diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java | 97 |
1 files changed, 52 insertions, 45 deletions
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java index 4cdb0bdc..494de799 100644 --- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java +++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.crl; - import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.CertificateParsingException; @@ -43,43 +42,42 @@ import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.common.NameValuePairs; import com.netscape.certsrv.logging.ILogger; - /** * This represents an authority key identifier extension. - * + * * @version $Revision$, $Date$ */ -public class CMSAuthorityKeyIdentifierExtension - implements ICMSCRLExtension, IExtendedPluginInfo { +public class CMSAuthorityKeyIdentifierExtension implements ICMSCRLExtension, + IExtendedPluginInfo { private ILogger mLogger = CMS.getLogger(); public CMSAuthorityKeyIdentifierExtension() { } - public Extension setCRLExtensionCriticality(Extension ext, - boolean critical) { + public Extension setCRLExtensionCriticality(Extension ext, boolean critical) { AuthorityKeyIdentifierExtension authKeyIdExt = null; KeyIdentifier keyId = null; GeneralNames names = null; SerialNumber sn = null; try { - keyId = (KeyIdentifier) ((AuthorityKeyIdentifierExtension) ext).get( - AuthorityKeyIdentifierExtension.KEY_ID); - names = (GeneralNames) ((AuthorityKeyIdentifierExtension) ext).get( - AuthorityKeyIdentifierExtension.AUTH_NAME); - sn = (SerialNumber) ((AuthorityKeyIdentifierExtension) ext).get( - AuthorityKeyIdentifierExtension.SERIAL_NUMBER); - authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId, names, sn); + keyId = (KeyIdentifier) ((AuthorityKeyIdentifierExtension) ext) + .get(AuthorityKeyIdentifierExtension.KEY_ID); + names = (GeneralNames) ((AuthorityKeyIdentifierExtension) ext) + .get(AuthorityKeyIdentifierExtension.AUTH_NAME); + sn = (SerialNumber) ((AuthorityKeyIdentifierExtension) ext) + .get(AuthorityKeyIdentifierExtension.SERIAL_NUMBER); + authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId, + names, sn); } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString())); } return authKeyIdExt; } - public Extension getCRLExtension(IConfigStore config, - Object ip, - boolean critical) { + public Extension getCRLExtension(IConfigStore config, Object ip, + boolean critical) { AuthorityKeyIdentifierExtension authKeyIdExt = null; ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; @@ -87,48 +85,58 @@ public class CMSAuthorityKeyIdentifierExtension KeyIdentifier keyId = null; try { - X509CertInfo info = (X509CertInfo) - ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get( + X509CertInfo info = (X509CertInfo) ((ICertificateAuthority) crlIssuingPoint + .getCertificateAuthority()).getCACert().get( X509CertImpl.NAME + "." + X509CertImpl.INFO); if (info != null) { - CertificateExtensions caCertExtensions = (CertificateExtensions) - info.get(X509CertInfo.EXTENSIONS); + CertificateExtensions caCertExtensions = (CertificateExtensions) info + .get(X509CertInfo.EXTENSIONS); if (caCertExtensions != null) { for (int i = 0; i < caCertExtensions.size(); i++) { - Extension caCertExt = (Extension) caCertExtensions.elementAt(i); + Extension caCertExt = (Extension) caCertExtensions + .elementAt(i); if (caCertExt instanceof SubjectKeyIdentifierExtension) { - SubjectKeyIdentifierExtension id = - (SubjectKeyIdentifierExtension) caCertExt; + SubjectKeyIdentifierExtension id = (SubjectKeyIdentifierExtension) caCertExt; - keyId = (KeyIdentifier) - id.get(SubjectKeyIdentifierExtension.KEY_ID); + keyId = (KeyIdentifier) id + .get(SubjectKeyIdentifierExtension.KEY_ID); } } } } } catch (CertificateParsingException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CERT_PARSING_ERROR", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CERT_PARSING_ERROR", + e.toString())); } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CERT_CERT_EXCEPTION", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CERT_CERT_EXCEPTION", + e.toString())); } if (keyId != null) { - authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId, null, null); + authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, + keyId, null, null); } else { GeneralNames gNames = new GeneralNames(); - gNames.addElement(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getX500Name()); + gNames.addElement(((ICertificateAuthority) crlIssuingPoint + .getCertificateAuthority()).getX500Name()); - authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, null, gNames, - new SerialNumber(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().getSerialNumber())); + authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, + null, gNames, new SerialNumber( + ((ICertificateAuthority) crlIssuingPoint + .getCertificateAuthority()).getCACert() + .getSerialNumber())); } } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString())); } return authKeyIdExt; @@ -143,23 +151,22 @@ public class CMSAuthorityKeyIdentifierExtension public String[] getExtendedPluginInfo(Locale locale) { String[] params = { - //"type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+ - //"This field is not editable.", + // "type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+ + // "This field is not editable.", "enable;boolean;Check to enable Authority Key Identifier CRL extension.", "critical;boolean;Set criticality for Authority Key Identifier CRL extension.", - IExtendedPluginInfo.HELP_TOKEN + - ";configuration-ca-edit-crlextension-authoritykeyidentifier", - IExtendedPluginInfo.HELP_TEXT + - ";The authority key identifier extension provides a means " + - "of identifying the public key corresponding to the private " + - "key used to sign a CRL." - }; + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-authoritykeyidentifier", + IExtendedPluginInfo.HELP_TEXT + + ";The authority key identifier extension provides a means " + + "of identifying the public key corresponding to the private " + + "key used to sign a CRL." }; return params; } private void log(int level, String msg) { mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, - "CMSAuthorityKeyIdentifierExtension - " + msg); + "CMSAuthorityKeyIdentifierExtension - " + msg); } -} +} |