diff options
author | Ade Lee <alee@redhat.com> | 2012-01-09 23:32:31 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-01-09 23:32:31 -0500 |
commit | 466533710c179f62865e08b3031748072a0247a3 (patch) | |
tree | 4c04c20d50239be26ba8319076de90226526a542 /pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java | |
parent | c9e3c48de53fce6908f625f40ac2b2f75d66b5a1 (diff) | |
download | pki-466533710c179f62865e08b3031748072a0247a3.tar.gz pki-466533710c179f62865e08b3031748072a0247a3.tar.xz pki-466533710c179f62865e08b3031748072a0247a3.zip |
Formatting (no wrap)
Diffstat (limited to 'pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java | 136 |
1 files changed, 65 insertions, 71 deletions
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java index 663585bf..17329ffe 100644 --- a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java +++ b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmscore.cert; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -47,23 +46,21 @@ import com.netscape.certsrv.publish.IPublisherProcessor; import com.netscape.certsrv.publish.IXcertPublisherProcessor; import com.netscape.cmscore.ldapconn.LdapBoundConnFactory; - /** - * Subsystem for handling cross certificate pairing and publishing - * Intended use: + * Subsystem for handling cross certificate pairing and publishing Intended use: * <ul> - * <li> when signing a subordinate CA cert which is intended to be - * part of the crossCertificatePair - * <li> when this ca submits a request (with existing CA signing key - * material to another ca for cross-signing - *</ul> - * In both cases, administrator needs to "import" the crossSigned - * certificates via the admin console. When importCert() is called, - * the imported cert will be stored in the internal db - * first until it's pairing cert shows up. - * If it happens that the above two cases finds its pairing - * cert already there, then a CertifiatePair is created and put - * in the internal db "crosscertificatepair;binary" attribute + * <li>when signing a subordinate CA cert which is intended to be part of the + * crossCertificatePair + * <li>when this ca submits a request (with existing CA signing key material to + * another ca for cross-signing + * </ul> + * In both cases, administrator needs to "import" the crossSigned certificates + * via the admin console. When importCert() is called, the imported cert will be + * stored in the internal db first until it's pairing cert shows up. If it + * happens that the above two cases finds its pairing cert already there, then a + * CertifiatePair is created and put in the internal db + * "crosscertificatepair;binary" attribute + * * @author cfu * @version $Revision$, $Date$ */ @@ -100,7 +97,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { try { mConfig = config; mLogger = CMS.getLogger(); @@ -112,21 +109,21 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { if (ldapConfig == null) { log(ILogger.LL_MISCONF, - CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", - PROP_LDAP)); + CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", + PROP_LDAP)); return; } mBaseDN = ldapConfig.getString(PROP_BASEDN, null); - + mLdapConnFactory = new LdapBoundConnFactory(); if (mLdapConnFactory != null) mLdapConnFactory.init(ldapConfig); else { log(ILogger.LL_MISCONF, - CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", - PROP_LDAP)); + CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR", + PROP_LDAP)); return; } } catch (EBaseException e) { @@ -137,14 +134,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } /** - * "import" the CA cert cross-signed by another CA (potentially a - * bridge CA) into internal ldap db. - * the imported cert will be stored in the internal db - * first until it's pairing cert shows up. - * If it happens that it finds its pairing - * cert already there, then a CertifiatePair is created and put + * "import" the CA cert cross-signed by another CA (potentially a bridge CA) + * into internal ldap db. the imported cert will be stored in the internal + * db first until it's pairing cert shows up. If it happens that it finds + * its pairing cert already there, then a CertifiatePair is created and put * in the internal db "crosscertificatepair;binary" attribute - * + * * @param certBytes cert in byte array to be imported */ public void importCert(byte[] certBytes) throws EBaseException { @@ -162,14 +157,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } /** - * "import" the CA cert cross-signed by another CA (potentially a - * bridge CA) into internal ldap db. - * the imported cert will be stored in the internal db - * first until it's pairing cert shows up. - * If it happens that it finds its pairing - * cert already there, then a CertifiatePair is created and put + * "import" the CA cert cross-signed by another CA (potentially a bridge CA) + * into internal ldap db. the imported cert will be stored in the internal + * db first until it's pairing cert shows up. If it happens that it finds + * its pairing cert already there, then a CertifiatePair is created and put * in the internal db "crosscertificatepair;binary" attribute - * + * * @param certBytes cert in byte array to be imported */ public synchronized void importCert(Object certObj) throws EBaseException { @@ -182,8 +175,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // 1. does cert2 share the same key pair as this CA's signing // cert // 2. does cert2's subject match this CA's subject? - // 3. other valididity checks: is this a ca cert? Is this - // cert still valid? If the issuer is not yet trusted, let it + // 3. other valididity checks: is this a ca cert? Is this + // cert still valid? If the issuer is not yet trusted, let it // be. // get certs from internal db to see if we find a pair @@ -208,7 +201,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } Enumeration en = caCerts.getByteValues(); - + if ((en == null) || (en.hasMoreElements() == false)) { debug("1st potential xcert"); addCAcert(conn, cert.getEncoded()); @@ -232,8 +225,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // caCertificate attr, and publish if so configured debug("found a pair!"); CertificatePair cp = new - // CertificatePair(inCert.getEncoded(), cert.getEncoded()); - CertificatePair(inCert, cert); + // CertificatePair(inCert.getEncoded(), + // cert.getEncoded()); + CertificatePair(inCert, cert); addXCertPair(conn, certPairs, cp); deleteCAcert(conn, inCert.getEncoded()); @@ -242,7 +236,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { break; } } - } //while + } // while if (match == false) { // don't find a pair, add it into // caCertificate attr for later pairing @@ -279,27 +273,28 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { /** * are cert1 and cert2 cross-signed certs? + * * @param cert1 the cert for comparison in our internal db * @param cert2 the cert that's being considered */ protected boolean arePair(X509Certificate cert1, X509Certificate cert2) { // 1. does cert1's issuer match cert2's subject? // 2. does cert2's issuer match cert1's subject? - if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) - && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN()))) + if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) + && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN()))) return true; else return false; } - public X509Certificate byteArray2X509Cert(byte[] certBytes) - throws CertificateException { + public X509Certificate byteArray2X509Cert(byte[] certBytes) + throws CertificateException { debug("in bytearray2X509Cert()"); ByteArrayInputStream inStream = new - ByteArrayInputStream(certBytes); + ByteArrayInputStream(certBytes); CertificateFactory cf = - CertificateFactory.getInstance("X.509"); + CertificateFactory.getInstance("X.509"); X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream); @@ -308,12 +303,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } public synchronized void addXCertPair(LDAPConnection conn, - LDAPAttribute certPairs, CertificatePair pair) - throws LDAPException, IOException { + LDAPAttribute certPairs, CertificatePair pair) + throws LDAPException, IOException { ByteArrayOutputStream bos = new ByteArrayOutputStream(); pair.encode(bos); - + if (ByteValueExists(certPairs, bos.toByteArray()) == true) { debug("cross cert pair exists in internal db, don't add again"); return; @@ -322,9 +317,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { // add certificatePair LDAPModificationSet modSet = new LDAPModificationSet(); - modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray())); - conn.modify(DN_XCERTS + "," + mBaseDN, modSet); + modSet.add(LDAPModification.ADD, + new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray())); + conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } /** @@ -366,24 +361,24 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { debug("exiting byteArraysAreEqual(): true"); return true; } - + public synchronized void addCAcert(LDAPConnection conn, byte[] certEnc) - throws LDAPException { + throws LDAPException { LDAPModificationSet modSet = new - LDAPModificationSet(); - + LDAPModificationSet(); + modSet.add(LDAPModification.ADD, - new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); + new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } public synchronized void deleteCAcert(LDAPConnection conn, byte[] certEnc) - throws LDAPException { + throws LDAPException { LDAPModificationSet modSet = new - LDAPModificationSet(); + LDAPModificationSet(); modSet.add(LDAPModification.DELETE, - new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); + new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc)); conn.modify(DN_XCERTS + "," + mBaseDN, modSet); } @@ -394,7 +389,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { LDAPConnection conn = null; if ((mPublisherProcessor == null) || - !mPublisherProcessor.enabled()) + !mPublisherProcessor.enabled()) return; try { @@ -421,7 +416,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } Enumeration en = xcerts.getByteValues(); - + if ((en == null) || (en.hasMoreElements() == false)) { debug("publishCertPair found no pairs in internal db"); return; @@ -435,7 +430,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { continue; } else { try { - //found a cross cert pair, publish if we could + // found a cross cert pair, publish if we could IXcertPublisherProcessor xp = null; xp = (IXcertPublisherProcessor) mPublisherProcessor; @@ -445,7 +440,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { } } }// while - }//if + }// if } catch (Exception e) { throw new EBaseException("CrossCertPairSubsystem: publishCertPairs() failed:" + e.toString()); } @@ -476,16 +471,15 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { try { mLdapConnFactory.reset(); } catch (ELdapException e) { - CMS.debug("CrossCertPairSubsystem shutdown exception: "+e.toString()); + CMS.debug("CrossCertPairSubsystem shutdown exception: " + e.toString()); } } mLdapConnFactory = null; } /* - * Returns the root configuration storage of this system. - * <P> - * + * Returns the root configuration storage of this system. <P> + * * @return configuration store of this subsystem */ public IConfigStore getConfigStore() { @@ -494,7 +488,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem { protected void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, - ILogger.S_XCERT, level, msg); + ILogger.S_XCERT, level, msg); } private static void debug(String msg) { |