diff options
author | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-08 21:15:59 -0500 |
commit | 171aaece4f23709d33d180cf36eb3af5e454b0c9 (patch) | |
tree | 1485f9f0a7bd10de4ff25030db575dbb8dafae74 /pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java | |
parent | adad2fcee8a29fdb82376fbce07dedb11fccc182 (diff) | |
download | pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.gz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.tar.xz pki-171aaece4f23709d33d180cf36eb3af5e454b0c9.zip |
Revert "Formatting"
This reverts commit 32150d3ee32f8ac27118af7c792794b538c78a2f.
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java | 198 |
1 files changed, 95 insertions, 103 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java index d4bc5e46..bf698dda 100644 --- a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java +++ b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.authentication; + import java.math.BigInteger; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -49,12 +50,14 @@ import com.netscape.cmscore.dbs.CertRecord; import com.netscape.cmscore.dbs.CertificateRepository; import com.netscape.cmscore.util.Debug; + /** - * Challenge phrase based authentication. Maps a certificate to the request in - * the internal database and further compares the challenge phrase with that - * from the EE input. + * Challenge phrase based authentication. + * Maps a certificate to the request in the + * internal database and further compares the challenge phrase with + * that from the EE input. * <P> - * + * * @author cfu chrisho * @version $Revision$, $Date$ */ @@ -66,7 +69,7 @@ public class ChallengePhraseAuthentication implements IAuthManager { /* required credentials */ public static final String CRED_CERT_SERIAL = IAuthManager.CRED_CERT_SERIAL_TO_REVOKE; public static final String CRED_CHALLENGE = "challengePhrase"; - protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE }; + protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE}; /* config parameters to pass to console (none) */ protected static String[] mConfigParams = null; @@ -83,7 +86,7 @@ public class ChallengePhraseAuthentication implements IAuthManager { private Vector mID = null; private MessageDigest mSHADigest = null; - // request attributes hacks + // request attributes hacks public static final String CHALLENGE_PHRASE = CRED_CHALLENGE; public static final String SUBJECTNAME = "subjectName"; public static final String SERIALNUMBER = "serialNumber"; @@ -95,15 +98,14 @@ public class ChallengePhraseAuthentication implements IAuthManager { /** * initializes the ChallengePhraseAuthentication auth manager * <p> - * called by AuthSubsystem init() method, when initializing all available - * authentication managers. - * + * called by AuthSubsystem init() method, when initializing + * all available authentication managers. * @param name The name of this authentication manager instance. * @param implName The name of the authentication manager plugin. * @param config The configuration store for this authentication manager. */ public void init(String name, String implName, IConfigStore config) - throws EBaseException { + throws EBaseException { mName = name; mImplName = implName; mConfig = config; @@ -111,13 +113,12 @@ public class ChallengePhraseAuthentication implements IAuthManager { try { mSHADigest = MessageDigest.getInstance("SHA1"); } catch (NoSuchAlgorithmException e) { - throw new EAuthException(CMS.getUserMessage( - "CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage())); + throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.getMessage())); } log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name)); } - + /** * Gets the name of this authentication manager. */ @@ -131,26 +132,26 @@ public class ChallengePhraseAuthentication implements IAuthManager { public String getImplName() { return mImplName; } - + /** * authenticates revocation of a certification by a challenge phrase * <p> - * called by other subsystems or their servlets to authenticate a revocation - * request - * - * @param authCred - authentication credential that contains a Certificate - * to revoke + * called by other subsystems or their servlets to authenticate + * a revocation request + * @param authCred - authentication credential that contains + * a Certificate to revoke * @return the authentication token that contains the request id - * + * * @exception EMissingCredential If a required credential for this - * authentication manager is missing. + * authentication manager is missing. * @exception EInvalidCredentials If credentials cannot be authenticated. * @exception EBaseException If an internal error occurred. * @see com.netscape.certsrv.authentication.AuthToken */ public IAuthToken authenticate(IAuthCredentials authCred) - throws EMissingCredential, EInvalidCredentials, EBaseException { - mCA = (ICertificateAuthority) SubsystemRegistry.getInstance().get("ca"); + throws EMissingCredential, EInvalidCredentials, EBaseException { + mCA = (ICertificateAuthority) + SubsystemRegistry.getInstance().get("ca"); if (mCA != null) { mCertDB = (CertificateRepository) mCA.getCertificateRepository(); @@ -159,10 +160,13 @@ public class ChallengePhraseAuthentication implements IAuthManager { AuthToken authToken = new AuthToken(this); /* - * X509Certificate[] x509Certs = (X509Certificate[]) - * authCred.get(CRED_CERT); if (x509Certs == null) { - * log(ILogger.LL_FAILURE, " missing cert credential."); throw new - * EMissingCredential(CRED_CERT_SERIAL); } + X509Certificate[] x509Certs = + (X509Certificate[]) authCred.get(CRED_CERT); + if (x509Certs == null) { + log(ILogger.LL_FAILURE, + " missing cert credential."); + throw new EMissingCredential(CRED_CERT_SERIAL); + } */ String serialNumString = (String) authCred.get(CRED_CERT_SERIAL); @@ -170,45 +174,42 @@ public class ChallengePhraseAuthentication implements IAuthManager { BigInteger serialNum = null; if (serialNumString == null || serialNumString.equals("")) - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT_SERIAL)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT_SERIAL)); else { - // serialNumString = getDecimalStr(serialNumString); + //serialNumString = getDecimalStr(serialNumString); try { serialNumString = serialNumString.trim(); - if (serialNumString.startsWith("0x") - || serialNumString.startsWith("0X")) { - serialNum = new BigInteger(serialNumString.substring(2), 16); + if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) { + serialNum = new + BigInteger(serialNumString.substring(2), 16); } else { - serialNum = new BigInteger(serialNumString); + serialNum = new + BigInteger(serialNumString); } - + } catch (NumberFormatException e) { - throw new EAuthUserError(CMS.getUserMessage( - "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", - "Invalid serial number.")); + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number.")); } } String challenge = (String) authCred.get(CRED_CHALLENGE); if (challenge == null) { - throw new EMissingCredential(CMS.getUserMessage( - "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CHALLENGE)); + throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CHALLENGE)); } if (challenge.equals("")) { // empty challenge not allowed - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_REVO_ATTEMPT", - serialNum.toString())); - throw new EInvalidCredentials( - CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_REVO_ATTEMPT", serialNum.toString())); + throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL")); } - /* - * maybe later if (mCertDB.isCertificateRevoked(cert) != null) { - * log(ILogger.LL_FAILURE, "Certificate has already been revoked."); // - * throw something else...cfu throw new EInvalidCredentials(); } + /* maybe later + if (mCertDB.isCertificateRevoked(cert) != null) { + log(ILogger.LL_FAILURE, + "Certificate has already been revoked."); + // throw something else...cfu + throw new EInvalidCredentials(); + } */ X509CertImpl[] certsToRevoke = null; @@ -216,9 +217,9 @@ public class ChallengePhraseAuthentication implements IAuthManager { // check challenge phrase against request /* - * map cert to a request: a cert serial number maps to a cert record in - * the internal db, from the cert record, where we'll find the challenge - * phrase + * map cert to a request: a cert serial number maps to a + * cert record in the internal db, from the cert record, + * where we'll find the challenge phrase */ if (mCertDB != null) { /* is CA */ CertRecord record = null; @@ -234,16 +235,13 @@ public class ChallengePhraseAuthentication implements IAuthManager { String status = record.getStatus(); if (!status.equals("REVOKED")) { - boolean samepwd = compareChallengePassword(record, - challenge); + boolean samepwd = compareChallengePassword(record, challenge); if (samepwd) { bigIntArray = new BigInteger[1]; bigIntArray[0] = record.getSerialNumber(); - } else - throw new EAuthUserError(CMS.getUserMessage( - "CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", - "Invalid password.")); + } else + throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid password.")); } else { bigIntArray = new BigInteger[0]; @@ -262,8 +260,8 @@ public class ChallengePhraseAuthentication implements IAuthManager { if (queue != null) { IRequest checkChallengeReq = null; - checkChallengeReq = queue - .newRequest(IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST); + checkChallengeReq = + queue.newRequest(IRequest.REVOCATION_CHECK_CHALLENGE_REQUEST); checkChallengeReq.setExtData(CHALLENGE_PHRASE, challenge); // pass just serial number instead of whole cert if (serialNum != null) @@ -273,23 +271,19 @@ public class ChallengePhraseAuthentication implements IAuthManager { RequestStatus status = checkChallengeReq.getRequestStatus(); if (status == RequestStatus.COMPLETE) { - bigIntArray = checkChallengeReq - .getExtDataInBigIntegerArray("serialNoArray"); + bigIntArray = checkChallengeReq.getExtDataInBigIntegerArray("serialNoArray"); } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST")); } } else { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE")); - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_REVOCATION_CHALLENGE_QUEUE_FAILED")); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_REVOCATION_CHALLENGE_QUEUE_FAILED")); } } // else, ra if (bigIntArray != null && bigIntArray.length > 0) { if (Debug.ON) { Debug.trace("challenge authentication serialno array not null"); - for (int i = 0; i < bigIntArray.length; i++) + for (int i = 0; i < bigIntArray.length; i++) Debug.trace("challenge auth serialno " + bigIntArray[i]); } } @@ -307,17 +301,16 @@ public class ChallengePhraseAuthentication implements IAuthManager { if (str.startsWith("0x") || str.startsWith("0X")) { newStr = "" + Integer.parseInt(str.trim().substring(2), 16); } - + return newStr; } - private boolean compareChallengePassword(CertRecord record, String pwd) - throws EBaseException { + private boolean compareChallengePassword(CertRecord record, String pwd) + throws EBaseException { MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO); if (metaInfo == null) { - throw new EBaseException(CMS.getUserMessage( - "CMS_BASE_INVALID_ATTRIBUTE", "metaInfo")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", "metaInfo")); } if (pwd == null) { @@ -329,8 +322,8 @@ public class ChallengePhraseAuthentication implements IAuthManager { String hashpwd = hashPassword(pwd); // got metaInfo - String challengeString = (String) metaInfo - .get(CertRecord.META_CHALLENGE_PHRASE); + String challengeString = + (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE); if (challengeString == null) { if (Debug.ON) { @@ -343,21 +336,20 @@ public class ChallengePhraseAuthentication implements IAuthManager { return false; /* - * log(ILogger.LL_FAILURE, - * "Incorrect challenge phrase password used for revocation"); throw - * new EInvalidCredentials(); + log(ILogger.LL_FAILURE, + "Incorrect challenge phrase password used for revocation"); + throw new EInvalidCredentials(); */ - } else + } else return true; } /** - * get the list of authentication credential attribute names required by - * this authentication manager. Generally used by the servlets that handle - * agent operations to authenticate its users. It calls this method to know - * which are the required credentials from the user (e.g. Javascript form - * data) - * + * get the list of authentication credential attribute names + * required by this authentication manager. Generally used by + * the servlets that handle agent operations to authenticate its + * users. It calls this method to know which are the + * required credentials from the user (e.g. Javascript form data) * @return attribute names in Vector */ public String[] getRequiredCreds() { @@ -365,16 +357,15 @@ public class ChallengePhraseAuthentication implements IAuthManager { } /** - * get the list of configuration parameter names required by this - * authentication manager. Generally used by the Certificate Server Console - * to display the table for configuration purposes. - * ChallengePhraseAuthentication is currently not exposed in this case, so - * this method is not to be used. - * - * @return configuration parameter names in Hashtable of Vectors where each - * hashtable entry's key is the substore name, value is a Vector of - * parameter names. If no substore, the parameter name is the - * Hashtable key itself, with value same as key. + * get the list of configuration parameter names + * required by this authentication manager. Generally used by + * the Certificate Server Console to display the table for + * configuration purposes. ChallengePhraseAuthentication is currently not + * exposed in this case, so this method is not to be used. + * @return configuration parameter names in Hashtable of Vectors + * where each hashtable entry's key is the substore name, value is a + * Vector of parameter names. If no substore, the parameter name + * is the Hashtable key itself, with value same as key. */ public String[] getConfigParams() { return (mConfigParams); @@ -387,8 +378,8 @@ public class ChallengePhraseAuthentication implements IAuthManager { } /** - * gets the configuretion substore used by this authentication manager - * + * gets the configuretion substore used by this authentication + * manager * @return configuration store */ public IConfigStore getConfigStore() { @@ -398,23 +389,24 @@ public class ChallengePhraseAuthentication implements IAuthManager { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, level, - msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION, + level, msg); } private IRequestQueue getReqQueue() { IRequestQueue queue = null; try { - IRegistrationAuthority ra = (IRegistrationAuthority) SubsystemRegistry - .getInstance().get("ra"); + IRegistrationAuthority ra = (IRegistrationAuthority) + SubsystemRegistry.getInstance().get("ra"); if (ra != null) { queue = ra.getRequestQueue(); mRequestor = IRequest.REQUESTOR_RA; } } catch (Exception e) { - log(ILogger.LL_FAILURE, " cannot get access to the request queue."); + log(ILogger.LL_FAILURE, + " cannot get access to the request queue."); } return queue; |