
+ private void setInputsIntoRequest(HttpServletRequest request,
+ IProfile profile, IRequest req) {
Enumeration inputIds = profile.getProfileInputIds();
if (inputIds != null) {
@@ -348,11 +353,17 @@ public class ProfileSubmitServlet extends ProfileServlet {
String inputName = (String) inputNames.nextElement();
if (request.getParameter(inputName) != null) {
- // special characters in subject names parameters must be escaped
+ // special characters in subject names parameters
+ // must be escaped
if (inputName.matches("^sn_.*")) {
- req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString());
+ req.setExtData(
+ inputName,
+ escapeValueRfc1779(
+ request.getParameter(inputName),
+ false).toString());
} else {
- req.setExtData(inputName, request.getParameter(inputName));
+ req.setExtData(inputName,
+ request.getParameter(inputName));
}
}
}
@@ -361,12 +372,12 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
}
- /*
- * fill input info from orig request to the renew request.
- * This is expected to be used by renewal where the request
- * is retrieved from request record
+ /*
+ * fill input info from orig request to the renew request. This is expected
+ * to be used by renewal where the request is retrieved from request record
*/
- private void setInputsIntoRequest(IRequest request, IProfile profile, IRequest req, Locale locale) {
+ private void setInputsIntoRequest(IRequest request, IProfile profile,
+ IRequest req, Locale locale) {
// passing inputs into request
Enumeration inputIds = profile.getProfileInputIds();
@@ -379,15 +390,19 @@ public class ProfileSubmitServlet extends ProfileServlet {
while (inputNames.hasMoreElements()) {
String inputName = (String) inputNames.nextElement();
String inputValue = "";
- CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getting input name= " + inputName);
+ CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getting input name= "
+ + inputName);
try {
- inputValue = profileInput.getValue(inputName, locale, request);
+ inputValue = profileInput.getValue(inputName, locale,
+ request);
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getvalue() failed: " + e.toString());
+ CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() getvalue() failed: "
+ + e.toString());
}
if (inputValue != null) {
- CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue);
+ CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"
+ + inputValue);
req.setExtData(inputName, inputValue);
} else {
CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null");
@@ -398,13 +413,15 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
- private void setOutputIntoArgs(IProfile profile, ArgList outputlist, Locale locale, IRequest req) {
+ private void setOutputIntoArgs(IProfile profile, ArgList outputlist,
+ Locale locale, IRequest req) {
Enumeration outputIds = profile.getProfileOutputIds();
if (outputIds != null) {
while (outputIds.hasMoreElements()) {
String outputId = (String) outputIds.nextElement();
- IProfileOutput profileOutput = profile.getProfileOutput(outputId);
+ IProfileOutput profileOutput = profile
+ .getProfileOutput(outputId);
Enumeration outputNames = profileOutput.getValueNames();
@@ -412,19 +429,20 @@ public class ProfileSubmitServlet extends ProfileServlet {
while (outputNames.hasMoreElements()) {
ArgSet outputset = new ArgSet();
String outputName = (String) outputNames.nextElement();
- IDescriptor outputDesc =
- profileOutput.getValueDescriptor(locale, outputName);
+ IDescriptor outputDesc = profileOutput
+ .getValueDescriptor(locale, outputName);
if (outputDesc == null)
continue;
String outputSyntax = outputDesc.getSyntax();
String outputConstraint = outputDesc.getConstraint();
- String outputValueName = outputDesc.getDescription(locale);
+ String outputValueName = outputDesc
+ .getDescription(locale);
String outputValue = null;
try {
- outputValue = profileOutput.getValue(outputName,
- locale, req);
+ outputValue = profileOutput.getValue(outputName,
+ locale, req);
} catch (EProfileException e) {
CMS.debug("ProfileSubmitServlet: " + e.toString());
}
@@ -446,7 +464,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
* <P>
*
* (Certificate Request Processed - either an automated "EE" profile based
- * cert acceptance, or an automated "EE" profile based cert rejection)
+ * cert acceptance, or an automated "EE" profile based cert rejection)
* <P>
*
* <ul>
@@ -454,6 +472,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
* certificate request has just been through the approval process
* </ul>
+ *
* @param cmsReq the object holding the request and response information
* @exception EBaseException an error has occurred
*/
@@ -476,9 +495,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
CMS.debug("xmlOutput false");
}
- IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+ IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
if (statsSub != null) {
- statsSub.startTiming("enrollment", true /* main action */);
+ statsSub.startTiming("enrollment", true /* main action */);
}
long startTime = CMS.getCurrentDate().getTime();
@@ -492,30 +511,30 @@ public class ProfileSubmitServlet extends ProfileServlet {
while (paramNames.hasMoreElements()) {
String paramName = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
- // all sensitive parameters should be prefixed with
+ // all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( paramName.startsWith("__") ||
- paramName.endsWith("password") ||
- paramName.endsWith("passwd") ||
- paramName.endsWith("pwd") ||
- paramName.equalsIgnoreCase("admin_password_again") ||
- paramName.equalsIgnoreCase("directoryManagerPwd") ||
- paramName.equalsIgnoreCase("bindpassword") ||
- paramName.equalsIgnoreCase("bindpwd") ||
- paramName.equalsIgnoreCase("passwd") ||
- paramName.equalsIgnoreCase("password") ||
- paramName.equalsIgnoreCase("pin") ||
- paramName.equalsIgnoreCase("pwd") ||
- paramName.equalsIgnoreCase("pwdagain") ||
- paramName.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("ProfileSubmitServlet Input Parameter " +
- paramName + "='(sensitive)'");
+ if (paramName.startsWith("__")
+ || paramName.endsWith("password")
+ || paramName.endsWith("passwd")
+ || paramName.endsWith("pwd")
+ || paramName.equalsIgnoreCase("admin_password_again")
+ || paramName.equalsIgnoreCase("directoryManagerPwd")
+ || paramName.equalsIgnoreCase("bindpassword")
+ || paramName.equalsIgnoreCase("bindpwd")
+ || paramName.equalsIgnoreCase("passwd")
+ || paramName.equalsIgnoreCase("password")
+ || paramName.equalsIgnoreCase("pin")
+ || paramName.equalsIgnoreCase("pwd")
+ || paramName.equalsIgnoreCase("pwdagain")
+ || paramName.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("ProfileSubmitServlet Input Parameter "
+ + paramName + "='(sensitive)'");
} else {
- CMS.debug("ProfileSubmitServlet Input Parameter " +
- paramName + "='" +
- request.getParameter(paramName) + "'");
+ CMS.debug("ProfileSubmitServlet Input Parameter "
+ + paramName + "='"
+ + request.getParameter(paramName) + "'");
}
}
CMS.debug("End of ProfileSubmitServlet Input Parameters");
@@ -527,44 +546,42 @@ public class ProfileSubmitServlet extends ProfileServlet {
mProfileSubId = IProfileSubsystem.ID;
}
CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId);
- IProfileSubsystem ps = (IProfileSubsystem)
- CMS.getSubsystem(mProfileSubId);
+ IProfileSubsystem ps = (IProfileSubsystem) CMS
+ .getSubsystem(mProfileSubId);
if (ps == null) {
CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found");
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ outputError(response,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
} else {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
return;
}
/*
* Renewal - Renewal is retrofitted into the Profile Enrollment
- * Framework. The authentication and authorization are taken from
- * the renewal profile, while the input (with requests) and grace
- * period constraint are taken from the original cert's request record.
+ * Framework. The authentication and authorization are taken from the
+ * renewal profile, while the input (with requests) and grace period
+ * constraint are taken from the original cert's request record.
*
- * Things to note:
- * * the renew request will contain the original profile instead
- * of the new
- * * there is no request for system and admin certs generated at
- * time of installation configuration.
+ * Things to note: * the renew request will contain the original profile
+ * instead of the new * there is no request for system and admin certs
+ * generated at time of installation configuration.
*/
String renewal = request.getParameter("renewal");
boolean isRenewal = false;
- if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) {
+ if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) {
CMS.debug("ProfileSubmitServlet: isRenewal true");
isRenewal = true;
- request.setAttribute("reqType", (Object)"renewal");
+ request.setAttribute("reqType", (Object) "renewal");
} else {
CMS.debug("ProfileSubmitServlet: isRenewal false");
}
@@ -592,25 +609,25 @@ public class ProfileSubmitServlet extends ProfileServlet {
if (isRenewal) {
// dig up the original request to "clone"
renewProfileId = profileId;
- CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId);
+ CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId);
IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
if (authority == null) {
- CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId +
- " not found");
+ CMS.debug("ProfileSubmitServlet: renewal: Authority "
+ + mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
IRequestQueue queue = authority.getRequestQueue();
if (queue == null) {
- CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " +
- mAuthorityId + " not found");
+ CMS.debug("ProfileSubmitServlet: renewal: Request Queue of "
+ + mAuthorityId + " not found");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -618,7 +635,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
String serial = request.getParameter("serial_num");
BigInteger certSerial = null;
// if serial number is sent with request, then the authentication
- // method is not ssl client auth. In this case, an alternative
+ // method is not ssl client auth. In this case, an alternative
// authentication method is used (default: ldap based)
if (serial != null) {
CMS.debug("ProfileSubmitServlet: renewal: found serial_num");
@@ -630,14 +647,15 @@ public class ProfileSubmitServlet extends ProfileServlet {
// ssl client auth is to be used
// this is not authentication. Just use the cert to search
// for orig request and find the right profile
- SSLClientCertProvider sslCCP = new SSLClientCertProvider(request);
+ SSLClientCertProvider sslCCP = new SSLClientCertProvider(
+ request);
X509Certificate[] certs = sslCCP.getClientCertificateChain();
certSerial = null;
if (certs == null || certs.length == 0) {
CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain");
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
} else { // has ssl client cert
@@ -645,45 +663,46 @@ public class ProfileSubmitServlet extends ProfileServlet {
// shouldn't expect leaf cert to be always at the
// same location
X509Certificate clientCert = null;
- for (int i = 0; i< certs.length; i++) {
+ for (int i = 0; i < certs.length; i++) {
clientCert = certs[i];
- byte [] extBytes = clientCert.getExtensionValue("2.5.29.19");
+ byte[] extBytes = clientCert
+ .getExtensionValue("2.5.29.19");
// try to see if this is a leaf cert
// look for BasicConstraint extension
if (extBytes == null) {
// found leaf cert
- CMS.debug("ProfileSubmitServlet: renewal: found leaf cert");
+ CMS.debug("ProfileSubmitServlet: renewal: found leaf cert");
break;
} else {
- CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext");
- // it's got BasicConstraints extension
- // so it's not likely to be a leaf cert,
- // however, check the isCA field regardless
- try {
- BasicConstraintsExtension bce =
- new BasicConstraintsExtension(true, extBytes);
- if (bce != null) {
- if (!(Boolean)bce.get("is_ca")) {
- CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain");
- break;
- } // else found a ca cert, continue
+ CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext");
+ // it's got BasicConstraints extension
+ // so it's not likely to be a leaf cert,
+ // however, check the isCA field regardless
+ try {
+ BasicConstraintsExtension bce = new BasicConstraintsExtension(
+ true, extBytes);
+ if (bce != null) {
+ if (!(Boolean) bce.get("is_ca")) {
+ CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain");
+ break;
+ } // else found a ca cert, continue
+ }
+ } catch (Exception e) {
+ CMS.debug("ProfileSubmitServlet: renewal: exception:"
+ + e.toString());
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(
+ locale, "CMS_INTERNAL_ERROR"));
+ outputTemplate(request, response, args);
+ return;
}
- } catch (Exception e) {
- CMS.debug("ProfileSubmitServlet: renewal: exception:"+
- e.toString());
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
- outputTemplate(request, response, args);
- return;
- }
}
}
if (clientCert == null) {
CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain");
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -693,10 +712,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
clientCert = new X509CertImpl(certEncoded);
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: exception:"
+ + e.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -705,96 +725,123 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
}
- CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"
+ + certSerial.toString());
try {
ICertificateRepository certDB = null;
if (authority instanceof ICertificateAuthority) {
- certDB = ((ICertificateAuthority) authority).getCertificateRepository();
+ certDB = ((ICertificateAuthority) authority)
+ .getCertificateRepository();
}
if (certDB == null) {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
- ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial);
- if (rec == null) {
- CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString());
+ ICertRecord rec = (ICertRecord) certDB
+ .readCertificateRecord(certSerial);
+ if (rec == null) {
+ CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "
+ + certSerial.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
} else {
- CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString());
+ CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"
+ + certSerial.toString());
// check to see if the cert is revoked or revoked_expired
- if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) {
- CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString());
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString()));
- outputTemplate(request, response, args);
- return;
+ if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED))
+ || (rec.getStatus()
+ .equals(ICertRecord.STATUS_REVOKED_EXPIRED))) {
+ CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "
+ + certSerial.toString());
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_CA_CANNOT_RENEW_REVOKED_CERT",
+ certSerial.toString()));
+ outputTemplate(request, response, args);
+ return;
}
- MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
+ MetaInfo metaInfo = (MetaInfo) rec
+ .get(ICertRecord.ATTR_META_INFO);
// note: CA's internal certs don't have request ids
// so some other way needs to be done
if (metaInfo != null) {
- String rid = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
+ String rid = (String) metaInfo
+ .get(ICertRecord.META_REQUEST_ID);
if (rid != null) {
origReq = queue.findRequest(new RequestId(rid));
if (origReq != null) {
- CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid);
+ CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"
+ + rid);
// debug: print the extData keys
Enumeration en = origReq.getExtDataKeys();
-/*
- CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS");
- while (en.hasMoreElements()) {
- String next = (String) en.nextElement();
- CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next);
- }
- CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS");
-*/
- String requestorE = origReq.getExtDataInString("requestor_email");
- CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE);
- profileId = origReq.getExtDataInString("profileId");
+ /*
+ * CMS.debug(
+ * "ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS"
+ * ); while (en.hasMoreElements()) { String next
+ * = (String) en.nextElement(); CMS.debug(
+ * "ProfileSubmitServlet: renewal: origRequest extdata key:"
+ * + next); } CMS.debug(
+ * "ProfileSubmitServlet: renewal: origRequest extdata key print ENDS"
+ * );
+ */
+ String requestorE = origReq
+ .getExtDataInString("requestor_email");
+ CMS.debug("ProfileSubmitServlet: renewal original requestor email="
+ + requestorE);
+ profileId = origReq
+ .getExtDataInString("profileId");
if (profileId != null)
- CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId);
+ CMS.debug("ProfileSubmitServlet: renewal original profileId="
+ + profileId);
else {
- CMS.debug("ProfileSubmitServlet: renewal original profileId not found");
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
- outputTemplate(request, response, args);
- return;
+ CMS.debug("ProfileSubmitServlet: renewal original profileId not found");
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS
+ .getUserMessage(locale,
+ "CMS_INTERNAL_ERROR"));
+ outputTemplate(request, response, args);
+ return;
}
- origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM);
-
- } else { //if origReq
- CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid);
+ origSeqNum = origReq
+ .getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM);
+
+ } else { // if origReq
+ CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "
+ + rid);
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(
+ locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
} else {
- CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString());
- CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists");
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"+": original request not found"));
- outputTemplate(request, response, args);
- return;
+ CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "
+ + certSerial.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists");
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(
+ ARG_ERROR_REASON,
+ CMS.getUserMessage(
+ locale,
+ "CMS_INTERNAL_ERROR"
+ + ": original request not found"));
+ outputTemplate(request, response, args);
+ return;
}
} else {
- CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "
+ + certSerial.toString());
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
@@ -802,96 +849,101 @@ public class ProfileSubmitServlet extends ProfileServlet {
CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter");
X509CertImpl origCert = rec.getCertificate();
origNotAfter = origCert.getNotAfter();
- CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+
- origNotAfter.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="
+ + origNotAfter.toString());
origSubjectDN = origCert.getSubjectDN().getName();
- CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+
- origSubjectDN);
+ CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="
+ + origSubjectDN);
}
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: exception:"
+ + e.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
} // end isRenewal
- IProfile profile = null;
+ IProfile profile = null;
IProfile renewProfile = null;
- try {
- profile = ps.getProfile(profileId);
+ try {
+ profile = ps.getProfile(profileId);
if (isRenewal) {
// in case of renew, "profile" is the orig profile
// while "renewProfile" is the current profile used for renewal
- renewProfile = ps.getProfile(renewProfileId);
+ renewProfile = ps.getProfile(renewProfileId);
}
- } catch (EProfileException e) {
- if(profile == null) {
- CMS.debug("ProfileSubmitServlet: profile not found profileId " +
- profileId + " " + e.toString());
+ } catch (EProfileException e) {
+ if (profile == null) {
+ CMS.debug("ProfileSubmitServlet: profile not found profileId "
+ + profileId + " " + e.toString());
}
if (renewProfile == null) {
- CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " +
- renewProfileId + " " + e.toString());
+ CMS.debug("ProfileSubmitServlet: profile not found renewProfileId "
+ + renewProfileId + " " + e.toString());
}
}
if (profile == null) {
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId));
+ outputError(response, CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_FOUND", profileId));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", profileId));
+ "CMS_PROFILE_NOT_FOUND", profileId));
outputTemplate(request, response, args);
}
return;
}
if (isRenewal && (renewProfile == null)) {
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId));
+ outputError(response, CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_FOUND", renewProfileId));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", renewProfileId));
+ "CMS_PROFILE_NOT_FOUND", renewProfileId));
outputTemplate(request, response, args);
}
return;
}
if (!ps.isProfileEnable(profileId)) {
- CMS.debug("ProfileSubmitServlet: Profile " + profileId +
- " not enabled");
+ CMS.debug("ProfileSubmitServlet: Profile " + profileId
+ + " not enabled");
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
+ outputError(response, CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_FOUND", profileId));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", profileId));
+ "CMS_PROFILE_NOT_FOUND", profileId));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
return;
}
if (isRenewal) {
- if (!ps.isProfileEnable(renewProfileId)) {
- CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId +
- " not enabled");
- if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
- } else {
- args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_PROFILE_NOT_FOUND", renewProfileId));
- outputTemplate(request, response, args);
+ if (!ps.isProfileEnable(renewProfileId)) {
+ CMS.debug("ProfileSubmitServlet: renewal Profile "
+ + renewProfileId + " not enabled");
+ if (xmlOutput) {
+ outputError(response, CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_FOUND", renewProfileId));
+ } else {
+ args.set(ARG_ERROR_CODE, "1");
+ args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+ "CMS_PROFILE_NOT_FOUND", renewProfileId));
+ outputTemplate(request, response, args);
+ }
+ return;
}
- return;
- }
}
IProfileContext ctx = profile.createContext();
@@ -908,40 +960,42 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
} catch (EProfileException e) {
// authenticator not installed correctly
- CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+ CMS.debug("ProfileSubmitServlet: renewal: exception:"
+ + e.toString());
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
return;
}
if (authenticator == null) {
CMS.debug("ProfileSubmitServlet: authenticator not found");
} else {
- CMS.debug("ProfileSubmitServlet: authenticator " +
- authenticator.getName() + " found");
+ CMS.debug("ProfileSubmitServlet: authenticator "
+ + authenticator.getName() + " found");
setCredentialsIntoContext(request, authenticator, ctx);
}
- // for renewal, this will override or add auth info to the profile context
+ // for renewal, this will override or add auth info to the profile
+ // context
if (isRenewal) {
- if (origAuthenticator!= null) {
- CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " +
- origAuthenticator.getName() + " found");
- setCredentialsIntoContext(request, origAuthenticator, ctx);
- } else {
- CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found");
- }
+ if (origAuthenticator != null) {
+ CMS.debug("ProfileSubmitServlet: for renewal, original authenticator "
+ + origAuthenticator.getName() + " found");
+ setCredentialsIntoContext(request, origAuthenticator, ctx);
+ } else {
+ CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found");
+ }
}
CMS.debug("ProfileSubmistServlet: set Inputs into profile Context");
if (isRenewal) {
- // for renewal, input needs to be retrieved from the orig req record
+ // for renewal, input needs to be retrieved from the orig req record
CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context");
setInputsIntoContext(origReq, profile, ctx, locale);
ctx.set(IEnrollProfile.CTX_RENEWAL, "true");
ctx.set("renewProfileId", renewProfileId);
- ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString());
+ ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString());
} else {
setInputsIntoContext(request, profile, ctx);
}
@@ -955,14 +1009,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
SessionContext context = SessionContext.getContext();
// insert profile context so that input parameter can be retrieved
- context.put("profileContext", ctx);
- context.put("sslClientCertProvider",
- new SSLClientCertProvider(request));
+ context.put("profileContext", ctx);
+ context.put("sslClientCertProvider", new SSLClientCertProvider(request));
CMS.debug("ProfileSubmitServlet: set sslClientCertProvider");
if ((isRenewal == true) && (origSubjectDN != null))
- context.put("origSubjectDN", origSubjectDN);
+ context.put("origSubjectDN", origSubjectDN);
if (statsSub != null) {
- statsSub.startTiming("profile_authentication");
+ statsSub.startTiming("profile_authentication");
}
if (authenticator != null) {
@@ -971,67 +1024,68 @@ public class ProfileSubmitServlet extends ProfileServlet {
String uid_cred = "Unidentified";
String uid_attempted_cred = "Unidentified";
Enumeration authIds = authenticator.getValueNames();
- //Attempt to possibly fetch attemped uid, may not always be available.
+ // Attempt to possibly fetch attemped uid, may not always be
+ // available.
if (authIds != null) {
while (authIds.hasMoreElements()) {
String authName = (String) authIds.nextElement();
- String value = request.getParameter(authName);
+ String value = request.getParameter(authName);
if (value != null) {
- if (authName.equals("uid")) {
- uid_attempted_cred = value;
- }
+ if (authName.equals("uid")) {
+ uid_attempted_cred = value;
+ }
}
}
}
- String authSubjectID = auditSubjectID();
+ String authSubjectID = auditSubjectID();
- String authMgrID = authenticator.getName();
- String auditMessage = null;
+ String authMgrID = authenticator.getName();
+ String auditMessage = null;
try {
if (isRenewal) {
CMS.debug("ProfileSubmitServlet: renewal authenticate begins");
- authToken = authenticate(authenticator, request, origReq, context);
+ authToken = authenticate(authenticator, request, origReq,
+ context);
CMS.debug("ProfileSubmitServlet: renewal authenticate ends");
} else {
authToken = authenticate(authenticator, request);
}
} catch (EBaseException e) {
- CMS.debug("ProfileSubmitServlet: authentication error " +
- e.toString());
+ CMS.debug("ProfileSubmitServlet: authentication error "
+ + e.toString());
// authentication error
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
+ outputError(response, CMS.getUserMessage(locale,
+ "CMS_AUTHENTICATION_ERROR"));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHENTICATION_ERROR"));
+ "CMS_AUTHENTICATION_ERROR"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("authentication");
+ statsSub.endTiming("authentication");
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
- //audit log our authentication failure
+ // audit log our authentication failure
authSubjectID += " : " + uid_cred;
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_FAIL,
- authSubjectID,
- ILogger.FAILURE,
- authMgrID,
- uid_attempted_cred);
+ LOGGING_SIGNED_AUDIT_AUTH_FAIL, authSubjectID,
+ ILogger.FAILURE, authMgrID, uid_attempted_cred);
audit(auditMessage);
return;
}
- //Log successful authentication
+ // Log successful authentication
- //Attempt to get uid from authToken, most tokens respond to the "uid" cred.
+ // Attempt to get uid from authToken, most tokens respond to the
+ // "uid" cred.
uid_cred = authToken.getInString("uid");
if (uid_cred == null || uid_cred.length() == 0) {
@@ -1039,19 +1093,16 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
authSubjectID = authSubjectID + " : " + uid_cred;
-
+
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
- authSubjectID,
- ILogger.SUCCESS,
- authMgrID);
+ auditMessage = CMS.getLogMessage(LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
+ authSubjectID, ILogger.SUCCESS, authMgrID);
audit(auditMessage);
}
if (statsSub != null) {
- statsSub.endTiming("profile_authentication");
+ statsSub.endTiming("profile_authentication");
}
// authentication success
@@ -1060,23 +1111,24 @@ public class ProfileSubmitServlet extends ProfileServlet {
// do profile authorization
String acl = null;
if (isRenewal)
- acl = renewProfile.getAuthzAcl();
+ acl = renewProfile.getAuthzAcl();
else
- acl = profile.getAuthzAcl();
- CMS.debug("ProfileSubmitServlet: authz using acl: "+acl);
+ acl = profile.getAuthzAcl();
+ CMS.debug("ProfileSubmitServlet: authz using acl: " + acl);
if (acl != null && acl.length() > 0) {
try {
String resource = profileId + ".authz.acl";
- AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl);
+ AuthzToken authzToken = authorize(mAclMethod, resource,
+ authToken, acl);
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet authorize: "+e.toString());
+ CMS.debug("ProfileSubmitServlet authorize: " + e.toString());
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ outputError(response, CMS.getUserMessage(locale,
+ "CMS_AUTHORIZATION_ERROR"));
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_AUTHORIZATION_ERROR"));
+ "CMS_AUTHORIZATION_ERROR"));
outputTemplate(request, response, args);
}
@@ -1088,11 +1140,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
IRequest reqs[] = null;
if (statsSub != null) {
- statsSub.startTiming("request_population");
+ statsSub.startTiming("request_population");
}
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
// create request
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
try {
reqs = profile.createRequests(ctx, locale);
} catch (EProfileException e) {
@@ -1106,50 +1158,52 @@ public class ProfileSubmitServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
} catch (Throwable e) {
CMS.debug(e);
CMS.debug("ProfileSubmitServlet: createRequests " + e.toString());
if (xmlOutput) {
- outputError(response, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
+ outputError(response,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
} else {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
}
String errorCode = null;
- String errorReason = null;
+ String errorReason = null;
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
// populate request
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
for (int k = 0; k < reqs.length; k++) {
boolean fromRA = false;
String uid = "";
// adding parameters to request
if (isRenewal) {
- setInputsIntoRequest(origReq, profile, reqs[k], locale);
- // set orig expiration date to be used in Validity constraint
- reqs[k].setExtData("origNotAfter",
- BigInteger.valueOf(origNotAfter.getTime()));
- // set subjectDN to be used in subject name default
- reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN);
- // set request type
- reqs[k].setRequestType("renewal");
+ setInputsIntoRequest(origReq, profile, reqs[k], locale);
+ // set orig expiration date to be used in Validity constraint
+ reqs[k].setExtData("origNotAfter",
+ BigInteger.valueOf(origNotAfter.getTime()));
+ // set subjectDN to be used in subject name default
+ reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
+ origSubjectDN);
+ // set request type
+ reqs[k].setRequestType("renewal");
} else
- setInputsIntoRequest(request, profile, reqs[k]);
+ setInputsIntoRequest(request, profile, reqs[k]);
// serial auth token into request
if (authToken != null) {
@@ -1159,19 +1213,20 @@ public class ProfileSubmitServlet extends ProfileServlet {
String[] tokenVals = authToken.getInStringArray(tokenName);
if (tokenVals != null) {
for (int i = 0; i < tokenVals.length; i++) {
- reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
- tokenName + "[" + i + "]", tokenVals[i]);
+ reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName
+ + "[" + i + "]", tokenVals[i]);
}
} else {
String tokenVal = authToken.getInString(tokenName);
if (tokenVal != null) {
- reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
- tokenVal);
+ reqs[k].setExtData(
+ ARG_AUTH_TOKEN + "." + tokenName, tokenVal);
// if RA agent, auto assign the request
if (tokenName.equals("uid"))
uid = tokenVal;
- if (tokenName.equals("group") &&
- tokenVal.equals("Registration Manager Agents")) {
+ if (tokenName.equals("group")
+ && tokenVal
+ .equals("Registration Manager Agents")) {
fromRA = true;
}
}
@@ -1180,7 +1235,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
}
if (fromRA) {
- CMS.debug("ProfileSubmitServlet: request from RA: "+ uid);
+ CMS.debug("ProfileSubmitServlet: request from RA: " + uid);
reqs[k].setExtData(ARG_REQUEST_OWNER, uid);
}
@@ -1188,7 +1243,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
reqs[k].setExtData(ARG_PROFILE, "true");
reqs[k].setExtData(ARG_PROFILE_ID, profileId);
if (isRenewal)
- reqs[k].setExtData(ARG_RENEWAL_PROFILE_ID, request.getParameter("profileId"));
+ reqs[k].setExtData(ARG_RENEWAL_PROFILE_ID,
+ request.getParameter("profileId"));
reqs[k].setExtData(ARG_PROFILE_APPROVED_BY, profile.getApprovedBy());
String setId = profile.getPolicySetId(reqs[k]);
@@ -1196,16 +1252,20 @@ public class ProfileSubmitServlet extends ProfileServlet {
// no profile set found
CMS.debug("ProfileSubmitServlet: no profile policy set found");
if (xmlOutput) {
- outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString());
+ outputError(
+ response,
+ FAILED,
+ CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"),
+ reqs[k].getRequestId().toString());
} else {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON,
- CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
+ args.set(ARG_ERROR_REASON, CMS
+ .getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
}
@@ -1215,13 +1275,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
- CMS.debug("ProfileSubmitServlet: request " +
- reqs[k].getRequestId().toString());
+ CMS.debug("ProfileSubmitServlet: request "
+ + reqs[k].getRequestId().toString());
try {
CMS.debug("ProfileSubmitServlet: populating request inputs");
// give authenticator a chance to populate the request
- if (authenticator != null) {
+ if (authenticator != null) {
authenticator.populate(authToken, reqs[k]);
}
profile.populateInput(ctx, reqs[k]);
@@ -1229,38 +1289,41 @@ public class ProfileSubmitServlet extends ProfileServlet {
} catch (EProfileException e) {
CMS.debug("ProfileSubmitServlet: populate " + e.toString());
if (xmlOutput) {
- outputError(response, FAILED, e.toString(), reqs[k].getRequestId().toString());
+ outputError(response, FAILED, e.toString(), reqs[k]
+ .getRequestId().toString());
} else {
args.set(ARG_ERROR_CODE, "1");
args.set(ARG_ERROR_REASON, e.toString());
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
} catch (Throwable e) {
CMS.debug("ProfileSubmitServlet: populate " + e.toString());
- // throw new IOException("Profile " + profileId +
- // " cannot populate");
+ // throw new IOException("Profile " + profileId +
+ // " cannot populate");
if (xmlOutput) {
- outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k].getRequestId().toString());
+ outputError(response, FAILED,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"),
+ reqs[k].getRequestId().toString());
} else {
args.set(ARG_ERROR_CODE, "1");
- args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR"));
+ args.set(ARG_ERROR_REASON,
+ CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"));
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("request_population");
+ statsSub.endTiming("enrollment");
}
return;
}
}
if (statsSub != null) {
- statsSub.endTiming("request_population");
+ statsSub.endTiming("request_population");
}
String auditMessage = null;
@@ -1269,9 +1332,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
try {
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
// submit request
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
String requestIds = ""; // deliminated with double space
for (int k = 0; k < reqs.length; k++) {
try {
@@ -1280,15 +1343,16 @@ public class ProfileSubmitServlet extends ProfileServlet {
// print request debug
if (reqs[k] != null) {
- requestIds += " "+reqs[k].getRequestId().toString();
- Enumeration reqKeys = reqs[k].getExtDataKeys();
- while (reqKeys.hasMoreElements()) {
- String reqKey = (String)reqKeys.nextElement();
- String reqVal = reqs[k].getExtDataInString(reqKey);
- if (reqVal != null) {
- CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal);
+ requestIds += " " + reqs[k].getRequestId().toString();
+ Enumeration reqKeys = reqs[k].getExtDataKeys();
+ while (reqKeys.hasMoreElements()) {
+ String reqKey = (String) reqKeys.nextElement();
+ String reqVal = reqs[k].getExtDataInString(reqKey);
+ if (reqVal != null) {
+ CMS.debug("ProfileSubmitServlet: key=$request."
+ + reqKey + "$ value=" + reqVal);
+ }
}
- }
}
profile.submit(authToken, reqs[k]);
@@ -1298,16 +1362,16 @@ public class ProfileSubmitServlet extends ProfileServlet {
auditInfoCertValue = auditInfoCertValue(reqs[k]);
if (auditInfoCertValue != null) {
- if (!(auditInfoCertValue.equals(
- ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
+ if (!(auditInfoCertValue
+ .equals(ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
// store a message in the signed audit log file
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_ACCEPTANCE,
- auditInfoCertValue);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_ACCEPTANCE,
+ auditInfoCertValue);
audit(auditMessage);
}
@@ -1316,53 +1380,50 @@ public class ProfileSubmitServlet extends ProfileServlet {
// return defer message to the user
reqs[k].setRequestStatus(RequestStatus.PENDING);
// need to notify
- INotify notify = profile.getRequestQueue().getPendingNotify();
+ INotify notify = profile.getRequestQueue()
+ .getPendingNotify();
if (notify != null) {
- notify.notify(reqs[k]);
+ notify.notify(reqs[k]);
}
-
+
CMS.debug("ProfileSubmitServlet: submit " + e.toString());
errorCode = "2";
errorReason = CMS.getUserMessage(locale,
- "CMS_PROFILE_DEFERRED",
- e.toString());
+ "CMS_PROFILE_DEFERRED", e.toString());
} catch (ERejectException e) {
- // return error to the user
+ // return error to the user
reqs[k].setRequestStatus(RequestStatus.REJECTED);
CMS.debug("ProfileSubmitServlet: submit " + e.toString());
errorCode = "3";
errorReason = CMS.getUserMessage(locale,
- "CMS_PROFILE_REJECTED",
- e.toString());
+ "CMS_PROFILE_REJECTED", e.toString());
} catch (Throwable e) {
// return error to the user
CMS.debug("ProfileSubmitServlet: submit " + e.toString());
errorCode = "1";
errorReason = CMS.getUserMessage(locale,
- "CMS_INTERNAL_ERROR");
+ "CMS_INTERNAL_ERROR");
}
- try {
+ try {
if (errorCode == null) {
profile.getRequestQueue().markAsServiced(reqs[k]);
} else {
profile.getRequestQueue().updateRequest(reqs[k]);
}
} catch (EBaseException e) {
- CMS.debug("ProfileSubmitServlet: updateRequest " +
- e.toString());
+ CMS.debug("ProfileSubmitServlet: updateRequest "
+ + e.toString());
}
if (errorCode != null) {
if (errorCode.equals("1")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- errorReason);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION, errorReason);
audit(auditMessage);
} else if (errorCode.equals("2")) {
@@ -1372,12 +1433,10 @@ public class ProfileSubmitServlet extends ProfileServlet {
} else if (errorCode.equals("3")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- errorReason);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION, errorReason);
audit(auditMessage);
}
@@ -1394,8 +1453,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
for (int k = 0; k < reqs.length; k++) {
ArgSet requestset = new ArgSet();
- requestset.set(ARG_REQUEST_ID,
- reqs[k].getRequestId().toString());
+ requestset.set(ARG_REQUEST_ID, reqs[k].getRequestId()
+ .toString());
requestlist.add(requestset);
}
args.set(ARG_REQUEST_LIST, requestlist);
@@ -1404,14 +1463,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
outputTemplate(request, response, args);
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
return;
}
- ///////////////////////////////////////////////
- // output output list
- ///////////////////////////////////////////////
+ // /////////////////////////////////////////////
+ // output output list
+ // /////////////////////////////////////////////
if (xmlOutput) {
xmlOutput(response, profile, locale, reqs);
} else {
@@ -1429,8 +1488,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
for (int k = 0; k < reqs.length; k++) {
ArgSet requestset = new ArgSet();
- requestset.set(ARG_REQUEST_ID,
- reqs[k].getRequestId().toString());
+ requestset.set(ARG_REQUEST_ID, reqs[k].getRequestId()
+ .toString());
requestlist.add(requestset);
}
args.set(ARG_REQUEST_LIST, requestlist);
@@ -1443,28 +1502,27 @@ public class ProfileSubmitServlet extends ProfileServlet {
// store a message in the signed audit log file
// (automated cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- ILogger.SIGNED_AUDIT_REJECTION,
- SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ ILogger.SIGNED_AUDIT_REJECTION,
+ SIGNED_AUDIT_AUTOMATED_REJECTION_REASON[0]);
audit(auditMessage);
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
throw eAudit1;
} finally {
SessionContext.releaseContext();
}
if (statsSub != null) {
- statsSub.endTiming("enrollment");
+ statsSub.endTiming("enrollment");
}
}
- private void xmlOutput(HttpServletResponse httpResp, IProfile profile, Locale locale, IRequest[] reqs) {
+ private void xmlOutput(HttpServletResponse httpResp, IProfile profile,
+ Locale locale, IRequest[] reqs) {
try {
XMLObject xmlObj = null;
xmlObj = new XMLObject();
@@ -1472,51 +1530,68 @@ public class ProfileSubmitServlet extends ProfileServlet {
Node root = xmlObj.createRoot("XMLResponse");
xmlObj.addItemToContainer(root, "Status", SUCCESS);
Node n = xmlObj.createContainer(root, "Requests");
- CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length);
+ CMS.debug("ProfileSubmitServlet xmlOutput: req len = "
+ + reqs.length);
- for (int i=0; i<reqs.length; i++) {
+ for (int i = 0; i < reqs.length; i++) {
Node subnode = xmlObj.createContainer(n, "Request");
- xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString());
- X509CertInfo certInfo =
- reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+ xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId()
+ .toString());
+ X509CertInfo certInfo = reqs[i]
+ .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
if (certInfo != null) {
- String subject = "";
- subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString();
- xmlObj.addItemToContainer(subnode, "SubjectDN", subject);
+ String subject = "";
+ subject = (String) certInfo.get(X509CertInfo.SUBJECT)
+ .toString();
+ xmlObj.addItemToContainer(subnode, "SubjectDN", subject);
} else {
- CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request");
+ CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request");
}
Enumeration outputIds = profile.getProfileOutputIds();
if (outputIds != null) {
while (outputIds.hasMoreElements()) {
String outputId = (String) outputIds.nextElement();
- IProfileOutput profileOutput = profile.getProfileOutput(outputId);
+ IProfileOutput profileOutput = profile
+ .getProfileOutput(outputId);
Enumeration outputNames = profileOutput.getValueNames();
if (outputNames != null) {
while (outputNames.hasMoreElements()) {
- String outputName = (String) outputNames.nextElement();
- if (!outputName.equals("b64_cert") && !outputName.equals("pkcs7"))
+ String outputName = (String) outputNames
+ .nextElement();
+ if (!outputName.equals("b64_cert")
+ && !outputName.equals("pkcs7"))
continue;
try {
- String outputValue = profileOutput.getValue(outputName, locale, reqs[i]);
+ String outputValue = profileOutput
+ .getValue(outputName, locale,
+ reqs[i]);
if (outputName.equals("b64_cert")) {
- String ss = Cert.normalizeCertStrAndReq(outputValue);
- outputValue = Cert.stripBrackets(ss);
- byte[] bcode = CMS.AtoB(outputValue);
- X509CertImpl impl = new X509CertImpl(bcode);
- xmlObj.addItemToContainer(subnode,
- "serialno", impl.getSerialNumber().toString(16));
- xmlObj.addItemToContainer(subnode, "b64", outputValue);
+ String ss = Cert
+ .normalizeCertStrAndReq(outputValue);
+ outputValue = Cert.stripBrackets(ss);
+ byte[] bcode = CMS.AtoB(outputValue);
+ X509CertImpl impl = new X509CertImpl(
+ bcode);
+ xmlObj.addItemToContainer(subnode,
+ "serialno", impl
+ .getSerialNumber()
+ .toString(16));
+ xmlObj.addItemToContainer(subnode,
+ "b64", outputValue);
}// if b64_cert
else if (outputName.equals("pkcs7")) {
- String ss = Cert.normalizeCertStrAndReq(outputValue);
- xmlObj.addItemToContainer(subnode, "pkcs7", ss);
+ String ss = Cert
+ .normalizeCertStrAndReq(outputValue);
+ xmlObj.addItemToContainer(subnode,
+ "pkcs7", ss);
}
-
+
} catch (EProfileException e) {
- CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString());
+ CMS.debug("ProfileSubmitServlet xmlOutput: "
+ + e.toString());
} catch (Exception e) {
- CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString());
+ CMS.debug("ProfileSubmitServlet xmlOutput: "
+ + e.toString());
}
}
}
@@ -1533,11 +1608,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
/**
* Signed Audit Log Requester ID
- *
- * This method is called to obtain the "RequesterID" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "RequesterID" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param request the actual request
* @return id string containing the signed audit log message RequesterID
*/
@@ -1563,11 +1638,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param request request containing an X509CertImpl
* @return cert string containing the certificate
*/
@@ -1577,8 +1652,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
return null;
}
- X509CertImpl x509cert = request.getExtDataInCert(
- IEnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl x509cert = request
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
if (x509cert == null) {
return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
index 989710e3..4570fedd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
@@ -31,10 +31,9 @@ public class SSLClientCertProvider implements ISSLClientCertProvider {
}
public X509Certificate[] getClientCertificateChain() {
- X509Certificate[] allCerts = (X509Certificate[])
- mRequest.getAttribute("javax.servlet.request.X509Certificate");
+ X509Certificate[] allCerts = (X509Certificate[]) mRequest
+ .getAttribute("javax.servlet.request.X509Certificate");
return allCerts;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
index 60a8d16d..9cbae1ad 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.lang.reflect.Array;
@@ -61,18 +60,15 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.RawJS;
-
/**
* Output a 'pretty print' of a certificate request
- *
+ *
* @version $Revision$, $Date$
*/
public class CertReqParser extends ReqParser {
-
- public static final CertReqParser
- DETAIL_PARSER = new CertReqParser(true);
- public static final CertReqParser
- NODETAIL_PARSER = new CertReqParser(false);
+
+ public static final CertReqParser DETAIL_PARSER = new CertReqParser(true);
+ public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false);
private boolean mDetails = true;
private IPrettyPrintFormat pp = null;
@@ -86,7 +82,7 @@ public class CertReqParser extends ReqParser {
/**
* Constructs a certificate request parser.
- *
+ *
* @param details return detailed information (this can be time consuming)
*/
public CertReqParser(boolean details) {
@@ -101,34 +97,34 @@ public class CertReqParser extends ReqParser {
private static final String RB = "]";
private static final String EQ = " = ";
- private static final String
- HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB;
- private static final String
- HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB;
- private static final String
- AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB;
- private static final String
- SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB;
+ private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB
+ + "httpParamsCount++" + RB;
+ private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS
+ + LB + "httpHeadersCount++" + RB;
+ private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB
+ + "authTokenCount++" + RB;
+ private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS
+ + LB + "serverAttrsCount++" + RB;
/**
* Fills in certificate specific request attributes.
*/
- public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
+ public void fillRequestIntoArg(Locale l, IRequest req,
+ CMSTemplateParams argSet, IArgBlock arg) throws EBaseException {
if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) {
- fillX509RequestIntoArg(l, req, argSet, arg);
+ fillX509RequestIntoArg(l, req, argSet, arg);
} else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) {
- fillRevokeRequestIntoArg(l, req, argSet, arg);
+ fillRevokeRequestIntoArg(l, req, argSet, arg);
} else {
- //o = req.get(IRequest.OLD_CERTS);
- //if (o != null)
- fillRevokeRequestIntoArg(l, req, argSet, arg);
+ // o = req.get(IRequest.OLD_CERTS);
+ // if (o != null)
+ fillRevokeRequestIntoArg(l, req, argSet, arg);
}
}
-
- private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
-
+
+ private void fillX509RequestIntoArg(Locale l, IRequest req,
+ CMSTemplateParams argSet, IArgBlock arg) throws EBaseException {
+
// fill in the standard attributes
super.fillRequestIntoArg(l, req, argSet, arg);
@@ -138,7 +134,7 @@ public class CertReqParser extends ReqParser {
Enumeration enum1 = req.getExtDataKeys();
// gross hack
- String prefix = "record.";
+ String prefix = "record.";
if (argSet.getHeader() == arg)
prefix = "header.";
@@ -150,32 +146,41 @@ public class CertReqParser extends ReqParser {
// show all http parameters stored in request.
if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) {
Hashtable http_params = req.getExtDataInHashtable(name);
- // show certType specially
- String certType = (String) http_params.get(IRequest.CERT_TYPE);
+ // show certType specially
+ String certType = (String) http_params
+ .get(IRequest.CERT_TYPE);
if (certType != null) {
arg.addStringValue(IRequest.CERT_TYPE, certType);
}
- String presenceServerExt = (String) http_params.get("PresenceServerExtension");
+ String presenceServerExt = (String) http_params
+ .get("PresenceServerExtension");
if (presenceServerExt != null) {
- arg.addStringValue("PresenceServerExtension", presenceServerExt);
+ arg.addStringValue("PresenceServerExtension",
+ presenceServerExt);
}
// show all http parameters in request
int counter = 0;
Enumeration elms = http_params.keys();
while (elms.hasMoreElements()) {
- String parami =
- IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
+ String parami = IRequest.HTTP_PARAMS + LB
+ + String.valueOf(counter++) + RB;
// hack
String n = (String) elms.nextElement();
- String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
- prefix + parami + ".value=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(
- http_params.get(n).toString()) + "\"";
+ String rawJS = "new Object;\n\r"
+ + prefix
+ + parami
+ + ".name=\""
+ + CMSTemplate.escapeJavaScriptString(n)
+ + "\";\n\r"
+ + prefix
+ + parami
+ + ".value=\""
+ + CMSTemplate
+ .escapeJavaScriptStringHTML(http_params
+ .get(n).toString()) + "\"";
arg.set(parami, new RawJS(rawJS));
}
@@ -186,16 +191,22 @@ public class CertReqParser extends ReqParser {
int counter = 0;
while (elms.hasMoreElements()) {
- String parami =
- IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
+ String parami = IRequest.HTTP_HEADERS + LB
+ + String.valueOf(counter++) + RB;
// hack
String n = (String) elms.nextElement();
- String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
- prefix + parami + ".value=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(
- http_hdrs.get(n).toString()) + "\"";
+ String rawJS = "new Object;\n\r"
+ + prefix
+ + parami
+ + ".name=\""
+ + CMSTemplate.escapeJavaScriptString(n)
+ + "\";\n\r"
+ + prefix
+ + parami
+ + ".value=\""
+ + CMSTemplate
+ .escapeJavaScriptStringHTML(http_hdrs
+ .get(n).toString()) + "\"";
arg.set(parami, new RawJS(rawJS));
}
@@ -206,8 +217,8 @@ public class CertReqParser extends ReqParser {
int counter = 0;
while (elms.hasMoreElements()) {
- String parami =
- IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
+ String parami = IRequest.AUTH_TOKEN + LB
+ + String.valueOf(counter++) + RB;
// hack
String n = (String) elms.nextElement();
Object authTokenValue = auth_token.getInStringArray(n);
@@ -215,14 +226,16 @@ public class CertReqParser extends ReqParser {
authTokenValue = auth_token.getInString(n);
}
String v = expandValue(prefix + parami + ".value",
- authTokenValue);
- String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
+ authTokenValue);
+ String rawJS = "new Object;\n\r" + prefix + parami
+ + ".name=\""
+ + CMSTemplate.escapeJavaScriptString(n)
+ + "\";\n" + v;
arg.set(parami, new RawJS(rawJS));
}
- } // all others are request attrs from policy or internal modules.
+ } // all others are request attrs from policy or internal
+ // modules.
else {
Object val;
if (req.isSimpleExtDataValue(name)) {
@@ -235,41 +248,47 @@ public class CertReqParser extends ReqParser {
}
String valstr = "";
// hack
- String parami =
- IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
-
- if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
- (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
- req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
- X509CertImpl issuedCert[] =
- req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ String parami = IRequest.SERVER_ATTRS + LB
+ + String.valueOf(saCounter++) + RB;
+
+ if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS)
+ && mDetails
+ && (req.getRequestStatus().toString()
+ .equals(RequestStatus.COMPLETE_STRING) || req
+ .getRequestType().equals(
+ IRequest.GETREVOCATIONINFO_REQUEST))) {
+ X509CertImpl issuedCert[] = req
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (issuedCert != null && issuedCert[0] != null) {
- val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>";
+ val = "<pre>"
+ + CMS.getCertPrettyPrint(issuedCert[0])
+ .toString(l) + "</pre>";
}
- } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) {
- X509CertInfo[] certInfo =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ } else if (name.equalsIgnoreCase(IRequest.CERT_INFO)
+ && mDetails) {
+ X509CertInfo[] certInfo = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certInfo != null && certInfo[0] != null) {
- val = "<pre>"+certInfo[0].toString()+"</pre>";
+ val = "<pre>" + certInfo[0].toString() + "</pre>";
}
}
valstr = expandValue(prefix + parami + ".value", val);
- String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
- valstr; // java string already escaped in expandValue.
+ String rawJS = "new Object;\n\r" + prefix + parami
+ + ".name=\""
+ + CMSTemplate.escapeJavaScriptString(name)
+ + "\";\n" + valstr; // java string already escaped
+ // in expandValue.
arg.set(parami, new RawJS(rawJS));
}
}
if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
- || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
- || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
- || name.equalsIgnoreCase(IRequest.RESULT)
- || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)
- ) {
+ || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
+ || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
+ || name.equalsIgnoreCase(IRequest.RESULT)
+ || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
arg.addStringValue(name, req.getExtDataInString(name));
}
@@ -295,22 +314,24 @@ public class CertReqParser extends ReqParser {
}
}
if (name.equalsIgnoreCase(IRequest.ERROR)) {
- arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name));
+ arg.addStringValue(IRequest.ERRORS,
+ req.getExtDataInString(name));
}
if (name.equalsIgnoreCase(IRequest.CERT_INFO)) {
- // Get the certificate info from the request
- X509CertInfo[] certInfo =
- req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ // Get the certificate info from the request
+ X509CertInfo[] certInfo = req
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
if (certInfo != null && certInfo[0] != null) {
- // Get the subject name if any set.
+ // Get the subject name if any set.
CertificateSubjectName subjectName = null;
String signatureAlgorithm = null;
String signatureAlgorithmName = null;
try {
- subjectName = (CertificateSubjectName) certInfo[0].get(X509CertInfo.SUBJECT);
+ subjectName = (CertificateSubjectName) certInfo[0]
+ .get(X509CertInfo.SUBJECT);
} catch (IOException e) {
// XXX raise exception
} catch (CertificateException e) {
@@ -331,10 +352,10 @@ public class CertReqParser extends ReqParser {
if (mDetails) {
try {
- CertificateAlgorithmId certAlgId = (CertificateAlgorithmId)
- certInfo[0].get(X509CertInfo.ALGORITHM_ID);
- AlgorithmId algId = (AlgorithmId)
- certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+ CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) certInfo[0]
+ .get(X509CertInfo.ALGORITHM_ID);
+ AlgorithmId algId = (AlgorithmId) certAlgId
+ .get(CertificateAlgorithmId.ALGORITHM);
signatureAlgorithm = (algId.getOID()).toString();
signatureAlgorithmName = algId.getName();
@@ -342,16 +363,19 @@ public class CertReqParser extends ReqParser {
// XXX raise exception
}
if (signatureAlgorithm != null) {
- arg.addStringValue("signatureAlgorithm", signatureAlgorithm);
+ arg.addStringValue("signatureAlgorithm",
+ signatureAlgorithm);
}
if (signatureAlgorithmName != null) {
- arg.addStringValue("signatureAlgorithmName", signatureAlgorithmName);
+ arg.addStringValue("signatureAlgorithmName",
+ signatureAlgorithmName);
}
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions) certInfo[0].get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo[0]
+ .get(X509CertInfo.EXTENSIONS);
} catch (Exception e) {
}
if (extensions != null) {
@@ -362,56 +386,88 @@ public class CertReqParser extends ReqParser {
// only know about ns cert type
if (ext instanceof NSCertTypeExtension) {
- NSCertTypeExtension nsExtensions =
- (NSCertTypeExtension) ext;
+ NSCertTypeExtension nsExtensions = (NSCertTypeExtension) ext;
try {
- arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER,
- nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString());
-
- arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT,
- nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString());
-
- arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL,
- nsExtensions.get(NSCertTypeExtension.EMAIL).toString());
-
- arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING,
- nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString());
-
- arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA,
- nsExtensions.get(NSCertTypeExtension.SSL_CA).toString());
-
- arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA,
- nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString());
-
- arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA,
- nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString());
+ arg.addStringValue(
+ "ext_"
+ + NSCertTypeExtension.SSL_SERVER,
+ nsExtensions
+ .get(NSCertTypeExtension.SSL_SERVER)
+ .toString());
+
+ arg.addStringValue(
+ "ext_"
+ + NSCertTypeExtension.SSL_CLIENT,
+ nsExtensions
+ .get(NSCertTypeExtension.SSL_CLIENT)
+ .toString());
+
+ arg.addStringValue(
+ "ext_"
+ + NSCertTypeExtension.EMAIL,
+ nsExtensions
+ .get(NSCertTypeExtension.EMAIL)
+ .toString());
+
+ arg.addStringValue(
+ "ext_"
+ + NSCertTypeExtension.OBJECT_SIGNING,
+ nsExtensions
+ .get(NSCertTypeExtension.OBJECT_SIGNING)
+ .toString());
+
+ arg.addStringValue(
+ "ext_"
+ + NSCertTypeExtension.SSL_CA,
+ nsExtensions
+ .get(NSCertTypeExtension.SSL_CA)
+ .toString());
+
+ arg.addStringValue(
+ "ext_"
+ + NSCertTypeExtension.EMAIL_CA,
+ nsExtensions
+ .get(NSCertTypeExtension.EMAIL_CA)
+ .toString());
+
+ arg.addStringValue(
+ "ext_"
+ + NSCertTypeExtension.OBJECT_SIGNING_CA,
+ nsExtensions
+ .get(NSCertTypeExtension.OBJECT_SIGNING_CA)
+ .toString());
} catch (Exception e) {
}
} else if (ext instanceof BasicConstraintsExtension) {
- BasicConstraintsExtension bcExt =
- (BasicConstraintsExtension) ext;
+ BasicConstraintsExtension bcExt = (BasicConstraintsExtension) ext;
Integer pathLength = null;
Boolean isCA = null;
try {
- pathLength = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN);
- isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA);
+ pathLength = (Integer) bcExt
+ .get(BasicConstraintsExtension.PATH_LEN);
+ isCA = (Boolean) bcExt
+ .get(BasicConstraintsExtension.IS_CA);
} catch (IOException e) {
}
if (pathLength != null)
- arg.addIntegerValue("pathLenBasicConstraints", pathLength.intValue());
+ arg.addIntegerValue(
+ "pathLenBasicConstraints",
+ pathLength.intValue());
if (isCA != null)
- arg.addBooleanValue("isCABasicConstraints", isCA.booleanValue());
+ arg.addBooleanValue(
+ "isCABasicConstraints",
+ isCA.booleanValue());
} // pretty print all others.
else {
if (argSet != null) {
IArgBlock rr = CMS.createArgBlock();
- rr.addStringValue(
- EXT_PRETTYPRINT,
- CMS.getExtPrettyPrint(ext, 0).toString());
+ rr.addStringValue(EXT_PRETTYPRINT, CMS
+ .getExtPrettyPrint(ext, 0)
+ .toString());
argSet.addRepeatRecord(rr);
}
}
@@ -419,11 +475,12 @@ public class CertReqParser extends ReqParser {
}
- // Get the public key
+ // Get the public key
CertificateX509Key certKey = null;
try {
- certKey = (CertificateX509Key) certInfo[0].get(X509CertInfo.KEY);
+ certKey = (CertificateX509Key) certInfo[0]
+ .get(X509CertInfo.KEY);
} catch (IOException e) {
// XXX raise exception
} catch (CertificateException e) {
@@ -440,22 +497,29 @@ public class CertReqParser extends ReqParser {
if (key != null) {
arg.addStringValue("subjectPublicKeyInfo",
- key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString());
+ key.getAlgorithm()
+ + " - "
+ + key.getAlgorithmId().getOID()
+ .toString());
arg.addStringValue("subjectPublicKey",
- pp.toHexString(key.getKey(), 0, 16));
+ pp.toHexString(key.getKey(), 0, 16));
}
- // Get the validity period
+ // Get the validity period
CertificateValidity validity = null;
try {
- validity =
- (CertificateValidity)
- certInfo[0].get(X509CertInfo.VALIDITY);
+ validity = (CertificateValidity) certInfo[0]
+ .get(X509CertInfo.VALIDITY);
if (validity != null) {
- long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000;
-
- arg.addLongValue("validityLength", validityLength);
+ long validityLength = (((Date) validity
+ .get(CertificateValidity.NOT_AFTER))
+ .getTime() - ((Date) validity
+ .get(CertificateValidity.NOT_BEFORE))
+ .getTime()) / 1000;
+
+ arg.addLongValue("validityLength",
+ validityLength);
}
} catch (IOException e) {
// XXX raise exception
@@ -467,7 +531,8 @@ public class CertReqParser extends ReqParser {
}
if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) {
- BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ BigInteger oldSerialNo[] = req
+ .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (oldSerialNo != null) {
if (argSet != null) {
@@ -475,37 +540,44 @@ public class CertReqParser extends ReqParser {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- oldSerialNo[i], 16);
+ oldSerialNo[i], 16);
argSet.addRepeatRecord(rarg);
}
}
}
}
- if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
- (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
- req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
- X509CertImpl issuedCert[] =
- req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-
- arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16);
+ if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS)
+ && mDetails
+ && (req.getRequestStatus().toString()
+ .equals(RequestStatus.COMPLETE_STRING) || req
+ .getRequestType().equals(
+ IRequest.GETREVOCATIONINFO_REQUEST))) {
+ X509CertImpl issuedCert[] = req
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
+
+ arg.addBigIntegerValue("serialNumber",
+ issuedCert[0].getSerialNumber(), 16);
// Set Serial No for 2nd certificate
if (issuedCert.length == 2)
- arg.addBigIntegerValue("serialNumber2", issuedCert[1].getSerialNumber(), 16);
+ arg.addBigIntegerValue("serialNumber2",
+ issuedCert[1].getSerialNumber(), 16);
}
if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) {
- X509CertImpl oldCert[] =
- req.getExtDataInCertArray(IRequest.OLD_CERTS);
+ X509CertImpl oldCert[] = req
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
if (oldCert != null && oldCert.length > 0) {
- arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16);
- arg.addStringValue("subject", oldCert[0].getSubjectDN().toString());
+ arg.addBigIntegerValue("serialNumber",
+ oldCert[0].getSerialNumber(), 16);
+ arg.addStringValue("subject", oldCert[0].getSubjectDN()
+ .toString());
if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) {
for (int i = 0; i < oldCert.length; i++) {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- oldCert[i].getSerialNumber(), 16);
+ oldCert[i].getSerialNumber(), 16);
argSet.addRepeatRecord(rarg);
}
}
@@ -513,12 +585,13 @@ public class CertReqParser extends ReqParser {
}
if (name.equalsIgnoreCase(IRequest.CACERTCHAIN) && mDetails) {
- byte[] certChainData = req.getExtDataInByteArray(
- IRequest.CACERTCHAIN);
+ byte[] certChainData = req
+ .getExtDataInByteArray(IRequest.CACERTCHAIN);
if (certChainData != null) {
CertificateChain certChain = new CertificateChain();
try {
- certChain.decode(new ByteArrayInputStream(certChainData));
+ certChain
+ .decode(new ByteArrayInputStream(certChainData));
X509Certificate cert[] = certChain.getChain();
@@ -526,7 +599,7 @@ public class CertReqParser extends ReqParser {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- cert[i].getSerialNumber(), 16);
+ cert[i].getSerialNumber(), 16);
argSet.addRepeatRecord(rarg);
}
} catch (IOException e) {
@@ -535,22 +608,24 @@ public class CertReqParser extends ReqParser {
}
}
if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) {
- Hashtable fingerprints =
- req.getExtDataInHashtable(IRequest.FINGERPRINTS);
+ Hashtable fingerprints = req
+ .getExtDataInHashtable(IRequest.FINGERPRINTS);
if (fingerprints != null) {
String namesAndHashes = null;
Enumeration enumFingerprints = fingerprints.keys();
- while (enumFingerprints.hasMoreElements()) {
- String hashname = (String) enumFingerprints.nextElement();
+ while (enumFingerprints.hasMoreElements()) {
+ String hashname = (String) enumFingerprints
+ .nextElement();
String hashvalue = (String) fingerprints.get(hashname);
byte[] fingerprint = CMS.AtoB(hashvalue);
String ppFingerprint = pp.toHexString(fingerprint, 0);
if (hashname != null && ppFingerprint != null) {
if (namesAndHashes != null) {
- namesAndHashes += "+" + hashname + "+" + ppFingerprint;
+ namesAndHashes += "+" + hashname + "+"
+ + ppFingerprint;
} else {
namesAndHashes = hashname + "+" + ppFingerprint;
}
@@ -577,7 +652,8 @@ public class CertReqParser extends ReqParser {
int j = 0;
StringBuffer sb = new StringBuffer();
- for (Enumeration n = ((Vector) v).elements(); n.hasMoreElements(); j++) {
+ for (Enumeration n = ((Vector) v).elements(); n
+ .hasMoreElements(); j++) {
sb.append(";\n");
sb.append(valuename);
sb.append(LB);
@@ -585,10 +661,9 @@ public class CertReqParser extends ReqParser {
sb.append(RB);
sb.append(EQ);
sb.append("\"");
- sb.append(
- CMSTemplate.escapeJavaScriptStringHTML(
- n.nextElement().toString()));
- sb.append( "\";\n");
+ sb.append(CMSTemplate.escapeJavaScriptStringHTML(n
+ .nextElement().toString()));
+ sb.append("\";\n");
}
sb.append("\n");
valstr = sb.toString();
@@ -598,7 +673,7 @@ public class CertReqParser extends ReqParser {
// if an array.
int len = -1;
- try {
+ try {
len = Array.getLength(v);
} catch (IllegalArgumentException e) {
}
@@ -608,9 +683,15 @@ public class CertReqParser extends ReqParser {
for (i = 0; i < len; i++) {
if (Array.get(v, i) != null)
- valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" +
- CMSTemplate.escapeJavaScriptStringHTML(
- Array.get(v, i).toString()) + "\";\n";
+ valstr += ";\n"
+ + valuename
+ + LB
+ + i
+ + RB
+ + EQ
+ + "\""
+ + CMSTemplate.escapeJavaScriptStringHTML(Array
+ .get(v, i).toString()) + "\";\n";
}
return valstr;
}
@@ -618,17 +699,17 @@ public class CertReqParser extends ReqParser {
}
// if string or unrecognized type, just call its toString method.
- return valuename + "=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\"";
+ return valuename + "=\""
+ + CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\"";
}
public String getRequestorDN(IRequest request) {
try {
- X509CertInfo info = (X509CertInfo)
- request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+ X509CertInfo info = (X509CertInfo) request
+ .getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
// retrieve the subject name
- CertificateSubjectName sn = (CertificateSubjectName)
- info.get(X509CertInfo.SUBJECT);
+ CertificateSubjectName sn = (CertificateSubjectName) info
+ .get(X509CertInfo.SUBJECT);
return sn.toString();
} catch (Exception e) {
@@ -643,15 +724,16 @@ public class CertReqParser extends ReqParser {
String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID);
if (cid == null) {
- cid = "";
+ cid = "";
}
- String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID);
+ String uid = request
+ .getExtDataInString(IRequest.NETKEY_ATTR_USERID);
if (uid == null) {
- uid = "";
+ uid = "";
}
- kid = cid+":"+uid;
+ kid = cid + ":" + uid;
if (kid.equals(":")) {
- kid = "";
+ kid = "";
}
return kid;
@@ -661,15 +743,15 @@ public class CertReqParser extends ReqParser {
return null;
}
- private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
+ private void fillRevokeRequestIntoArg(Locale l, IRequest req,
+ CMSTemplateParams argSet, IArgBlock arg) throws EBaseException {
// fill in the standard attributes
super.fillRequestIntoArg(l, req, argSet, arg);
arg.addStringValue("certExtsEnabled", "yes");
String profile = req.getExtDataInString("profile");
- //CMS.debug("CertReqParser: profile=" + profile);
+ // CMS.debug("CertReqParser: profile=" + profile);
if (profile != null) {
arg.addStringValue("profile", profile);
String requestorDN = getRequestorDN(req);
@@ -690,7 +772,7 @@ public class CertReqParser extends ReqParser {
Enumeration enum1 = req.getExtDataKeys();
// gross hack
- String prefix = "record.";
+ String prefix = "record.";
if (argSet.getHeader() == arg)
prefix = "header.";
@@ -702,8 +784,9 @@ public class CertReqParser extends ReqParser {
// show all http parameters stored in request.
if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) {
Hashtable http_params = req.getExtDataInHashtable(name);
- // show certType specially
- String certType = (String) http_params.get(IRequest.CERT_TYPE);
+ // show certType specially
+ String certType = (String) http_params
+ .get(IRequest.CERT_TYPE);
if (certType != null) {
arg.addStringValue(IRequest.CERT_TYPE, certType);
@@ -713,16 +796,22 @@ public class CertReqParser extends ReqParser {
Enumeration elms = http_params.keys();
while (elms.hasMoreElements()) {
- String parami =
- IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
+ String parami = IRequest.HTTP_PARAMS + LB
+ + String.valueOf(counter++) + RB;
// hack
String n = (String) elms.nextElement();
- String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
- prefix + parami + ".value=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(
- http_params.get(n).toString()) + "\"";
+ String rawJS = "new Object;\n\r"
+ + prefix
+ + parami
+ + ".name=\""
+ + CMSTemplate.escapeJavaScriptString(n)
+ + "\";\n\r"
+ + prefix
+ + parami
+ + ".value=\""
+ + CMSTemplate
+ .escapeJavaScriptStringHTML(http_params
+ .get(n).toString()) + "\"";
arg.set(parami, new RawJS(rawJS));
}
@@ -733,16 +822,22 @@ public class CertReqParser extends ReqParser {
int counter = 0;
while (elms.hasMoreElements()) {
- String parami =
- IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
+ String parami = IRequest.HTTP_HEADERS + LB
+ + String.valueOf(counter++) + RB;
// hack
String n = (String) elms.nextElement();
- String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
- prefix + parami + ".value=\"" +
- CMSTemplate.escapeJavaScriptStringHTML(
- http_hdrs.get(n).toString()) + "\"";
+ String rawJS = "new Object;\n\r"
+ + prefix
+ + parami
+ + ".name=\""
+ + CMSTemplate.escapeJavaScriptString(n)
+ + "\";\n\r"
+ + prefix
+ + parami
+ + ".value=\""
+ + CMSTemplate
+ .escapeJavaScriptStringHTML(http_hdrs
+ .get(n).toString()) + "\"";
arg.set(parami, new RawJS(rawJS));
}
@@ -753,20 +848,21 @@ public class CertReqParser extends ReqParser {
int counter = 0;
while (elms.hasMoreElements()) {
- String parami =
- IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
+ String parami = IRequest.AUTH_TOKEN + LB
+ + String.valueOf(counter++) + RB;
// hack
String n = (String) elms.nextElement();
- String v =
- expandValue(prefix + parami + ".value",
+ String v = expandValue(prefix + parami + ".value",
auth_token.getInString(n));
- String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
+ String rawJS = "new Object;\n\r" + prefix + parami
+ + ".name=\""
+ + CMSTemplate.escapeJavaScriptString(n)
+ + "\";\n" + v;
arg.set(parami, new RawJS(rawJS));
}
- } // all others are request attrs from policy or internal modules.
+ } // all others are request attrs from policy or internal
+ // modules.
else {
Object val;
if (req.isSimpleExtDataValue(name)) {
@@ -779,25 +875,25 @@ public class CertReqParser extends ReqParser {
}
String valstr = "";
// hack
- String parami =
- IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
+ String parami = IRequest.SERVER_ATTRS + LB
+ + String.valueOf(saCounter++) + RB;
valstr = expandValue(prefix + parami + ".value", val);
- String rawJS = "new Object;\n\r" +
- prefix + parami + ".name=\"" +
- CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
- valstr; // java string already escaped in expandValue.
+ String rawJS = "new Object;\n\r" + prefix + parami
+ + ".name=\""
+ + CMSTemplate.escapeJavaScriptString(name)
+ + "\";\n" + valstr; // java string already escaped
+ // in expandValue.
arg.set(parami, new RawJS(rawJS));
}
}
if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
- || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
- || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
- || name.equalsIgnoreCase(IRequest.RESULT)
- || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)
- ) {
+ || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
+ || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
+ || name.equalsIgnoreCase(IRequest.RESULT)
+ || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
arg.addStringValue(name, req.getExtDataInString(name));
}
@@ -823,12 +919,14 @@ public class CertReqParser extends ReqParser {
}
}
if (name.equalsIgnoreCase(IRequest.ERROR)) {
- arg.addStringValue(IRequest.ERRORS, req.getExtDataInString(name));
+ arg.addStringValue(IRequest.ERRORS,
+ req.getExtDataInString(name));
}
if (name.equalsIgnoreCase(IRequest.CERT_INFO)) {
- // Get the certificate info from the request
- RevokedCertImpl revokedCert[] = req.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+ // Get the certificate info from the request
+ RevokedCertImpl revokedCert[] = req
+ .getExtDataInRevokedCertArray(IRequest.CERT_INFO);
if (mDetails && revokedCert != null) {
if (argSet != null) {
@@ -836,35 +934,39 @@ public class CertReqParser extends ReqParser {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- revokedCert[i].getSerialNumber(), 16);
+ revokedCert[i].getSerialNumber(), 16);
- CRLExtensions crlExtensions = revokedCert[i].getExtensions();
+ CRLExtensions crlExtensions = revokedCert[i]
+ .getExtensions();
if (crlExtensions != null) {
for (int k = 0; k < crlExtensions.size(); k++) {
- Extension ext = (Extension) crlExtensions.elementAt(k);
+ Extension ext = (Extension) crlExtensions
+ .elementAt(k);
if (ext instanceof CRLReasonExtension) {
rarg.addStringValue("reason",
- ((CRLReasonExtension) ext).getReason().toString());
+ ((CRLReasonExtension) ext)
+ .getReason().toString());
}
}
} else {
rarg.addStringValue("reason",
- RevocationReason.UNSPECIFIED.toString());
+ RevocationReason.UNSPECIFIED.toString());
}
argSet.addRepeatRecord(rarg);
}
} else {
arg.addBigIntegerValue("serialNumber",
- revokedCert[0].getSerialNumber(), 16);
+ revokedCert[0].getSerialNumber(), 16);
}
}
}
if (name.equalsIgnoreCase(IRequest.OLD_SERIALS) && mDetails) {
- BigInteger oldSerialNo[] = req.getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
+ BigInteger oldSerialNo[] = req
+ .getExtDataInBigIntegerArray(IRequest.OLD_SERIALS);
if (oldSerialNo != null) {
if (argSet != null) {
@@ -872,7 +974,7 @@ public class CertReqParser extends ReqParser {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- oldSerialNo[i], 16);
+ oldSerialNo[i], 16);
argSet.addRepeatRecord(rarg);
}
}
@@ -880,24 +982,27 @@ public class CertReqParser extends ReqParser {
}
if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) {
- //X509CertImpl oldCert[] =
- // (X509CertImpl[])req.get(IRequest.OLD_CERTS);
- Certificate oldCert[] =
- (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS);
-
+ // X509CertImpl oldCert[] =
+ // (X509CertImpl[])req.get(IRequest.OLD_CERTS);
+ Certificate oldCert[] = (Certificate[]) req
+ .getExtDataInCertArray(IRequest.OLD_CERTS);
+
if (oldCert != null && oldCert.length > 0) {
if (oldCert[0] instanceof X509CertImpl) {
X509CertImpl xcert = (X509CertImpl) oldCert[0];
- arg.addBigIntegerValue("serialNumber", xcert.getSerialNumber(), 16);
- arg.addStringValue("subject", xcert.getSubjectDN().toString());
- if (req.getRequestType().equals(IRequest.GETCERTS_REQUEST)) {
+ arg.addBigIntegerValue("serialNumber",
+ xcert.getSerialNumber(), 16);
+ arg.addStringValue("subject", xcert.getSubjectDN()
+ .toString());
+ if (req.getRequestType().equals(
+ IRequest.GETCERTS_REQUEST)) {
for (int i = 0; i < oldCert.length; i++) {
IArgBlock rarg = CMS.createArgBlock();
xcert = (X509CertImpl) oldCert[i];
rarg.addBigIntegerValue("serialNumber",
- xcert.getSerialNumber(), 16);
+ xcert.getSerialNumber(), 16);
argSet.addRepeatRecord(rarg);
}
}
@@ -905,21 +1010,23 @@ public class CertReqParser extends ReqParser {
}
}
- if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails &&
- req.getRequestType().equals("getRevocationInfo")) {
- RevokedCertImpl revokedCert[] =
- req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
+ if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails
+ && req.getRequestType().equals("getRevocationInfo")) {
+ RevokedCertImpl revokedCert[] = req
+ .getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
if (revokedCert != null && revokedCert[0] != null) {
boolean reasonFound = false;
- CRLExtensions crlExtensions = revokedCert[0].getExtensions();
+ CRLExtensions crlExtensions = revokedCert[0]
+ .getExtensions();
for (int k = 0; k < crlExtensions.size(); k++) {
Extension ext = (Extension) crlExtensions.elementAt(k);
if (ext instanceof CRLReasonExtension) {
arg.addStringValue("reason",
- ((CRLReasonExtension) ext).getReason().toString());
+ ((CRLReasonExtension) ext).getReason()
+ .toString());
reasonFound = true;
}
}
@@ -930,5 +1037,5 @@ public class CertReqParser extends ReqParser {
}
}
}
-
+
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
index 127f2ce8..3eca4390 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
@@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Check the status of a certificate request
- *
+ *
* @version $Revision$, $Date$
*/
public class CheckRequest extends CMSServlet {
@@ -116,15 +114,14 @@ public class CheckRequest extends CMSServlet {
/**
* Constructs request query servlet.
*/
- public CheckRequest()
- throws EBaseException {
+ public CheckRequest() throws EBaseException {
super();
}
/**
* initialize the servlet. This servlet uses the template file
* "requestStatus.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -140,12 +137,12 @@ public class CheckRequest extends CMSServlet {
* Process the HTTP request.
* <ul>
* <li>http.param requestId ID of the request to check
- * <li>http.param format if 'id', then check the request based on
- * the request ID parameter. If set to CMC, then use the
- * 'queryPending' parameter.
+ * <li>http.param format if 'id', then check the request based on the
+ * request ID parameter. If set to CMC, then use the 'queryPending'
+ * parameter.
* <li>http.param queryPending query formatted as a CMC request
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -162,14 +159,14 @@ public class CheckRequest extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -187,9 +184,10 @@ public class CheckRequest extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
IArgBlock header = CMS.createArgBlock();
@@ -207,27 +205,31 @@ public class CheckRequest extends CMSServlet {
// They may check the status using CMC queryPending
String queryPending = req.getParameter("queryPending");
- if (format != null && format.equals("cmc") && queryPending != null && !queryPending.equals("")) {
+ if (format != null && format.equals("cmc") && queryPending != null
+ && !queryPending.equals("")) {
try {
isCMCReq = true;
byte[] cmcBlob = CMS.AtoB(queryPending);
- ByteArrayInputStream cmcBlobIn =
- new ByteArrayInputStream(cmcBlob);
-
- org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo)
- org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
- SignedData cmcFullReq = (SignedData)
- cii.getInterpretedContent();
-
+ ByteArrayInputStream cmcBlobIn = new ByteArrayInputStream(
+ cmcBlob);
+
+ org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) org.mozilla.jss.pkix.cms.ContentInfo
+ .getTemplate().decode(cmcBlobIn);
+ SignedData cmcFullReq = (SignedData) cii
+ .getInterpretedContent();
+
EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
OBJECT_IDENTIFIER id = ci.getContentType();
- if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) {
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
+ if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData)
+ || !ci.hasContent()) {
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
}
OCTET_STRING content = ci.getContent();
- ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
+ ByteArrayInputStream s = new ByteArrayInputStream(
+ content.toByteArray());
PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
SEQUENCE controlSequence = pkiData.getControlSequence();
@@ -235,7 +237,8 @@ public class CheckRequest extends CMSServlet {
for (int i = 0; i < numControls; i++) {
// decode message.
- TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i);
+ TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence
+ .elementAt(i);
OBJECT_IDENTIFIER type = taggedAttr.getType();
if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) {
@@ -245,19 +248,21 @@ public class CheckRequest extends CMSServlet {
// We only process one for now.
if (numReq > 0) {
- OCTET_STRING reqId = (OCTET_STRING)
- ASN1Util.decode(OCTET_STRING.getTemplate(),
- ASN1Util.encode(requestIds.elementAt(0)));
+ OCTET_STRING reqId = (OCTET_STRING) ASN1Util
+ .decode(OCTET_STRING.getTemplate(),
+ ASN1Util.encode(requestIds
+ .elementAt(0)));
requestId = new String(reqId.toByteArray());
}
- } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) {
+ } else if (type
+ .equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) {
transIds = taggedAttr.getValues();
- }else if
- (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
+ } else if (type
+ .equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
rNonces = taggedAttr.getValues();
- } else if
- (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+ } else if (type
+ .equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
sNonces = taggedAttr.getValues();
}
}
@@ -267,56 +272,63 @@ public class CheckRequest extends CMSServlet {
}
IArgBlock httpParams = cmsReq.getHttpParams();
- boolean importCert = httpParams.getValueAsBoolean("importCert",
- false);
+ boolean importCert = httpParams.getValueAsBoolean("importCert", false);
// xxx need to check why this is not available at startup
X509Certificate mCACerts[] = null;
try {
- mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
+ mCACerts = ((ICertAuthority) mAuthority).getCACertChain()
+ .getChain();
} catch (Exception e) {
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
+ CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
}
if (requestId == null || requestId.trim().equals("")) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
}
try {
Integer.parseInt(requestId);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId));
- throw new EBaseException(
- CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
- }
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ throw new EBaseException(CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ }
IRequest r = mQueue.findRequest(new RequestId(requestId));
if (r == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_ID_NOT_FOUND_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
}
if (authToken != null) {
- // if RA, requestOwner must match the group
- String group = authToken.getInString("group");
- if ((group != null) && (group != "")) {
- if (group.equals("Registration Manager Agents")) {
- boolean groupMatched = false;
- String requestOwner = r.getExtDataInString("requestOwner");
- if (requestOwner != null) {
- if (requestOwner.equals(group))
- groupMatched = true;
- }
- if (groupMatched == false) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString()));
- throw new EBaseException(
- CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
- }
+ // if RA, requestOwner must match the group
+ String group = authToken.getInString("group");
+ if ((group != null) && (group != "")) {
+ if (group.equals("Registration Manager Agents")) {
+ boolean groupMatched = false;
+ String requestOwner = r.getExtDataInString("requestOwner");
+ if (requestOwner != null) {
+ if (requestOwner.equals(group))
+ groupMatched = true;
+ }
+ if (groupMatched == false) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "BASE_INVALID_NUMBER_FORMAT_1",
+ requestId.toString()));
+ throw new EBaseException(CMS.getUserMessage(
+ getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ }
+ }
}
- }
}
RequestStatus status = r.getRequestStatus();
@@ -327,35 +339,37 @@ public class CheckRequest extends CMSServlet {
header.addStringValue(STATUS, status.toString());
header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000);
header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000);
- if (note != null && note.length() > 0)
+ if (note != null && note.length() > 0)
header.addStringValue("requestNotes", note);
String type = r.getRequestType();
Integer result = r.getExtDataInInteger(IRequest.RESULT);
-/* if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) {
- X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT);
- IArgBlock rarg = CMS.createArgBlock();
-
- rarg.addBigIntegerValue("serialNumber",
- cert.getSerialNumber(), 16);
- argSet.addRepeatRecord(rarg);
- }
-*/
+ /*
+ * if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") !=
+ * null) && status.equals(RequestStatus.COMPLETE)) { X509CertImpl cert =
+ * (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); IArgBlock
+ * rarg = CMS.createArgBlock();
+ *
+ * rarg.addBigIntegerValue("serialNumber", cert.getSerialNumber(), 16);
+ * argSet.addRepeatRecord(rarg); }
+ */
String profileId = r.getExtDataInString("profileId");
if (profileId != null) {
- result = IRequest.RES_SUCCESS;
+ result = IRequest.RES_SUCCESS;
}
- if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) ||
- type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) &&
- status.equals(RequestStatus.COMPLETE) && (result != null) &&
- result.equals(IRequest.RES_SUCCESS)) {
+ if ((type != null)
+ && (type.equals(IRequest.ENROLLMENT_REQUEST) || type
+ .equals(IRequest.RENEWAL_REQUEST)) && (status != null)
+ && status.equals(RequestStatus.COMPLETE) && (result != null)
+ && result.equals(IRequest.RES_SUCCESS)) {
Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (profileId != null) {
- X509CertImpl impl[] = new X509CertImpl[1];
- impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
- o = impl;
+ X509CertImpl impl[] = new X509CertImpl[1];
+ impl[0] = r
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+ o = impl;
}
if (o != null && (o instanceof X509CertImpl[])) {
X509CertImpl[] certs = (X509CertImpl[]) o;
@@ -366,25 +380,25 @@ public class CheckRequest extends CMSServlet {
IArgBlock rarg = CMS.createArgBlock();
rarg.addBigIntegerValue("serialNumber",
- certs[i].getSerialNumber(), 16);
+ certs[i].getSerialNumber(), 16);
// add pkcs7 cert for importing
if (importCert || isCMCReq) {
- //byte[] ba = certs[i].getEncoded();
- X509CertImpl[] certsInChain = new X509CertImpl[1];;
+ // byte[] ba = certs[i].getEncoded();
+ X509CertImpl[] certsInChain = new X509CertImpl[1];
+ ;
if (mCACerts != null) {
for (int ii = 0; ii < mCACerts.length; ii++) {
if (certs[i].equals(mCACerts[ii])) {
- certsInChain = new
- X509CertImpl[mCACerts.length];
+ certsInChain = new X509CertImpl[mCACerts.length];
break;
}
certsInChain = new X509CertImpl[mCACerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = certs[i];
-
+
// Set the Ca certificate chain
if (mCACerts != null) {
for (int ii = 0; ii < mCACerts.length; ii++) {
@@ -396,8 +410,10 @@ public class CheckRequest extends CMSServlet {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new netscape.security.pkcs.ContentInfo(new byte[0]),
+ PKCS7 p7 = new PKCS7(
+ new AlgorithmId[0],
+ new netscape.security.pkcs.ContentInfo(
+ new byte[0]),
certsInChain,
new netscape.security.pkcs.SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
@@ -407,7 +423,7 @@ public class CheckRequest extends CMSServlet {
p7Str = CMS.BtoA(p7Bytes);
- StringTokenizer tokenizer = null;
+ StringTokenizer tokenizer = null;
if (File.separator.equals("\\")) {
char[] nl = new char[2];
@@ -416,18 +432,22 @@ public class CheckRequest extends CMSServlet {
nl[1] = 13;
String nlstr = new String(nl);
- tokenizer = new StringTokenizer(p7Str, nlstr);
+ tokenizer = new StringTokenizer(p7Str,
+ nlstr);
} else
- tokenizer = new StringTokenizer(p7Str, "\n");
+ tokenizer = new StringTokenizer(p7Str,
+ "\n");
StringBuffer res = new StringBuffer();
while (tokenizer.hasMoreTokens()) {
- String elem = (String) tokenizer.nextToken();
+ String elem = (String) tokenizer
+ .nextToken();
res.append(elem);
}
- header.addStringValue("pkcs7ChainBase64", res.toString());
+ header.addStringValue("pkcs7ChainBase64",
+ res.toString());
// compose full response
if (isCMCReq) {
@@ -437,152 +457,177 @@ public class CheckRequest extends CMSServlet {
if (bodyPartId != null)
bpids.addElement(bodyPartId);
- CMCStatusInfo cmcStatusInfo = new
- CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids);
- TaggedAttribute ta = new TaggedAttribute(new
- INTEGER(bpid++),
+ CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
+ CMCStatusInfo.SUCCESS, bpids);
+ TaggedAttribute ta = new TaggedAttribute(
+ new INTEGER(bpid++),
OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
cmcStatusInfo);
controlSeq.addElement(ta);
-
+
// copy transactionID, senderNonce,
// create recipientNonce
if (transIds != null) {
- ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_transactionId,
- transIds);
+ ta = new TaggedAttribute(
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_transactionId,
+ transIds);
controlSeq.addElement(ta);
}
-
+
if (sNonces != null) {
- ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_recipientNonce,
- sNonces);
+ ta = new TaggedAttribute(
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_recipientNonce,
+ sNonces);
controlSeq.addElement(ta);
}
-
+
String salt = CMSServlet.generateSalt();
byte[] dig;
try {
- MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
+ MessageDigest SHA1Digest = MessageDigest
+ .getInstance("SHA1");
- dig = SHA1Digest.digest(salt.getBytes());
+ dig = SHA1Digest.digest(salt
+ .getBytes());
} catch (NoSuchAlgorithmException ex) {
dig = salt.getBytes();
}
String b64E = CMS.BtoA(dig);
- String[] newNonce = {b64E};
+ String[] newNonce = { b64E };
- ta = new TaggedAttribute(new
- INTEGER(bpid++),
- OBJECT_IDENTIFIER.id_cmc_senderNonce,
- new OCTET_STRING(newNonce[0].getBytes()));
+ ta = new TaggedAttribute(
+ new INTEGER(bpid++),
+ OBJECT_IDENTIFIER.id_cmc_senderNonce,
+ new OCTET_STRING(newNonce[0]
+ .getBytes()));
controlSeq.addElement(ta);
-
- ResponseBody rb = new ResponseBody(controlSeq, new
- SEQUENCE(), new
- SEQUENCE());
- EncapsulatedContentInfo ci = new
- EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
+
+ ResponseBody rb = new ResponseBody(
+ controlSeq, new SEQUENCE(),
+ new SEQUENCE());
+ EncapsulatedContentInfo ci = new EncapsulatedContentInfo(
+ OBJECT_IDENTIFIER.id_cct_PKIResponse,
rb);
-
+
org.mozilla.jss.crypto.X509Certificate x509cert = null;
if (mAuthority instanceof ICertificateAuthority) {
- x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert();
- }else if (mAuthority instanceof IRegistrationAuthority) {
- x509cert = ((IRegistrationAuthority) mAuthority).getRACert();
+ x509cert = ((ICertificateAuthority) mAuthority)
+ .getCaX509Cert();
+ } else if (mAuthority instanceof IRegistrationAuthority) {
+ x509cert = ((IRegistrationAuthority) mAuthority)
+ .getRACert();
}
if (x509cert == null)
- throw new
- ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found."));
-
- X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
- ByteArrayInputStream issuer1 = new
- ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
- Name issuer = (Name) Name.getTemplate().decode(issuer1);
- IssuerAndSerialNumber ias = new
- IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
- SignerIdentifier si = new
- SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
-
- // SHA1 is the default digest Alg for now.
+ throw new ECMSGWException(
+ CMS.getUserMessage(
+ "CMS_GW_CMC_ERROR",
+ "No signing cert found."));
+
+ X509CertImpl cert = new X509CertImpl(
+ x509cert.getEncoded());
+ ByteArrayInputStream issuer1 = new ByteArrayInputStream(
+ ((X500Name) cert.getIssuerDN())
+ .getEncoded());
+ Name issuer = (Name) Name.getTemplate()
+ .decode(issuer1);
+ IssuerAndSerialNumber ias = new IssuerAndSerialNumber(
+ issuer, new INTEGER(cert
+ .getSerialNumber()
+ .toString()));
+ SignerIdentifier si = new SignerIdentifier(
+ SignerIdentifier.ISSUER_AND_SERIALNUMBER,
+ ias, null);
+
+ // SHA1 is the default digest Alg for
+ // now.
DigestAlgorithm digestAlg = null;
SignatureAlgorithm signAlg = null;
- org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert);
- org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
-
- if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA))
+ org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager
+ .getInstance()
+ .findPrivKeyByCert(x509cert);
+ org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey
+ .getType();
+
+ if (keyType
+ .equals(org.mozilla.jss.crypto.PrivateKey.RSA))
signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
- else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA))
+ else if (keyType
+ .equals(org.mozilla.jss.crypto.PrivateKey.DSA))
signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
MessageDigest SHADigest = null;
byte[] digest = null;
try {
- SHADigest = MessageDigest.getInstance("SHA1");
+ SHADigest = MessageDigest
+ .getInstance("SHA1");
digestAlg = DigestAlgorithm.SHA1;
ByteArrayOutputStream ostream = new ByteArrayOutputStream();
rb.encode((OutputStream) ostream);
- digest = SHADigest.digest(ostream.toByteArray());
+ digest = SHADigest.digest(ostream
+ .toByteArray());
} catch (NoSuchAlgorithmException ex) {
- //log("digest fail");
+ // log("digest fail");
}
-
- org.mozilla.jss.pkix.cms.SignerInfo signInfo = new
- org.mozilla.jss.pkix.cms.SignerInfo(si, null, null,
+
+ org.mozilla.jss.pkix.cms.SignerInfo signInfo = new org.mozilla.jss.pkix.cms.SignerInfo(
+ si,
+ null,
+ null,
OBJECT_IDENTIFIER.id_cct_PKIResponse,
- digest, signAlg,
- privKey);
+ digest, signAlg, privKey);
SET signInfos = new SET();
signInfos.addElement(signInfo);
-
+
SET digestAlgs = new SET();
if (digestAlg != null) {
- AlgorithmIdentifier ai = new
- AlgorithmIdentifier(digestAlg.toOID(),
- null);
+ AlgorithmIdentifier ai = new AlgorithmIdentifier(
+ digestAlg.toOID(), null);
digestAlgs.addElement(ai);
}
-
+
SET jsscerts = new SET();
for (int j = 0; j < certsInChain.length; j++) {
- ByteArrayInputStream is = new
- ByteArrayInputStream(certsInChain[j].getEncoded());
- org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate)
- org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is);
+ ByteArrayInputStream is = new ByteArrayInputStream(
+ certsInChain[j]
+ .getEncoded());
+ org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate) org.mozilla.jss.pkix.cert.Certificate
+ .getTemplate().decode(is);
jsscerts.addElement(certJss);
}
-
- SignedData fResponse = new
- SignedData(digestAlgs, ci,
- jsscerts, null, signInfos);
- org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new
- org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse);
- ByteArrayOutputStream ostream = new
- ByteArrayOutputStream();
-
- fullResponse.encode((OutputStream) ostream);
+
+ SignedData fResponse = new SignedData(
+ digestAlgs, ci, jsscerts, null,
+ signInfos);
+ org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new org.mozilla.jss.pkix.cms.ContentInfo(
+ org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA,
+ fResponse);
+ ByteArrayOutputStream ostream = new ByteArrayOutputStream();
+
+ fullResponse
+ .encode((OutputStream) ostream);
byte[] fr = ostream.toByteArray();
- header.addStringValue(FULL_RESPONSE, CMS.BtoA(fr));
+ header.addStringValue(FULL_RESPONSE,
+ CMS.BtoA(fr));
}
} catch (Exception e) {
e.printStackTrace();
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERROR_FORMING_PKCS7_1",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+ CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
}
}
argSet.addRepeatRecord(rarg);
@@ -598,22 +643,21 @@ public class CheckRequest extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
index 0e3974a1..85a546ab 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.util.Locale;
import com.netscape.certsrv.base.EBaseException;
@@ -25,13 +24,11 @@ import com.netscape.certsrv.base.IArgBlock;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.common.CMSTemplateParams;
-
/**
- * An interface representing a request parser which
- * converts Java request object into name value
- * pairs and vice versa.
+ * An interface representing a request parser which converts Java request object
+ * into name value pairs and vice versa.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public interface IReqParser {
@@ -39,6 +36,6 @@ public interface IReqParser {
/**
* Maps request object into argument block.
*/
- public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException;
+ public void fillRequestIntoArg(Locale l, IRequest req,
+ CMSTemplateParams argSet, IArgBlock arg) throws EBaseException;
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
index 459aca63..4348a545 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.math.BigInteger;
import java.util.Locale;
@@ -29,10 +28,9 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.key.KeyRecordParser;
-
/**
* Output a 'pretty print' of a Key Archival request
- *
+ *
* @version $Revision$, $Date$
*/
public class KeyReqParser extends ReqParser {
@@ -49,8 +47,8 @@ public class KeyReqParser extends ReqParser {
/**
* Fills in certificate specific request attributes.
*/
- public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
+ public void fillRequestIntoArg(Locale l, IRequest req,
+ CMSTemplateParams argSet, IArgBlock arg) throws EBaseException {
// fill in the standard attributes
super.fillRequestIntoArg(l, req, argSet, arg);
@@ -58,11 +56,11 @@ public class KeyReqParser extends ReqParser {
if (type.equals(IRequest.ENROLLMENT_REQUEST)) {
BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord");
- IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra");
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem("kra");
if (kra != null) {
- KeyRecordParser.fillRecordIntoArg(
- kra.getKeyRepository().readKeyRecord(recSerialNo),
- arg);
+ KeyRecordParser.fillRecordIntoArg(kra.getKeyRepository()
+ .readKeyRecord(recSerialNo), arg);
} else {
throw new EBaseException("KRA is not available");
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
index 76418a99..b5fe3c4c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
@@ -79,12 +78,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
- * Agent operations on Certificate requests. This servlet is used
- * by an Agent to approve, reject, reassign, or change a certificate
- * request.
- *
+ * Agent operations on Certificate requests. This servlet is used by an Agent to
+ * approve, reject, reassign, or change a certificate request.
+ *
* @version $Revision$, $Date$
*/
public class ProcessCertReq extends CMSServlet {
@@ -105,101 +102,85 @@ public class ProcessCertReq extends CMSServlet {
private boolean mExtraAgentParams = false;
// for RA only since it does not have a database.
- private final static String
- REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template";
- private final static String
- PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate";
- private final static String
- PROP_EXTRA_AGENT_PARAMS = "extraAgentParams";
- private static ICMSTemplateFiller
- REQ_COMPLETED_FILLER = new RAReqCompletedFiller();
+ private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template";
+ private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate";
+ private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams";
+ private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller();
private String mReqCompletedTemplate = null;
- private final static String
- CERT_TYPE = "certType";
+ private final static String CERT_TYPE = "certType";
private String auditServiceID = ILogger.UNIDENTIFIED;
- private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET =
- "caProcessCertReq";
- private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET =
- "raProcessCertReq";
+ private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET = "caProcessCertReq";
+ private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET = "raProcessCertReq";
private final static String SIGNED_AUDIT_ACCEPTANCE = "accept";
private final static String SIGNED_AUDIT_CANCELLATION = "cancel";
private final static String SIGNED_AUDIT_CLONING = "clone";
private final static String SIGNED_AUDIT_REJECTION = "reject";
private final static byte EOL[] = { Character.LINE_SEPARATOR };
- private final static String[]
- SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] {
-
- /* 0 */ "manual non-profile cert request cancellation: "
- + "request cannot be processed due to an "
- + "authorization failure",
-
- /* 1 */ "manual non-profile cert request cancellation: "
- + "no reason has been given for cancelling this "
- + "cert request",
-
- /* 2 */ "manual non-profile cert request cancellation: "
- + "indeterminate reason for inability to process "
- + "cert request due to an EBaseException",
-
- /* 3 */ "manual non-profile cert request cancellation: "
- + "indeterminate reason for inability to process "
- + "cert request due to an IOException",
-
- /* 4 */ "manual non-profile cert request cancellation: "
- + "indeterminate reason for inability to process "
- + "cert request due to a CertificateException",
-
- /* 5 */ "manual non-profile cert request cancellation: "
- + "indeterminate reason for inability to process "
- + "cert request due to a NoSuchAlgorithmException"
- };
- private final static String[]
- SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] {
-
- /* 0 */ "manual non-profile cert request rejection: "
- + "request cannot be processed due to an "
- + "authorization failure",
-
- /* 1 */ "manual non-profile cert request rejection: "
- + "no reason has been given for rejecting this "
- + "cert request",
-
- /* 2 */ "manual non-profile cert request rejection: "
- + "indeterminate reason for inability to process "
- + "cert request due to an EBaseException",
-
- /* 3 */ "manual non-profile cert request rejection: "
- + "indeterminate reason for inability to process "
- + "cert request due to an IOException",
-
- /* 4 */ "manual non-profile cert request rejection: "
- + "indeterminate reason for inability to process "
- + "cert request due to a CertificateException",
-
- /* 5 */ "manual non-profile cert request rejection: "
- + "indeterminate reason for inability to process "
- + "cert request due to a NoSuchAlgorithmException"
- };
- private final static String
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
- "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
- "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+ private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] {
+
+ /* 0 */"manual non-profile cert request cancellation: "
+ + "request cannot be processed due to an "
+ + "authorization failure",
+
+ /* 1 */"manual non-profile cert request cancellation: "
+ + "no reason has been given for cancelling this "
+ + "cert request",
+
+ /* 2 */"manual non-profile cert request cancellation: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to an EBaseException",
+
+ /* 3 */"manual non-profile cert request cancellation: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to an IOException",
+
+ /* 4 */"manual non-profile cert request cancellation: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to a CertificateException",
+
+ /* 5 */"manual non-profile cert request cancellation: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to a NoSuchAlgorithmException" };
+ private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] {
+
+ /* 0 */"manual non-profile cert request rejection: "
+ + "request cannot be processed due to an "
+ + "authorization failure",
+
+ /* 1 */"manual non-profile cert request rejection: "
+ + "no reason has been given for rejecting this "
+ + "cert request",
+
+ /* 2 */"manual non-profile cert request rejection: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to an EBaseException",
+
+ /* 3 */"manual non-profile cert request rejection: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to an IOException",
+
+ /* 4 */"manual non-profile cert request rejection: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to a CertificateException",
+
+ /* 5 */"manual non-profile cert request rejection: "
+ + "indeterminate reason for inability to process "
+ + "cert request due to a NoSuchAlgorithmException" };
+ private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST = "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED = "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
/**
* Process request.
*/
- public ProcessCertReq()
- throws EBaseException {
+ public ProcessCertReq() throws EBaseException {
super();
}
/**
* initialize the servlet. This servlet uses the template file
* "processCertReq.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -210,10 +191,9 @@ public class ProcessCertReq extends CMSServlet {
String id = sc.getInitParameter(CMSServlet.PROP_ID);
if (id != null) {
- if (!(auditServiceID.equals(
- AGENT_CA_CLONE_ENROLLMENT_SERVLET))
- && !(auditServiceID.equals(
- AGENT_RA_CLONE_ENROLLMENT_SERVLET))) {
+ if (!(auditServiceID.equals(AGENT_CA_CLONE_ENROLLMENT_SERVLET))
+ && !(auditServiceID
+ .equals(AGENT_RA_CLONE_ENROLLMENT_SERVLET))) {
auditServiceID = ILogger.UNIDENTIFIED;
} else {
auditServiceID = id.trim();
@@ -221,20 +201,20 @@ public class ProcessCertReq extends CMSServlet {
}
mQueue = mAuthority.getRequestQueue();
- mPublisherProcessor =
- ((ICertAuthority) mAuthority).getPublisherProcessor();
+ mPublisherProcessor = ((ICertAuthority) mAuthority)
+ .getPublisherProcessor();
mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
mParser = CertReqParser.DETAIL_PARSER;
- // override success and error templates to null -
+ // override success and error templates to null -
// handle templates locally.
mTemplates.remove(CMSRequest.SUCCESS);
try {
- mReqCompletedTemplate = sc.getInitParameter(
- PROP_REQ_COMPLETED_TEMPLATE);
+ mReqCompletedTemplate = sc
+ .getInitParameter(PROP_REQ_COMPLETED_TEMPLATE);
if (mReqCompletedTemplate == null)
mReqCompletedTemplate = REQ_COMPLETED_TEMPLATE;
String tmp = sc.getInitParameter(PROP_EXTRA_AGENT_PARAMS);
@@ -252,25 +232,24 @@ public class ProcessCertReq extends CMSServlet {
}
}
-
/**
* Process the HTTP request.
* <ul>
- * <li>http.param seqNum request id
- * <li>http.param notValidBefore certificate validity
- * - notBefore - in seconds since jan 1, 1970
- * <li>http.param notValidAfter certificate validity
- * - notAfter - in seconds since jan 1, 1970
- * <li>http.param subject certificate subject name
- * <li>http.param toDo requested action
- * (can be one of: clone, reject, accept, cancel)
+ * <li>http.param seqNum request id
+ * <li>http.param notValidBefore certificate validity - notBefore - in
+ * seconds since jan 1, 1970
+ * <li>http.param notValidAfter certificate validity - notAfter - in seconds
+ * since jan 1, 1970
+ * <li>http.param subject certificate subject name
+ * <li>http.param toDo requested action (can be one of: clone, reject,
+ * accept, cancel)
* <li>http.param signatureAlgorithm certificate signing algorithm
- * <li>http.param addExts base-64, DER encoded Extension or
- * SEQUENCE OF Extensions to add to certificate
- * <li>http.param pathLenConstraint integer path length constraint to
- * use in BasicConstraint extension if applicable
+ * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF
+ * Extensions to add to certificate
+ * <li>http.param pathLenConstraint integer path length constraint to use in
+ * BasicConstraint extension if applicable
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -297,15 +276,16 @@ public class ProcessCertReq extends CMSServlet {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
if (req.getParameter(SEQNUM) != null) {
- CMS.debug(
- "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM));
+ CMS.debug("ProcessCertReq: parameter seqNum "
+ + req.getParameter(SEQNUM));
seqNum = Integer.parseInt(req.getParameter(SEQNUM));
}
String notValidBeforeStr = req.getParameter("notValidBefore");
@@ -326,31 +306,30 @@ public class ProcessCertReq extends CMSServlet {
subject = req.getParameter("subject");
signatureAlgorithm = req.getParameter("signatureAlgorithm");
-
IRequest r = null;
if (seqNum > -1) {
- r = mQueue.findRequest(new RequestId(
- Integer.toString(seqNum)));
+ r = mQueue.findRequest(new RequestId(Integer.toString(seqNum)));
}
- if(seqNum > -1 && r != null)
- {
- processX509(cmsReq, argSet, header, seqNum, req, resp,
- toDo, signatureAlgorithm, subject,
- notValidBefore, notValidAfter, locale[0], startTime);
+ if (seqNum > -1 && r != null) {
+ processX509(cmsReq, argSet, header, seqNum, req, resp, toDo,
+ signatureAlgorithm, subject, notValidBefore,
+ notValidAfter, locale[0], startTime);
} else {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum)));
- error = new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
- String.valueOf(seqNum)));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1",
+ String.valueOf(seqNum)));
+ error = new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum)));
}
} catch (EBaseException e) {
error = e;
} catch (NumberFormatException e) {
log(ILogger.LL_FAILURE, "Error " + e);
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
- }
+ error = new EBaseException(CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT"));
+ }
try {
ServletOutputStream out = resp.getOutputStream();
@@ -358,46 +337,47 @@ public class ProcessCertReq extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- String output = form.getOutput(argSet);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ String output = form.getOutput(argSet);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
-
+
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
return;
}
/**
* Process X509 certificate enrollment request and send request information
- * to the caller.
+ * to the caller.
* <P>
- *
+ *
* (Certificate Request - an "agent" cert request for "cloning")
* <P>
- *
- * (Certificate Request Processed - either a manual "agent" non-profile
- * based cert acceptance, a manual "agent" non-profile based cert
- * cancellation, or a manual "agent" non-profile based cert rejection)
+ *
+ * (Certificate Request Processed - either a manual "agent" non-profile
+ * based cert acceptance, a manual "agent" non-profile based cert
+ * cancellation, or a manual "agent" non-profile based cert rejection)
* <P>
- *
+ *
* <ul>
- * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a
- * non-profile cert request is made (before approval process)
+ * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when
+ * a non-profile cert request is made (before approval process)
* <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
* certificate request has just been through the approval process
* </ul>
+ *
* @param cmsReq a certificate enrollment request
* @param argSet CMS template parameters
* @param header argument block
@@ -405,26 +385,22 @@ public class ProcessCertReq extends CMSServlet {
* @param req HTTP servlet request
* @param resp HTTP servlet response
* @param toDo string representing the requested action (can be one of:
- * clone, reject, accept, cancel)
+ * clone, reject, accept, cancel)
* @param signatureAlgorithm string containing the signature algorithm
* @param subject string containing the subject name of the certificate
- * @param notValidBefore certificate validity - notBefore - in seconds
- * since Jan 1, 1970
+ * @param notValidBefore certificate validity - notBefore - in seconds since
+ * Jan 1, 1970
* @param notValidAfter certificate validity - notAfter - in seconds since
- * Jan 1, 1970
+ * Jan 1, 1970
* @param locale the system locale
* @param startTime the current date
* @exception EBaseException an error has occurred
*/
- private void processX509(CMSRequest cmsReq,
- CMSTemplateParams argSet, IArgBlock header,
- int seqNum, HttpServletRequest req,
- HttpServletResponse resp,
- String toDo, String signatureAlgorithm,
- String subject,
- long notValidBefore, long notValidAfter,
- Locale locale, long startTime)
- throws EBaseException {
+ private void processX509(CMSRequest cmsReq, CMSTemplateParams argSet,
+ IArgBlock header, int seqNum, HttpServletRequest req,
+ HttpServletResponse resp, String toDo, String signatureAlgorithm,
+ String subject, long notValidBefore, long notValidAfter,
+ Locale locale, long startTime) throws EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditRequesterID = ILogger.UNIDENTIFIED;
@@ -434,16 +410,16 @@ public class ProcessCertReq extends CMSServlet {
// "normalize" the "auditCertificateSubjectName"
if (auditCertificateSubjectName != null) {
- // NOTE: This is ok even if the cert subject name is "" (empty)!
+ // NOTE: This is ok even if the cert subject name is "" (empty)!
auditCertificateSubjectName = auditCertificateSubjectName.trim();
} else {
- // NOTE: Here, the cert subject name is MISSING, not "" (empty)!
+ // NOTE: Here, the cert subject name is MISSING, not "" (empty)!
auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
}
try {
- IRequest r = mQueue.findRequest(new RequestId(
- Integer.toString(seqNum)));
+ IRequest r = mQueue.findRequest(new RequestId(Integer
+ .toString(seqNum)));
if (r != null) {
// overwrite "auditRequesterID" if and only if "id" != null
@@ -453,7 +429,7 @@ public class ProcessCertReq extends CMSServlet {
}
}
- if (mAuthority != null)
+ if (mAuthority != null)
header.addStringValue("authorityid", mAuthority.getId());
if (toDo != null) {
@@ -463,15 +439,15 @@ public class ProcessCertReq extends CMSServlet {
try {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "execute");
+ mAuthzResourceName, "execute");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
- e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
@@ -481,45 +457,37 @@ public class ProcessCertReq extends CMSServlet {
if (toDo.equals(SIGNED_AUDIT_CLONING)) {
// ("agent" cert request for "cloning")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditServiceID,
+ auditCertificateSubjectName);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
// (manual "agent" cert request processed - "accepted")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditInfoName,
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
// (manual "agent" cert request processed - "cancelled")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[0]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditInfoName,
+ SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[0]);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
// (manual "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_REJECTION_REASON[0]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE,
+ auditRequesterID, auditInfoName,
+ SIGNED_AUDIT_MANUAL_REJECTION_REASON[0]);
audit(auditMessage);
}
@@ -530,14 +498,16 @@ public class ProcessCertReq extends CMSServlet {
String authMgr = AuditFormat.NOAUTH;
if (authToken != null) {
- authMgr =
- authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
+ authMgr = authToken
+ .getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
}
String agentID = authToken.getInString("userid");
- String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
+ String initiative = AuditFormat.FROMAGENT + " agentID: "
+ + agentID;
// Get the certificate info from the request
- X509CertInfo certInfo[] = r.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+ X509CertInfo certInfo[] = r
+ .getExtDataInCertInfoArray(IRequest.CERT_INFO);
header.addStringValue("toDo", toDo);
if (toDo.equals("accept")) {
@@ -546,89 +516,95 @@ public class ProcessCertReq extends CMSServlet {
int alterationCounter = 0;
for (int i = 0; i < certInfo.length; i++) {
- CertificateAlgorithmId certAlgId =
- (CertificateAlgorithmId)
- certInfo[i].get(X509CertInfo.ALGORITHM_ID);
+ CertificateAlgorithmId certAlgId = (CertificateAlgorithmId) certInfo[i]
+ .get(X509CertInfo.ALGORITHM_ID);
- AlgorithmId algId = (AlgorithmId)
- certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+ AlgorithmId algId = (AlgorithmId) certAlgId
+ .get(CertificateAlgorithmId.ALGORITHM);
if (!(algId.getName().equals(signatureAlgorithm))) {
alterationCounter++;
- AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm);
+ AlgorithmId newAlgId = AlgorithmId
+ .getAlgorithmId(signatureAlgorithm);
certInfo[i].set(X509CertInfo.ALGORITHM_ID,
- new CertificateAlgorithmId(newAlgId));
+ new CertificateAlgorithmId(newAlgId));
}
- CertificateSubjectName certSubject =
- (CertificateSubjectName)
- certInfo[i].get(X509CertInfo.SUBJECT);
+ CertificateSubjectName certSubject = (CertificateSubjectName) certInfo[i]
+ .get(X509CertInfo.SUBJECT);
- if (subject != null &&
- !(certSubject.toString().equals(subject))) {
+ if (subject != null
+ && !(certSubject.toString().equals(subject))) {
alterationCounter++;
certInfo[i].set(X509CertInfo.SUBJECT,
- new CertificateSubjectName(
- (new X500Name(subject))));
+ new CertificateSubjectName(
+ (new X500Name(subject))));
}
- CertificateValidity certValidity =
- (CertificateValidity)
- certInfo[i].get(X509CertInfo.VALIDITY);
+ CertificateValidity certValidity = (CertificateValidity) certInfo[i]
+ .get(X509CertInfo.VALIDITY);
Date currentTime = CMS.getCurrentDate();
boolean validityChanged = false;
- // only override these values if agent specified them
+ // only override these values if agent specified
+ // them
if (notValidBefore > 0) {
- Date notBefore = (Date) certValidity.get(
- CertificateValidity.NOT_BEFORE);
+ Date notBefore = (Date) certValidity
+ .get(CertificateValidity.NOT_BEFORE);
- if (notBefore.getTime() == 0 ||
- notBefore.getTime() != notValidBefore) {
+ if (notBefore.getTime() == 0
+ || notBefore.getTime() != notValidBefore) {
Date validFrom = new Date(notValidBefore);
- notBefore = (notValidBefore == 0) ? currentTime : validFrom;
- certValidity.set(CertificateValidity.NOT_BEFORE,
- notBefore);
+ notBefore = (notValidBefore == 0) ? currentTime
+ : validFrom;
+ certValidity.set(
+ CertificateValidity.NOT_BEFORE,
+ notBefore);
validityChanged = true;
}
}
if (notValidAfter > 0) {
Date validTo = new Date(notValidAfter);
- Date notAfter = (Date)
- certValidity.get(CertificateValidity.NOT_AFTER);
+ Date notAfter = (Date) certValidity
+ .get(CertificateValidity.NOT_AFTER);
- if (notAfter.getTime() == 0 ||
- notAfter.getTime() != notValidAfter) {
+ if (notAfter.getTime() == 0
+ || notAfter.getTime() != notValidAfter) {
notAfter = currentTime;
- notAfter = (notValidAfter == 0) ? currentTime : validTo;
- certValidity.set(CertificateValidity.NOT_AFTER,
- notAfter);
+ notAfter = (notValidAfter == 0) ? currentTime
+ : validTo;
+ certValidity.set(
+ CertificateValidity.NOT_AFTER,
+ notAfter);
validityChanged = true;
}
}
if (validityChanged) {
- // this set() trigger this rebuild of internal
+ // this set() trigger this rebuild of internal
// raw der encoding cache of X509CertInfo.
// Otherwise, the above change wont have effect.
- certInfo[i].set(X509CertInfo.VALIDITY, certValidity);
+ certInfo[i].set(X509CertInfo.VALIDITY,
+ certValidity);
}
if (certInfo[i].get(X509CertInfo.VERSION) == null) {
certInfo[i].set(X509CertInfo.VERSION,
- new CertificateVersion(
- CertificateVersion.V3));
+ new CertificateVersion(
+ CertificateVersion.V3));
}
CertificateExtensions extensions = null;
try {
- extensions = (CertificateExtensions)
- certInfo[i].get(X509CertInfo.EXTENSIONS);
+ extensions = (CertificateExtensions) certInfo[i]
+ .get(X509CertInfo.EXTENSIONS);
} catch (Exception e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERROR_PARSING_EXTENS",
+ e.toString()));
}
// 99/08/31 #361906 - handling additional extensions
@@ -637,104 +613,131 @@ public class ProcessCertReq extends CMSServlet {
if (addExts != null && !addExts.trim().equals("")) {
Vector extsToBeAdded = new Vector();
- byte[] b = (byte[]) (com.netscape.osutil.OSUtil.AtoB(addExts));
+ byte[] b = (byte[]) (com.netscape.osutil.OSUtil
+ .AtoB(addExts));
- // this b can be "Extension" Or "SEQUENCE OF Extension"
+ // this b can be "Extension" Or
+ // "SEQUENCE OF Extension"
try {
DerValue b_der = new DerValue(b);
while (b_der.data.available() != 0) {
- Extension de = new Extension(b_der.data.getDerValue());
+ Extension de = new Extension(
+ b_der.data.getDerValue());
extsToBeAdded.addElement(de);
}
} catch (IOException e) {
// it could be a single extension
- Extension de = new Extension(new DerValue(b));
+ Extension de = new Extension(
+ new DerValue(b));
extsToBeAdded.addElement(de);
}
if (extsToBeAdded.size() > 0) {
if (extensions == null) {
extensions = new CertificateExtensions();
- certInfo[i].set(X509CertInfo.EXTENSIONS, extensions);
+ certInfo[i].set(
+ X509CertInfo.EXTENSIONS,
+ extensions);
}
for (int j = 0; j < extsToBeAdded.size(); j++) {
- Extension theExt = (Extension) extsToBeAdded.elementAt(j);
+ Extension theExt = (Extension) extsToBeAdded
+ .elementAt(j);
- extensions.set(theExt.getExtensionId().toString(), theExt);
+ extensions.set(theExt.getExtensionId()
+ .toString(), theExt);
}
}
}
if (extensions != null) {
try {
- NSCertTypeExtension nsExtensions =
- (NSCertTypeExtension)
- extensions.get(
- NSCertTypeExtension.NAME);
+ NSCertTypeExtension nsExtensions = (NSCertTypeExtension) extensions
+ .get(NSCertTypeExtension.NAME);
if (nsExtensions != null) {
updateNSExtension(req, nsExtensions);
- }
+ }
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION",
+ e.toString()));
}
- String pathLength = req.getParameter("pathLenConstraint");
+ String pathLength = req
+ .getParameter("pathLenConstraint");
if (pathLength != null) {
try {
- int pathLen = Integer.parseInt(pathLength);
- BasicConstraintsExtension bcExt =
- (BasicConstraintsExtension)
- extensions.get(
- BasicConstraintsExtension.NAME);
+ int pathLen = Integer
+ .parseInt(pathLength);
+ BasicConstraintsExtension bcExt = (BasicConstraintsExtension) extensions
+ .get(BasicConstraintsExtension.NAME);
if (bcExt != null) {
- Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN);
- Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA);
-
- if (bcPathLen != null &&
- bcPathLen.intValue() != pathLen &&
- isCA != null) {
- BasicConstraintsExtension bcExt0 =
- new BasicConstraintsExtension(isCA.booleanValue(), pathLen);
-
- extensions.delete(BasicConstraintsExtension.NAME);
- extensions.set(BasicConstraintsExtension.NAME, (Extension) bcExt0);
+ Integer bcPathLen = (Integer) bcExt
+ .get(BasicConstraintsExtension.PATH_LEN);
+ Boolean isCA = (Boolean) bcExt
+ .get(BasicConstraintsExtension.IS_CA);
+
+ if (bcPathLen != null
+ && bcPathLen.intValue() != pathLen
+ && isCA != null) {
+ BasicConstraintsExtension bcExt0 = new BasicConstraintsExtension(
+ isCA.booleanValue(),
+ pathLen);
+
+ extensions
+ .delete(BasicConstraintsExtension.NAME);
+ extensions
+ .set(BasicConstraintsExtension.NAME,
+ (Extension) bcExt0);
alterationCounter++;
}
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION",
+ e.toString()));
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage(
+ "CMSGW_ERROR_PROCESS_CONSTRAINTS_EXTENSION",
+ e.toString()));
}
}
// handle Presence Server Extension
- String PSE_Enable = req.getParameter("PSE_Enable");
+ String PSE_Enable = req
+ .getParameter("PSE_Enable");
if (PSE_Enable != null) {
- boolean Critical = (req.getParameter("PSE_Critical") != null);
+ boolean Critical = (req
+ .getParameter("PSE_Critical") != null);
int Version = 0;
try {
- Version = Integer.parseInt(req.getParameter("PSE_Version"));
+ Version = Integer.parseInt(req
+ .getParameter("PSE_Version"));
} catch (Exception e1) {
}
- String StreetAddress = req.getParameter("PSE_StreetAddress");
+ String StreetAddress = req
+ .getParameter("PSE_StreetAddress");
if (StreetAddress == null) {
StreetAddress = "";
}
- String TelephoneNumber = req.getParameter("PSE_TelephoneNumber");
+ String TelephoneNumber = req
+ .getParameter("PSE_TelephoneNumber");
if (TelephoneNumber == null) {
TelephoneNumber = "";
}
- String RFC822Name = req.getParameter("PSE_RFC822Name");
+ String RFC822Name = req
+ .getParameter("PSE_RFC822Name");
if (RFC822Name == null) {
RFC822Name = "";
@@ -744,7 +747,8 @@ public class ProcessCertReq extends CMSServlet {
if (IMID == null) {
IMID = "";
}
- String HostName = req.getParameter("PSE_HostName");
+ String HostName = req
+ .getParameter("PSE_HostName");
if (HostName == null) {
HostName = "";
@@ -752,61 +756,80 @@ public class ProcessCertReq extends CMSServlet {
int PortNumber = 0;
try {
- PortNumber = Integer.parseInt(req.getParameter("PSE_PortNumber"));
+ PortNumber = Integer
+ .parseInt(req
+ .getParameter("PSE_PortNumber"));
} catch (Exception e1) {
}
int MaxUsers = 0;
try {
- MaxUsers = Integer.parseInt(req.getParameter("PSE_MaxUsers"));
+ MaxUsers = Integer.parseInt(req
+ .getParameter("PSE_MaxUsers"));
} catch (Exception e1) {
}
int ServiceLevel = 0;
try {
- ServiceLevel = Integer.parseInt(req.getParameter("PSE_ServiceLevel"));
+ ServiceLevel = Integer
+ .parseInt(req
+ .getParameter("PSE_ServiceLevel"));
} catch (Exception e1) {
}
// create extension
- PresenceServerExtension pseExt = new PresenceServerExtension(Critical, Version, StreetAddress, TelephoneNumber, RFC822Name, IMID, HostName, PortNumber, MaxUsers, ServiceLevel);
-
- extensions.set(pseExt.getExtensionId().toString(), pseExt);
+ PresenceServerExtension pseExt = new PresenceServerExtension(
+ Critical, Version, StreetAddress,
+ TelephoneNumber, RFC822Name, IMID,
+ HostName, PortNumber, MaxUsers,
+ ServiceLevel);
+
+ extensions.set(pseExt.getExtensionId()
+ .toString(), pseExt);
}
if (mExtraAgentParams) {
- Enumeration extraparams = req.getParameterNames();
+ Enumeration extraparams = req
+ .getParameterNames();
int l = IRequest.AGENT_PARAMS.length() + 1;
int ap_counter = 0;
Hashtable agentparamsargblock = new Hashtable();
if (extraparams != null) {
while (extraparams.hasMoreElements()) {
- String s = (String) extraparams.nextElement();
+ String s = (String) extraparams
+ .nextElement();
if (s.startsWith(IRequest.AGENT_PARAMS)) {
- String param_value = req.getParameter(s);
+ String param_value = req
+ .getParameter(s);
if (param_value != null) {
- String new_name = s.substring(l);
+ String new_name = s
+ .substring(l);
- agentparamsargblock.put(new_name, param_value);
+ agentparamsargblock.put(
+ new_name,
+ param_value);
ap_counter += 1;
}
}
}
}
if (ap_counter > 0) {
- r.setExtData(IRequest.AGENT_PARAMS, agentparamsargblock);
+ r.setExtData(IRequest.AGENT_PARAMS,
+ agentparamsargblock);
alterationCounter++;
}
}
- // this set() trigger this rebuild of internal
+ // this set() trigger this rebuild of internal
// raw der encoding cache of X509CertInfo.
// Otherwise, the above change wont have effect.
- certInfo[i].set(X509CertInfo.EXTENSIONS, extensions);
+ certInfo[i].set(X509CertInfo.EXTENSIONS,
+ extensions);
}
- alterationCounter += updateExtensionsInRequest(req, r);
+ alterationCounter += updateExtensionsInRequest(req,
+ r);
}
if (alterationCounter > 0) {
mQueue.updateRequest(r);
@@ -818,100 +841,87 @@ public class ProcessCertReq extends CMSServlet {
if (r.getRequestStatus().equals(RequestStatus.PENDING)) {
cmsReq.setResult(r);
cmsReq.setStatus(CMSRequest.PENDING);
- if (certInfo != null) {
+ if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "pending",
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "pending",
+ certInfo[i]
+ .get(X509CertInfo.SUBJECT),
+ "" });
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "pending",
- subject,
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, "pending", subject, "" });
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "pending"}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, "pending" });
}
}
} else if (r.getRequestStatus().equals(
- RequestStatus.APPROVED) ||
- r.getRequestStatus().equals(
- RequestStatus.SVC_PENDING)) {
+ RequestStatus.APPROVED)
+ || r.getRequestStatus().equals(
+ RequestStatus.SVC_PENDING)) {
cmsReq.setResult(r);
cmsReq.setStatus(CMSRequest.SVC_PENDING);
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- r.getRequestStatus(),
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ r.getRequestStatus(),
+ certInfo[i]
+ .get(X509CertInfo.SUBJECT),
+ "" });
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- r.getRequestStatus(),
- subject,
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, r.getRequestStatus(),
+ subject, "" });
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- r.getRequestStatus()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, r.getRequestStatus() });
}
}
} else if (r.getRequestStatus().equals(
@@ -920,100 +930,98 @@ public class ProcessCertReq extends CMSServlet {
// XXX make the repeat record.
// Get the certificate(s) from the request
- X509CertImpl issuedCerts[] =
- r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ X509CertImpl issuedCerts[] = r
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
- // return potentially more than one certificates.
+ // return potentially more than one certificates.
if (issuedCerts != null) {
long endTime = CMS.getCurrentDate().getTime();
StringBuffer sbuf = new StringBuffer();
- //header.addBigIntegerValue("serialNumber",
- //issuedCerts[0].getSerialNumber(),16);
+ // header.addBigIntegerValue("serialNumber",
+ // issuedCerts[0].getSerialNumber(),16);
for (int i = 0; i < issuedCerts.length; i++) {
- if (i != 0)
+ if (i != 0)
sbuf.append(", ");
- sbuf.append("0x" +
- issuedCerts[i].getSerialNumber().toString(16));
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "completed",
- issuedCerts[i].getSubjectDN(),
- "cert issued serial number: 0x" +
- issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)}
- );
+ sbuf.append("0x"
+ + issuedCerts[i].getSerialNumber()
+ .toString(16));
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "completed",
+ issuedCerts[i].getSubjectDN(),
+ "cert issued serial number: 0x"
+ + issuedCerts[i]
+ .getSerialNumber()
+ .toString(16)
+ + " time: "
+ + (endTime - startTime) });
// store a message in the signed audit log file
// (one for each manual "agent"
- // cert request processed - "accepted")
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditInfoName,
- auditInfoCertValue(issuedCerts[i]));
+ // cert request processed - "accepted")
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID,
+ ILogger.SUCCESS,
+ auditRequesterID,
+ auditInfoName,
+ auditInfoCertValue(issuedCerts[i]));
audit(auditMessage);
}
- header.addStringValue(
- "serialNumber", sbuf.toString());
+ header.addStringValue("serialNumber",
+ sbuf.toString());
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "completed",
- subject,
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, "completed", subject,
+ "" });
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "completed"}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, "completed" });
}
// store a message in the signed audit log file
// (manual "agent" cert request processed
- // - "accepted")
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditInfoName,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ // - "accepted")
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS,
+ auditRequesterID, auditInfoName,
+ ILogger.SIGNED_AUDIT_EMPTY_VALUE);
audit(auditMessage);
}
- // grant trusted manager or agent privileges
+ // grant trusted manager or agent privileges
Object grantError = null;
- try {
- int res = grant_privileges(
- cmsReq, r, issuedCerts, header);
+ try {
+ int res = grant_privileges(cmsReq, r, issuedCerts,
+ header);
if (res != 0) {
header.addStringValue(GRANT_ERROR, "SUCCESS");
@@ -1027,45 +1035,41 @@ public class ProcessCertReq extends CMSServlet {
// if this is a RA, show the certificate right away
// since ther is no cert database.
/*
- if (mAuthority instanceof RegistrationAuthority) {
- Object[] results =
- new Object[] { issuedCerts, grantError };
- cmsReq.setResult(results);
- renderTemplate(cmsReq,
- mReqCompletedTemplate, REQ_COMPLETED_FILLER);
-
- return;
- }
+ * if (mAuthority instanceof RegistrationAuthority) {
+ * Object[] results = new Object[] { issuedCerts,
+ * grantError }; cmsReq.setResult(results);
+ * renderTemplate(cmsReq, mReqCompletedTemplate,
+ * REQ_COMPLETED_FILLER);
+ *
+ * return; }
*/
cmsReq.setResult(r);
String scheme = req.getScheme();
- if (scheme.equals("http") &&
- connectionIsSSL(req)) scheme = "https";
+ if (scheme.equals("http") && connectionIsSSL(req))
+ scheme = "https";
- /*
- header.addStringValue(
- "authorityid", mAuthority.getId());
- header.addStringValue("serviceURL", scheme +"://"+
- req.getServerName() + ":"+
- req.getServerPort() +
- req.getRequestURI());
- */
+ /*
+ * header.addStringValue( "authorityid",
+ * mAuthority.getId());
+ * header.addStringValue("serviceURL", scheme +"://"+
+ * req.getServerName() + ":"+ req.getServerPort() +
+ * req.getRequestURI());
+ */
- if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
+ if (mPublisherProcessor != null
+ && mPublisherProcessor.ldapEnabled()) {
header.addStringValue("dirEnabled", "yes");
- Integer[] ldapPublishStatus =
- r.getExtDataInIntegerArray("ldapPublishStatus");
+ Integer[] ldapPublishStatus = r
+ .getExtDataInIntegerArray("ldapPublishStatus");
int certsUpdated = 0;
if (ldapPublishStatus != null) {
- for (int i = 0;
- i < ldapPublishStatus.length; i++) {
- if (ldapPublishStatus[i] ==
- IRequest.RES_SUCCESS) {
+ for (int i = 0; i < ldapPublishStatus.length; i++) {
+ if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) {
certsUpdated++;
}
}
@@ -1081,59 +1085,50 @@ public class ProcessCertReq extends CMSServlet {
mQueue.rejectRequest(r);
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "rejected",
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "rejected",
+ certInfo[i]
+ .get(X509CertInfo.SUBJECT),
+ "" });
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "rejected",
- subject,
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, "rejected", subject, "" });
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "rejected"}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, "rejected" });
}
}
// store a message in the signed audit log file
// (manual "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_REJECTION_REASON[1]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_REJECTION_REASON[1]);
audit(auditMessage);
@@ -1142,47 +1137,40 @@ public class ProcessCertReq extends CMSServlet {
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "canceled",
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "canceled",
+ certInfo[i]
+ .get(X509CertInfo.SUBJECT),
+ "" });
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "canceled",
- subject,
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, "canceled", subject, "" });
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "canceled"}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] { r.getRequestType(),
+ r.getRequestId(), initiative,
+ authMgr, "canceled" });
}
}
@@ -1190,90 +1178,91 @@ public class ProcessCertReq extends CMSServlet {
// store a message in the signed audit log file
// (manual "agent" cert request processed - "cancelled")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[1]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[1]);
audit(auditMessage);
} else if (toDo.equals("clone")) {
IRequest clonedRequest = mQueue.cloneAndMarkPending(r);
- header.addStringValue("clonedRequestId",
- clonedRequest.getRequestId().toString());
+ header.addStringValue("clonedRequestId", clonedRequest
+ .getRequestId().toString());
if (certInfo != null) {
for (int i = 0; i < certInfo.length; i++) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "cloned to reqID: " +
- clonedRequest.getRequestId().toString(),
- certInfo[i].get(X509CertInfo.SUBJECT),
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "cloned to reqID: "
+ + clonedRequest
+ .getRequestId()
+ .toString(),
+ certInfo[i]
+ .get(X509CertInfo.SUBJECT),
+ "" });
}
} else {
if (subject != null) {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.FORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "cloned to reqID: " +
- clonedRequest.getRequestId().toString(),
- subject,
- ""}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.FORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "cloned to reqID: "
+ + clonedRequest
+ .getRequestId()
+ .toString(),
+ subject, "" });
} else {
- mLogger.log(ILogger.EV_AUDIT,
- ILogger.S_OTHER,
- AuditFormat.LEVEL,
- AuditFormat.NODNFORMAT,
- new Object[] {
- r.getRequestType(),
- r.getRequestId(),
- initiative,
- authMgr,
- "cloned to reqID: " +
- clonedRequest.getRequestId().toString()}
- );
+ mLogger.log(
+ ILogger.EV_AUDIT,
+ ILogger.S_OTHER,
+ AuditFormat.LEVEL,
+ AuditFormat.NODNFORMAT,
+ new Object[] {
+ r.getRequestType(),
+ r.getRequestId(),
+ initiative,
+ authMgr,
+ "cloned to reqID: "
+ + clonedRequest
+ .getRequestId()
+ .toString() });
}
}
// store a message in the signed audit log file
// ("agent" cert request for "cloning")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.SUCCESS,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.SUCCESS, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
}
}
- // add authority names to know what privileges can be requested.
- if (CMS.getSubsystem("kra") != null)
+ // add authority names to know what privileges can be requested.
+ if (CMS.getSubsystem("kra") != null)
header.addStringValue("localkra", "yes");
- if (CMS.getSubsystem("ca") != null)
+ if (CMS.getSubsystem("ca") != null)
header.addStringValue("localca", "yes");
- if (CMS.getSubsystem("ra") != null)
+ if (CMS.getSubsystem("ra") != null)
header.addStringValue("localra", "yes");
header.addIntegerValue("seqNum", seqNum);
@@ -1283,52 +1272,44 @@ public class ProcessCertReq extends CMSServlet {
if (rid != null)
header.addStringValue("remoteReqID", rid);
} catch (EBaseException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
+ e.toString()));
// store a message in the signed audit log file
if (toDo != null) {
if (toDo.equals(SIGNED_AUDIT_CLONING)) {
// ("agent" cert request for "cloning")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
// (manual "agent" cert request processed - "accepted")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
// (manual "agent" cert request processed - "cancelled")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[2]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[2]);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
// (manual "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_REJECTION_REASON[2]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_REJECTION_REASON[2]);
audit(auditMessage);
}
@@ -1336,172 +1317,149 @@ public class ProcessCertReq extends CMSServlet {
throw e;
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
+ e.toString()));
// store a message in the signed audit log file
if (toDo != null) {
if (toDo.equals(SIGNED_AUDIT_CLONING)) {
// ("agent" cert request for "cloning")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
// (manual "agent" cert request processed - "accepted")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
// (manual "agent" cert request processed - "cancelled")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[3]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[3]);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
// (manual "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_REJECTION_REASON[3]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_REJECTION_REASON[3]);
audit(auditMessage);
}
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
+ CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
+ e.toString()));
// store a message in the signed audit log file
if (toDo != null) {
if (toDo.equals(SIGNED_AUDIT_CLONING)) {
// ("agent" cert request for "cloning")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
// (manual "agent" cert request processed - "accepted")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
// (manual "agent" cert request processed - "cancelled")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[4]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[4]);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
// (manual "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_REJECTION_REASON[4]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_REJECTION_REASON[4]);
audit(auditMessage);
}
}
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
+ CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
} catch (NoSuchAlgorithmException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST",
+ e.toString()));
// store a message in the signed audit log file
if (toDo != null) {
if (toDo.equals(SIGNED_AUDIT_CLONING)) {
// ("agent" cert request for "cloning")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditServiceID,
- auditCertificateSubjectName);
+ LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditServiceID, auditCertificateSubjectName);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_ACCEPTANCE)) {
// (manual "agent" cert request processed - "accepted")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName, ILogger.SIGNED_AUDIT_EMPTY_VALUE);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_CANCELLATION)) {
// (manual "agent" cert request processed - "cancelled")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[5]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_CANCELLATION_REASON[5]);
audit(auditMessage);
} else if (toDo.equals(SIGNED_AUDIT_REJECTION)) {
// (manual "agent" cert request processed - "rejected")
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
- auditSubjectID,
- ILogger.FAILURE,
- auditRequesterID,
- auditInfoName,
- SIGNED_AUDIT_MANUAL_REJECTION_REASON[5]);
+ LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+ auditSubjectID, ILogger.FAILURE, auditRequesterID,
+ auditInfoName,
+ SIGNED_AUDIT_MANUAL_REJECTION_REASON[5]);
audit(auditMessage);
}
}
- throw new EBaseException(CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", e.toString()));
+ throw new EBaseException(CMS.getUserMessage(locale,
+ "CMS_BASE_INTERNAL_ERROR", e.toString()));
}
return;
}
-
- private void updateNSExtension(HttpServletRequest req,
- NSCertTypeExtension ext) throws IOException {
+
+ private void updateNSExtension(HttpServletRequest req,
+ NSCertTypeExtension ext) throws IOException {
try {
if (req.getParameter("certTypeSSLServer") == null) {
@@ -1523,9 +1481,11 @@ public class ProcessCertReq extends CMSServlet {
}
if (req.getParameter("certTypeObjSigning") == null) {
- ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(false));
+ ext.set(NSCertTypeExtension.OBJECT_SIGNING,
+ Boolean.valueOf(false));
} else {
- ext.set(NSCertTypeExtension.OBJECT_SIGNING, Boolean.valueOf(true));
+ ext.set(NSCertTypeExtension.OBJECT_SIGNING,
+ Boolean.valueOf(true));
}
if (req.getParameter("certTypeEmailCA") == null) {
@@ -1541,115 +1501,111 @@ public class ProcessCertReq extends CMSServlet {
}
if (req.getParameter("certTypeObjSigningCA") == null) {
- ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(false));
+ ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA,
+ Boolean.valueOf(false));
} else {
- ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA, Boolean.valueOf(true));
+ ext.set(NSCertTypeExtension.OBJECT_SIGNING_CA,
+ Boolean.valueOf(true));
}
} catch (CertificateException e) {
}
}
/**
- * This method sets extensions parameter into the request so
- * that the NSCertTypeExtension policy creates new
- * NSCertTypExtension with this setting. Note that this
- * setting will not be used if the NSCertType Extension
- * already exist in CertificateExtension. In that case,
- * updateExtensions() will be called to set the extension
- * parameter into the extension directly.
+ * This method sets extensions parameter into the request so that the
+ * NSCertTypeExtension policy creates new NSCertTypExtension with this
+ * setting. Note that this setting will not be used if the NSCertType
+ * Extension already exist in CertificateExtension. In that case,
+ * updateExtensions() will be called to set the extension parameter into the
+ * extension directly.
*/
private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) {
int nChanges = 0;
- if (req.getParameter("certTypeSSLServer") != null) {
- r.setExtData(NSCertTypeExtension.SSL_SERVER, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.SSL_SERVER);
- nChanges++;
- }
+ if (req.getParameter("certTypeSSLServer") != null) {
+ r.setExtData(NSCertTypeExtension.SSL_SERVER, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.SSL_SERVER);
+ nChanges++;
+ }
- if (req.getParameter("certTypeSSLClient") != null) {
- r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.SSL_CLIENT);
- nChanges++;
- }
+ if (req.getParameter("certTypeSSLClient") != null) {
+ r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.SSL_CLIENT);
+ nChanges++;
+ }
- if (req.getParameter("certTypeEmail") != null) {
- r.setExtData(NSCertTypeExtension.EMAIL, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.EMAIL);
- nChanges++;
- }
+ if (req.getParameter("certTypeEmail") != null) {
+ r.setExtData(NSCertTypeExtension.EMAIL, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.EMAIL);
+ nChanges++;
+ }
- if (req.getParameter("certTypeObjSigning") != null) {
- r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING);
- nChanges++;
- }
+ if (req.getParameter("certTypeObjSigning") != null) {
+ r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING);
+ nChanges++;
+ }
- if (req.getParameter("certTypeEmailCA") != null) {
- r.setExtData(NSCertTypeExtension.EMAIL_CA, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.EMAIL_CA);
- nChanges++;
- }
+ if (req.getParameter("certTypeEmailCA") != null) {
+ r.setExtData(NSCertTypeExtension.EMAIL_CA, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.EMAIL_CA);
+ nChanges++;
+ }
- if (req.getParameter("certTypeSSLCA") != null) {
- r.setExtData(NSCertTypeExtension.SSL_CA, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.SSL_CA);
- nChanges++;
- }
+ if (req.getParameter("certTypeSSLCA") != null) {
+ r.setExtData(NSCertTypeExtension.SSL_CA, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.SSL_CA);
+ nChanges++;
+ }
- if (req.getParameter("certTypeObjSigningCA") != null) {
- r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true");
- nChanges++;
- } else {
- r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA);
- nChanges++;
- }
+ if (req.getParameter("certTypeObjSigningCA") != null) {
+ r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true");
+ nChanges++;
+ } else {
+ r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA);
+ nChanges++;
+ }
return nChanges;
}
-
+
protected static final String GRANT_ERROR = "grantError";
- public static final String
- GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege";
- public static final String
- GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege";
- public static final String
- GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege";
- public static final String
- GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege";
+ public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege";
+ public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege";
+ public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege";
+ public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege";
public static final String GRANT_UID = "grantUID";
public static final String GRANT_PRIVILEGE = "grantPrivilege";
- protected int grant_privileges(
- CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header)
- throws EBaseException {
+ protected int grant_privileges(CMSRequest cmsReq, IRequest req,
+ Certificate[] certs, IArgBlock header) throws EBaseException {
// get privileges to grant
IArgBlock httpParams = cmsReq.getHttpParams();
- boolean grantTrustedMgr =
- httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false);
- boolean grantRMAgent =
- httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false);
- boolean grantCMAgent =
- httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false);
- boolean grantDRMAgent =
- httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false);
-
- if (!grantTrustedMgr &&
- !grantCMAgent && !grantRMAgent && !grantDRMAgent) {
+ boolean grantTrustedMgr = httpParams.getValueAsBoolean(
+ GRANT_TRUSTEDMGR_PRIVILEGE, false);
+ boolean grantRMAgent = httpParams.getValueAsBoolean(
+ GRANT_RMAGENT_PRIVILEGE, false);
+ boolean grantCMAgent = httpParams.getValueAsBoolean(
+ GRANT_CMAGENT_PRIVILEGE, false);
+ boolean grantDRMAgent = httpParams.getValueAsBoolean(
+ GRANT_DRMAGENT_PRIVILEGE, false);
+
+ if (!grantTrustedMgr && !grantCMAgent && !grantRMAgent
+ && !grantDRMAgent) {
return 0;
} else {
IAuthToken authToken = getAuthToken(req);
@@ -1657,8 +1613,8 @@ public class ProcessCertReq extends CMSServlet {
String resourceName = "certServer." + mAuthority.getId() + ".group";
try {
- authzToken = authorize(mAclMethod, authToken,
- resourceName, "add");
+ authzToken = authorize(mAclMethod, authToken, resourceName,
+ "add");
} catch (Exception e) {
// do nothing for now
}
@@ -1668,7 +1624,7 @@ public class ProcessCertReq extends CMSServlet {
if (grantTrustedMgr)
obj[0] = TRUSTED_RA_GROUP;
- else if (grantRMAgent)
+ else if (grantRMAgent)
obj[0] = RA_AGENT_GROUP;
else if (grantCMAgent)
obj[0] = CA_AGENT_GROUP;
@@ -1677,14 +1633,16 @@ public class ProcessCertReq extends CMSServlet {
else
obj[0] = "unknown group";
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_UNAUTHORIZED_CREATE_GROUP", obj[0]));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_UNAUTHORIZED_CREATE_GROUP", obj[0]));
}
}
String uid = (String) httpParams.getValueAsString(GRANT_UID, null);
if (uid == null || uid.length() == 0) {
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_GRANT_UID"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_MISSING_GRANT_UID"));
}
header.addStringValue(GRANT_UID, uid);
@@ -1695,22 +1653,22 @@ public class ProcessCertReq extends CMSServlet {
groupname = TRUSTED_RA_GROUP;
userType = Constants.PR_SUBSYSTEM_TYPE;
} else {
- if (grantCMAgent)
+ if (grantCMAgent)
groupname = CA_AGENT_GROUP;
- else if (grantRMAgent)
+ else if (grantRMAgent)
groupname = RA_AGENT_GROUP;
if (grantDRMAgent) {
- if (groupname != null)
+ if (groupname != null)
groupname1 = KRA_AGENT_GROUP;
- else
+ else
groupname = KRA_AGENT_GROUP;
}
userType = Constants.PR_AGENT_TYPE;
}
- String privilege =
- (groupname1 == null) ? groupname : groupname + " and " + groupname1;
+ String privilege = (groupname1 == null) ? groupname : groupname
+ + " and " + groupname1;
header.addStringValue(GRANT_PRIVILEGE, privilege);
@@ -1726,24 +1684,27 @@ public class ProcessCertReq extends CMSServlet {
IGroup group = ug.findGroup(groupname), group1 = null;
if (group == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_FIND_GROUP_ERROR", groupname));
}
if (groupname1 != null) {
group1 = ug.findGroup(groupname1);
if (group1 == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERROR_FIND_GROUP_1", groupname));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_FIND_GROUP_ERROR", groupname1));
}
}
try {
ug.addUser(user);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_ADDING_USER_ERROR", uid));
}
try {
if (certs[0] instanceof X509CertImpl) {
@@ -1751,12 +1712,13 @@ public class ProcessCertReq extends CMSServlet {
user.setX509Certificates(tmp);
}
-
+
ug.addUserCert(user);
} catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_ADDING_CERT_ERROR", uid));
}
try {
group.addMemberName(uid);
@@ -1764,44 +1726,43 @@ public class ProcessCertReq extends CMSServlet {
// for audit log
SessionContext sContext = SessionContext.getContext();
String adminId = (String) sContext.get(SessionContext.USER_ID);
-
- mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] {adminId, uid, groupname}
- );
+
+ mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP, AuditFormat.LEVEL,
+ AuditFormat.ADDUSERGROUPFORMAT, new Object[] { adminId,
+ uid, groupname });
if (group1 != null) {
group1.addMemberName(uid);
ug.modifyGroup(group1);
-
+
mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
- AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
- new Object[] {adminId, uid, groupname1}
- );
+ AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+ new Object[] { adminId, uid, groupname1 });
}
} catch (Exception e) {
- String msg =
- "Could not add user " + uid + " to group " + groupname;
+ String msg = "Could not add user " + uid + " to group " + groupname;
if (group1 != null)
msg += " or group " + groupname1;
log(ILogger.LL_FAILURE, msg);
- if (group1 == null)
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname));
- else
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1));
+ if (group1 == null)
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_ADDING_MEMBER", uid, groupname));
+ else
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1));
}
return 1;
}
/**
* Signed Audit Log Info Name
- *
- * This method is called to obtain the "InfoName" for
- * a signed audit log message.
+ *
+ * This method is called to obtain the "InfoName" for a signed audit log
+ * message.
* <P>
- *
+ *
* @param type signed audit log request processing type
* @return id string containing the signed audit log message InfoName
*/
@@ -1832,11 +1793,11 @@ public class ProcessCertReq extends CMSServlet {
/**
* Signed Audit Log Info Certificate Value
- *
+ *
* This method is called to obtain the certificate from the passed in
* "X509CertImpl" for a signed audit log message.
* <P>
- *
+ *
* @param x509cert an X509CertImpl
* @return cert string containing the certificate
*/
@@ -1890,42 +1851,41 @@ public class ProcessCertReq extends CMSServlet {
}
}
-
class RAReqCompletedFiller extends ImportCertsTemplateFiller {
private static final String RA_AGENT_GROUP = "Registration Manager Agents";
private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents";
+
public RAReqCompletedFiller() {
super();
}
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) throws Exception {
Object[] results = (Object[]) cmsReq.getResult();
Object grantError = results[1];
- //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0];
+ // X509CertImpl[] issuedCerts = (X509CertImpl[])results[0];
Certificate[] issuedCerts = (Certificate[]) results[0];
-
+
cmsReq.setResult(issuedCerts);
- CMSTemplateParams params =
- super.getTemplateParams(cmsReq, authority, locale, e);
+ CMSTemplateParams params = super.getTemplateParams(cmsReq, authority,
+ locale, e);
if (grantError != null) {
IArgBlock header = params.getHeader();
if (grantError instanceof String) {
- header.addStringValue(
- ProcessCertReq.GRANT_ERROR, (String) grantError);
+ header.addStringValue(ProcessCertReq.GRANT_ERROR,
+ (String) grantError);
} else {
EBaseException ex = (EBaseException) grantError;
- header.addStringValue(
- ProcessCertReq.GRANT_ERROR, ex.toString(locale));
+ header.addStringValue(ProcessCertReq.GRANT_ERROR,
+ ex.toString(locale));
}
IArgBlock httpParams = cmsReq.getHttpParams();
- String uid = httpParams.getValueAsString(
- ProcessCertReq.GRANT_UID, null);
+ String uid = httpParams.getValueAsString(ProcessCertReq.GRANT_UID,
+ null);
header.addStringValue(ProcessCertReq.GRANT_UID, uid);
boolean grantRMAgent = httpParams.getValueAsBoolean(
@@ -1940,7 +1900,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller {
if (grantDRMAgent) {
if (privilege != null)
privilege += " and " + KRA_AGENT_GROUP;
- else
+ else
privilege = KRA_AGENT_GROUP;
}
header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege);
@@ -1948,4 +1908,3 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller {
return params;
}
}
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
index 0ac27197..7d74671b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.IOException;
import java.util.Locale;
@@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Display Generic Request detail to the user.
- *
+ *
* @version $Revision$, $Date$
*/
public class ProcessReq extends CMSServlet {
@@ -74,8 +72,9 @@ public class ProcessReq extends CMSServlet {
private IReqParser mParser = null;
private String[] mSigningAlgorithms = null;
- private static String[] DEF_SIGNING_ALGORITHMS = new String[]
- {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"};
+ private static String[] DEF_SIGNING_ALGORITHMS = new String[] {
+ "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA",
+ "MD5withRSA", "MD2withRSA" };
/**
* Process request.
@@ -86,15 +85,15 @@ public class ProcessReq extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
- * "processReq.template" to process the response.
- * The initialization parameter 'parser' is read from the
- * servlet configration, and is used to set the type of request.
- * The value of this parameter can be:
- * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary
- * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail
- * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail
- * </UL>
- *
+ * "processReq.template" to process the response. The initialization
+ * parameter 'parser' is read from the servlet configration, and is used to
+ * set the type of request. The value of this parameter can be:
+ * <UL>
+ * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary
+ * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail
+ * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail
+ * </UL>
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -111,13 +110,13 @@ public class ProcessReq extends CMSServlet {
mParser = CertReqParser.DETAIL_PARSER;
else if (tmp.trim().equals("KeyReqParser.PARSER"))
mParser = KeyReqParser.PARSER;
- }
+ }
- // override success and error templates to null -
+ // override success and error templates to null -
// handle templates locally.
mTemplates.remove(CMSRequest.SUCCESS);
mTemplates.remove(CMSRequest.ERROR);
- if (mOutputTemplatePath != null)
+ if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
}
@@ -126,9 +125,9 @@ public class ProcessReq extends CMSServlet {
* <ul>
* <li>http.param seqNum
* <li>http.param doAssign reassign request. Value can be reassignToMe
- * reassignToNobody
+ * reassignToNobody
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -152,10 +151,10 @@ public class ProcessReq extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- "Error getting template " + mFormPath + " Error " + e);
+ log(ILogger.LL_FAILURE, "Error getting template " + mFormPath
+ + " Error " + e);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -171,21 +170,23 @@ public class ProcessReq extends CMSServlet {
try {
if (doAssign == null) {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
- } else if (doAssign.equals("toMe") ||
- doAssign.equals("reassignToMe")) {
+ mAuthzResourceName, "read");
+ } else if (doAssign.equals("toMe")
+ || doAssign.equals("reassignToMe")) {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "assign");
+ mAuthzResourceName, "assign");
} else if (doAssign.equals("reassignToNobody")) {
authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "unassign");
+ mAuthzResourceName, "unassign");
}
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+ e.toString()));
}
if (authzToken == null) {
@@ -193,19 +194,18 @@ public class ProcessReq extends CMSServlet {
return;
}
- process(argSet, header, seqNum, req, resp,
- doAssign, locale[0]);
+ process(argSet, header, seqNum, req, resp, doAssign, locale[0]);
} else {
log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum);
- error = new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
- String.valueOf(seqNum)));
+ error = new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum)));
}
} catch (EBaseException e) {
error = e;
} catch (NumberFormatException e) {
- error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT"));
- }
+ error = new EBaseException(CMS.getUserMessage(locale[0],
+ "CMS_BASE_INVALID_NUMBER_FORMAT"));
+ }
try {
ServletOutputStream out = resp.getOutputStream();
@@ -213,46 +213,44 @@ public class ProcessReq extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- String output = form.getOutput(argSet);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
- cmsReq.setStatus(CMSRequest.SUCCESS);
+ String output = form.getOutput(argSet);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
}
} else {
cmsReq.setError(error);
cmsReq.setStatus(CMSRequest.ERROR);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- "Error getting servlet output stream for rendering template. " +
- "Error " + e);
+ log(ILogger.LL_FAILURE,
+ "Error getting servlet output stream for rendering template. "
+ + "Error " + e);
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
return;
}
/**
- * Sends request information to the calller.
- * returns whether there was an error or not.
+ * Sends request information to the calller. returns whether there was an
+ * error or not.
*/
private void process(CMSTemplateParams argSet, IArgBlock header,
- int seqNum, HttpServletRequest req,
- HttpServletResponse resp,
- String doAssign, Locale locale)
- throws EBaseException {
+ int seqNum, HttpServletRequest req, HttpServletResponse resp,
+ String doAssign, Locale locale) throws EBaseException {
header.addIntegerValue("seqNum", seqNum);
- IRequest r =
- mQueue.findRequest(new RequestId(Integer.toString(seqNum)));
+ IRequest r = mQueue
+ .findRequest(new RequestId(Integer.toString(seqNum)));
if (r != null) {
if (doAssign != null) {
if ((doAssign.equals("toMe"))
- || (doAssign.equals("reassignToMe"))) {
+ || (doAssign.equals("reassignToMe"))) {
SessionContext ctx = SessionContext.getContext();
String id = (String) ctx.get(SessionContext.USER_ID);
@@ -264,32 +262,32 @@ public class ProcessReq extends CMSServlet {
}
}
- // add authority names to know what privileges can be requested.
- if (CMS.getSubsystem("kra") != null)
+ // add authority names to know what privileges can be requested.
+ if (CMS.getSubsystem("kra") != null)
header.addStringValue("localkra", "yes");
- if (CMS.getSubsystem("ca") != null)
+ if (CMS.getSubsystem("ca") != null)
header.addStringValue("localca", "yes");
- if (CMS.getSubsystem("ra") != null)
+ if (CMS.getSubsystem("ra") != null)
header.addStringValue("localra", "yes");
- // DONT NEED TO DO THIS FOR DRM
+ // DONT NEED TO DO THIS FOR DRM
if (mAuthority instanceof ICertAuthority) {
// Check/set signing algorithms dynamically.
- // In RA mSigningAlgorithms could be null at startup if CA is not
- // up and set later when CA comes back up.
+ // In RA mSigningAlgorithms could be null at startup if CA is
+ // not
+ // up and set later when CA comes back up.
// Once it's set assumed that it won't change.
String[] allAlgorithms = mSigningAlgorithms;
if (allAlgorithms == null) {
- allAlgorithms = mSigningAlgorithms =
- ((ICertAuthority) mAuthority).getCASigningAlgorithms();
+ allAlgorithms = mSigningAlgorithms = ((ICertAuthority) mAuthority)
+ .getCASigningAlgorithms();
if (allAlgorithms == null) {
- CMS.debug(
- "ProcessReq: signing algorithms set to All algorithms");
+ CMS.debug("ProcessReq: signing algorithms set to All algorithms");
allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS;
- } else
- CMS.debug(
- "ProcessReq: First signing algorithms is " + allAlgorithms[0]);
+ } else
+ CMS.debug("ProcessReq: First signing algorithms is "
+ + allAlgorithms[0]);
}
String validAlgorithms = null;
StringBuffer sb = new StringBuffer();
@@ -305,15 +303,19 @@ public class ProcessReq extends CMSServlet {
if (validAlgorithms != null)
header.addStringValue("validAlgorithms", validAlgorithms);
if (mAuthority instanceof ICertificateAuthority) {
- String signingAlgorithm = ((ICertificateAuthority) mAuthority).getDefaultAlgorithm();
+ String signingAlgorithm = ((ICertificateAuthority) mAuthority)
+ .getDefaultAlgorithm();
if (signingAlgorithm != null)
- header.addStringValue("caSigningAlgorithm", signingAlgorithm);
+ header.addStringValue("caSigningAlgorithm",
+ signingAlgorithm);
header.addLongValue("defaultValidityLength",
- ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000);
+ ((ICertificateAuthority) mAuthority)
+ .getDefaultValidity() / 1000);
} else if (mAuthority instanceof IRegistrationAuthority) {
header.addLongValue("defaultValidityLength",
- ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000);
+ ((IRegistrationAuthority) mAuthority)
+ .getDefaultValidity() / 1000);
}
X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert();
@@ -327,9 +329,8 @@ public class ProcessReq extends CMSServlet {
mParser.fillRequestIntoArg(locale, r, argSet, header);
} else {
log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum);
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
- String.valueOf(seqNum)));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_INVALID_REQUEST_ID", String.valueOf(seqNum)));
}
return;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
index c065173c..c08aecbb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.IOException;
import java.util.Enumeration;
import java.util.Locale;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Show paged list of requests matching search criteria
- *
+ *
* @version $Revision$, $Date$
*/
public class QueryReq extends CMSServlet {
@@ -62,7 +60,7 @@ public class QueryReq extends CMSServlet {
private final static String IN_SHOW_ALL = "showAll";
private final static String IN_SHOW_WAITING = "showWaiting";
private final static String IN_SHOW_IN_SERVICE = "showInService";
- private final static String IN_SHOW_PENDING= "showPending";
+ private final static String IN_SHOW_PENDING = "showPending";
private final static String IN_SHOW_CANCELLED = "showCancelled";
private final static String IN_SHOW_REJECTED = "showRejected";
private final static String IN_SHOW_COMPLETED = "showCompleted";
@@ -86,17 +84,16 @@ public class QueryReq extends CMSServlet {
private final static String OUT_UPDATE_ON = "updatedOn";
private final static String OUT_UPDATE_BY = "updatedBy";
private final static String OUT_REQUESTING_USER = "requestingUser";
- //keeps track of where to begin if page down
+ // keeps track of where to begin if page down
private final static String OUT_FIRST_ENTRY_ON_PAGE = "firstEntryOnPage";
- //keeps track of where to begin if page up
+ // keeps track of where to begin if page up
private final static String OUT_LAST_ENTRY_ON_PAGE = "lastEntryOnPage";
private final static String OUT_SUBJECT = "subject";
private final static String OUT_REQUEST_TYPE = "requestType";
private final static String OUT_COMMENTS = "requestorComments";
private final static String OUT_SERIALNO = "serialNumber";
private final static String OUT_OWNER_NAME = "ownerName";
- private final static String OUT_PUBLIC_KEY_INFO =
- "subjectPublicKeyInfo";
+ private final static String OUT_PUBLIC_KEY_INFO = "subjectPublicKeyInfo";
private final static String OUT_ERROR = "error";
private final static String OUT_AUTHORITY_ID = "authorityid";
@@ -120,7 +117,7 @@ public class QueryReq extends CMSServlet {
/**
* initialize the servlet. This servlet uses the template file
* "queryReq.template" to process the response.
- *
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -143,9 +140,9 @@ public class QueryReq extends CMSServlet {
mParser = CertReqParser.DETAIL_PARSER;
else if (tmp.trim().equals("KeyReqParser.PARSER"))
mParser = KeyReqParser.PARSER;
- }
+ }
- // override success and error templates to null -
+ // override success and error templates to null -
// handle templates locally.
mTemplates.remove(CMSRequest.SUCCESS);
mTemplates.remove(CMSRequest.ERROR);
@@ -153,7 +150,7 @@ public class QueryReq extends CMSServlet {
if (mOutputTemplatePath != null)
mFormPath = mOutputTemplatePath;
}
-
+
private String getRequestType(String p) {
String filter = "(requestType=*)";
@@ -213,150 +210,145 @@ public class QueryReq extends CMSServlet {
/**
* Process the HTTP request.
* <ul>
- * <li>http.param reqState request state
- * (one of showAll, showWaiting, showInService,
- * showCancelled, showRejected, showCompleted)
+ * <li>http.param reqState request state (one of showAll, showWaiting,
+ * showInService, showCancelled, showRejected, showCompleted)
* <li>http.param reqType
* <li>http.param seqNumFromDown request ID to start at (decimal, or hex if
- * when paging down
- * seqNumFromDown starts with 0x)
+ * when paging down seqNumFromDown starts with 0x)
* <li>http.param seqNumFromUp request ID to start at (decimal, or hex if
- * when paging up
- * seqNumFromUp starts with 0x)
+ * when paging up seqNumFromUp starts with 0x)
* <li>http.param maxCount maximum number of records to show
* <li>http.param totalCount total number of records in set of pages
* <li>http.param direction "up", "down", "begin", or "end"
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
public void process(CMSRequest cmsReq) throws EBaseException {
- CMS.debug("in QueryReq servlet");
-
- // Authentication / Authorization
-
- HttpServletRequest req = cmsReq.getHttpReq();
- IAuthToken authToken = authenticate(cmsReq);
- AuthzToken authzToken = null;
-
- try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "list");
- } catch (EAuthzAccessDenied e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- } catch (Exception e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
- }
- if (authzToken == null) {
- cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
- return;
- }
-
-
-
-
- CMSTemplate form = null;
- Locale[] locale = new Locale[1];
-
- try {
- // if get a EBaseException we just throw it.
- form = getTemplate(mFormPath, req, locale);
- } catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
- }
-
- /**
- * WARNING:
- *
- * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED.
- *
- **/
- String filter = null;
- String reqState = req.getParameter("reqState");
- String reqType = req.getParameter("reqType");
-
- if (reqState == null || reqType == null) {
- filter = "(requeststate=*)";
- } else if (reqState.equals(IN_SHOW_ALL) &&
- reqType.equals(IN_SHOW_ALL)) {
- filter = "(requeststate=*)";
- } else if (reqState.equals(IN_SHOW_ALL)) {
- filter = getRequestType(reqType);
- } else if (reqType.equals(IN_SHOW_ALL)) {
- filter = getRequestState(reqState);
- } else {
- filter = "(&" + getRequestState(reqState) +
- getRequestType(reqType) + ")";
- }
-
- String direction = "begin";
- if (req.getParameter("direction") != null) {
- direction = req.getParameter("direction").trim();
- }
-
-
- int top=0, bottom=0;
-
- try {
- String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE);
- if (top_s == null) top_s = "0";
-
- String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE);
- if (bottom_s == null) bottom_s = "0";
-
- if (top_s.trim().startsWith("0x")) {
- top = Integer.parseInt(top_s.trim().substring(2), 16);
- } else {
- top = Integer.parseInt(top_s.trim());
- }
- if (bottom_s.trim().startsWith("0x")) {
- bottom = Integer.parseInt(bottom_s.trim().substring(2), 16);
- } else {
- bottom = Integer.parseInt(bottom_s.trim());
- }
-
- } catch (NumberFormatException e) {
-
- }
-
- // avoid NumberFormatException to the user interface
- int maxCount = 10;
- try {
- maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
- } catch (Exception e) {
- }
+ CMS.debug("in QueryReq servlet");
+
+ // Authentication / Authorization
+
+ HttpServletRequest req = cmsReq.getHttpReq();
+ IAuthToken authToken = authenticate(cmsReq);
+ AuthzToken authzToken = null;
+
+ try {
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "list");
+ } catch (EAuthzAccessDenied e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ } catch (Exception e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ }
+ if (authzToken == null) {
+ cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+ return;
+ }
+
+ CMSTemplate form = null;
+ Locale[] locale = new Locale[1];
+
+ try {
+ // if get a EBaseException we just throw it.
+ form = getTemplate(mFormPath, req, locale);
+ } catch (IOException e) {
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+ e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ }
+
+ /**
+ * WARNING:
+ *
+ * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED.
+ *
+ **/
+ String filter = null;
+ String reqState = req.getParameter("reqState");
+ String reqType = req.getParameter("reqType");
+
+ if (reqState == null || reqType == null) {
+ filter = "(requeststate=*)";
+ } else if (reqState.equals(IN_SHOW_ALL) && reqType.equals(IN_SHOW_ALL)) {
+ filter = "(requeststate=*)";
+ } else if (reqState.equals(IN_SHOW_ALL)) {
+ filter = getRequestType(reqType);
+ } else if (reqType.equals(IN_SHOW_ALL)) {
+ filter = getRequestState(reqState);
+ } else {
+ filter = "(&" + getRequestState(reqState) + getRequestType(reqType)
+ + ")";
+ }
+
+ String direction = "begin";
+ if (req.getParameter("direction") != null) {
+ direction = req.getParameter("direction").trim();
+ }
+
+ int top = 0, bottom = 0;
+
+ try {
+ String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE);
+ if (top_s == null)
+ top_s = "0";
+
+ String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE);
+ if (bottom_s == null)
+ bottom_s = "0";
+
+ if (top_s.trim().startsWith("0x")) {
+ top = Integer.parseInt(top_s.trim().substring(2), 16);
+ } else {
+ top = Integer.parseInt(top_s.trim());
+ }
+ if (bottom_s.trim().startsWith("0x")) {
+ bottom = Integer.parseInt(bottom_s.trim().substring(2), 16);
+ } else {
+ bottom = Integer.parseInt(bottom_s.trim());
+ }
+
+ } catch (NumberFormatException e) {
+
+ }
+
+ // avoid NumberFormatException to the user interface
+ int maxCount = 10;
+ try {
+ maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
+ } catch (Exception e) {
+ }
if (maxCount > mMaxReturns) {
- CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns);
+ CMS.debug("Resetting page size from " + maxCount + " to "
+ + mMaxReturns);
maxCount = mMaxReturns;
}
- HttpServletResponse resp = cmsReq.getHttpResp();
- CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom );
-
-
- argset.getFixed().addStringValue("reqType",reqType);
+ HttpServletResponse resp = cmsReq.getHttpResp();
+ CMSTemplateParams argset = doSearch(locale[0], filter, maxCount,
+ direction, top, bottom);
+
+ argset.getFixed().addStringValue("reqType", reqType);
argset.getFixed().addStringValue("reqState", reqState);
- argset.getFixed().addIntegerValue("maxCount",maxCount);
-
-
- try {
- form.getOutput(argset);
- resp.setContentType("text/html");
- form.renderOutput(resp.getOutputStream(), argset);
- } catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
- }
- cmsReq.setStatus(CMSRequest.SUCCESS);
- return;
+ argset.getFixed().addIntegerValue("maxCount", maxCount);
+
+ try {
+ form.getOutput(argset);
+ resp.setContentType("text/html");
+ form.renderOutput(resp.getOutputStream(), argset);
+ } catch (IOException e) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ }
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ return;
}
private static String makeRequestStatusEq(RequestStatus s) {
@@ -369,200 +361,197 @@ public class QueryReq extends CMSServlet {
/**
* Perform search based on direction button pressed
- * @param filter ldap filter indicating which VLV to search through. This can be
- * 'all requests', 'pending', etc
+ *
+ * @param filter ldap filter indicating which VLV to search through. This
+ * can be 'all requests', 'pending', etc
* @param count the number of requests to show per page
- * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end)
- * @param top the number of the request shown on at the top of the current page
- * @param bottom the number of the request shown on at the bottom of the current page
- * @return
+ * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to
+ * end)
+ * @param top the number of the request shown on at the top of the current
+ * page
+ * @param bottom the number of the request shown on at the bottom of the
+ * current page
+ * @return
*/
-
- private CMSTemplateParams doSearch(Locale l, String filter,
- int count, String direction, int top, int bottom)
- {
- CMSTemplateParams ctp = null;
- if (direction.equals("previous")) {
- ctp = doSearch(l, filter, -count, top-1);
- } else if (direction.equals("next")) {
- ctp = doSearch(l,filter, count, bottom+1);
- } else if (direction.equals("begin")) {
- ctp = doSearch(l,filter, count, 0);
- } else if (direction.equals("first")) {
- ctp = doSearch(l,filter, count, bottom);
- } else { // if 'direction is 'end', default here
- ctp = doSearch(l,filter, -count, -1);
- }
- return ctp;
+
+ private CMSTemplateParams doSearch(Locale l, String filter, int count,
+ String direction, int top, int bottom) {
+ CMSTemplateParams ctp = null;
+ if (direction.equals("previous")) {
+ ctp = doSearch(l, filter, -count, top - 1);
+ } else if (direction.equals("next")) {
+ ctp = doSearch(l, filter, count, bottom + 1);
+ } else if (direction.equals("begin")) {
+ ctp = doSearch(l, filter, count, 0);
+ } else if (direction.equals("first")) {
+ ctp = doSearch(l, filter, count, bottom);
+ } else { // if 'direction is 'end', default here
+ ctp = doSearch(l, filter, -count, -1);
+ }
+ return ctp;
}
-
-
-
- /**
- *
- * @param locale
- * @param filter the types of requests to return - this must match the VLV index
- * @param count maximum number of records to return
- * @param marker indication of the request ID where the page is anchored
- * @return
- */
-
- private CMSTemplateParams doSearch(
- Locale locale,
- String filter,
- int count,
- int marker) {
-
- IArgBlock header = CMS.createArgBlock();
- IArgBlock context = CMS.createArgBlock();
- CMSTemplateParams argset = new CMSTemplateParams(header, context);
-
- try {
- long startTime = CMS.getCurrentDate().getTime();
- // preserve the type of request that we are
- // requesting.
-
- header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId());
- header.addStringValue(OUT_REQUESTING_USER, "admin");
-
-
- boolean jumptoend = false;
- if (marker == -1) {
- marker = 0; // I think this is inconsequential
- jumptoend = true; // override to '99' during search
- }
-
- RequestId id = new RequestId(Integer.toString(marker));
- IRequestVirtualList list = mQueue.getPagedRequestsByFilter(
- id,
- jumptoend,
- filter,
- count+1,
- "requestId");
-
- int totalCount = list.getSize() - list.getCurrentIndex();
- header.addIntegerValue(OUT_TOTALCOUNT, totalCount);
- header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize());
-
- int numEntries = list.getSize() - list.getCurrentIndex();
-
- Vector v = fetchRecords(list,Math.abs(count));
- v = normalizeOrder(v);
- trim(v,id);
-
-
- int currentCount = 0;
- int curNum = 0;
- int firstNum = -1;
- Enumeration requests = v.elements();
-
- while (requests.hasMoreElements()) {
- IRequest request = null;
- try {
- request = (IRequest) requests.nextElement();
- } catch (Exception e) {
- CMS.debug("Error displaying request:"+e.getMessage());
- // handled below
- }
- if (request == null) {
- log(ILogger.LL_WARN, "Error display request on page");
- continue;
- }
-
- curNum = Integer.parseInt(
- request.getRequestId().toString());
-
- if (firstNum == -1) {
- firstNum = curNum;
- }
-
- IArgBlock rec = CMS.createArgBlock();
- mParser.fillRequestIntoArg(locale, request, argset, rec);
- mQueue.releaseRequest(request);
- argset.addRepeatRecord(rec);
-
- currentCount++;
-
- }// while
- long endTime = CMS.getCurrentDate().getTime();
-
- header.addIntegerValue(OUT_CURRENTCOUNT, currentCount);
- header.addStringValue("time", Long.toString(endTime - startTime));
- header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum);
- header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum);
-
- } catch (EBaseException e) {
- header.addStringValue(OUT_ERROR, e.toString(locale));
- } catch (Exception e) {
- }
- return argset;
-
+
+ /**
+ *
+ * @param locale
+ * @param filter the types of requests to return - this must match the VLV
+ * index
+ * @param count maximum number of records to return
+ * @param marker indication of the request ID where the page is anchored
+ * @return
+ */
+
+ private CMSTemplateParams doSearch(Locale locale, String filter, int count,
+ int marker) {
+
+ IArgBlock header = CMS.createArgBlock();
+ IArgBlock context = CMS.createArgBlock();
+ CMSTemplateParams argset = new CMSTemplateParams(header, context);
+
+ try {
+ long startTime = CMS.getCurrentDate().getTime();
+ // preserve the type of request that we are
+ // requesting.
+
+ header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId());
+ header.addStringValue(OUT_REQUESTING_USER, "admin");
+
+ boolean jumptoend = false;
+ if (marker == -1) {
+ marker = 0; // I think this is inconsequential
+ jumptoend = true; // override to '99' during search
+ }
+
+ RequestId id = new RequestId(Integer.toString(marker));
+ IRequestVirtualList list = mQueue.getPagedRequestsByFilter(id,
+ jumptoend, filter, count + 1, "requestId");
+
+ int totalCount = list.getSize() - list.getCurrentIndex();
+ header.addIntegerValue(OUT_TOTALCOUNT, totalCount);
+ header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize());
+
+ int numEntries = list.getSize() - list.getCurrentIndex();
+
+ Vector v = fetchRecords(list, Math.abs(count));
+ v = normalizeOrder(v);
+ trim(v, id);
+
+ int currentCount = 0;
+ int curNum = 0;
+ int firstNum = -1;
+ Enumeration requests = v.elements();
+
+ while (requests.hasMoreElements()) {
+ IRequest request = null;
+ try {
+ request = (IRequest) requests.nextElement();
+ } catch (Exception e) {
+ CMS.debug("Error displaying request:" + e.getMessage());
+ // handled below
+ }
+ if (request == null) {
+ log(ILogger.LL_WARN, "Error display request on page");
+ continue;
+ }
+
+ curNum = Integer.parseInt(request.getRequestId().toString());
+
+ if (firstNum == -1) {
+ firstNum = curNum;
+ }
+
+ IArgBlock rec = CMS.createArgBlock();
+ mParser.fillRequestIntoArg(locale, request, argset, rec);
+ mQueue.releaseRequest(request);
+ argset.addRepeatRecord(rec);
+
+ currentCount++;
+
+ }// while
+ long endTime = CMS.getCurrentDate().getTime();
+
+ header.addIntegerValue(OUT_CURRENTCOUNT, currentCount);
+ header.addStringValue("time", Long.toString(endTime - startTime));
+ header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum);
+ header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum);
+
+ } catch (EBaseException e) {
+ header.addStringValue(OUT_ERROR, e.toString(locale));
+ } catch (Exception e) {
+ }
+ return argset;
+
}
/**
* If the vector contains the marker element at the end, remove it.
- * @param v The vector to trim
- * @param marker the marker to look for.
+ *
+ * @param v The vector to trim
+ * @param marker the marker to look for.
+ */
+ private void trim(Vector v, RequestId marker) {
+ int i = v.size() - 1;
+ if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) {
+ v.remove(i);
+ }
+
+ }
+
+ /**
+ * Sometimes the list comes back from LDAP in reverse order. This function
+ * makes sure the results are in 'forward' order.
+ *
+ * @param list
+ * @return
*/
- private void trim(Vector v, RequestId marker) {
- int i = v.size()-1;
- if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) {
- v.remove(i);
- }
-
- }
-
- /**
- * Sometimes the list comes back from LDAP in reverse order. This function makes
- * sure the results are in 'forward' order.
- * @param list
- * @return
- */
private Vector fetchRecords(IRequestVirtualList list, int maxCount) {
-
- Vector v = new Vector();
- int count = list.getSize();
- int c=0;
- for (int i=0; i<count; i++) {
- IRequest request = list.getElementAt(i);
- if (request != null) {
- v.add(request);
- c++;
- }
- if (c >= maxCount) break;
- }
-
- return v;
+
+ Vector v = new Vector();
+ int count = list.getSize();
+ int c = 0;
+ for (int i = 0; i < count; i++) {
+ IRequest request = list.getElementAt(i);
+ if (request != null) {
+ v.add(request);
+ c++;
+ }
+ if (c >= maxCount)
+ break;
+ }
+
+ return v;
}
/**
* If the requests are in backwards order, reverse the list
+ *
* @param list
* @return
*/
private Vector normalizeOrder(Vector list) {
-
- int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0))
- .getRequestId().toString());
- int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list
- .size() - 1)).getRequestId().toString());
- boolean reverse = false;
- if (firstrequestnum > lastrequestnum) {
- reverse = true; // if the order is backwards, place items at the beginning
- }
- Vector v = new Vector();
- int count = list.size();
- for (int i = 0; i < count; i++) {
- Object request = list.elementAt(i);
- if (request != null) {
- if (reverse)
- v.add(0, request);
- else
- v.add(request);
- }
- }
-
- return v;
+
+ int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0))
+ .getRequestId().toString());
+ int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list
+ .size() - 1)).getRequestId().toString());
+ boolean reverse = false;
+ if (firstrequestnum > lastrequestnum) {
+ reverse = true; // if the order is backwards, place items at the
+ // beginning
+ }
+ Vector v = new Vector();
+ int count = list.size();
+ for (int i = 0; i < count; i++) {
+ Object request = list.elementAt(i);
+ if (request != null) {
+ if (reverse)
+ v.add(0, request);
+ else
+ v.add(request);
+ }
+ }
+
+ return v;
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
index 29414ca5..e37e4c76 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.util.Locale;
import com.netscape.certsrv.base.EBaseException;
@@ -26,11 +25,10 @@ import com.netscape.certsrv.base.SessionContext;
import com.netscape.certsrv.request.IRequest;
import com.netscape.cms.servlet.common.CMSTemplateParams;
-
/**
* A class representing a request parser.
* <P>
- *
+ *
* @version $Revision$, $Date$
*/
public class ReqParser implements IReqParser {
@@ -50,30 +48,28 @@ public class ReqParser implements IReqParser {
/**
* Maps request object into argument block.
*/
- public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
- throws EBaseException {
+ public void fillRequestIntoArg(Locale l, IRequest req,
+ CMSTemplateParams argSet, IArgBlock arg) throws EBaseException {
arg.addStringValue(TYPE, req.getRequestType());
- arg.addLongValue("seqNum",
- Long.parseLong(req.getRequestId().toString()));
- arg.addStringValue(STATUS,
- req.getRequestStatus().toString());
- arg.addLongValue(CREATE_ON,
- req.getCreationTime().getTime() / 1000);
- arg.addLongValue(UPDATE_ON,
- req.getModificationTime().getTime() / 1000);
+ arg.addLongValue("seqNum",
+ Long.parseLong(req.getRequestId().toString()));
+ arg.addStringValue(STATUS, req.getRequestStatus().toString());
+ arg.addLongValue(CREATE_ON, req.getCreationTime().getTime() / 1000);
+ arg.addLongValue(UPDATE_ON, req.getModificationTime().getTime() / 1000);
String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY);
- if (updatedBy == null) updatedBy = "";
+ if (updatedBy == null)
+ updatedBy = "";
arg.addStringValue(UPDATE_BY, updatedBy);
SessionContext ctx = SessionContext.getContext();
- String id = (String) ctx.get(SessionContext.USER_ID);
+ String id = (String) ctx.get(SessionContext.USER_ID);
arg.addStringValue("callerName", id);
-
+
String owner = req.getRequestOwner();
- if (owner != null)
+ if (owner != null)
arg.addStringValue("assignedTo", owner);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
index 04b21440..917fdd40 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.request;
-
import java.io.IOException;
import java.math.BigInteger;
import java.util.Date;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
-
/**
* Search for certificates matching complex query filter
- *
+ *
* @version $Revision$, $Date$
*/
public class SearchReqs extends CMSServlet {
@@ -90,8 +88,9 @@ public class SearchReqs extends CMSServlet {
}
/**
- * initialize the servlet. This servlet uses queryReq.template
- * to render the response
+ * initialize the servlet. This servlet uses queryReq.template to render the
+ * response
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -105,7 +104,8 @@ public class SearchReqs extends CMSServlet {
if (authConfig != null) {
try {
- mMaxReturns = authConfig.getInteger(PROP_MAX_SEARCH_RETURNS, MAX_RESULTS);
+ mMaxReturns = authConfig.getInteger(
+ PROP_MAX_SEARCH_RETURNS, MAX_RESULTS);
} catch (EBaseException e) {
// do nothing
}
@@ -120,7 +120,8 @@ public class SearchReqs extends CMSServlet {
/* Server-Side time limit */
try {
- int maxResults = Integer.parseInt(sc.getInitParameter("maxResults"));
+ int maxResults = Integer
+ .parseInt(sc.getInitParameter("maxResults"));
if (maxResults < mMaxReturns)
mMaxReturns = maxResults;
} catch (Exception e) {
@@ -154,10 +155,8 @@ public class SearchReqs extends CMSServlet {
/**
* Serves HTTP request. This format of this request is as follows:
- * queryCert?
- * [maxCount=<number>]
- * [queryFilter=<filter>]
- * [revokeAll=<filter>]
+ * queryCert? [maxCount=<number>] [queryFilter=<filter>]
+ * [revokeAll=<filter>]
*/
public void process(CMSRequest cmsReq) throws EBaseException {
HttpServletRequest req = cmsReq.getHttpReq();
@@ -168,14 +167,14 @@ public class SearchReqs extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "list");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "list");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -198,10 +197,10 @@ public class SearchReqs extends CMSServlet {
try {
form = getTemplate(mFormPath, req, locale);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
try {
@@ -214,11 +213,13 @@ public class SearchReqs extends CMSServlet {
if (timeLimitStr != null && timeLimitStr.length() > 0)
timeLimit = Integer.parseInt(timeLimitStr);
- process(argSet, header, req.getParameter("queryRequestFilter"), authToken,
- maxResults, timeLimit, req, resp, locale[0]);
+ process(argSet, header, req.getParameter("queryRequestFilter"),
+ authToken, maxResults, timeLimit, req, resp, locale[0]);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
- error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+ error = new EBaseException(CMS.getUserMessage(getLocale(req),
+ "CMS_BASE_INVALID_NUMBER_FORMAT"));
} catch (EBaseException e) {
error = e;
}
@@ -229,33 +230,32 @@ public class SearchReqs extends CMSServlet {
if (error == null) {
String xmlOutput = req.getParameter("xml");
if (xmlOutput != null && xmlOutput.equals("true")) {
- outputXML(resp, argSet);
+ outputXML(resp, argSet);
} else {
- cmsReq.setStatus(CMSRequest.SUCCESS);
- resp.setContentType("text/html");
- form.renderOutput(out, argSet);
+ cmsReq.setStatus(CMSRequest.SUCCESS);
+ resp.setContentType("text/html");
+ form.renderOutput(out, argSet);
}
} else {
cmsReq.setStatus(CMSRequest.ERROR);
cmsReq.setError(error);
}
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE",
+ e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
/**
* Process the key search.
*/
- private void process(CMSTemplateParams argSet, IArgBlock header,
- String filter, IAuthToken token,
- int maxResults, int timeLimit,
- HttpServletRequest req, HttpServletResponse resp,
- Locale locale)
- throws EBaseException {
+ private void process(CMSTemplateParams argSet, IArgBlock header,
+ String filter, IAuthToken token, int maxResults, int timeLimit,
+ HttpServletRequest req, HttpServletResponse resp, Locale locale)
+ throws EBaseException {
try {
long startTime = CMS.getCurrentDate().getTime();
@@ -272,25 +272,27 @@ public class SearchReqs extends CMSServlet {
} else {
if (owner.equals("self")) {
String self_uid = token.getInString(IAuthToken.USER_ID);
- requestowner_filter = "(requestowner="+self_uid+")";
+ requestowner_filter = "(requestowner=" + self_uid + ")";
} else {
String uid = req.getParameter("uid");
- requestowner_filter = "(requestowner="+uid+")";
+ requestowner_filter = "(requestowner=" + uid + ")";
}
- newfilter = "(&"+requestowner_filter+filter.substring(2);
+ newfilter = "(&" + requestowner_filter + filter.substring(2);
}
// xxx the filter includes serial number range???
if (maxResults == -1 || maxResults > mMaxReturns) {
- CMS.debug("Resetting maximum of returned results from " + maxResults + " to " + mMaxReturns);
+ CMS.debug("Resetting maximum of returned results from "
+ + maxResults + " to " + mMaxReturns);
maxResults = mMaxReturns;
}
if (timeLimit == -1 || timeLimit > mTimeLimits) {
- CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
+ CMS.debug("Resetting timelimit from " + timeLimit + " to "
+ + mTimeLimits);
timeLimit = mTimeLimits;
}
- IRequestList list = (timeLimit > 0) ?
- mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) :
- mQueue.listRequestsByFilter(newfilter, maxResults);
+ IRequestList list = (timeLimit > 0) ? mQueue.listRequestsByFilter(
+ newfilter, maxResults, timeLimit) : mQueue
+ .listRequestsByFilter(newfilter, maxResults);
int count = 0;
@@ -305,7 +307,8 @@ public class SearchReqs extends CMSServlet {
long endTime = CMS.getCurrentDate().getTime();
header.addIntegerValue(OUT_CURRENTCOUNT, count);
- header.addStringValue("time", Long.toString(endTime - startTime));
+ header.addStringValue("time",
+ Long.toString(endTime - startTime));
}
}
header.addIntegerValue(OUT_TOTALCOUNT, count);
@@ -323,7 +326,8 @@ public class SearchReqs extends CMSServlet {
int i = filter.indexOf(CURRENT_TIME, k);
while (i > -1) {
- if (now == null) now = new Date();
+ if (now == null)
+ now = new Date();
newFilter.append(filter.substring(k, i));
newFilter.append(now.getTime());
k = i + CURRENT_TIME.length();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
index 1f6efa85..7d30d3ae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
@@ -52,14 +52,11 @@ import com.netscape.cms.servlet.base.CMSServlet;
import com.netscape.cms.servlet.common.CMSRequest;
import com.netscape.symkey.SessionKey;
-
-
/**
- * A class representings an administration servlet for Token Key
- * Service Authority. This servlet is responsible to serve
- * tks administrative operation such as configuration
- * parameter updates.
- *
+ * A class representings an administration servlet for Token Key Service
+ * Authority. This servlet is responsible to serve tks administrative operation
+ * such as configuration parameter updates.
+ *
* @version $Revision$, $Date$
*/
public class TokenServlet extends CMSServlet {
@@ -68,66 +65,40 @@ public class TokenServlet extends CMSServlet {
*/
private static final long serialVersionUID = 8687436109695172791L;
protected static final String PROP_ENABLED = "enabled";
- protected static final String TRANSPORT_KEY_NAME ="sharedSecret";
+ protected static final String TRANSPORT_KEY_NAME = "sharedSecret";
private final static String INFO = "TokenServlet";
public static int ERROR = 1;
private ITKSAuthority mTKS = null;
private String mSelectedToken = null;
private String mNewSelectedToken = null;
String mKeyNickName = null;
- String mNewKeyNickName = null;
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
- "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
+ String mNewKeyNickName = null;
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM = "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST =
- "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
-
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
- private final static String
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST =
- "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
- private final static String
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
+ private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
- private final static String
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
+ private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
+ private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
- private final static String
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST =
- "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
+ private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
- private final static String
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
+ private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
- private final static String
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
+ private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST =
- "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS =
- "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
- private final static String
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE =
- "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
+ private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE = "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
/**
* Constructs tks servlet.
@@ -137,14 +108,13 @@ public class TokenServlet extends CMSServlet {
}
- public static String trim(String a)
- {
- StringBuffer newa = new StringBuffer();
+ public static String trim(String a) {
+ StringBuffer newa = new StringBuffer();
StringTokenizer tokens = new StringTokenizer(a, "\n");
- while (tokens.hasMoreTokens()) {
- newa.append(tokens.nextToken());
- }
- return newa.toString();
+ while (tokens.hasMoreTokens()) {
+ newa.append(tokens.nextToken());
+ }
+ return newa.toString();
}
public void init(ServletConfig config) throws ServletException {
@@ -153,18 +123,19 @@ public class TokenServlet extends CMSServlet {
/**
* Returns serlvet information.
- *
+ *
* @return name of this servlet
*/
- public String getServletInfo() {
- return INFO;
+ public String getServletInfo() {
+ return INFO;
}
- /**
- * Process the HTTP request.
- *
+
+ /**
+ * Process the HTTP request.
+ *
* @param s The URL to decode.
*/
- protected String URLdecode(String s) {
+ protected String URLdecode(String s) {
if (s == null)
return null;
ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -184,62 +155,63 @@ public class TokenServlet extends CMSServlet {
}
} // end for
return out.toString();
- }
+ }
- private void setDefaultSlotAndKeyName(HttpServletRequest req)
- {
- try {
+ private void setDefaultSlotAndKeyName(HttpServletRequest req) {
+ try {
- String keySet = req.getParameter("keySet");
- if (keySet == null || keySet.equals("")) {
- keySet = "defKeySet";
- }
- CMS.debug("keySet selected: " + keySet);
+ String keySet = req.getParameter("keySet");
+ if (keySet == null || keySet.equals("")) {
+ keySet = "defKeySet";
+ }
+ CMS.debug("keySet selected: " + keySet);
+
+ mNewSelectedToken = null;
+
+ mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
+ String masterKeyPrefix = CMS.getConfigStore().getString(
+ "tks.master_key_prefix", null);
+ String temp = req.getParameter("KeyInfo"); // #xx#xx
+ String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+ String mappingValue = CMS.getConfigStore().getString(keyInfoMap,
+ null);
+ if (mappingValue != null) {
+ StringTokenizer st = new StringTokenizer(mappingValue, ":");
+ int tokenNumber = 0;
+ while (st.hasMoreTokens()) {
- mNewSelectedToken = null;
-
- mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
- String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
- String temp = req.getParameter("KeyInfo"); //#xx#xx
- String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
- String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
- if(mappingValue!=null)
- {
- StringTokenizer st = new StringTokenizer(mappingValue, ":");
- int tokenNumber=0;
- while (st.hasMoreTokens()) {
-
- String currentToken= st.nextToken();
- if(tokenNumber==0)
- mSelectedToken = currentToken;
- else if(tokenNumber==1)
- mKeyNickName = currentToken;
- tokenNumber++;
-
- }
+ String currentToken = st.nextToken();
+ if (tokenNumber == 0)
+ mSelectedToken = currentToken;
+ else if (tokenNumber == 1)
+ mKeyNickName = currentToken;
+ tokenNumber++;
+
+ }
}
- if(req.getParameter("newKeyInfo")!=null) // for diversification
+ if (req.getParameter("newKeyInfo") != null) // for diversification
{
- temp = req.getParameter("newKeyInfo"); //#xx#xx
- String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
- String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
- if(newMappingValue!=null)
- {
- StringTokenizer st = new StringTokenizer(newMappingValue, ":");
- int tokenNumber=0;
- while (st.hasMoreTokens()) {
- String currentToken= st.nextToken();
- if(tokenNumber==0)
- mNewSelectedToken = currentToken;
- else if(tokenNumber==1)
- mNewKeyNickName = currentToken;
- tokenNumber++;
-
- }
+ temp = req.getParameter("newKeyInfo"); // #xx#xx
+ String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+ String newMappingValue = CMS.getConfigStore().getString(
+ newKeyInfoMap, null);
+ if (newMappingValue != null) {
+ StringTokenizer st = new StringTokenizer(newMappingValue,
+ ":");
+ int tokenNumber = 0;
+ while (st.hasMoreTokens()) {
+ String currentToken = st.nextToken();
+ if (tokenNumber == 0)
+ mNewSelectedToken = currentToken;
+ else if (tokenNumber == 1)
+ mNewKeyNickName = currentToken;
+ tokenNumber++;
+
+ }
}
- }
+ }
- SessionKey.SetDefaultPrefix(masterKeyPrefix);
+ SessionKey.SetDefaultPrefix(masterKeyPrefix);
} catch (Exception e) {
e.printStackTrace();
@@ -249,9 +221,8 @@ public class TokenServlet extends CMSServlet {
}
private void processComputeSessionKey(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException
- {
- byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key;
+ HttpServletResponse resp) throws EBaseException {
+ byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key;
byte[] card_crypto, host_cryptogram, input_card_crypto;
byte[] xcard_challenge, xhost_challenge;
byte[] enc_session_key, xkeyInfo;
@@ -259,18 +230,18 @@ public class TokenServlet extends CMSServlet {
String errorMsg = "";
String badParams = "";
String transportKeyName = "";
-
- String rCUID = req.getParameter("CUID");
+
+ String rCUID = req.getParameter("CUID");
String keySet = req.getParameter("keySet");
if (keySet == null || keySet.equals("")) {
- keySet = "defKeySet";
+ keySet = "defKeySet";
}
CMS.debug("keySet selected: " + keySet);
boolean serversideKeygen = false;
byte[] drm_trans_wrapped_desKey = null;
- PK11SymKey desKey = null;
- // PK11SymKey kek_session_key;
+ PK11SymKey desKey = null;
+ // PK11SymKey kek_session_key;
PK11SymKey kek_key;
IConfigStore sconfig = CMS.getConfigStore();
@@ -280,52 +251,53 @@ public class TokenServlet extends CMSServlet {
card_crypto = null;
host_cryptogram = null;
enc_session_key = null;
- // kek_session_key = null;
+ // kek_session_key = null;
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
- agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ agentId = (String) sContext.get(SessionContext.USER_ID);
}
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST,
- rCUID,
- ILogger.SUCCESS,
- agentId);
+ LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST, rCUID,
+ ILogger.SUCCESS, agentId);
audit(auditMessage);
String kek_wrapped_desKeyString = null;
- String keycheck_s = null;
+ String keycheck_s = null;
CMS.debug("processComputeSessionKey:");
- String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
- if (!useSoftToken_s.equalsIgnoreCase("true"))
- useSoftToken_s = "false";
+ String useSoftToken_s = CMS.getConfigStore().getString(
+ "tks.useSoftToken", "true");
+ if (!useSoftToken_s.equalsIgnoreCase("true"))
+ useSoftToken_s = "false";
- String rServersideKeygen = (String) req.getParameter("serversideKeygen");
+ String rServersideKeygen = (String) req
+ .getParameter("serversideKeygen");
if (rServersideKeygen.equals("true")) {
- CMS.debug("TokenServlet: serversideKeygen requested");
- serversideKeygen = true;
+ CMS.debug("TokenServlet: serversideKeygen requested");
+ serversideKeygen = true;
} else {
- CMS.debug("TokenServlet: serversideKeygen not requested");
+ CMS.debug("TokenServlet: serversideKeygen not requested");
}
try {
- isCryptoValidate = sconfig.getBoolean("cardcryptogram.validate.enable", true);
+ isCryptoValidate = sconfig.getBoolean(
+ "cardcryptogram.validate.enable", true);
} catch (EBaseException eee) {
}
try {
- transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME);
+ transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",
+ TRANSPORT_KEY_NAME);
} catch (EBaseException e) {
}
- CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName);
-
+ CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: "
+ + transportKeyName);
String rcard_challenge = req.getParameter("card_challenge");
String rhost_challenge = req.getParameter("host_challenge");
@@ -355,7 +327,6 @@ public class TokenServlet extends CMSServlet {
missingParam = true;
}
-
String selectedToken = null;
String keyNickName = null;
boolean sameCardCrypto = true;
@@ -364,48 +335,51 @@ public class TokenServlet extends CMSServlet {
xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
if (xCUID == null || xCUID.length != 10) {
- badParams += " CUID length,";
- CMS.debug("TokenServlet: Invalid CUID length");
- missingParam = true;
+ badParams += " CUID length,";
+ CMS.debug("TokenServlet: Invalid CUID length");
+ missingParam = true;
}
xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
if (xkeyInfo == null || xkeyInfo.length != 2) {
- badParams += " KeyInfo length,";
- CMS.debug("TokenServlet: Invalid key info length.");
- missingParam = true;
+ badParams += " KeyInfo length,";
+ CMS.debug("TokenServlet: Invalid key info length.");
+ missingParam = true;
}
- xcard_challenge =
- com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
+ xcard_challenge = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rcard_challenge);
if (xcard_challenge == null || xcard_challenge.length != 8) {
- badParams += " card_challenge length,";
- CMS.debug("TokenServlet: Invalid card challenge length.");
- missingParam = true;
+ badParams += " card_challenge length,";
+ CMS.debug("TokenServlet: Invalid card challenge length.");
+ missingParam = true;
}
-
- xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
+
+ xhost_challenge = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rhost_challenge);
if (xhost_challenge == null || xhost_challenge.length != 8) {
- badParams += " host_challenge length,";
- CMS.debug("TokenServlet: Invalid host challenge length");
- missingParam = true;
+ badParams += " host_challenge length,";
+ CMS.debug("TokenServlet: Invalid host challenge length");
+ missingParam = true;
}
-
+
}
CUID = null;
if (!missingParam) {
- card_challenge =
- com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
-
- host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
+ card_challenge = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rcard_challenge);
+
+ host_challenge = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rhost_challenge);
keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
- CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+ CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
- String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx
- String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
+ String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; // #xx#xx
+ String mappingValue = CMS.getConfigStore().getString(keyInfoMap,
+ null);
if (mappingValue == null) {
- selectedToken =
- CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+ selectedToken = CMS.getConfigStore().getString(
+ "tks.defaultSlot", "internal");
keyNickName = rKeyInfo;
} else {
StringTokenizer st = new StringTokenizer(mappingValue, ":");
@@ -419,175 +393,198 @@ public class TokenServlet extends CMSServlet {
try {
- byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key"));
- CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName);
- session_key = SessionKey.ComputeSessionKey(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName );
-
- if(session_key == null)
- {
+ byte macKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".mac_key"));
+ CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken="
+ + selectedToken + " keyNickName=" + keyNickName);
+ session_key = SessionKey.ComputeSessionKey(selectedToken,
+ keyNickName, card_challenge, host_challenge,
+ keyInfo, CUID, macKeyArray, useSoftToken_s, keySet,
+ transportKeyName);
+
+ if (session_key == null) {
CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL ");
- throw new Exception("Can't compute session key!");
+ throw new Exception("Can't compute session key!");
- }
+ }
- byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
+ byte encKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".auth_key"));
enc_session_key = SessionKey.ComputeEncSessionKey(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet);
+ selectedToken, keyNickName, card_challenge,
+ host_challenge, keyInfo, CUID, encKeyArray,
+ useSoftToken_s, keySet);
- if(enc_session_key == null)
- {
+ if (enc_session_key == null) {
CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL ");
- throw new Exception("Can't compute enc session key!");
-
+ throw new Exception("Can't compute enc session key!");
+
}
if (serversideKeygen == true) {
/**
- * 0. generate des key
- * 1. encrypt des key with kek key
- * 2. encrypt des key with DRM transport key
- * These two wrapped items are to be sent back to
- * TPS. 2nd item is to DRM
+ * 0. generate des key 1. encrypt des key with kek key
+ * 2. encrypt des key with DRM transport key These two
+ * wrapped items are to be sent back to TPS. 2nd item is
+ * to DRM
**/
CMS.debug("TokenServlet: calling ComputeKekKey");
- byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-
-
- kek_key = SessionKey.ComputeKekKey(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet);
+ byte kekKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks."
+ + keySet + ".kek_key"));
+ kek_key = SessionKey.ComputeKekKey(selectedToken,
+ keyNickName, card_challenge, host_challenge,
+ keyInfo, CUID, kekKeyArray, useSoftToken_s,
+ keySet);
CMS.debug("TokenServlet: called ComputeKekKey");
- if(kek_key == null)
- {
+ if (kek_key == null) {
CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL ");
- throw new Exception("Can't compute kek key!");
-
+ throw new Exception("Can't compute kek key!");
+
}
// now use kek key to wrap kek session key..
- CMS.debug("computeSessionKey:kek key len ="+
- kek_key.getLength());
-
- // (1) generate DES key
- /* applet does not support DES3
- org.mozilla.jss.crypto.KeyGenerator kg =
- internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
- desKey = kg.generate();*/
-
- /*
- * XXX GenerateSymkey firt generates a 16 byte DES2 key.
- * It then pads it into a 24 byte key with last
- * 8 bytes copied from the 1st 8 bytes. Effectively
- * making it a 24 byte DES2 key. We need this for
- * wrapping private keys on DRM.
- */
- /*generate it on whichever token the master key is at*/
- if (useSoftToken_s.equals("true")) {
- CMS.debug("TokenServlet: key encryption key generated on internal");
-//cfu audit here? sym key gen
- desKey = SessionKey.GenerateSymkey("internal");
-//cfu audit here? sym key gen done
+ CMS.debug("computeSessionKey:kek key len ="
+ + kek_key.getLength());
+
+ // (1) generate DES key
+ /*
+ * applet does not support DES3
+ * org.mozilla.jss.crypto.KeyGenerator kg =
+ * internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
+ * desKey = kg.generate();
+ */
+
+ /*
+ * XXX GenerateSymkey firt generates a 16 byte DES2 key.
+ * It then pads it into a 24 byte key with last 8 bytes
+ * copied from the 1st 8 bytes. Effectively making it a
+ * 24 byte DES2 key. We need this for wrapping private
+ * keys on DRM.
+ */
+ /* generate it on whichever token the master key is at */
+ if (useSoftToken_s.equals("true")) {
+ CMS.debug("TokenServlet: key encryption key generated on internal");
+ // cfu audit here? sym key gen
+ desKey = SessionKey.GenerateSymkey("internal");
+ // cfu audit here? sym key gen done
+ } else {
+ CMS.debug("TokenServlet: key encryption key generated on "
+ + selectedToken);
+ desKey = SessionKey.GenerateSymkey(selectedToken);
+ }
+ if (desKey != null)
+ CMS.debug("TokenServlet: key encryption key generated for "
+ + rCUID);
+ else {
+ CMS.debug("TokenServlet: key encryption key generation failed for "
+ + rCUID);
+ throw new Exception(
+ "can't generate key encryption key");
+ }
+
+ /*
+ * XXX ECBencrypt actually takes the 24 byte DES2 key
+ * and discard the last 8 bytes before it encrypts. This
+ * is done so that the applet can digest it
+ */
+ byte[] encDesKey = SessionKey.ECBencrypt(kek_key,
+ desKey);
+ /*
+ * CMS.debug("computeSessionKey:encrypted desKey size = "
+ * +encDesKey.length); CMS.debug(encDesKey);
+ */
+
+ kek_wrapped_desKeyString = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(encDesKey);
+
+ // get keycheck
+ byte[] keycheck = SessionKey.ComputeKeyCheck(desKey);
+ /*
+ * CMS.debug("computeSessionKey:keycheck size = "+keycheck
+ * .length); CMS.debug(keycheck);
+ */
+ keycheck_s = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(keycheck);
+
+ // XXX use DRM transport cert to wrap desKey
+ String drmTransNickname = CMS.getConfigStore()
+ .getString("tks.drm_transport_cert_nickname",
+ "");
+
+ if ((drmTransNickname == null)
+ || (drmTransNickname == "")) {
+ CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
+ throw new Exception(
+ "can't find DRM transport certificate nickname");
} else {
- CMS.debug("TokenServlet: key encryption key generated on " + selectedToken);
- desKey = SessionKey.GenerateSymkey(selectedToken);
+ CMS.debug("TokenServlet:drmtransport_cert_nickname="
+ + drmTransNickname);
}
- if (desKey != null)
- CMS.debug("TokenServlet: key encryption key generated for "+rCUID);
- else {
- CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID);
- throw new Exception ("can't generate key encryption key");
- }
-
- /*
- * XXX ECBencrypt actually takes the 24 byte DES2 key
- * and discard the last 8 bytes before it encrypts.
- * This is done so that the applet can digest it
- */
- byte[] encDesKey =
- SessionKey.ECBencrypt( kek_key,
- desKey);
- /*
- CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length);
- CMS.debug(encDesKey);
- */
-
- kek_wrapped_desKeyString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey);
-
- // get keycheck
- byte[] keycheck =
- SessionKey.ComputeKeyCheck(desKey);
- /*
- CMS.debug("computeSessionKey:keycheck size = "+keycheck.length);
- CMS.debug(keycheck);
- */
- keycheck_s =
- com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck);
-
- //XXX use DRM transport cert to wrap desKey
- String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", "");
-
- if ((drmTransNickname == null) || (drmTransNickname == "")) {
- CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
- throw new Exception("can't find DRM transport certificate nickname");
- } else {
- CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname);
- }
X509Certificate drmTransCert = null;
- drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname);
+ drmTransCert = CryptoManager.getInstance()
+ .findCertByNickname(drmTransNickname);
// wrap kek session key with DRM transport public key
- CryptoToken token = null;
- if (useSoftToken_s.equals("true")) {
- //token = CryptoManager.getInstance().getTokenByName(selectedToken);
- token = CryptoManager.getInstance().getInternalCryptoToken();
+ CryptoToken token = null;
+ if (useSoftToken_s.equals("true")) {
+ // token =
+ // CryptoManager.getInstance().getTokenByName(selectedToken);
+ token = CryptoManager.getInstance()
+ .getInternalCryptoToken();
} else {
- token = CryptoManager.getInstance().getTokenByName(selectedToken);
+ token = CryptoManager.getInstance().getTokenByName(
+ selectedToken);
}
PublicKey pubKey = drmTransCert.getPublicKey();
String pubKeyAlgo = pubKey.getAlgorithm();
CMS.debug("Transport Cert Key Algorithm: " + pubKeyAlgo);
KeyWrapper keyWrapper = null;
- //For wrapping symmetric keys don't need IV, use ECB
+ // For wrapping symmetric keys don't need IV, use ECB
if (pubKeyAlgo.equals("EC")) {
- keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB);
+ keyWrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.AES_ECB);
keyWrapper.initWrap(pubKey, null);
} else {
- keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
+ keyWrapper = token
+ .getKeyWrapper(KeyWrapAlgorithm.RSA);
keyWrapper.initWrap(pubKey, null);
}
- CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() );
+ CMS.debug("desKey token "
+ + desKey.getOwningToken().getName()
+ + " token: " + token.getName());
drm_trans_wrapped_desKey = keyWrapper.wrap(desKey);
- CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
+ CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
} // if (serversideKeygen == true)
- byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
+ byte authKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".auth_key"));
host_cryptogram = SessionKey.ComputeCryptogram(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet);
+ selectedToken, keyNickName, card_challenge,
+ host_challenge, keyInfo, CUID, 0, authKeyArray,
+ useSoftToken_s, keySet);
- if(host_cryptogram == null)
- {
+ if (host_cryptogram == null) {
CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
- throw new Exception("Can't compute host cryptogram!");
+ throw new Exception("Can't compute host cryptogram!");
}
- card_crypto = SessionKey.ComputeCryptogram(
- selectedToken,keyNickName,card_challenge,
- host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet);
+ card_crypto = SessionKey.ComputeCryptogram(selectedToken,
+ keyNickName, card_challenge, host_challenge,
+ keyInfo, CUID, 1, authKeyArray, useSoftToken_s,
+ keySet);
- if(card_crypto == null)
- {
+ if (card_crypto == null) {
CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
- throw new Exception("Can't compute card cryptogram!");
+ throw new Exception("Can't compute card cryptogram!");
}
@@ -596,10 +593,10 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: ComputeCryptogram(): missing card cryptogram");
throw new Exception("Missing card cryptogram");
}
- input_card_crypto =
- com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
+ input_card_crypto = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(rcard_cryptogram);
if (card_crypto.length == input_card_crypto.length) {
- for (int i=0; i<card_crypto.length; i++) {
+ for (int i = 0; i < card_crypto.length; i++) {
if (card_crypto[i] != input_card_crypto[i]) {
sameCardCrypto = false;
break;
@@ -611,17 +608,20 @@ public class TokenServlet extends CMSServlet {
}
}
- CMS.getLogger().log(ILogger.EV_AUDIT,
+ CMS.getLogger().log(
+ ILogger.EV_AUDIT,
ILogger.S_TKS,
- ILogger.LL_INFO,"processComputeSessionKey for CUID=" +
- trim(pp.toHexString(CUID)));
- } catch (Exception e) {
+ ILogger.LL_INFO,
+ "processComputeSessionKey for CUID="
+ + trim(pp.toHexString(CUID)));
+ } catch (Exception e) {
CMS.debug(e);
- CMS.debug("TokenServlet Computing Session Key: " + e.toString());
+ CMS.debug("TokenServlet Computing Session Key: "
+ + e.toString());
if (isCryptoValidate)
sameCardCrypto = false;
}
- }
+ }
} // ! missingParam
String value = "";
@@ -634,34 +634,33 @@ public class TokenServlet extends CMSServlet {
String cryptogram = "";
String status = "0";
if (session_key != null && session_key.length > 0) {
- outputString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(session_key);
- } else {
-
+ outputString = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(session_key);
+ } else {
+
status = "1";
}
if (enc_session_key != null && enc_session_key.length > 0) {
- encSessionKeyString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key);
- } else {
+ encSessionKeyString = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(enc_session_key);
+ } else {
status = "1";
}
-
if (serversideKeygen == true) {
- if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0)
- drm_trans_wrapped_desKeyString =
- com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey);
- else {
- status = "1";
+ if (drm_trans_wrapped_desKey != null
+ && drm_trans_wrapped_desKey.length > 0)
+ drm_trans_wrapped_desKeyString = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(drm_trans_wrapped_desKey);
+ else {
+ status = "1";
}
- }
+ }
-
if (host_cryptogram != null && host_cryptogram.length > 0) {
- cryptogram =
- com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram);
+ cryptogram = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(host_cryptogram);
} else {
status = "2";
}
@@ -677,32 +676,30 @@ public class TokenServlet extends CMSServlet {
if (missingParam) {
status = "3";
}
-
- if (!status.equals("0")) {
-
-
- if(status.equals("1")) {
- errorMsg = "Problem generating session key info.";
- }
-
- if(status.equals("2")) {
- errorMsg = "Problem creating host_cryptogram.";
- }
-
- if(status.equals("4")) {
- errorMsg = "Problem obtaining token information.";
- }
-
- if(status.equals("3")) {
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
- }
- errorMsg = "Missing input parameters :" + badParams;
- }
-
- value = "status="+status;
- }
- else {
+
+ if (!status.equals("0")) {
+
+ if (status.equals("1")) {
+ errorMsg = "Problem generating session key info.";
+ }
+
+ if (status.equals("2")) {
+ errorMsg = "Problem creating host_cryptogram.";
+ }
+
+ if (status.equals("4")) {
+ errorMsg = "Problem obtaining token information.";
+ }
+
+ if (status.equals("3")) {
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
+ }
+ errorMsg = "Missing input parameters :" + badParams;
+ }
+
+ value = "status=" + status;
+ } else {
if (serversideKeygen == true) {
StringBuffer sb = new StringBuffer();
sb.append("status=0&");
@@ -711,10 +708,10 @@ public class TokenServlet extends CMSServlet {
sb.append("&hostCryptogram=");
sb.append(cryptogram);
sb.append("&encSessionKey=");
- sb.append(encSessionKeyString);
+ sb.append(encSessionKeyString);
sb.append("&kek_wrapped_desKey=");
sb.append(kek_wrapped_desKeyString);
- sb.append("&keycheck=");
+ sb.append("&keycheck=");
sb.append(keycheck_s);
sb.append("&drm_trans_wrapped_desKey=");
sb.append(drm_trans_wrapped_desKeyString);
@@ -724,19 +721,19 @@ public class TokenServlet extends CMSServlet {
sb.append("status=0&");
sb.append("sessionKey=");
sb.append(outputString);
- sb.append("&hostCryptogram=");
- sb.append(cryptogram);
+ sb.append("&hostCryptogram=");
+ sb.append(cryptogram);
sb.append("&encSessionKey=");
sb.append(encSessionKeyString);
value = sb.toString();
}
}
- CMS.debug("TokenServlet:outputString.encode " +value);
+ CMS.debug("TokenServlet:outputString.encode " + value);
- try{
+ try {
resp.setContentLength(value.length());
- CMS.debug("TokenServlet:outputString.length " +value.length());
+ CMS.debug("TokenServlet:outputString.length " + value.length());
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -744,78 +741,65 @@ public class TokenServlet extends CMSServlet {
} catch (IOException e) {
CMS.debug("TokenServlet: " + e.toString());
}
-
- if(status.equals("0")) {
-
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,
- rCUID,
- ILogger.SUCCESS,
- status,
- agentId,
- isCryptoValidate? "true":"false",
- serversideKeygen? "true":"false",
- selectedToken,
- keyNickName);
+
+ if (status.equals("0")) {
+
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,
+ rCUID, ILogger.SUCCESS, status, agentId,
+ isCryptoValidate ? "true" : "false",
+ serversideKeygen ? "true" : "false", selectedToken,
+ keyNickName);
} else {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,
- rCUID,
- ILogger.FAILURE,
- status,
- agentId,
- isCryptoValidate? "true":"false",
- serversideKeygen? "true":"false",
- selectedToken,
- keyNickName,
- errorMsg);
- }
-
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,
+ rCUID, ILogger.FAILURE, status, agentId,
+ isCryptoValidate ? "true" : "false",
+ serversideKeygen ? "true" : "false", selectedToken,
+ keyNickName, errorMsg);
+ }
+
audit(auditMessage);
}
private void processDiversifyKey(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
- byte[] KeySetData,KeysValues,CUID,xCUID;
- byte[] xkeyInfo,xnewkeyInfo;
+ HttpServletResponse resp) throws EBaseException {
+ byte[] KeySetData, KeysValues, CUID, xCUID;
+ byte[] xkeyInfo, xnewkeyInfo;
boolean missingParam = false;
String errorMsg = "";
String badParams = "";
IConfigStore sconfig = CMS.getConfigStore();
- String rnewKeyInfo = req.getParameter("newKeyInfo");
+ String rnewKeyInfo = req.getParameter("newKeyInfo");
String newMasterKeyName = req.getParameter("newKeyInfo");
String oldMasterKeyName = req.getParameter("KeyInfo");
- String rCUID =req.getParameter("CUID");
- String auditMessage="";
+ String rCUID = req.getParameter("CUID");
+ String auditMessage = "";
String keySet = req.getParameter("keySet");
if (keySet == null || keySet.equals("")) {
- keySet = "defKeySet";
+ keySet = "defKeySet";
}
CMS.debug("keySet selected: " + keySet);
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
- agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ agentId = (String) sContext.get(SessionContext.USER_ID);
}
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST,
- rCUID,
- ILogger.SUCCESS,
- agentId,
- oldMasterKeyName,
- newMasterKeyName);
+ LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST, rCUID,
+ ILogger.SUCCESS, agentId, oldMasterKeyName, newMasterKeyName);
audit(auditMessage);
-
if ((rCUID == null) || (rCUID.equals(""))) {
badParams += " CUID,";
CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID");
@@ -826,130 +810,144 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo");
missingParam = true;
}
- if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){
+ if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) {
badParams += " KeyInfo,";
CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo");
missingParam = true;
}
if (!missingParam) {
- xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName);
- if (xkeyInfo == null || xkeyInfo.length != 2) {
- badParams += " KeyInfo length,";
- CMS.debug("TokenServlet: Invalid key info length");
- missingParam = true;
- }
- xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName);
- if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
- badParams += " NewKeyInfo length,";
- CMS.debug("TokenServlet: Invalid new key info length");
- missingParam = true;
- }
- }
- String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
- if (!useSoftToken_s.equalsIgnoreCase("true"))
- useSoftToken_s = "false";
+ xkeyInfo = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(oldMasterKeyName);
+ if (xkeyInfo == null || xkeyInfo.length != 2) {
+ badParams += " KeyInfo length,";
+ CMS.debug("TokenServlet: Invalid key info length");
+ missingParam = true;
+ }
+ xnewkeyInfo = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(newMasterKeyName);
+ if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
+ badParams += " NewKeyInfo length,";
+ CMS.debug("TokenServlet: Invalid new key info length");
+ missingParam = true;
+ }
+ }
+ String useSoftToken_s = CMS.getConfigStore().getString(
+ "tks.useSoftToken", "true");
+ if (!useSoftToken_s.equalsIgnoreCase("true"))
+ useSoftToken_s = "false";
KeySetData = null;
String outputString = null;
if (!missingParam) {
- xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
- if (xCUID == null || xCUID.length != 10) {
- badParams += " CUID length,";
- CMS.debug("TokenServlet: Invalid CUID length");
- missingParam = true;
- }
- }
+ xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+ if (xCUID == null || xCUID.length != 10) {
+ badParams += " CUID length,";
+ CMS.debug("TokenServlet: Invalid CUID length");
+ missingParam = true;
+ }
+ }
if (!missingParam) {
- CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
- if (mKeyNickName!=null)
- oldMasterKeyName = mKeyNickName;
- if (mNewKeyNickName!=null)
- newMasterKeyName = mNewKeyNickName;
-
- String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx
- String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null);
- String oldSelectedToken = null;
- String oldKeyNickName = null;
- if (oldMappingValue == null) {
- oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
- oldKeyNickName = req.getParameter("KeyInfo");
- } else {
- StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
- oldSelectedToken = st.nextToken();
- oldKeyNickName = st.nextToken();
- }
-
- String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx
- String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
- String newSelectedToken = null;
- String newKeyNickName = null;
- if (newMappingValue == null) {
- newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
- newKeyNickName = rnewKeyInfo;
- } else {
- StringTokenizer st = new StringTokenizer(newMappingValue, ":");
- newSelectedToken = st.nextToken();
- newKeyNickName = st.nextToken();
- }
-
- CMS.debug("process DiversifyKey for oldSelectedToke="+
- oldSelectedToken + " newSelectedToken=" + newSelectedToken +
- " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" +
- newKeyNickName);
-
- byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
- KeySetData = SessionKey.DiversifyKey(oldSelectedToken,
- newSelectedToken, oldKeyNickName,
- newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-
- if (KeySetData == null || KeySetData.length<=1) {
- CMS.getLogger().log(ILogger.EV_AUDIT,
- ILogger.S_TKS,
- ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot");
- }
-
- CMS.getLogger().log(ILogger.EV_AUDIT,
- ILogger.S_TKS,
- ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID))
- + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName
- +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName);
-
- resp.setContentType("text/html");
-
- if (KeySetData != null) {
- outputString = new String(KeySetData);
- }
+ CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+ if (mKeyNickName != null)
+ oldMasterKeyName = mKeyNickName;
+ if (mNewKeyNickName != null)
+ newMasterKeyName = mNewKeyNickName;
+
+ String oldKeyInfoMap = "tks." + keySet + ".mk_mappings."
+ + req.getParameter("KeyInfo"); // #xx#xx
+ String oldMappingValue = CMS.getConfigStore().getString(
+ oldKeyInfoMap, null);
+ String oldSelectedToken = null;
+ String oldKeyNickName = null;
+ if (oldMappingValue == null) {
+ oldSelectedToken = CMS.getConfigStore().getString(
+ "tks.defaultSlot", "internal");
+ oldKeyNickName = req.getParameter("KeyInfo");
+ } else {
+ StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
+ oldSelectedToken = st.nextToken();
+ oldKeyNickName = st.nextToken();
+ }
+
+ String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; // #xx#xx
+ String newMappingValue = CMS.getConfigStore().getString(
+ newKeyInfoMap, null);
+ String newSelectedToken = null;
+ String newKeyNickName = null;
+ if (newMappingValue == null) {
+ newSelectedToken = CMS.getConfigStore().getString(
+ "tks.defaultSlot", "internal");
+ newKeyNickName = rnewKeyInfo;
+ } else {
+ StringTokenizer st = new StringTokenizer(newMappingValue, ":");
+ newSelectedToken = st.nextToken();
+ newKeyNickName = st.nextToken();
+ }
+
+ CMS.debug("process DiversifyKey for oldSelectedToke="
+ + oldSelectedToken + " newSelectedToken="
+ + newSelectedToken + " oldKeyNickName=" + oldKeyNickName
+ + " newKeyNickName=" + newKeyNickName);
+
+ byte kekKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".kek_key"));
+ KeySetData = SessionKey.DiversifyKey(oldSelectedToken,
+ newSelectedToken, oldKeyNickName, newKeyNickName,
+ rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+ if (KeySetData == null || KeySetData.length <= 1) {
+ CMS.getLogger().log(ILogger.EV_AUDIT, ILogger.S_TKS,
+ ILogger.LL_INFO,
+ "process DiversifyKey: Missing MasterKey in Slot");
+ }
+
+ CMS.getLogger().log(
+ ILogger.EV_AUDIT,
+ ILogger.S_TKS,
+ ILogger.LL_INFO,
+ "process DiversifyKey for CUID ="
+ + trim(pp.toHexString(CUID))
+ + ";from oldMasterKeyName=" + oldSelectedToken
+ + ":" + oldKeyNickName + ";to newMasterKeyName="
+ + newSelectedToken + ":" + newKeyNickName);
+
+ resp.setContentType("text/html");
+
+ if (KeySetData != null) {
+ outputString = new String(KeySetData);
+ }
} // ! missingParam
- //CMS.debug("TokenServlet:processDiversifyKey " +outputString);
- //String value="keySetData=%00" if the KeySetData=byte[0]=0;
+ // CMS.debug("TokenServlet:processDiversifyKey " +outputString);
+ // String value="keySetData=%00" if the KeySetData=byte[0]=0;
String value = "";
String status = "0";
if (KeySetData != null && KeySetData.length > 1) {
- value = "status=0&"+"keySetData=" +
- com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
- CMS.debug("TokenServlet:process DiversifyKey.encode " +value);
+ value = "status=0&" + "keySetData="
+ + com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
+ CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
} else if (missingParam) {
status = "3";
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
}
errorMsg = "Missing input parameters: " + badParams;
value = "status=" + status;
- } else {
+ } else {
errorMsg = "Problem diversifying key data.";
status = "1";
value = "status=" + status;
}
resp.setContentLength(value.length());
- CMS.debug("TokenServlet:outputString.length " +value.length());
+ CMS.debug("TokenServlet:outputString.length " + value.length());
- try{
+ try {
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -958,35 +956,28 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet:process DiversifyKey: " + e.toString());
}
- if(status.equals("0")) {
+ if (status.equals("0")) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,
- rCUID,
- ILogger.SUCCESS,
- status,
- agentId,
- oldMasterKeyName,
- newMasterKeyName);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,
+ rCUID, ILogger.SUCCESS, status, agentId,
+ oldMasterKeyName, newMasterKeyName);
} else {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,
- rCUID,
- ILogger.FAILURE,
- status,
- agentId,
- oldMasterKeyName,
- newMasterKeyName,
- errorMsg);
- }
-
- audit(auditMessage);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,
+ rCUID, ILogger.FAILURE, status, agentId,
+ oldMasterKeyName, newMasterKeyName, errorMsg);
+ }
+
+ audit(auditMessage);
}
private void processEncryptData(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
+ HttpServletResponse resp) throws EBaseException {
byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo;
boolean missingParam = false;
byte[] data = null;
@@ -1006,15 +997,15 @@ public class TokenServlet extends CMSServlet {
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
- agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ agentId = (String) sContext.get(SessionContext.USER_ID);
}
CMS.debug("keySet selected: " + keySet);
- String s_isRandom = sconfig.getString("tks.EncryptData.isRandom", "true");
+ String s_isRandom = sconfig.getString("tks.EncryptData.isRandom",
+ "true");
if (s_isRandom.equalsIgnoreCase("false")) {
CMS.debug("TokenServlet: processEncryptData(): Random number not to be generated");
isRandom = false;
@@ -1024,30 +1015,27 @@ public class TokenServlet extends CMSServlet {
}
String auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST,
- rCUID,
- ILogger.SUCCESS,
- agentId,
- s_isRandom);
+ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST, rCUID,
+ ILogger.SUCCESS, agentId, s_isRandom);
audit(auditMessage);
if (isRandom) {
if ((rdata == null) || (rdata.equals(""))) {
- CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data");
+ CMS.debug("TokenServlet: processEncryptData(): no data in request. Generating random number as data");
} else {
- CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
+ CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
}
try {
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
- data = new byte[16];
- random.nextBytes(data);
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ data = new byte[16];
+ random.nextBytes(data);
} catch (Exception e) {
- CMS.debug("TokenServlet: processEncryptData():"+ e.toString());
- badParams += " Random Number,";
- missingParam = true;
+ CMS.debug("TokenServlet: processEncryptData():" + e.toString());
+ badParams += " Random Number,";
+ missingParam = true;
}
- } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){
+ } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) {
CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data.");
badParams += " data,";
missingParam = true;
@@ -1058,75 +1046,84 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID");
missingParam = true;
}
-
+
if ((rKeyInfo == null) || (rKeyInfo.equals(""))) {
badParams += " KeyInfo,";
CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info");
missingParam = true;
}
-
if (!missingParam) {
- xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
- if (xCUID == null || xCUID.length != 10) {
- badParams += " CUID length,";
- CMS.debug("TokenServlet: Invalid CUID length");
- missingParam = true;
- }
- xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
- if (xkeyInfo == null || xkeyInfo.length != 2) {
- badParams += " KeyInfo length,";
- CMS.debug("TokenServlet: Invalid key info length");
- missingParam = true;
- }
+ xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+ if (xCUID == null || xCUID.length != 10) {
+ badParams += " CUID length,";
+ CMS.debug("TokenServlet: Invalid CUID length");
+ missingParam = true;
+ }
+ xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+ if (xkeyInfo == null || xkeyInfo.length != 2) {
+ badParams += " KeyInfo length,";
+ CMS.debug("TokenServlet: Invalid key info length");
+ missingParam = true;
+ }
}
- String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true");
- if (!useSoftToken_s.equalsIgnoreCase("true"))
- useSoftToken_s = "false";
+ String useSoftToken_s = CMS.getConfigStore().getString(
+ "tks.useSoftToken", "true");
+ if (!useSoftToken_s.equalsIgnoreCase("true"))
+ useSoftToken_s = "false";
String selectedToken = null;
String keyNickName = null;
if (!missingParam) {
- if (!isRandom)
- data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
- keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
- CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
- String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
- String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
- if (mappingValue == null) {
- selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
- keyNickName = rKeyInfo;
- } else {
- StringTokenizer st = new StringTokenizer(mappingValue, ":");
- selectedToken = st.nextToken();
- keyNickName = st.nextToken();
- }
-
- byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
- encryptedData = SessionKey.EncryptData(
- selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-
- CMS.getLogger().log(ILogger.EV_AUDIT,
- ILogger.S_TKS,
- ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID)));
+ if (!isRandom)
+ data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
+ keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+ CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+ String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
+ String mappingValue = CMS.getConfigStore().getString(keyInfoMap,
+ null);
+ if (mappingValue == null) {
+ selectedToken = CMS.getConfigStore().getString(
+ "tks.defaultSlot", "internal");
+ keyNickName = rKeyInfo;
+ } else {
+ StringTokenizer st = new StringTokenizer(mappingValue, ":");
+ selectedToken = st.nextToken();
+ keyNickName = st.nextToken();
+ }
+
+ byte kekKeyArray[] = com.netscape.cmsutil.util.Utils
+ .SpecialDecode(sconfig.getString("tks." + keySet
+ + ".kek_key"));
+ encryptedData = SessionKey.EncryptData(selectedToken, keyNickName,
+ data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+ CMS.getLogger().log(
+ ILogger.EV_AUDIT,
+ ILogger.S_TKS,
+ ILogger.LL_INFO,
+ "process EncryptData for CUID ="
+ + trim(pp.toHexString(CUID)));
} // !missingParam
resp.setContentType("text/html");
-
+
String value = "";
- String status = "0";
- if (encryptedData != null && encryptedData.length > 0) {
- String outputString = new String(encryptedData);
+ String status = "0";
+ if (encryptedData != null && encryptedData.length > 0) {
+ String outputString = new String(encryptedData);
// sending both the pre-encrypted and encrypted data back
- value = "status=0&"+"data="+
- com.netscape.cmsutil.util.Utils.SpecialEncode(data)+
- "&encryptedData=" +
- com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData);
+ value = "status=0&"
+ + "data="
+ + com.netscape.cmsutil.util.Utils.SpecialEncode(data)
+ + "&encryptedData="
+ + com.netscape.cmsutil.util.Utils
+ .SpecialEncode(encryptedData);
} else if (missingParam) {
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
}
errorMsg = "Missing input parameters: " + badParams;
status = "3";
@@ -1137,12 +1134,12 @@ public class TokenServlet extends CMSServlet {
value = "status=" + status;
}
- CMS.debug("TokenServlet:process EncryptData.encode " +value);
+ CMS.debug("TokenServlet:process EncryptData.encode " + value);
try {
resp.setContentLength(value.length());
- CMS.debug("TokenServlet:outputString.lenght " +value.length());
-
+ CMS.debug("TokenServlet:outputString.lenght " + value.length());
+
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -1151,54 +1148,39 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet: " + e.toString());
}
- if(status.equals("0")) {
+ if (status.equals("0")) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,
- rCUID,
- ILogger.SUCCESS,
- status,
- agentId,
- s_isRandom,
- selectedToken,
- keyNickName);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,
+ rCUID, ILogger.SUCCESS, status, agentId,
+ s_isRandom, selectedToken, keyNickName);
} else {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,
- rCUID,
- ILogger.FAILURE,
- status,
- agentId,
- s_isRandom,
- selectedToken,
- keyNickName,
- errorMsg);
- }
-
- audit(auditMessage);
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,
+ rCUID, ILogger.FAILURE, status, agentId,
+ s_isRandom, selectedToken, keyNickName, errorMsg);
+ }
+
+ audit(auditMessage);
}
- /*
- * For EncryptData:
- * data=value1
- * CUID=value2 // missing from RA
- * versionID=value3 // missing from RA
- *
- * For ComputeSession:
- * card_challenge=value1
- * host_challenge=value2
-
- * For DiversifyKey:
- * new_master_key_index
- * master_key_index
+ /*
+ * For EncryptData: data=value1 CUID=value2 // missing from RA
+ * versionID=value3 // missing from RA
+ *
+ * For ComputeSession: card_challenge=value1 host_challenge=value2
+ *
+ * For DiversifyKey: new_master_key_index master_key_index
*/
private void processComputeRandomData(HttpServletRequest req,
- HttpServletResponse resp) throws EBaseException {
-
- byte[] randomData = null;
+ HttpServletResponse resp) throws EBaseException {
+
+ byte[] randomData = null;
String status = "0";
String errorMsg = "";
String badParams = "";
@@ -1209,26 +1191,22 @@ public class TokenServlet extends CMSServlet {
SessionContext sContext = SessionContext.getContext();
- String agentId="";
+ String agentId = "";
if (sContext != null) {
- agentId =
- (String) sContext.get(SessionContext.USER_ID);
+ agentId = (String) sContext.get(SessionContext.USER_ID);
}
String sDataSize = req.getParameter("dataNumBytes");
- if(sDataSize == null || sDataSize.equals("")) {
+ if (sDataSize == null || sDataSize.equals("")) {
CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes");
badParams += " Random Data size, ";
missingParam = true;
status = "1";
} else {
- try
- {
- dataSize = Integer.parseInt(sDataSize.trim());
- }
- catch (NumberFormatException nfe)
- {
+ try {
+ dataSize = Integer.parseInt(sDataSize.trim());
+ } catch (NumberFormatException nfe) {
CMS.debug("TokenServlet::processComputeRandomData invalid data size input!");
badParams += " Random Data size, ";
missingParam = true;
@@ -1237,42 +1215,43 @@ public class TokenServlet extends CMSServlet {
}
- CMS.debug("TokenServlet::processComputeRandomData data size requested: " + dataSize);
+ CMS.debug("TokenServlet::processComputeRandomData data size requested: "
+ + dataSize);
String auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST,
- ILogger.SUCCESS,
- agentId);
+ LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST,
+ ILogger.SUCCESS, agentId);
audit(auditMessage);
- if(!missingParam) {
+ if (!missingParam) {
try {
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
- randomData = new byte[dataSize];
- random.nextBytes(randomData);
- } catch (Exception e) {
- CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString());
- errorMsg = "Can't generate random data!";
- status = "2";
+ SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+ randomData = new byte[dataSize];
+ random.nextBytes(randomData);
+ } catch (Exception e) {
+ CMS.debug("TokenServlet::processComputeRandomData:"
+ + e.toString());
+ errorMsg = "Can't generate random data!";
+ status = "2";
}
}
String randomDataOut = "";
- if(status.equals("0")) {
+ if (status.equals("0")) {
if (randomData != null && randomData.length == dataSize) {
- randomDataOut =
- com.netscape.cmsutil.util.Utils.SpecialEncode(randomData);
+ randomDataOut = com.netscape.cmsutil.util.Utils
+ .SpecialEncode(randomData);
} else {
status = "2";
errorMsg = "Can't convert random data!";
}
}
- if(status.equals("1") && missingParam) {
+ if (status.equals("1") && missingParam) {
- if(badParams.endsWith(",")) {
- badParams = badParams.substring(0,badParams.length() -1);
+ if (badParams.endsWith(",")) {
+ badParams = badParams.substring(0, badParams.length() - 1);
}
errorMsg = "Missing input parameters :" + badParams;
}
@@ -1280,15 +1259,16 @@ public class TokenServlet extends CMSServlet {
resp.setContentType("text/html");
String value = "";
- value = "status="+status;
- if(status.equals("0")) {
- value = value + "&DATA="+randomDataOut;
+ value = "status=" + status;
+ if (status.equals("0")) {
+ value = value + "&DATA=" + randomDataOut;
}
-
+
try {
resp.setContentLength(value.length());
- CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length());
-
+ CMS.debug("TokenServler::processComputeRandomData :outputString.length "
+ + value.length());
+
OutputStream ooss = resp.getOutputStream();
ooss.write(value.getBytes());
ooss.flush();
@@ -1297,22 +1277,19 @@ public class TokenServlet extends CMSServlet {
CMS.debug("TokenServlet::processComputeRandomData " + e.toString());
}
- if(status.equals("0")) {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,
- ILogger.SUCCESS,
- status,
- agentId);
- } else {
- auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,
- ILogger.FAILURE,
- status,
- agentId,
- errorMsg);
- }
-
- audit(auditMessage);
+ if (status.equals("0")) {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,
+ ILogger.SUCCESS, status, agentId);
+ } else {
+ auditMessage = CMS
+ .getLogMessage(
+ LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,
+ ILogger.FAILURE, status, agentId, errorMsg);
+ }
+
+ audit(auditMessage);
}
public void process(CMSRequest cmsReq) throws EBaseException {
@@ -1323,14 +1300,14 @@ public class TokenServlet extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "execute");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "execute");
} catch (Exception e) {
}
if (authzToken == null) {
- try{
+ try {
resp.setContentType("text/html");
String value = "unauthorized=";
CMS.debug("TokenServlet: Unauthorized");
@@ -1340,37 +1317,36 @@ public class TokenServlet extends CMSServlet {
ooss.write(value.getBytes());
ooss.flush();
mRenderResult = false;
- }catch (Exception e) {
+ } catch (Exception e) {
CMS.debug("TokenServlet: " + e.toString());
}
- // cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+ // cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
return;
}
String temp = req.getParameter("card_challenge");
mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
setDefaultSlotAndKeyName(req);
- if(temp!=null)
- {
- processComputeSessionKey(req,resp);
- }else if(req.getParameter("data")!=null){
- processEncryptData(req,resp);
- }else if(req.getParameter("newKeyInfo")!=null){
- processDiversifyKey(req,resp);
- }else if(req.getParameter("dataNumBytes") !=null){
- processComputeRandomData(req,resp);
+ if (temp != null) {
+ processComputeSessionKey(req, resp);
+ } else if (req.getParameter("data") != null) {
+ processEncryptData(req, resp);
+ } else if (req.getParameter("newKeyInfo") != null) {
+ processDiversifyKey(req, resp);
+ } else if (req.getParameter("dataNumBytes") != null) {
+ processComputeRandomData(req, resp);
}
}
/**
* Serves HTTP admin request.
- *
+ *
* @param req HTTP request
* @param resp HTTP response
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
String scope = req.getParameter(Constants.OP_SCOPE);
String op = req.getParameter(Constants.OP_TYPE);
@@ -1379,7 +1355,7 @@ public class TokenServlet extends CMSServlet {
/**
* Parses uid0=pwd0,uid1=pwd1,... into AgentCredential.
- *
+ *
* @param s credential string
* @return a list of credentials
*/
@@ -1391,8 +1367,7 @@ public class TokenServlet extends CMSServlet {
String a = st.nextToken();
StringTokenizer st0 = new StringTokenizer(a, "=");
- v.addElement(new Credential(st0.nextToken(),
- st0.nextToken()));
+ v.addElement(new Credential(st0.nextToken(), st0.nextToken()));
}
Credential ac[] = new Credential[v.size()];
diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
index 9d67065d..543ef1a3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
@@ -33,18 +33,19 @@ public interface IWizardPanel {
/**
* Initializes this panel.
*/
- public void init(ServletConfig config, int panelno)
- throws ServletException;
+ public void init(ServletConfig config, int panelno) throws ServletException;
- public void init(WizardServlet servlet, ServletConfig config,
- int panelno, String id) throws ServletException;
+ public void init(WizardServlet servlet, ServletConfig config, int panelno,
+ String id) throws ServletException;
public String getName();
public int getPanelNo();
public void setId(String id);
+
public String getId();
+
public PropertySet getUsage();
/**
@@ -83,25 +84,23 @@ public interface IWizardPanel {
* Display the panel.
*/
public void display(HttpServletRequest request,
- HttpServletResponse response,
- Context context );
+ HttpServletResponse response, Context context);
+
/**
* Checks if the given parameters are valid.
*/
public void validate(HttpServletRequest request,
- HttpServletResponse response,
- Context context ) throws IOException;
+ HttpServletResponse response, Context context) throws IOException;
/**
* Commit parameter changes
*/
public void update(HttpServletRequest request,
- HttpServletResponse response,
- Context context ) throws IOException;
+ HttpServletResponse response, Context context) throws IOException;
+
/**
* If validiate() returns false, this method will be called.
*/
public void displayError(HttpServletRequest request,
- HttpServletResponse response,
- Context context);
+ HttpServletResponse response, Context context);
}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
index 691d3e98..3e42d5ba 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
@@ -37,13 +37,10 @@ import com.netscape.cms.servlet.csadmin.Cert;
import com.netscape.cmsutil.crypto.Module;
/**
- * wizard?p=[panel number]&op=usage <= usage in xml
- * wizard?p=[panel number]&op=display
- * wizard?p=[panel number]&op=next&...[additional parameters]...
- * wizard?p=[panel number]&op=apply
- * wizard?p=[panel number]&op=back
- * wizard?op=menu
- * return menu options
+ * wizard?p=[panel number]&op=usage <= usage in xml wizard?p=[panel
+ * number]&op=display wizard?p=[panel number]&op=next&...[additional
+ * parameters]... wizard?p=[panel number]&op=apply wizard?p=[panel
+ * number]&op=back wizard?op=menu return menu options
*/
public class WizardServlet extends VelocityServlet {
@@ -54,8 +51,7 @@ public class WizardServlet extends VelocityServlet {
private String name = null;
private Vector mPanels = new Vector();
- public void init(ServletConfig config) throws ServletException
- {
+ public void init(ServletConfig config) throws ServletException {
super.init(config);
/* load sequence map */
@@ -64,33 +60,32 @@ public class WizardServlet extends VelocityServlet {
StringTokenizer st = new StringTokenizer(panels, ",");
int pno = 0;
while (st.hasMoreTokens()) {
- String p = st.nextToken();
- StringTokenizer st1 = new StringTokenizer(p, "=");
- String id = st1.nextToken();
- String pvalue = st1.nextToken();
- try {
- IWizardPanel panel = (IWizardPanel)Class.forName(pvalue).newInstance();
- panel.init(this, config, pno, id);
- CMS.debug("WizardServlet: panel name=" + panel.getName());
- mPanels.addElement(panel);
- } catch (Exception e) {
- CMS.debug("WizardServlet: " + e.toString());
- }
- pno++;
+ String p = st.nextToken();
+ StringTokenizer st1 = new StringTokenizer(p, "=");
+ String id = st1.nextToken();
+ String pvalue = st1.nextToken();
+ try {
+ IWizardPanel panel = (IWizardPanel) Class.forName(pvalue)
+ .newInstance();
+ panel.init(this, config, pno, id);
+ CMS.debug("WizardServlet: panel name=" + panel.getName());
+ mPanels.addElement(panel);
+ } catch (Exception e) {
+ CMS.debug("WizardServlet: " + e.toString());
+ }
+ pno++;
}
CMS.debug("WizardServlet: done");
-
+
}
public void exposePanels(HttpServletRequest request,
- HttpServletResponse response,
- Context context )
- {
+ HttpServletResponse response, Context context) {
Enumeration e = mPanels.elements();
Vector panels = new Vector();
while (e.hasMoreElements()) {
- IWizardPanel p = (IWizardPanel)e.nextElement();
- panels.addElement(p);
+ IWizardPanel p = (IWizardPanel) e.nextElement();
+ panels.addElement(p);
}
context.put("panels", panels);
}
@@ -98,84 +93,80 @@ public class WizardServlet extends VelocityServlet {
/**
* Cleans up panels from a particular panel.
*/
- public void cleanUpFromPanel(int pno) throws IOException
- {
- /* panel number starts from zero */
- int s = mPanels.size();
- for (int i = pno; i < s; i++) {
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i);
- panel.cleanUp();
- }
+ public void cleanUpFromPanel(int pno) throws IOException {
+ /* panel number starts from zero */
+ int s = mPanels.size();
+ for (int i = pno; i < s; i++) {
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i);
+ panel.cleanUp();
+ }
}
- public IWizardPanel getPanelByNo(int p)
- {
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+ public IWizardPanel getPanelByNo(int p) {
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
if (panel.shouldSkip()) {
- panel = getPanelByNo(p+1);
+ panel = getPanelByNo(p + 1);
}
return panel;
}
public Template displayPanel(HttpServletRequest request,
- HttpServletResponse response,
- Context context )
- {
+ HttpServletResponse response, Context context) {
CMS.debug("WizardServlet: in display");
int p = getPanelNo(request);
if (p == 0) {
- CMS.debug("WizardServlet: firstpanel");
- context.put("firstpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: firstpanel");
+ context.put("firstpanel", Boolean.TRUE);
}
if (p == (mPanels.size() - 1)) {
- CMS.debug("WizardServlet: lastpanel");
- context.put("lastpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: lastpanel");
+ context.put("lastpanel", Boolean.TRUE);
}
IWizardPanel panel = getPanelByNo(p);
CMS.debug("WizardServlet: panel=" + panel);
if (panel.showApplyButton() == true)
- context.put("showApplyButton", Boolean.TRUE);
+ context.put("showApplyButton", Boolean.TRUE);
else
- context.put("showApplyButton", Boolean.FALSE);
+ context.put("showApplyButton", Boolean.FALSE);
panel.display(request, response, context);
context.put("p", Integer.toString(panel.getPanelNo()));
try {
return Velocity.getTemplate("admin/console/config/wizard.vm");
- } catch (Exception e) {
+ } catch (Exception e) {
}
return null;
}
- public String xml_value_flatten(Object v)
- {
+ public String xml_value_flatten(Object v) {
String ret = "";
if (v instanceof String) {
ret += v;
} else if (v instanceof Integer) {
- ret += ((Integer)v).toString();
+ ret += ((Integer) v).toString();
} else if (v instanceof Vector) {
ret += "<Vector>";
- Vector v1 = (Vector)v;
+ Vector v1 = (Vector) v;
Enumeration e = v1.elements();
StringBuffer sb = new StringBuffer();
while (e.hasMoreElements()) {
- sb.append(xml_value_flatten(e.nextElement()));
+ sb.append(xml_value_flatten(e.nextElement()));
}
ret += sb.toString();
ret += "</Vector>";
} else if (v instanceof Module) { // for hardware token
- Module m = (Module)v;
+ Module m = (Module) v;
ret += "<Module>";
ret += "<CommonName>" + m.getCommonName() + "</CommonName>";
- ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>";
+ ret += "<UserFriendlyName>" + m.getUserFriendlyName()
+ + "</UserFriendlyName>";
ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>";
ret += "</Module>";
} else if (v instanceof Cert) {
- Cert m = (Cert)v;
+ Cert m = (Cert) v;
ret += "<CertReqPair>";
ret += "<Nickname>" + m.getNickname() + "</Nickname>";
ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>";
@@ -187,7 +178,7 @@ public class WizardServlet extends VelocityServlet {
ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>";
ret += "</CertReqPair>";
} else if (v instanceof IWizardPanel) {
- IWizardPanel m = (IWizardPanel)v;
+ IWizardPanel m = (IWizardPanel) v;
ret += "<Panel>";
ret += "<Id>" + m.getId() + "</Id>";
ret += "<Name>" + m.getName() + "</Name>";
@@ -198,89 +189,84 @@ public class WizardServlet extends VelocityServlet {
return ret;
}
- public String xml_flatten(Context context)
- {
+ public String xml_flatten(Context context) {
StringBuffer ret = new StringBuffer();
- Object o[] = context.getKeys();
- for (int i = 0; i < o.length; i ++) {
- if (o[i] instanceof String) {
- String key = (String)o[i];
- if (key.startsWith("__")) {
- continue;
- }
- ret.append("<");
- ret.append(key);
- ret.append(">");
- if (key.equals("bindpwd")) {
- ret.append("(sensitive)");
- } else {
- Object v = context.get(key);
- ret.append(xml_value_flatten(v));
+ Object o[] = context.getKeys();
+ for (int i = 0; i < o.length; i++) {
+ if (o[i] instanceof String) {
+ String key = (String) o[i];
+ if (key.startsWith("__")) {
+ continue;
+ }
+ ret.append("<");
+ ret.append(key);
+ ret.append(">");
+ if (key.equals("bindpwd")) {
+ ret.append("(sensitive)");
+ } else {
+ Object v = context.get(key);
+ ret.append(xml_value_flatten(v));
+ }
+ ret.append("</");
+ ret.append(key);
+ ret.append(">");
}
- ret.append("</");
- ret.append(key);
- ret.append(">");
- }
}
return ret.toString();
}
- public int getPanelNo(HttpServletRequest request)
- {
+ public int getPanelNo(HttpServletRequest request) {
int p = 0;
-
- // panel number can be identified by either
- // panel no (p parameter) directly, or
- // panel name (panelname parameter).
+
+ // panel number can be identified by either
+ // panel no (p parameter) directly, or
+ // panel name (panelname parameter).
if (request.getParameter("panelname") != null) {
- String name = request.getParameter("panelname");
- for (int i = 0; i < mPanels.size(); i++) {
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i);
- if (panel.getId().equals(name)) {
- return i;
+ String name = request.getParameter("panelname");
+ for (int i = 0; i < mPanels.size(); i++) {
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i);
+ if (panel.getId().equals(name)) {
+ return i;
+ }
}
- }
} else if (request.getParameter("p") != null) {
- p = Integer.parseInt(request.getParameter("p"));
+ p = Integer.parseInt(request.getParameter("p"));
}
return p;
}
- public String getNameFromPanelNo(int p)
- {
- IWizardPanel wp = (IWizardPanel)mPanels.elementAt(p);
- return wp.getId();
+ public String getNameFromPanelNo(int p) {
+ IWizardPanel wp = (IWizardPanel) mPanels.elementAt(p);
+ return wp.getId();
}
- public IWizardPanel getPreviousPanel(int p)
- {
+ public IWizardPanel getPreviousPanel(int p) {
CMS.debug("getPreviousPanel input p=" + p);
- IWizardPanel backpanel = (IWizardPanel)mPanels.elementAt(p-1);
+ IWizardPanel backpanel = (IWizardPanel) mPanels.elementAt(p - 1);
if (backpanel.isSubPanel()) {
- backpanel = (IWizardPanel)mPanels.elementAt(p-1-1);
+ backpanel = (IWizardPanel) mPanels.elementAt(p - 1 - 1);
}
while (backpanel.shouldSkip()) {
- backpanel = (IWizardPanel)
- mPanels.elementAt(backpanel.getPanelNo() - 1);
+ backpanel = (IWizardPanel) mPanels
+ .elementAt(backpanel.getPanelNo() - 1);
}
CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo());
return backpanel;
}
- public IWizardPanel getNextPanel(int p)
- {
+ public IWizardPanel getNextPanel(int p) {
CMS.debug("getNextPanel input p=" + p);
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
if (p == (mPanels.size() - 1)) {
p = p;
- } else if(panel.isSubPanel()) {
- if (panel.isLoopbackPanel()) {
- p = p-1; // Login Panel is a loop back panel
- } else {
- p = p+1;
- }
- } else if (panel.hasSubPanel()) {
- p = p + 2;
+ } else if (panel.isSubPanel()) {
+ if (panel.isLoopbackPanel()) {
+ p = p - 1; // Login Panel is a loop back panel
+ } else {
+ p = p + 1;
+ }
+ } else if (panel.hasSubPanel()) {
+ p = p + 2;
} else {
p = p + 1;
}
@@ -290,191 +276,175 @@ public class WizardServlet extends VelocityServlet {
}
public Template goApply(HttpServletRequest request,
- HttpServletResponse response,
- Context context)
- {
+ HttpServletResponse response, Context context) {
return goNextApply(request, response, context, true);
}
public Template goNext(HttpServletRequest request,
- HttpServletResponse response,
- Context context )
- {
+ HttpServletResponse response, Context context) {
return goNextApply(request, response, context, false);
}
/*
- * The parameter "stay" is used to indicate "apply" without
- * moving to the next panel
+ * The parameter "stay" is used to indicate "apply" without moving to the
+ * next panel
*/
public Template goNextApply(HttpServletRequest request,
- HttpServletResponse response,
- Context context, boolean stay )
- {
+ HttpServletResponse response, Context context, boolean stay) {
int p = getPanelNo(request);
if (stay == true)
CMS.debug("WizardServlet: in reply " + p);
else
CMS.debug("WizardServlet: in next " + p);
- IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+ IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
try {
- panel.validate(request, response, context);
- try {
- panel.update(request, response, context);
- if (stay == true) { // "apply"
-
- if (panel.showApplyButton() == true)
- context.put("showApplyButton", Boolean.TRUE);
- else
- context.put("showApplyButton", Boolean.FALSE);
- panel.display(request, response, context);
- } else { // "next"
- IWizardPanel nextpanel = getNextPanel(p);
-
- if (nextpanel.showApplyButton() == true)
- context.put("showApplyButton", Boolean.TRUE);
- else
- context.put("showApplyButton", Boolean.FALSE);
- nextpanel.display(request, response, context);
- panel = nextpanel;
+ panel.validate(request, response, context);
+ try {
+ panel.update(request, response, context);
+ if (stay == true) { // "apply"
+
+ if (panel.showApplyButton() == true)
+ context.put("showApplyButton", Boolean.TRUE);
+ else
+ context.put("showApplyButton", Boolean.FALSE);
+ panel.display(request, response, context);
+ } else { // "next"
+ IWizardPanel nextpanel = getNextPanel(p);
+
+ if (nextpanel.showApplyButton() == true)
+ context.put("showApplyButton", Boolean.TRUE);
+ else
+ context.put("showApplyButton", Boolean.FALSE);
+ nextpanel.display(request, response, context);
+ panel = nextpanel;
+ }
+ context.put("errorString", "");
+ } catch (Exception e) {
+ context.put("errorString", e.getMessage());
+ panel.displayError(request, response, context);
}
- context.put("errorString", "");
- } catch (Exception e) {
- context.put("errorString", e.getMessage());
- panel.displayError(request, response, context);
- }
} catch (IOException eee) {
- context.put("errorString", eee.getMessage());
- panel.displayError(request, response, context);
+ context.put("errorString", eee.getMessage());
+ panel.displayError(request, response, context);
}
p = panel.getPanelNo();
CMS.debug("panel no=" + p);
CMS.debug("panel name=" + getNameFromPanelNo(p));
- CMS.debug("total number of panels="+mPanels.size());
+ CMS.debug("total number of panels=" + mPanels.size());
context.put("p", Integer.toString(p));
context.put("panelname", getNameFromPanelNo(p));
if (p == 0) {
- CMS.debug("WizardServlet: firstpanel");
- context.put("firstpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: firstpanel");
+ context.put("firstpanel", Boolean.TRUE);
}
if (p == (mPanels.size() - 1)) {
- CMS.debug("WizardServlet: lastpanel");
- context.put("lastpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: lastpanel");
+ context.put("lastpanel", Boolean.TRUE);
}
// this is where we handle the xml request
String xml = request.getParameter("xml");
if (xml != null && xml.equals("true")) {
- CMS.debug("WizardServlet: found xml");
-
- response.setContentType("application/xml");
- String xmlstr = xml_flatten(context);
- context.put("xml", xmlstr);
- try {
- return Velocity.getTemplate("admin/console/config/xml.vm");
- } catch (Exception e) {
- CMS.debug("Failing to get template" + e );
- }
+ CMS.debug("WizardServlet: found xml");
+
+ response.setContentType("application/xml");
+ String xmlstr = xml_flatten(context);
+ context.put("xml", xmlstr);
+ try {
+ return Velocity.getTemplate("admin/console/config/xml.vm");
+ } catch (Exception e) {
+ CMS.debug("Failing to get template" + e);
+ }
} else {
- try {
- return Velocity.getTemplate("admin/console/config/wizard.vm");
- } catch (Exception e) {
- CMS.debug("Failing to get template" + e );
- }
+ try {
+ return Velocity.getTemplate("admin/console/config/wizard.vm");
+ } catch (Exception e) {
+ CMS.debug("Failing to get template" + e);
+ }
}
return null;
}
public Template goBack(HttpServletRequest request,
- HttpServletResponse response,
- Context context )
- {
+ HttpServletResponse response, Context context) {
int p = getPanelNo(request);
CMS.debug("WizardServlet: in back " + p);
IWizardPanel backpanel = getPreviousPanel(p);
if (backpanel.showApplyButton() == true)
- context.put("showApplyButton", Boolean.TRUE);
+ context.put("showApplyButton", Boolean.TRUE);
else
- context.put("showApplyButton", Boolean.FALSE);
+ context.put("showApplyButton", Boolean.FALSE);
backpanel.display(request, response, context);
- context.put("p", Integer.toString(backpanel.getPanelNo()));
+ context.put("p", Integer.toString(backpanel.getPanelNo()));
context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo()));
p = backpanel.getPanelNo();
if (p == 0) {
- CMS.debug("WizardServlet: firstpanel");
- context.put("firstpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: firstpanel");
+ context.put("firstpanel", Boolean.TRUE);
}
if (p == (mPanels.size() - 1)) {
- CMS.debug("WizardServlet: lastpanel");
- context.put("lastpanel", Boolean.TRUE);
+ CMS.debug("WizardServlet: lastpanel");
+ context.put("lastpanel", Boolean.TRUE);
}
try {
return Velocity.getTemplate("admin/console/config/wizard.vm");
- } catch (Exception e) {
+ } catch (Exception e) {
}
return null;
}
public boolean authenticate(HttpServletRequest request,
- HttpServletResponse response,
- Context context ) {
- String pin = (String)request.getSession().getAttribute("pin");
- if (pin == null) {
- try {
- response.sendRedirect("login");
- } catch (IOException e) {
+ HttpServletResponse response, Context context) {
+ String pin = (String) request.getSession().getAttribute("pin");
+ if (pin == null) {
+ try {
+ response.sendRedirect("login");
+ } catch (IOException e) {
+ }
+ return false;
}
- return false;
- }
- return true;
+ return true;
}
- public void outputHttpParameters(HttpServletRequest httpReq)
- {
+ public void outputHttpParameters(HttpServletRequest httpReq) {
CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI());
Enumeration paramNames = httpReq.getParameterNames();
while (paramNames.hasMoreElements()) {
- String pn = (String)paramNames.nextElement();
+ String pn = (String) paramNames.nextElement();
// added this facility so that password can be hidden,
- // all sensitive parameters should be prefixed with
+ // all sensitive parameters should be prefixed with
// __ (double underscores); however, in the event that
// a security parameter slips through, we perform multiple
// additional checks to insure that it is NOT displayed
- if( pn.startsWith("__") ||
- pn.endsWith("password") ||
- pn.endsWith("passwd") ||
- pn.endsWith("pwd") ||
- pn.equalsIgnoreCase("admin_password_again") ||
- pn.equalsIgnoreCase("directoryManagerPwd") ||
- pn.equalsIgnoreCase("bindpassword") ||
- pn.equalsIgnoreCase("bindpwd") ||
- pn.equalsIgnoreCase("passwd") ||
- pn.equalsIgnoreCase("password") ||
- pn.equalsIgnoreCase("pin") ||
- pn.equalsIgnoreCase("pwd") ||
- pn.equalsIgnoreCase("pwdagain") ||
- pn.equalsIgnoreCase("uPasswd") ) {
- CMS.debug("WizardServlet::service() param name='" + pn +
- "' value='(sensitive)'" );
+ if (pn.startsWith("__") || pn.endsWith("password")
+ || pn.endsWith("passwd") || pn.endsWith("pwd")
+ || pn.equalsIgnoreCase("admin_password_again")
+ || pn.equalsIgnoreCase("directoryManagerPwd")
+ || pn.equalsIgnoreCase("bindpassword")
+ || pn.equalsIgnoreCase("bindpwd")
+ || pn.equalsIgnoreCase("passwd")
+ || pn.equalsIgnoreCase("password")
+ || pn.equalsIgnoreCase("pin") || pn.equalsIgnoreCase("pwd")
+ || pn.equalsIgnoreCase("pwdagain")
+ || pn.equalsIgnoreCase("uPasswd")) {
+ CMS.debug("WizardServlet::service() param name='" + pn
+ + "' value='(sensitive)'");
} else {
- CMS.debug("WizardServlet::service() param name='" + pn +
- "' value='" + httpReq.getParameter(pn) + "'" );
+ CMS.debug("WizardServlet::service() param name='" + pn
+ + "' value='" + httpReq.getParameter(pn) + "'");
}
}
}
-
public Template handleRequest(HttpServletRequest request,
- HttpServletResponse response,
- Context context )
- {
+ HttpServletResponse response, Context context) {
CMS.debug("WizardServlet: process");
- if (CMS.debugOn()) {
- outputHttpParameters(request);
+ if (CMS.debugOn()) {
+ outputHttpParameters(request);
}
if (!authenticate(request, response, context)) {
@@ -484,7 +454,7 @@ public class WizardServlet extends VelocityServlet {
String op = request.getParameter("op"); /* operation */
if (op == null) {
- op = "display";
+ op = "display";
}
CMS.debug("WizardServlet: op=" + op);
CMS.debug("WizardServlet: size=" + mPanels.size());
diff --git a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java
index 0c4dade8..0377c2b3 100644
--- a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java
+++ b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java
@@ -23,9 +23,9 @@ import java.lang.reflect.Method;
import com.netscape.certsrv.kra.IJoinShares;
/**
- * Use Java's reflection API to leverage CMS's
- * old Share and JoinShares implementations.
- *
+ * Use Java's reflection API to leverage CMS's old Share and JoinShares
+ * implementations.
+ *
* @deprecated
* @version $Revision$ $Date$
*/
@@ -33,59 +33,54 @@ public class OldJoinShares implements IJoinShares {
public Object mOldImpl = null;
- public OldJoinShares()
- {
+ public OldJoinShares() {
}
- public void initialize(int threshold) throws Exception
- {
- Class c = Class.forName("com.netscape.cmscore.shares.JoinShares");
- Class types[] = { int.class };
- Constructor con = c.getConstructor(types);
- Object params[] = {Integer.valueOf(threshold)};
- mOldImpl = con.newInstance(params);
+ public void initialize(int threshold) throws Exception {
+ Class c = Class.forName("com.netscape.cmscore.shares.JoinShares");
+ Class types[] = { int.class };
+ Constructor con = c.getConstructor(types);
+ Object params[] = { Integer.valueOf(threshold) };
+ mOldImpl = con.newInstance(params);
}
- public void addShare(int shareNum, byte[] share)
- {
- try {
- Class types[] = { int.class, share.getClass() };
- Class c = mOldImpl.getClass();
- Method method = c.getMethod("addShare", types);
- Object params[] = {Integer.valueOf(shareNum), share};
- method.invoke(mOldImpl, params);
- } catch (Exception e) {
- }
+ public void addShare(int shareNum, byte[] share) {
+ try {
+ Class types[] = { int.class, share.getClass() };
+ Class c = mOldImpl.getClass();
+ Method method = c.getMethod("addShare", types);
+ Object params[] = { Integer.valueOf(shareNum), share };
+ method.invoke(mOldImpl, params);
+ } catch (Exception e) {
+ }
}
- public int getShareCount()
- {
- if (mOldImpl == null)
- return -1;
- try {
- Class types[] = null;
- Class c = mOldImpl.getClass();
- Method method = c.getMethod("getShareCount", types);
- Object params[] = null;
- Integer result = (Integer)method.invoke(mOldImpl, params);
- return result.intValue();
- } catch (Exception e) {
- return -1;
- }
+ public int getShareCount() {
+ if (mOldImpl == null)
+ return -1;
+ try {
+ Class types[] = null;
+ Class c = mOldImpl.getClass();
+ Method method = c.getMethod("getShareCount", types);
+ Object params[] = null;
+ Integer result = (Integer) method.invoke(mOldImpl, params);
+ return result.intValue();
+ } catch (Exception e) {
+ return -1;
+ }
}
- public byte[] recoverSecret()
- {
- if (mOldImpl == null)
- return null;
- try {
- Class types[] = null;
- Class c = mOldImpl.getClass();
- Method method = c.getMethod("recoverSecret", types);
- Object params[] = null;
- return (byte[])method.invoke(mOldImpl, params);
- } catch (Exception e) {
- return null;
- }
+ public byte[] recoverSecret() {
+ if (mOldImpl == null)
+ return null;
+ try {
+ Class types[] = null;
+ Class c = mOldImpl.getClass();
+ Method method = c.getMethod("recoverSecret", types);
+ Object params[] = null;
+ return (byte[]) method.invoke(mOldImpl, params);
+ } catch (Exception e) {
+ return null;
+ }
}
}
diff --git a/pki/base/common/src/com/netscape/cms/shares/OldShare.java b/pki/base/common/src/com/netscape/cms/shares/OldShare.java
index 4e92f76a..cfd5c709 100644
--- a/pki/base/common/src/com/netscape/cms/shares/OldShare.java
+++ b/pki/base/common/src/com/netscape/cms/shares/OldShare.java
@@ -23,45 +23,41 @@ import java.lang.reflect.Method;
import com.netscape.certsrv.kra.IShare;
/**
- * Use Java's reflection API to leverage CMS's
- * old Share and JoinShares implementations.
- *
+ * Use Java's reflection API to leverage CMS's old Share and JoinShares
+ * implementations.
+ *
* @deprecated
* @version $Revision$ $Date$
*/
-public class OldShare implements IShare
-{
+public class OldShare implements IShare {
public Object mOldImpl = null;
- public OldShare()
- {
+ public OldShare() {
}
- public void initialize(byte[] secret, int threshold) throws Exception
- {
- try {
- Class c = Class.forName("com.netscape.cmscore.shares.Share");
- Class types[] = { secret.getClass(), int.class };
- Constructor cs[] = c.getConstructors();
- Constructor con = c.getConstructor(types);
- Object params[] = {secret, Integer.valueOf(threshold)};
- mOldImpl = con.newInstance(params);
- } catch (Exception e) {
- }
+ public void initialize(byte[] secret, int threshold) throws Exception {
+ try {
+ Class c = Class.forName("com.netscape.cmscore.shares.Share");
+ Class types[] = { secret.getClass(), int.class };
+ Constructor cs[] = c.getConstructors();
+ Constructor con = c.getConstructor(types);
+ Object params[] = { secret, Integer.valueOf(threshold) };
+ mOldImpl = con.newInstance(params);
+ } catch (Exception e) {
+ }
}
- public byte[] createShare(int sharenumber)
- {
- if (mOldImpl == null)
- return null;
- try {
- Class types[] = { int.class };
- Class c = mOldImpl.getClass();
- Method method = c.getMethod("createShare", types);
- Object params[] = {Integer.valueOf(sharenumber)};
- return (byte[])method.invoke(mOldImpl, params);
- } catch (Exception e) {
- return null;
- }
+ public byte[] createShare(int sharenumber) {
+ if (mOldImpl == null)
+ return null;
+ try {
+ Class types[] = { int.class };
+ Class c = mOldImpl.getClass();
+ Method method = c.getMethod("createShare", types);
+ Object params[] = { Integer.valueOf(sharenumber) };
+ return (byte[]) method.invoke(mOldImpl, params);
+ } catch (Exception e) {
+ return null;
+ }
}
}
generated by cgit (git 2.34.1) at 2024-06-08 07:31:49 +0000