diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/kra')
8 files changed, 180 insertions, 179 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java b/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java index 9ab4a238..869c8c60 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java @@ -17,16 +17,13 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.kra; - import com.netscape.certsrv.base.EBaseException; - /** - * A class represents a KRA exception. This is the base - * exception for all the KRA specific exceptions. It is - * associated with <CODE>KRAResources</CODE>. + * A class represents a KRA exception. This is the base exception for all the + * KRA specific exceptions. It is associated with <CODE>KRAResources</CODE>. * <P> - * + * * @version $Revision$, $Date$ */ public class EKRAException extends EBaseException { @@ -39,11 +36,12 @@ public class EKRAException extends EBaseException { * KRA resource class name. * <P> */ - private static final String KRA_RESOURCES = KRAResources.class.getName(); + private static final String KRA_RESOURCES = KRAResources.class.getName(); /** * Constructs a KRA exception. * <P> + * * @param msgFormat constant from KRAResources. */ public EKRAException(String msgFormat) { @@ -53,6 +51,7 @@ public class EKRAException extends EBaseException { /** * Constructs a KRA exception. * <P> + * * @param msgFormat constant from KRAResources. * @param param additional parameters to the message. */ @@ -63,6 +62,7 @@ public class EKRAException extends EBaseException { /** * Constructs a KRA exception. * <P> + * * @param msgFormat constant from KRAResources. * @param e embedded exception. */ @@ -73,6 +73,7 @@ public class EKRAException extends EBaseException { /** * Constructs a KRA exception. * <P> + * * @param msgFormat constant from KRAResources. * @param params additional parameters to the message. */ @@ -83,6 +84,7 @@ public class EKRAException extends EBaseException { /** * Returns the bundle file name. * <P> + * * @return name of bundle class associated with this exception. */ protected String getBundleName() { diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java b/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java index e130b95c..35366c39 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java @@ -18,16 +18,19 @@ package com.netscape.certsrv.kra; /** - * Use Java's reflection API to leverage CMS's - * old Share and JoinShares implementations. - * + * Use Java's reflection API to leverage CMS's old Share and JoinShares + * implementations. + * * @deprecated * @version $Revision$ $Date$ */ public interface IJoinShares { public void initialize(int threshold) throws Exception; + public void addShare(int shareNum, byte[] share); + public int getShareCount(); + public byte[] recoverSecret(); } diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java index 7be3f165..77fb80be 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.kra; - import java.util.Enumeration; import java.util.Hashtable; import java.util.Vector; @@ -38,13 +37,11 @@ import com.netscape.certsrv.security.Credential; import com.netscape.certsrv.security.IStorageKeyUnit; import com.netscape.certsrv.security.ITransportKeyUnit; - /** - * An interface represents key recovery authority. The - * key recovery authority is responsibile for archiving - * and recovering user encryption private keys. + * An interface represents key recovery authority. The key recovery authority is + * responsibile for archiving and recovering user encryption private keys. * <P> - * + * * @version $Revision$, $Date$ */ public interface IKeyRecoveryAuthority extends ISubsystem { @@ -71,7 +68,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem { /** * Returns the name of this subsystem. * <P> - * + * * @return KRA name */ public X500Name getX500Name(); @@ -79,30 +76,28 @@ public interface IKeyRecoveryAuthority extends ISubsystem { /** * Retrieves KRA request repository. * <P> - * + * * @return request repository */ public IRequestQueue getRequestQueue(); /** - * Retrieves the key repository. The key repository - * stores archived keys. + * Retrieves the key repository. The key repository stores archived keys. * <P> */ public IKeyRepository getKeyRepository(); /** * Retrieves the Replica ID repository. - * + * * @return KRA's Replica ID repository */ public IReplicaIDRepository getReplicaRepository(); /** - * Enables the auto recovery state. Once KRA is in the auto - * recovery state, no recovery agents need to be present for - * providing credentials. This feature is for enabling - * user-based recovery operation. + * Enables the auto recovery state. Once KRA is in the auto recovery state, + * no recovery agents need to be present for providing credentials. This + * feature is for enabling user-based recovery operation. * <p> * * @param cs list of agent credentials @@ -113,17 +108,16 @@ public interface IKeyRecoveryAuthority extends ISubsystem { /** * Returns the current auto recovery state. - * + * * @return true if auto recvoery state is on */ public boolean getAutoRecoveryState(); /** - * Adds credentials to the given authorizated recovery operation. - * In distributed recovery mode, recovery agent login to the - * agent interface and submit its credential for a particular - * recovery operation. - * + * Adds credentials to the given authorizated recovery operation. In + * distributed recovery mode, recovery agent login to the agent interface + * and submit its credential for a particular recovery operation. + * * @param id authorization identifier * @param creds list of credentials */ @@ -131,131 +125,129 @@ public interface IKeyRecoveryAuthority extends ISubsystem { /** * Removes a particular auto recovery operation. - * + * * @param id authorization identifier */ public void removeAutoRecovery(String id); /** - * Returns the number of required agents. In M-out-of-N - * recovery schema, only M agents are required even there - * are N agents. This method returns M. - * + * Returns the number of required agents. In M-out-of-N recovery schema, + * only M agents are required even there are N agents. This method returns + * M. + * * @return number of required agents */ public int getNoOfRequiredAgents() throws EBaseException; /** * Sets the number of required recovery agents - * + * * @param number number of agents */ public void setNoOfRequiredAgents(int number) throws EBaseException; /** * Returns the current recovery identifier. - * + * * @return recovery identifier */ public String getRecoveryID(); /** * Returns a list of recovery identifiers. - * + * * @return list of auto recovery identifiers */ public Enumeration<String> getAutoRecoveryIDs(); /** - * Returns the storage key unit that manages the - * stoarge key. - * + * Returns the storage key unit that manages the stoarge key. + * * @return storage key unit */ public IStorageKeyUnit getStorageKeyUnit(); /** - * Returns the transport key unit that manages the - * transport key. - * + * Returns the transport key unit that manages the transport key. + * * @return transport key unit */ public ITransportKeyUnit getTransportKeyUnit(); /** - * Returns the token that generates user key pairs for supporting server-side keygen - * + * Returns the token that generates user key pairs for supporting + * server-side keygen + * * @return keygen token */ public CryptoToken getKeygenToken(); /** * Adds entropy to the token used for supporting server-side keygen - * Parameters are set in the config file - * @param logflag create log messages at info level to report entropy shortage + * Parameters are set in the config file + * + * @param logflag create log messages at info level to report entropy + * shortage */ - public void addEntropy(boolean logflag); - + public void addEntropy(boolean logflag); /** - * Returns the request listener that listens on - * the request completion event. - * + * Returns the request listener that listens on the request completion + * event. + * * @return request listener */ public IRequestListener getRequestInQListener(); /** - * Returns policy processor of the key recovery - * authority. - * + * Returns policy processor of the key recovery authority. + * * @return policy processor */ public IPolicyProcessor getPolicyProcessor(); /** * Returns the nickname of the transport certificate. - * + * * @return transport certificate nickname. */ public String getNickname(); /** * Sets the nickname of the transport certificate. - * + * * @param str nickname */ public void setNickname(String str); /** * Returns the new nickname of the transport certifiate. - * + * * @return new nickname */ public String getNewNickName() throws EBaseException; /** * Sets the new nickname of the transport certifiate. - * + * * @param name new nickname */ public void setNewNickName(String name); /** * Logs event into key recovery authority logging. - * + * * @param level log level * @param msg log message */ public void log(int level, String msg); /** - * Creates a request object to store attributes that - * will not be serialized. Currently, request queue - * framework will try to serialize all the attribute into - * persistent storage. Things like passwords are not + * Creates a request object to store attributes that will not be serialized. + * Currently, request queue framework will try to serialize all the + * attribute into persistent storage. Things like passwords are not * desirable to be stored. - * + * * @param id request id * @return volatile requests */ @@ -263,7 +255,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem { /** * Retrieves the request object. - * + * * @param id request id * @return volatile requests */ @@ -271,32 +263,32 @@ public interface IKeyRecoveryAuthority extends ISubsystem { /** * Destroys the request object. - * + * * @param id request id */ public void destroyVolatileRequest(RequestId id); public Vector<Credential> getAppAgents( - String recoveryID) throws EBaseException; + String recoveryID) throws EBaseException; /** * Creates error for a specific recovery operation. - * + * * @param recoveryID recovery id * @param error error * @exception EBaseException failed to create error */ public void createError(String recoveryID, String error) - throws EBaseException; + throws EBaseException; /** * Retrieves error by recovery identifier. - * + * * @param recoveryID recovery id * @return error message */ public String getError(String recoveryID) - throws EBaseException; + throws EBaseException; /** * Retrieves PKCS12 package by recovery identifier. @@ -305,16 +297,16 @@ public interface IKeyRecoveryAuthority extends ISubsystem { * @return pkcs12 package in bytes */ public byte[] getPk12(String recoveryID) - throws EBaseException; + throws EBaseException; /** * Creates PKCS12 package in memory. - * + * * @param recoveryID recovery id * @param pk12 package in bytes - */ + */ public void createPk12(String recoveryID, byte[] pk12) - throws EBaseException; + throws EBaseException; /** * Retrieves the transport certificate. diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java index 5ed17453..c03599b8 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.kra; - import java.math.BigInteger; import java.util.Hashtable; @@ -26,63 +25,65 @@ import netscape.security.x509.X509CertImpl; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.security.Credential; - /** * An interface representing a recovery service. * <P> - * + * * @version $Revision$, $Date$ */ public interface IKeyService { /** - * Retrieves number of agent required to perform - * key recovery operation. + * Retrieves number of agent required to perform key recovery operation. * * @return number of required recovery agents * @exception EBaseException failed to retrieve value */ public int getNoOfRequiredAgents() throws EBaseException; - /** - * is async recovery request status APPROVED - - * i.e. all required # of recovery agents approved - * @param reqID request id - * @return true if # of recovery required agents approved; false otherwise - */ + /** + * is async recovery request status APPROVED - i.e. all required # of + * recovery agents approved + * + * @param reqID request id + * @return true if # of recovery required agents approved; false otherwise + */ public boolean isApprovedAsyncKeyRecovery(String reqID) - throws EBaseException; + throws EBaseException; - /** - * get async recovery request initiating agent - * @param reqID request id - * @return agentUID - */ + /** + * get async recovery request initiating agent + * + * @param reqID request id + * @return agentUID + */ public String getInitAgentAsyncKeyRecovery(String reqID) - throws EBaseException; + throws EBaseException; /** * Initiate asynchronous key recovery + * * @param kid key identifier * @param cert certificate embedded in PKCS12 * @return requestId * @exception EBaseException failed to initiate async recovery */ public String initAsyncKeyRecovery(BigInteger kid, X509CertImpl cert, String agent) - throws EBaseException; + throws EBaseException; /** * add approving agent in asynchronous key recovery + * * @param reqID request id * @param agentID agent id * @exception EBaseException failed to initiate async recovery */ public void addAgentAsyncKeyRecovery(String reqID, String agentID) - throws EBaseException; + throws EBaseException; /** * Performs administrator-initiated key recovery. - * + * * @param kid key identifier * @param creds list of credentials (id and password) * @param pwd password to protect PKCS12 @@ -92,87 +93,87 @@ public interface IKeyService { * @exception EBaseException failed to perform recovery */ public byte[] doKeyRecovery(BigInteger kid, - Credential creds[], String pwd, X509CertImpl cert, - String delivery, String nickname, String agent) throws EBaseException; + Credential creds[], String pwd, X509CertImpl cert, + String delivery, String nickname, String agent) throws EBaseException; - /** - * Async Recovers key for administrators. This method is - * invoked by the agent operation of the key recovery servlet. + /** + * Async Recovers key for administrators. This method is invoked by the + * agent operation of the key recovery servlet. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever * a user private key recovery request is made (this is when the DRM * receives the request) - * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever - * a user private key recovery request is processed (this is when the DRM - * processes the request) + * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used + * whenever a user private key recovery request is processed (this is when + * the DRM processes the request) * </ul> - * @param reqID request id - * @param password password of the PKCS12 package - * subsystem + * + * @param reqID request id + * @param password password of the PKCS12 package subsystem * @exception EBaseException failed to recover key * @return a byte array containing the key */ public byte[] doKeyRecovery( - String reqID, - String password) - throws EBaseException; + String reqID, + String password) + throws EBaseException; /** * Retrieves recovery identifier. - * + * * @return recovery id */ public String getRecoveryID(); /** * Creates recovery parameters for the given recovery operation. - * + * * @param recoveryID recovery id * @return recovery parameters * @exception EBaseException failed to create */ public Hashtable<String, Object> createRecoveryParams(String recoveryID) - throws EBaseException; + throws EBaseException; /** * Destroys recovery parameters for the given recovery operation. - * + * * @param recoveryID recovery id * @exception EBaseException failed to destroy */ - public void destroyRecoveryParams(String recoveryID) - throws EBaseException; + public void destroyRecoveryParams(String recoveryID) + throws EBaseException; /** * Retrieves recovery parameters for the given recovery operation. - * + * * @param recoveryID recovery id * @return recovery parameters * @exception EBaseException failed to retrieve */ public Hashtable<String, Object> getRecoveryParams(String recoveryID) - throws EBaseException; + throws EBaseException; /** * Adds password in the distributed recovery operation. - * + * * @param recoveryID recovery id * @param uid agent uid * @param pwd agent password * @exception EBaseException failed to add */ - public void addDistributedCredential(String recoveryID, - String uid, String pwd) throws EBaseException; + public void addDistributedCredential(String recoveryID, + String uid, String pwd) throws EBaseException; /** * Retrieves credentials in the distributed recovery operation. - * + * * @param recoveryID recovery id * @return agent's credentials * @exception EBaseException failed to retrieve */ - public Credential[] getDistributedCredentials(String recoveryID) - throws EBaseException; + public Credential[] getDistributedCredentials(String recoveryID) + throws EBaseException; } diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java b/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java index 1b484b66..20ac336e 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java @@ -17,15 +17,14 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.kra; - import java.math.BigInteger; import java.util.Date; - /** * An interface represents a proof of archival. * <P> * Here is the ASN1 definition of a proof of escrow: + * * <PRE> * ProofOfArchival ::= SIGNED { * SEQUENCE { @@ -46,35 +45,35 @@ public interface IProofOfArchival { /** * Retrieves version of this proof. - * + * * @return version */ public BigInteger getVersion(); /** * Retrieves the serial number. - * + * * @return serial number */ public BigInteger getSerialNumber(); /** * Retrieves the subject name. - * + * * @return subject name */ public String getSubjectName(); /** * Retrieves the issuer name. - * + * * @return issuer name */ public String getIssuerName(); /** * Returns the beginning of the escrowed perioid. - * + * * @return date of archival */ public Date getDateOfArchival(); diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IShare.java b/pki/base/common/src/com/netscape/certsrv/kra/IShare.java index c4d58f0a..92eaf319 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/IShare.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/IShare.java @@ -18,15 +18,16 @@ package com.netscape.certsrv.kra; /** - * Use Java's reflection API to leverage CMS's - * old Share and JoinShares implementations. - * + * Use Java's reflection API to leverage CMS's old Share and JoinShares + * implementations. + * * @deprecated * @version $Revision$ $Date$ */ public interface IShare { public void initialize(byte[] secret, int threshold) throws Exception; + public byte[] createShare(int sharenumber); } diff --git a/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java b/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java index 40e0ee17..14b686e6 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java @@ -17,10 +17,8 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.kra; - import java.util.ListResourceBundle; - /** * A class represents a resource bundle for KRA subsystem. * <P> diff --git a/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java b/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java index ca575396..99c8cc5f 100644 --- a/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java +++ b/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.kra; - import java.io.IOException; import java.io.InputStream; import java.io.Serializable; @@ -42,17 +41,15 @@ import com.netscape.certsrv.apps.CMS; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.dbs.IDBObj; - /** - * A class represents a proof of escrow. It indicates a key - * pairs have been escrowed by appropriate authority. The - * structure of this object is very similar (if not exact) to - * X.509 certificate. A proof of escrow is signed by an escrow - * authority. It is possible to have a CMS policy to reject - * the certificate issuance request if proof of escrow is not - * presented. + * A class represents a proof of escrow. It indicates a key pairs have been + * escrowed by appropriate authority. The structure of this object is very + * similar (if not exact) to X.509 certificate. A proof of escrow is signed by + * an escrow authority. It is possible to have a CMS policy to reject the + * certificate issuance request if proof of escrow is not presented. * <P> * Here is the ASN1 definition of a proof of escrow: + * * <PRE> * ProofOfEscrow ::= SIGNED { * SEQUENCE { @@ -106,13 +103,14 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { /** * Constructs a proof of escrow. * <P> + * * @param serialNo serial number of proof * @param subject subject name * @param issuer issuer name * @param dateOfArchival date of archival */ public ProofOfArchival(BigInteger serialNo, String subject, - String issuer, Date dateOfArchival) { + String issuer, Date dateOfArchival) { mVersion = DEFAULT_VERSION; mSerialNo = serialNo; mSubject = subject; @@ -123,6 +121,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { /** * Constructs proof of escrow from input stream. * <P> + * * @param in encoding source * @exception EBaseException failed to decode */ @@ -133,6 +132,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { /** * Sets an attribute value. * <P> + * * @param name attribute name * @param obj attribute value * @exception EBaseException failed to set attribute @@ -157,6 +157,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { /** * Retrieves the value of an named attribute. * <P> + * * @param name attribute name * @return attribute value * @exception EBaseException failed to get attribute @@ -177,10 +178,11 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name)); } } - + /** * Deletes an attribute. * <P> + * * @param name attribute name * @exception EBaseException failed to get attribute */ @@ -188,11 +190,11 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { throw new EBaseException( CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name)); } - + /** * Retrieves a list of possible attribute names. * <P> - * + * * @return a list of names */ public Enumeration<String> getElements() { @@ -207,11 +209,12 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { public Enumeration<String> getSerializableAttrNames() { return mNames.elements(); } - + /** * Retrieves version of this proof. * <P> - * @return version + * + * @return version */ public BigInteger getVersion() { return mVersion; @@ -220,7 +223,8 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { /** * Retrieves the serial number. * <P> - * @return serial number + * + * @return serial number */ public BigInteger getSerialNumber() { return mSerialNo; @@ -229,6 +233,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { /** * Retrieves the subject name. * <P> + * * @return subject name */ public String getSubjectName() { @@ -238,6 +243,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { /** * Retrieves the issuer name. * <P> + * * @return issuer name */ public String getIssuerName() { @@ -247,6 +253,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { /** * Returns the beginning of the escrowed perioid. * <P> + * * @return date of archival */ public Date getDateOfArchival() { @@ -254,8 +261,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { } /** - * Encodes this proof of escrow into the given - * output stream. + * Encodes this proof of escrow into the given output stream. * <P> */ public void encode(DerOutputStream out) throws EBaseException { @@ -268,10 +274,10 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { version.putInteger(new BigInt(mVersion)); seq.write(DerValue.createTag( - DerValue.TAG_CONTEXT, true, (byte) 0), - version); + DerValue.TAG_CONTEXT, true, (byte) 0), + version); } - + // serial number DerOutputStream serialno = new DerOutputStream(); @@ -289,7 +295,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { // issue date seq.putUTCTime(mDateOfArchival); - out.write(DerValue.tag_Sequence, seq); + out.write(DerValue.tag_Sequence, seq); } catch (IOException e) { throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED", e.toString())); @@ -300,9 +306,9 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { * Encodes and signs this proof of escrow. * <P> */ - public void encodeAndSign(PrivateKey key, String algorithm, - String provider, DerOutputStream out) - throws EBaseException { + public void encodeAndSign(PrivateKey key, String algorithm, + String provider, DerOutputStream out) + throws EBaseException { try { Signature sigEngine = null; @@ -310,7 +316,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { if (provider == null) { sigEngine = Signature.getInstance(algorithm); } else { - sigEngine = Signature.getInstance(algorithm, + sigEngine = Signature.getInstance(algorithm, provider); } @@ -357,7 +363,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { DerValue val = new DerValue(in); - DerValue seq[] = new DerValue[3]; + DerValue seq[] = new DerValue[3]; seq[0] = val.data.getDerValue(); if (seq[0].tag == DerValue.tag_Sequence) { @@ -365,12 +371,12 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { seq[1] = val.data.getDerValue(); seq[2] = val.data.getDerValue(); if (seq[1].data.available() != 0) { - throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", "no algorithm found")); } if (seq[2].data.available() != 0) { - throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", "no signature found")); } @@ -391,14 +397,14 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { * Decodes proof of escrow. * <P> */ - private void decodePOA(DerValue val, DerValue preprocessed) - throws EBaseException { + private void decodePOA(DerValue val, DerValue preprocessed) + throws EBaseException { try { DerValue tmp = null; if (preprocessed == null) { if (val.tag != DerValue.tag_Sequence) { - throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", + throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", "not start with sequence")); } tmp = val.data.getDerValue(); @@ -429,7 +435,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { // mSubject = new X500Name(subject); // doesnt work mSubject = new String(subject.toByteArray()); - + // issuer DerValue issuer = val.data.getDerValue(); @@ -443,15 +449,14 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable { } /** - * Retrieves the string reprensetation of this - * proof of archival. + * Retrieves the string reprensetation of this proof of archival. */ public String toString() { return "Version: " + mVersion.toString() + "\n" + - "SerialNo: " + mSerialNo.toString() + "\n" + - "Subject: " + mSubject + "\n" + - "Issuer: " + mIssuer + "\n" + - "DateOfArchival: " + mDateOfArchival.toString(); + "SerialNo: " + mSerialNo.toString() + "\n" + + "Subject: " + mSubject + "\n" + + "Issuer: " + mIssuer + "\n" + + "DateOfArchival: " + mDateOfArchival.toString(); } } |