diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java')
| -rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java | 2079 |
1 files changed, 1114 insertions, 965 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index ba8aa448..f57d12e2 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -17,6 +17,7 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; + import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -82,10 +83,11 @@ import com.netscape.cmsutil.util.Cert; import com.netscape.symkey.SessionKey; /** - * A class representings an administration servlet. This servlet is responsible - * to serve Certificate Server level administrative operations such as - * configuration parameter updates. - * + * A class representings an administration servlet. This + * servlet is responsible to serve Certificate Server + * level administrative operations such as configuration + * parameter updates. + * * @version $Revision$, $Date$ */ public final class CMSAdminServlet extends AdminServlet { @@ -106,11 +108,16 @@ public final class CMSAdminServlet extends AdminServlet { private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; - private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; - private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; - private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = + "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = + "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; + private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = + "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; + private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = + "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; + private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = + "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; // CMS must be instantiated before this admin servlet. @@ -139,13 +146,13 @@ public final class CMSAdminServlet extends AdminServlet { * Serves HTTP request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); try { super.authenticate(req); } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), + null, resp); return; } @@ -157,8 +164,9 @@ public final class CMSAdminServlet extends AdminServlet { if (scope.equals(ScopeDef.SC_PLATFORM)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } getEnv(req, resp); @@ -167,8 +175,9 @@ public final class CMSAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) @@ -190,13 +199,14 @@ public final class CMSAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) setDBConfig(req, resp); - else if (scope.equals(ScopeDef.SC_SMTP)) + else if (scope.equals(ScopeDef.SC_SMTP)) modifySMTPConfig(req, resp); else if (scope.equals(ScopeDef.SC_TASKS)) performTasks(req, resp); @@ -204,9 +214,9 @@ public final class CMSAdminServlet extends AdminServlet { modifyEncryption(req, resp); else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT)) issueImportCert(req, resp); - else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) + else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) installCert(req, resp); - else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) + else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) importXCert(req, resp); else if (scope.equals(ScopeDef.SC_DELETE_CERTS)) deleteCerts(req, resp); @@ -219,8 +229,9 @@ public final class CMSAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBSYSTEM)) @@ -229,31 +240,33 @@ public final class CMSAdminServlet extends AdminServlet { getCACerts(req, resp); else if (scope.equals(ScopeDef.SC_ALL_CERTLIST)) getAllCertsManage(req, resp); - else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) + else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) getUserCerts(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) getTKSKeys(req, resp); - else if (scope.equals(ScopeDef.SC_TOKEN)) + else if (scope.equals(ScopeDef.SC_TOKEN)) getAllTokenNames(req, resp); else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) getRootCerts(req, resp); } else if (op.equals(OpDef.OP_DELETE)) { mOp = "delete"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) { deleteRootCert(req, resp); } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) { - deleteUserCert(req, resp); + deleteUserCert(req,resp); } } else if (op.equals(OpDef.OP_PROCESS)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_CERT_REQUEST)) @@ -270,13 +283,14 @@ public final class CMSAdminServlet extends AdminServlet { checkTokenStatus(req, resp); else if (scope.equals(ScopeDef.SC_SELFTESTS)) runSelfTestsOnDemand(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) createMasterKey(req, resp); } else if (op.equals(OpDef.OP_VALIDATE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); + sendResponse(ERROR, + CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), + null, resp); return; } if (scope.equals(ScopeDef.SC_SUBJECT_NAME)) @@ -289,7 +303,8 @@ public final class CMSAdminServlet extends AdminServlet { validateCurveName(req, resp); } } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), + null, resp); return; } catch (Exception e) { StringWriter sw = new StringWriter(); @@ -301,24 +316,25 @@ public final class CMSAdminServlet extends AdminServlet { } } - private void getEnv(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getEnv(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); if (File.separator.equals("\\")) params.add(Constants.PR_NT, Constants.TRUE); else params.add(Constants.PR_NT, Constants.FALSE); - + sendResponse(SUCCESS, null, params, resp); } private void getAllTokenNames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList()); @@ -327,15 +343,15 @@ public final class CMSAdminServlet extends AdminServlet { } private void getAllNicknames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts()); - + sendResponse(SUCCESS, null, params, resp); } @@ -346,26 +362,27 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - // get subsystem type - if ((sys instanceof IKeyRecoveryAuthority) - && subsystem.equals("kra")) + //get subsystem type + if ((sys instanceof IKeyRecoveryAuthority) && + subsystem.equals("kra")) return true; - else if ((sys instanceof IRegistrationAuthority) - && subsystem.equals("ra")) + else if ((sys instanceof IRegistrationAuthority) && + subsystem.equals("ra")) return true; - else if ((sys instanceof ICertificateAuthority) - && subsystem.equals("ca")) + else if ((sys instanceof ICertificateAuthority) && + subsystem.equals("ca")) return true; - else if ((sys instanceof IOCSPAuthority) - && subsystem.equals("ocsp")) + else if ((sys instanceof IOCSPAuthority) && + subsystem.equals("ocsp")) return true; } return false; } - private void readEncryption(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void readEncryption(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration e = CMS.getSubsystems(); boolean isCAInstalled = false; @@ -378,7 +395,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - // get subsystem type + //get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -389,20 +406,19 @@ public final class CMSAdminServlet extends AdminServlet { isOCSPInstalled = true; else if (sys instanceof ITKSAuthority) isTKSInstalled = true; + + } - } - - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String caTokenName = ""; NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_CIPHER_VERSION, jssSubSystem.getCipherVersion()); - params.add(Constants.PR_CIPHER_FORTEZZA, - jssSubSystem.isCipherFortezza()); - params.add(Constants.PR_CIPHER_PREF, - jssSubSystem.getCipherPreferences()); + params.add(Constants.PR_CIPHER_VERSION, + jssSubSystem.getCipherVersion()); + params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza()); + params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences()); String tokenList = jssSubSystem.getTokenList(); @@ -412,7 +428,7 @@ public final class CMSAdminServlet extends AdminServlet { while (tokenizer.hasMoreElements()) { String tokenName = (String) tokenizer.nextElement(); String certs = jssSubSystem.getCertListWithoutTokenName(tokenName); - + if (certs.equals("")) continue; if (tokenNewList.equals("")) @@ -426,8 +442,7 @@ public final class CMSAdminServlet extends AdminServlet { params.add(Constants.PR_TOKEN_LIST, tokenNewList); if (isCAInstalled) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); caTokenName = signingUnit.getTokenName(); @@ -437,31 +452,31 @@ public final class CMSAdminServlet extends AdminServlet { String caNickName = signingUnit.getNickname(); - // params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); + //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); params.add(Constants.PR_CERT_CA, getCertNickname(caNickName)); } if (isRAInstalled) { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); String raNickname = ra.getNickname(); params.add(Constants.PR_CERT_RA, getCertNickname(raNickname)); } if (isKRAInstalled) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); String kraNickname = kra.getNickname(); params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname)); } if (isTKSInstalled) { - ITKSAuthority tks = (ITKSAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_TKS); + ITKSAuthority tks = (ITKSAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_TKS); } String nickName = CMS.getServerCertNickname(); - + params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName)); sendResponse(SUCCESS, null, params, resp); @@ -503,19 +518,18 @@ public final class CMSAdminServlet extends AdminServlet { /** * Modify encryption configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when * configuring encryption (cert settings and SSL cipher preferences) * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to modify encryption configuration */ private void modifyEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -525,8 +539,8 @@ public final class CMSAdminServlet extends AdminServlet { try { Enumeration enum1 = req.getParameterNames(); NameValuePairs params = new NameValuePairs(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.getInternalTokenName(); Enumeration e = CMS.getSubsystems(); @@ -540,7 +554,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - // get subsystem type + //get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -549,23 +563,21 @@ public final class CMSAdminServlet extends AdminServlet { isCAInstalled = true; else if (sys instanceof IOCSPAuthority) isOCSPInstalled = true; - else if (sys instanceof ITKSAuthority) + else if (sys instanceof ITKSAuthority) isTKSInstalled = true; } - ICertificateAuthority ca = null; + ICertificateAuthority ca = null; IRegistrationAuthority ra = null; IKeyRecoveryAuthority kra = null; - ITKSAuthority tks = null; + ITKSAuthority tks = null; if (isCAInstalled) ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (isRAInstalled) - ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (isKRAInstalled) - kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); if (isTKSInstalled) tks = (ITKSAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_TKS); @@ -581,20 +593,19 @@ public final class CMSAdminServlet extends AdminServlet { ISigningUnit signingUnit = ca.getSigningUnit(); if ((val != null) && (!val.equals(""))) { - StringTokenizer tokenizer = new StringTokenizer(val, - ","); + StringTokenizer tokenizer = new StringTokenizer(val, ","); if (tokenizer.countTokens() != 2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_INVALID_UI_INFO")); + throw new EBaseException(CMS.getLogMessage("BASE_INVALID_UI_INFO")); } String tokenName = (String) tokenizer.nextElement(); @@ -612,14 +623,14 @@ public final class CMSAdminServlet extends AdminServlet { } else // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_NOT_CA_CERT")); + throw new EBaseException(CMS.getLogMessage("BASE_NOT_CA_CERT")); } } else if (name.equals(Constants.PR_CERT_RA)) { if ((val != null) && (!val.equals(""))) { @@ -649,8 +660,10 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -659,8 +672,10 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -669,26 +684,28 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, - ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getCertConfigNickname(String val) throws EBaseException { @@ -710,9 +727,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - * HTTPService httpsService = raAdmin.getHttpsService(); - * httpsService.setNickName(nickName); + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + HTTPService httpsService = raAdmin.getHttpsService(); + httpsService.setNickName(nickName); */ } @@ -720,9 +737,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - * HTTPService httpsService = gateway.getHttpsService(); - * httpsService.setNickName(nickName); + AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + HTTPService httpsService = gateway.getHttpsService(); + httpsService.setNickName(nickName); */ } @@ -730,9 +747,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - * HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); HTTPService - * httpsService = eeGateway.getHttpsService(); - * httpsService.setNickName(nickName); + HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); + HTTPService httpsService = eeGateway.getHttpsService(); + httpsService.setNickName(nickName); */ } @@ -740,30 +757,31 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - * HTTPSubsystem caGateway = ca.getHTTPSubsystem(); HTTPService - * httpsService = caGateway.getHttpsService(); - * httpsService.setNickName(nickName); + HTTPSubsystem caGateway = ca.getHTTPSubsystem(); + HTTPService httpsService = caGateway.getHttpsService(); + httpsService.setNickName(nickName); */ } /** * Performs Server Tasks: RESTART/STOP operation */ - private void performTasks(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void performTasks(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String restart = req.getParameter(Constants.PR_SERVER_RESTART); String stop = req.getParameter(Constants.PR_SERVER_STOP); NameValuePairs params = new NameValuePairs(); if (restart != null) { - // XXX Uncommented afetr watchdog is implemented + //XXX Uncommented afetr watchdog is implemented sendResponse(SUCCESS, null, params, resp); - // mServer.restart(); + //mServer.restart(); return; } if (stop != null) { - // XXX Send response first then shutdown + //XXX Send response first then shutdown sendResponse(SUCCESS, null, params, resp); CMS.shutdown(); return; @@ -776,8 +794,9 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads subsystems that server has loaded with. */ - private void readSubsystem(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void readSubsystem(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = CMS.getSubsystems(); StringBuffer buff = new StringBuffer(); @@ -786,7 +805,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - // get subsystem type + //get subsystem type if (sys instanceof IKeyRecoveryAuthority) type = Constants.PR_KRA_INSTANCE; if (sys instanceof IRegistrationAuthority) @@ -795,7 +814,7 @@ public final class CMSAdminServlet extends AdminServlet { type = Constants.PR_CA_INSTANCE; if (sys instanceof IOCSPAuthority) type = Constants.PR_OCSP_INSTANCE; - if (sys instanceof ITKSAuthority) + if (sys instanceof ITKSAuthority) type = Constants.PR_TKS_INSTANCE; if (!type.trim().equals("")) params.add(sys.getId(), type); @@ -807,13 +826,13 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads server statistics. */ - private void readStat(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void readStat(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore cs = CMS.getConfigStore(); try { - String installdate = cs - .getString(Constants.PR_STAT_INSTALLDATE, ""); + String installdate = cs.getString(Constants.PR_STAT_INSTALLDATE, ""); params.add(Constants.PR_STAT_INSTALLDATE, installdate); } catch (Exception e) { } @@ -831,9 +850,9 @@ public final class CMSAdminServlet extends AdminServlet { } params.add(Constants.PR_STAT_STARTUP, - (new Date(CMS.getStartupTime())).toString()); + (new Date(CMS.getStartupTime())).toString()); params.add(Constants.PR_STAT_TIME, - (new Date(System.currentTimeMillis())).toString()); + (new Date(System.currentTimeMillis())).toString()); sendResponse(SUCCESS, null, params, resp); } @@ -841,105 +860,127 @@ public final class CMSAdminServlet extends AdminServlet { * Modifies network information. */ private void modifyNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { /* - * HTTPSubsystem eeGateway = (HTTPSubsystem) - * SubsystemRegistry.getInstance().get("eeGateway"); RemoteAdmin raAdmin - * = (RemoteAdmin)RemoteAdmin.getInstance(); AgentGateway agent = - * (AgentGateway)mReg.get(AgentGateway.ID); - * - * Enumeration enum1 = req.getParameterNames(); - * - * String eeHTTPportString = null; String eeHTTPSportString = null; - * String agentHTTPSportString = null; String radminHTTPSportString = - * null; - * - * String gatewayBacklog = "15"; - * - * // eeHTTPEnabled corresponds to the checkbox which enables the // - * HTTP EE port String eeHTTPEnabled = Constants.FALSE; - * - * while (enum1.hasMoreElements()) { String key = - * (String)enum1.nextElement(); String value = - * (String)req.getParameter(key); - * - * if (key.equals(Constants.PR_AGENT_S_BACKLOG)) { - * agent.setHTTPSBacklog(value); } else if - * (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) { - * eeGateway.setHTTPSBacklog(value); } else if - * (key.equals(Constants.PR_ADMIN_S_BACKLOG)) { - * raAdmin.setHTTPSBacklog(value); } else if - * (key.equals(Constants.PR_GATEWAY_BACKLOG)) { gatewayBacklog = value; - * } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) { - * eeHTTPEnabled = value; } } - * - * - * eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT); - * eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT); - * agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT); - * radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT); - * - * - * int eeHTTPport=0; int eeHTTPSport=0; int agentHTTPSport=0; int - * radminHTTPSport=0; if (eeHTTPportString != null) eeHTTPport = - * Integer.parseInt(eeHTTPportString); if (eeHTTPSportString != null) - * eeHTTPSport = Integer.parseInt(eeHTTPSportString); if - * (agentHTTPSportString != null) agentHTTPSport = - * Integer.parseInt(agentHTTPSportString); if (radminHTTPSportString != - * null) radminHTTPSport = Integer.parseInt(radminHTTPSportString); - * - * - * String portName=""; int portnum; try { - * - * // EE HTTP is special, since it has it's own checkbox for - * enabling/disabling if (eeHTTPEnabled.equals(Constants.TRUE) && - * eeHTTPport != 0 && eeHTTPport != eeGateway.getHTTPPort()) { portName - * = "End-entity"; checkPortAvailable(eeHTTPport); } - * - * if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) { - * portName = "SSL End-entity"; checkPortAvailable(eeHTTPSport); } if - * (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) { - * portName = "Agent"; checkPortAvailable(agentHTTPSport); } if - * (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) { - * portName = "Remote Admin"; checkPortAvailable(radminHTTPSport); } - * - * // If any of the above ports are not available, an exception // will - * be thrown and these methods below will not be called - * - * if (eeHTTPEnabled.equals(Constants.TRUE)) { - * eeGateway.setHTTPPort(eeHTTPport); } - * eeGateway.setHTTPSPort(eeHTTPSport); - * agent.setHTTPSPort(agentHTTPSport); - * raAdmin.setHTTPSPort(radminHTTPSport); - * - * } catch (IOException e) { // send 'port in use' error - * sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); // we - * do not want to save the config in this case return; } - * - * eeGateway.setHTTPBacklog(gatewayBacklog); - * eeGateway.setHTTPPortEnable(eeHTTPEnabled); - * - * mConfig.commit(true); sendResponse(RESTART, null, null, resp); - */ + HTTPSubsystem eeGateway = (HTTPSubsystem) + SubsystemRegistry.getInstance().get("eeGateway"); + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); + + Enumeration enum1 = req.getParameterNames(); + + String eeHTTPportString = null; + String eeHTTPSportString = null; + String agentHTTPSportString = null; + String radminHTTPSportString = null; + + String gatewayBacklog = "15"; + + // eeHTTPEnabled corresponds to the checkbox which enables the + // HTTP EE port + String eeHTTPEnabled = Constants.FALSE; + + while (enum1.hasMoreElements()) { + String key = (String)enum1.nextElement(); + String value = (String)req.getParameter(key); + + if (key.equals(Constants.PR_AGENT_S_BACKLOG)) { + agent.setHTTPSBacklog(value); + } else if (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) { + eeGateway.setHTTPSBacklog(value); + } else if (key.equals(Constants.PR_ADMIN_S_BACKLOG)) { + raAdmin.setHTTPSBacklog(value); + } else if (key.equals(Constants.PR_GATEWAY_BACKLOG)) { + gatewayBacklog = value; + } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) { + eeHTTPEnabled = value; + } + } + + + eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT); + eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT); + agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT); + radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT); + + + int eeHTTPport=0; + int eeHTTPSport=0; + int agentHTTPSport=0; + int radminHTTPSport=0; + if (eeHTTPportString != null) eeHTTPport = Integer.parseInt(eeHTTPportString); + if (eeHTTPSportString != null) eeHTTPSport = Integer.parseInt(eeHTTPSportString); + if (agentHTTPSportString != null) agentHTTPSport = Integer.parseInt(agentHTTPSportString); + if (radminHTTPSportString != null) radminHTTPSport = Integer.parseInt(radminHTTPSportString); + + + String portName=""; + int portnum; + try { + + // EE HTTP is special, since it has it's own checkbox for enabling/disabling + if (eeHTTPEnabled.equals(Constants.TRUE) && + eeHTTPport != 0 && + eeHTTPport != eeGateway.getHTTPPort()) + { + portName = "End-entity"; + checkPortAvailable(eeHTTPport); + } + + if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) { + portName = "SSL End-entity"; + checkPortAvailable(eeHTTPSport); + } + if (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) { + portName = "Agent"; + checkPortAvailable(agentHTTPSport); + } + if (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) { + portName = "Remote Admin"; + checkPortAvailable(radminHTTPSport); + } + + // If any of the above ports are not available, an exception + // will be thrown and these methods below will not be called + + if (eeHTTPEnabled.equals(Constants.TRUE)) { + eeGateway.setHTTPPort(eeHTTPport); + } + eeGateway.setHTTPSPort(eeHTTPSport); + agent.setHTTPSPort(agentHTTPSport); + raAdmin.setHTTPSPort(radminHTTPSport); + + } catch (IOException e) { + // send 'port in use' error + sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); + // we do not want to save the config in this case + return; + } + + eeGateway.setHTTPBacklog(gatewayBacklog); + eeGateway.setHTTPPortEnable(eeHTTPEnabled); + + mConfig.commit(true); + sendResponse(RESTART, null, null, resp); + */ } /** * Check if the port is available for binding. - * * @throws IOException if not available */ - private void checkPortAvailable(int port) throws IOException { + private void checkPortAvailable(int port) + throws IOException { try { // see if the port is being used by somebody else ServerSocket ss = new ServerSocket(port); ss.close(); } catch (Exception e) { - throw new IOException("port " + port - + " is in use. Please select another port"); + throw new IOException("port " + port + " is in use. Please select another port"); } } @@ -947,8 +988,8 @@ public final class CMSAdminServlet extends AdminServlet { * Reads network information. */ private void readNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); @@ -959,52 +1000,58 @@ public final class CMSAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - private void getEENetworkConfig(NameValuePairs params) - throws EBaseException { + private void getEENetworkConfig(NameValuePairs params) + throws EBaseException { /* - * HTTPSubsystem eeGateway = (HTTPSubsystem)mReg.get("eeGateway"); if - * (eeGateway == null) { // i.e. standalone DRM - * params.add(Constants.PR_GATEWAY_S_PORT, "-1"); - * params.add(Constants.PR_GATEWAY_PORT, "-1"); - * params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1"); - * params.add(Constants.PR_GATEWAY_BACKLOG,"-1"); - * params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); } else { - * params.add(Constants.PR_GATEWAY_S_PORT, ""+eeGateway.getHTTPSPort()); - * params.add(Constants.PR_GATEWAY_PORT, ""+eeGateway.getHTTPPort()); - * params.add(Constants.PR_GATEWAY_S_BACKLOG, - * ""+eeGateway.getHTTPBacklog()); - * params.add(Constants.PR_GATEWAY_BACKLOG, - * ""+eeGateway.getHTTPSBacklog()); - * params.add(Constants.PR_GATEWAY_PORT_ENABLED, - * eeGateway.getHTTPPortEnable()); } - */ + HTTPSubsystem eeGateway = + (HTTPSubsystem)mReg.get("eeGateway"); + if (eeGateway == null) { + // i.e. standalone DRM + params.add(Constants.PR_GATEWAY_S_PORT, "-1"); + params.add(Constants.PR_GATEWAY_PORT, "-1"); + params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1"); + params.add(Constants.PR_GATEWAY_BACKLOG,"-1"); + params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); + } else { + params.add(Constants.PR_GATEWAY_S_PORT, + ""+eeGateway.getHTTPSPort()); + params.add(Constants.PR_GATEWAY_PORT, + ""+eeGateway.getHTTPPort()); + params.add(Constants.PR_GATEWAY_S_BACKLOG, + ""+eeGateway.getHTTPBacklog()); + params.add(Constants.PR_GATEWAY_BACKLOG, + ""+eeGateway.getHTTPSBacklog()); + params.add(Constants.PR_GATEWAY_PORT_ENABLED, + eeGateway.getHTTPPortEnable()); + } + */ } private void getAdminConfig(NameValuePairs params) throws EBaseException { /* - * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - * params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort()); - * params - * .add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog()); + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort()); + params.add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog()); */ } private void getAgentConfig(NameValuePairs params) throws EBaseException { /* - * AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); - * params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort()); - * params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog()); + AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); + params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort()); + params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog()); */ } /** * Modifies database information. */ - private void setDBConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void setDBConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB); Enumeration enum1 = req.getParameterNames(); @@ -1018,53 +1065,56 @@ public final class CMSAdminServlet extends AdminServlet { continue; if (key.equals(Constants.OP_SCOPE)) continue; - - dbConfig.putString(key, req.getParameter(key)); + + dbConfig.putString(key, req.getParameter(key)); } sendResponse(RESTART, null, null, resp); mConfig.commit(true); } - - /** + /** * Create Master Key */ - private void createMasterKey(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { +private void createMasterKey(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - String newKeyName = null, selectedToken = null; + String newKeyName = null, selectedToken = null; while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_KEY_LIST)) { - newKeyName = req.getParameter(name); - } - if (name.equals(Constants.PR_TOKEN_LIST)) { - selectedToken = req.getParameter(name); - } + if (name.equals(Constants.PR_KEY_LIST)) + { + newKeyName = req.getParameter(name); + } + if (name.equals(Constants.PR_TOKEN_LIST)) + { + selectedToken = req.getParameter(name); + } + } - if (selectedToken != null && newKeyName != null) { - String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName); - CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); - String masterKeyPrefix = CMS.getConfigStore().getString( - "tks.master_key_prefix", null); - - SessionKey.SetDefaultPrefix(masterKeyPrefix); - params.add(Constants.PR_KEY_LIST, newKeyName); - params.add(Constants.PR_TOKEN_LIST, selectedToken); - } - sendResponse(SUCCESS, null, params, resp); - } + if(selectedToken!=null && newKeyName!=null) + { + String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName); + CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); + String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); + + SessionKey.SetDefaultPrefix(masterKeyPrefix); + params.add(Constants.PR_KEY_LIST, newKeyName); + params.add(Constants.PR_TOKEN_LIST, selectedToken); + } + sendResponse(SUCCESS, null, params, resp); +} - /** + /** * Reads secmod.db */ - private void getTKSKeys(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getTKSKeys(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -1072,56 +1122,57 @@ public final class CMSAdminServlet extends AdminServlet { while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_TOKEN_LIST)) { - String selectedToken = req.getParameter(name); - - int count = 0; - int keys_found = 0; - - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); - - CryptoToken token = null; - CryptoManager mCryptoManager = null; - try { - mCryptoManager = CryptoManager.getInstance(); - } catch (Exception e2) { - } - - if (!jssSubSystem.isTokenLoggedIn(selectedToken)) { - PasswordCallback cpcb = new ConsolePasswordCallback(); - while (true) { + if (name.equals(Constants.PR_TOKEN_LIST)) + { + String selectedToken = req.getParameter(name); + + int count = 0; + int keys_found = 0; + + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + + CryptoToken token = null; + CryptoManager mCryptoManager = null; + try { + mCryptoManager = CryptoManager.getInstance(); + } catch (Exception e2) { + } + + if(!jssSubSystem.isTokenLoggedIn(selectedToken)) + { + PasswordCallback cpcb = new ConsolePasswordCallback(); + while (true) { try { - token = mCryptoManager - .getTokenByName(selectedToken); - token.login(cpcb); + token = mCryptoManager.getTokenByName(selectedToken); + token.login(cpcb); break; } catch (Exception e3) { - // log(ILogger.LL_FAILURE, - // CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); + //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); continue; } - } - } - // String symKeys = new String("key1,key2"); - String symKeys = SessionKey.ListSymmetricKeys(selectedToken); - params.add(Constants.PR_TOKEN_LIST, symKeys); + } + } + // String symKeys = new String("key1,key2"); + String symKeys = SessionKey.ListSymmetricKeys(selectedToken); + params.add(Constants.PR_TOKEN_LIST, symKeys); - } + } } sendResponse(SUCCESS, null, params, resp); } - + + /** * Reads database information. */ - private void getDBConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getDBConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_DB); IConfigStore ldapConfig = dbConfig.getSubStore("ldap"); NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); @@ -1133,7 +1184,7 @@ public final class CMSAdminServlet extends AdminServlet { continue; if (name.equals(Constants.PR_SECURE_PORT_ENABLED)) params.add(name, ldapConfig.getString(name, "Constants.FALSE")); - else + else params.add(name, ldapConfig.getString(name, "")); } sendResponse(SUCCESS, null, params, resp); @@ -1143,8 +1194,8 @@ public final class CMSAdminServlet extends AdminServlet { * Modifies SMTP configuration. */ private void modifySMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { // XXX IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP); @@ -1157,7 +1208,7 @@ public final class CMSAdminServlet extends AdminServlet { if (port != null) sConfig.putString("port", port); - + commit(true); sendResponse(SUCCESS, null, null, resp); @@ -1166,18 +1217,22 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads SMTP configuration. */ - private void readSMTPConfig(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void readSMTPConfig(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_SERVER_NAME, dbConfig.getString("host")); - params.add(Constants.PR_PORT, dbConfig.getString("port")); + params.add(Constants.PR_SERVER_NAME, + dbConfig.getString("host")); + params.add(Constants.PR_PORT, + dbConfig.getString("port")); sendResponse(SUCCESS, null, params, resp); } - private void loggedInToken(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void loggedInToken(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String tokenName = ""; String pwd = ""; @@ -1193,8 +1248,8 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.loggedInToken(tokenName, pwd); @@ -1204,8 +1259,8 @@ public final class CMSAdminServlet extends AdminServlet { } private void checkTokenStatus(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String key = ""; String value = ""; @@ -1218,8 +1273,8 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); boolean status = jssSubSystem.isTokenLoggedIn(value); NameValuePairs params = new NameValuePairs(); @@ -1232,18 +1287,18 @@ public final class CMSAdminServlet extends AdminServlet { /** * Retrieve a certificate request * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when * asymmetric keys are generated * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to retrieve certificate request */ - private void getCertRequest(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getCertRequest(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditPublicKey = ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1291,11 +1346,11 @@ public final class CMSAdminServlet extends AdminServlet { } } - pathname = mConfig.getString("instanceRoot", "") + File.separator - + "conf" + File.separator; + pathname = mConfig.getString("instanceRoot", "") + + File.separator + "conf" + File.separator; dir = pathname; - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); KeyPair keypair = null; PQGParams pqgParams = null; @@ -1321,8 +1376,10 @@ public final class CMSAdminServlet extends AdminServlet { if (nickname.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, ILogger.FAILURE, auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, + ILogger.FAILURE, + auditPublicKey); audit(auditMessage); @@ -1333,13 +1390,11 @@ public final class CMSAdminServlet extends AdminServlet { } else { if (keyType.equals("ECC")) { // get ECC keypair - keypair = jssSubSystem.getECCKeyPair(tokenName, - keyCurveName, certType); - } else { // DSA or RSA + keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType); + } else { //DSA or RSA if (keyType.equals("DSA")) - pqgParams = jssSubSystem.getPQG(keyLength); - keypair = jssSubSystem.getKeyPair(tokenName, keyType, - keyLength, pqgParams); + pqgParams = jssSubSystem.getPQG(keyLength); + keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams); } } @@ -1384,8 +1439,10 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, - ILogger.SUCCESS, auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, + ILogger.SUCCESS, + auditPublicKey); audit(auditMessage); @@ -1394,8 +1451,10 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, - ILogger.FAILURE, auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, + ILogger.FAILURE, + auditPublicKey); audit(auditMessage); @@ -1404,32 +1463,34 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, - ILogger.FAILURE, auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, + ILogger.FAILURE, + auditPublicKey); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - // auditSubjectID, - // ILogger.FAILURE, - // auditPublicKey ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void setCANewnickname(String tokenName, String nickname) - throws EBaseException { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + // auditSubjectID, + // ILogger.FAILURE, + // auditPublicKey ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void setCANewnickname(String tokenName, String nickname) + throws EBaseException { + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1443,17 +1504,17 @@ public final class CMSAdminServlet extends AdminServlet { } private String getCANewnickname() throws EBaseException { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } private void setRANewnickname(String tokenName, String nickname) - throws EBaseException { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + throws EBaseException { + IRegistrationAuthority ra = (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) ra.setNewNickName(nickname); @@ -1466,16 +1527,15 @@ public final class CMSAdminServlet extends AdminServlet { } private String getRANewnickname() throws EBaseException { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); return ra.getNewNickName(); } private void setOCSPNewnickname(String tokenName, String nickname) - throws EBaseException { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_OCSP); + throws EBaseException { + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); @@ -1489,8 +1549,8 @@ public final class CMSAdminServlet extends AdminServlet { signingUnit.setNewNickName(tokenName + ":" + nickname); } } else { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1505,26 +1565,25 @@ public final class CMSAdminServlet extends AdminServlet { } private String getOCSPNewnickname() throws EBaseException { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } else { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } } - private void setKRANewnickname(String tokenName, String nickname) - throws EBaseException { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + private void setKRANewnickname(String tokenName, String nickname) + throws EBaseException { + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_KRA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) kra.setNewNickName(nickname); @@ -1537,81 +1596,87 @@ public final class CMSAdminServlet extends AdminServlet { } private String getKRANewnickname() throws EBaseException { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); return kra.getNewNickName(); } - private void setRADMNewnickname(String tokenName, String nickName) - throws EBaseException { + private void setRADMNewnickname(String tokenName, String nickName) + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - * HTTPService httpsService = raAdmin.getHttpsService(); if - * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - * httpsService.setNewNickName(nickName); else { if - * (tokenName.equals("") && nickName.equals("")) - * httpsService.setNewNickName(""); else - * httpsService.setNewNickName(tokenName+":"+nickName); } + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + HTTPService httpsService = raAdmin.getHttpsService(); + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + httpsService.setNewNickName(nickName); + else { + if (tokenName.equals("") && nickName.equals("")) + httpsService.setNewNickName(""); + else + httpsService.setNewNickName(tokenName+":"+nickName); + } */ } - private String getRADMNewnickname() throws EBaseException { + private String getRADMNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - * HTTPService httpsService = raAdmin.getHttpsService(); return - * httpsService.getNewNickName(); + RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + HTTPService httpsService = raAdmin.getHttpsService(); + return httpsService.getNewNickName(); */ } private void setAgentNewnickname(String tokenName, String nickName) - throws EBaseException { + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - * HTTPService httpsService = gateway.getHttpsService(); if - * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - * httpsService.setNewNickName(nickName); else { if - * (tokenName.equals("") && nickName.equals("")) - * httpsService.setNewNickName(""); else - * httpsService.setNewNickName(tokenName+":"+nickName); } + AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + HTTPService httpsService = gateway.getHttpsService(); + if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + httpsService.setNewNickName(nickName); + else { + if (tokenName.equals("") && nickName.equals("")) + httpsService.setNewNickName(""); + else + httpsService.setNewNickName(tokenName+":"+nickName); + } */ } - private String getAgentNewnickname() throws EBaseException { + private String getAgentNewnickname() + throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - * HTTPService httpsService = gateway.getHttpsService(); return - * httpsService.getNewNickName(); + AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + HTTPService httpsService = gateway.getHttpsService(); + return httpsService.getNewNickName(); */ } /** * Issue import certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to issue an import certificate */ private void issueImportCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1635,9 +1700,9 @@ public final class CMSAdminServlet extends AdminServlet { String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals("pathname")) { + if (key.equals("pathname")) { configPath = mConfig.getString("instanceRoot", "") - + File.separator + "conf" + File.separator; + + File.separator + "conf" + File.separator; pathname = configPath + value; } else { if (key.equals(Constants.PR_TOKEN_NAME)) @@ -1648,17 +1713,17 @@ public final class CMSAdminServlet extends AdminServlet { String certType = (String) properties.get(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); - IDBSubsystem dbs = (IDBSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_DBS); - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); - ICertificateRepository repository = (ICertificateRepository) ca - .getCertificateRepository(); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + IDBSubsystem dbs = (IDBSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_DBS); + ICertificateAuthority ca = (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateRepository repository = + (ICertificateRepository) ca.getCertificateRepository(); ISigningUnit signingUnit = ca.getSigningUnit(); String oldtokenname = null; - // this is the old nick name + //this is the old nick name String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; String oldcatokenname = signingUnit.getTokenName(); @@ -1676,13 +1741,15 @@ public final class CMSAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new + EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } if (newtokenname == null) @@ -1695,34 +1762,39 @@ public final class CMSAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new + EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - // xxx renew ca ,use old issuer? - properties.setIssuerName(jssSubSystem.getCertSubjectName( - oldcatokenname, canicknameWithoutTokenName)); + //xxx renew ca ,use old issuer? + properties.setIssuerName( + jssSubSystem.getCertSubjectName(oldcatokenname, + canicknameWithoutTokenName)); KeyPair pair = null; if (nickname.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new + EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - // xxx set to old nickname? + //xxx set to old nickname? properties.setCertNickname(nickname); if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) { CertificateExtensions exts = jssSubSystem.getExtensions( @@ -1743,25 +1815,25 @@ public final class CMSAdminServlet extends AdminServlet { defaultOCSPSigningAlg = properties.getHashType(); } } - + // create a new CA certificate or ssl server cert - if (properties.getKeyCurveName() != null) { // new ECC + if (properties.getKeyCurveName() != null) { //new ECC CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys"); pair = jssSubSystem.getECCKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; - } else if (properties.getKeyLength() != null) { // new RSA or DSA + } else if (properties.getKeyLength() != null) { //new RSA or DSA keyType = properties.getKeyType(); String keyLen = properties.getKeyLength(); PQGParams pqgParams = null; if (keyType.equals("DSA")) { pqgParams = jssSubSystem.getCAPQG(Integer.parseInt(keyLen), - mConfig); - // properties.put(Constants.PR_PQGPARAMS, pqgParams); + mConfig); + //properties.put(Constants.PR_PQGPARAMS, pqgParams); } pair = jssSubSystem.getKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; // renew the CA certificate or ssl server cert } else { @@ -1774,12 +1846,11 @@ public final class CMSAdminServlet extends AdminServlet { } /* - * String alg = jssSubSystem.getSignatureAlgorithm(nickname); - * SignatureAlgorithm sigAlg = - * SigningUnit.mapAlgorithmToJss(alg); - * properties.setSignatureAlgorithm(sigAlg); - * properties.setAlgorithmId( jssSubSystem.getAlgorithmId(alg, - * mConfig)); + String alg = jssSubSystem.getSignatureAlgorithm(nickname); + SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg); + properties.setSignatureAlgorithm(sigAlg); + properties.setAlgorithmId( + jssSubSystem.getAlgorithmId(alg, mConfig)); */ } @@ -1792,11 +1863,10 @@ public final class CMSAdminServlet extends AdminServlet { // value provided for signedBy SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, - mConfig)); + properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); } - if (pair == null) + if (pair == null) CMS.debug("CMSAdminServlet: issueImportCert: key pair is null"); BigInteger nextSerialNo = repository.getNextSerialNumber(); @@ -1804,40 +1874,42 @@ public final class CMSAdminServlet extends AdminServlet { properties.setSerialNumber(nextSerialNo); properties.setKeyPair(pair); properties.setConfigFile(mConfig); - // properties.put(Constants.PR_CA_KEYPAIR, pair); + // properties.put(Constants.PR_CA_KEYPAIR, pair); properties.put(Constants.PR_CA_KEYPAIR, caKeyPair); - X509CertImpl signedCert = jssSubSystem.getSignedCert(properties, - certType, caKeyPair.getPrivate()); + X509CertImpl signedCert = + jssSubSystem.getSignedCert(properties, certType, + caKeyPair.getPrivate()); - if (signedCert == null) - CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); + if (signedCert == null) + CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); - /* - * bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname, - * pathname); } catch (Throwable e) { //skip it } + /* bug 600124 + try { + jssSubSystem.deleteTokenCertificate(nickname, pathname); + } catch (Throwable e) { + //skip it + } */ boolean nicknameChanged = false; - // xxx import cert with nickname without token name? - // jss adds the token prefix!!! - // log(ILogger.LL_DEBUG,"import as alias"+ - // nicknameWithoutTokenName); + //xxx import cert with nickname without token name? + //jss adds the token prefix!!! + //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName); try { - CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " - + nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName); jssSubSystem.importCert(signedCert, nicknameWithoutTokenName, - certType); + certType); } catch (EBaseException e) { // if it fails, let use a different nickname to try - Date now = new Date(); - String newNickname = nicknameWithoutTokenName + "-" - + now.getTime(); + Date now = new Date(); + String newNickname = nicknameWithoutTokenName + + "-" + now.getTime(); - CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " - + newNickname); - jssSubSystem.importCert(signedCert, newNickname, certType); + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + newNickname); + jssSubSystem.importCert(signedCert, newNickname, + certType); nicknameWithoutTokenName = newNickname; nicknameChanged = true; if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { @@ -1848,26 +1920,28 @@ public final class CMSAdminServlet extends AdminServlet { } ICertRecord certRecord = repository.createCertRecord( - signedCert.getSerialNumber(), signedCert, null); + signedCert.getSerialNumber(), + signedCert, null); repository.addCertificateRecord(certRecord); if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { try { - X509CertInfo certInfo = (X509CertInfo) signedCert - .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateExtensions extensions = (CertificateExtensions) certInfo - .get(X509CertInfo.EXTENSIONS); + X509CertInfo certInfo = (X509CertInfo) signedCert.get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateExtensions extensions = (CertificateExtensions) + certInfo.get(X509CertInfo.EXTENSIONS); if (extensions != null) { - BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions - .get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension basic = + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.NAME); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { - Integer pathlen = (Integer) basic - .get(BasicConstraintsExtension.PATH_LEN); + Integer pathlen = (Integer) + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -1884,32 +1958,34 @@ public final class CMSAdminServlet extends AdminServlet { } } - CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + " newtoken:" + newtokenname + " nickname:" + nickname); - if ((newtokenname != null && !newtokenname.equals(oldtokenname)) - || nicknameChanged) { + if ((newtokenname != null && + !newtokenname.equals(oldtokenname)) || nicknameChanged) { if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { signingUnit.updateConfig(nicknameWithoutTokenName, - newtokenname); + newtokenname); } else { - signingUnit.updateConfig(newtokenname + ":" - + nicknameWithoutTokenName, newtokenname); + signingUnit.updateConfig(newtokenname + ":" + + nicknameWithoutTokenName, + newtokenname); } - } else if (certType.equals(Constants.PR_SERVER_CERT)) { + } else if (certType.equals(Constants.PR_SERVER_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { nickname = nicknameWithoutTokenName; } else { nickname = newtokenname + ":" - + nicknameWithoutTokenName; + + nicknameWithoutTokenName; } - // setRADMNewnickname("",""); - // modifyRADMCert(nickname); + //setRADMNewnickname("",""); + //modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } @@ -1921,28 +1997,28 @@ public final class CMSAdminServlet extends AdminServlet { nickname = nicknameWithoutTokenName; } else { nickname = newtokenname + ":" - + nicknameWithoutTokenName; + + nicknameWithoutTokenName; } modifyRADMCert(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - if (ca != null) { + if (ca != null) { ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit(); - if (newtokenname - .equals(Constants.PR_INTERNAL_TOKEN_NAME)) { + if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { ocspSigningUnit.updateConfig( - nicknameWithoutTokenName, newtokenname); + nicknameWithoutTokenName, newtokenname); } else { - ocspSigningUnit.updateConfig(newtokenname + ":" - + nicknameWithoutTokenName, newtokenname); + ocspSigningUnit.updateConfig(newtokenname + ":" + + nicknameWithoutTokenName, + newtokenname); } } } } - + // set signing algorithms if needed - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) signingUnit.setDefaultAlgorithm(defaultSigningAlg); if (defaultOCSPSigningAlg != null) { @@ -1955,50 +2031,54 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); mConfig.commit(true); sendResponse(SUCCESS, null, null, resp); } catch (EBaseException eAudit1) { - CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " - + eAudit1.toString()); + CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + eAudit1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; } catch (IOException eAudit2) { - CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " - + eAudit2.toString()); + CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + eAudit2.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getDefaultSigningAlg(String keyType, String messageDigest) { @@ -2007,7 +2087,7 @@ public final class CMSAdminServlet extends AdminServlet { return "MD2withRSA"; } else if (messageDigest.equals("MD5")) { return "MD5withRSA"; - } else if (messageDigest.equals("SHA1")) { + } else if (messageDigest.equals("SHA1")) { return "SHA1withRSA"; } else if (messageDigest.equals("SHA256")) { return "SHA256withRSA"; @@ -2018,7 +2098,7 @@ public final class CMSAdminServlet extends AdminServlet { if (messageDigest.equals("SHA1")) { return "SHA1withDSA"; } - } else /* EC */{ + } else /* EC */ { if (messageDigest.equals("SHA1")) { return "SHA1withEC"; } else if (messageDigest.equals("SHA256")) { @@ -2032,31 +2112,32 @@ public final class CMSAdminServlet extends AdminServlet { return null; } - private void updateCASignature(String nickname, KeyCertData properties, - ICryptoSubsystem jssSubSystem) throws EBaseException { + private void updateCASignature(String nickname, KeyCertData properties, + ICryptoSubsystem jssSubSystem) throws EBaseException { String alg = jssSubSystem.getSignatureAlgorithm(nickname); SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); + properties.setAlgorithmId( + jssSubSystem.getAlgorithmId(alg, mConfig)); } /** * Install certificates * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to install a certificate */ - private void installCert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void installCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2077,30 +2158,31 @@ public final class CMSAdminServlet extends AdminServlet { String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) pkcs = value; else if (key.equals(Constants.RS_ID)) certType = value; else if (key.equals(Constants.PR_NICKNAME)) nickname = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (pkcs == null || pkcs.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2110,8 +2192,8 @@ public final class CMSAdminServlet extends AdminServlet { throw ex; } else { FileInputStream in = new FileInputStream(certpath); - BufferedReader d = new BufferedReader( - new InputStreamReader(in)); + BufferedReader d = + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2131,22 +2213,24 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException ee) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } pkcs = pkcs.trim(); - pathname = serverRoot + File.separator + serverID + File.separator - + "config" + File.separator + pathname; + pathname = serverRoot + File.separator + serverID + + File.separator + "config" + File.separator + pathname; - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); - // String nickname = getNickname(certType); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + //String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; int index = nickname.indexOf(":"); @@ -2159,93 +2243,98 @@ public final class CMSAdminServlet extends AdminServlet { } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } /* - * if (certType.equals(Constants.PR_CA_SIGNING_CERT) || - * certType.equals(Constants.PR_RA_SIGNING_CERT) || - * certType.equals(Constants.PR_OCSP_SIGNING_CERT) || - * certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || - * certType.equals(Constants.PR_SERVER_CERT) || - * certType.equals(Constants.PR_SERVER_CERT_RADM)) { String - * oldnickname = getNickname(certType); try { - * jssSubsystem.deleteTokenCertificate(oldnickname, pathname); - * //jssSubsystem.deleteTokenCertificate(nickname, pathname); } - * catch (EBaseException e) { // skip it } } else { try { - * jssSubsystem.deleteTokenCertificate(nickname, pathname); } catch - * (EBaseException e) { // skip it } } - */ + if (certType.equals(Constants.PR_CA_SIGNING_CERT) || + certType.equals(Constants.PR_RA_SIGNING_CERT) || + certType.equals(Constants.PR_OCSP_SIGNING_CERT) || + certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || + certType.equals(Constants.PR_SERVER_CERT) || + certType.equals(Constants.PR_SERVER_CERT_RADM)) { + String oldnickname = getNickname(certType); + try { + jssSubsystem.deleteTokenCertificate(oldnickname, + pathname); + //jssSubsystem.deleteTokenCertificate(nickname, + pathname); + } catch (EBaseException e) { + // skip it + } + } else { + try { + jssSubsystem.deleteTokenCertificate(nickname, pathname); + } catch (EBaseException e) { + // skip it + } + } + */ // 600124 - renewal of SSL crash the server // we now do not delete previously installed certificates. - // Same Subject | Same Nickname | Same Key | Legal - // ----------------------------------------------------------- - // 1. Yes Yes No Yes - // 2. Yes Yes Yes Yes - // 3. No No Yes Yes - // 4. No No No Yes - // 5. No Yes Yes No - // 6. No Yes No No - // 7. Yes No Yes No - // 8. Yes No No No + // Same Subject | Same Nickname | Same Key | Legal + // ----------------------------------------------------------- + // 1. Yes Yes No Yes + // 2. Yes Yes Yes Yes + // 3. No No Yes Yes + // 4. No No No Yes + // 5. No Yes Yes No + // 6. No Yes No No + // 7. Yes No Yes No + // 8. Yes No No No // Based on above table, the following cases are permitted: // Existing Key: - // (a) Same Subject & Same Nickname --- (2) - // (b) Different Subject & Different Nickname --- (3) - // (In order to support Case b., we need to use a different - // nickname). + // (a) Same Subject & Same Nickname --- (2) + // (b) Different Subject & Different Nickname --- (3) + // (In order to support Case b., we need to use a different + // nickname). // New Key: - // (c) Same Subject & Same Nickname --- (1) - // (d) Different Subject & Different Nickname --- (4) - // (In order to support Case b., we need to use a different - // nickname). + // (c) Same Subject & Same Nickname --- (1) + // (d) Different Subject & Different Nickname --- (4) + // (In order to support Case b., we need to use a different + // nickname). // - CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " - + nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName); try { - jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, - certType); + jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, + certType); } catch (EBaseException e) { boolean certFound = false; String eString = e.toString(); - if (eString - .contains("Failed to find certificate that was just imported")) { - CMS.debug("CMSAdminServlet.installCert(): nickname=" - + nicknameWithoutTokenName + " TokenException: " - + eString); + if(eString.contains("Failed to find certificate that was just imported")) { + CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString); X509Certificate cert = null; try { - cert = CryptoManager.getInstance().findCertByNickname( - nickname); + cert = CryptoManager.getInstance().findCertByNickname(nickname); if (cert != null) { certFound = true; } - CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " - + nickname); + CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " + nickname); } catch (Exception ex) { - CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " - + ex.toString()); + CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString()); } - } + } if (!certFound) { // if it fails, let use a different nickname to try - Date now = new Date(); - String newNickname = nicknameWithoutTokenName + "-" - + now.getTime(); + Date now = new Date(); + String newNickname = nicknameWithoutTokenName + "-" + + now.getTime(); jssSubSystem.importCert(pkcs, newNickname, certType); nicknameWithoutTokenName = newNickname; @@ -2254,17 +2343,16 @@ public final class CMSAdminServlet extends AdminServlet { } else { nickname = tokenName + ":" + newNickname; } - CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" - + nickname); - } + CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname); + } } if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - String signatureAlg = jssSubSystem - .getSignatureAlgorithm(nickname); + String signatureAlg = + jssSubSystem.getSignatureAlgorithm(nickname); signingUnit.setDefaultAlgorithm(signatureAlg); setCANewnickname("", ""); @@ -2273,25 +2361,26 @@ public final class CMSAdminServlet extends AdminServlet { if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); extensions = jssSubSystem.getExtensions( - Constants.PR_INTERNAL_TOKEN_NAME, nickname); + Constants.PR_INTERNAL_TOKEN_NAME, nickname); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); extensions = jssSubSystem.getExtensions(tokenname1, - nicknameWithoutTokenName); + nicknameWithoutTokenName); } if (extensions != null) { - BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions - .get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension basic = + (BasicConstraintsExtension) + extensions.get(BasicConstraintsExtension.NAME); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { - Integer pathlen = (Integer) basic - .get(BasicConstraintsExtension.PATH_LEN); + Integer pathlen = (Integer) + basic.get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -2309,34 +2398,35 @@ public final class CMSAdminServlet extends AdminServlet { } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { setRANewnickname("", ""); - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); ra.setNickname(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { setOCSPNewnickname("", ""); - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); } - } else { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + } else { + ICertificateAuthority ca = + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); @@ -2345,23 +2435,25 @@ public final class CMSAdminServlet extends AdminServlet { } } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { setKRANewnickname("", ""); - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); kra.setNickname(nickname); } else if (certType.equals(Constants.PR_SERVER_CERT)) { setAgentNewnickname("", ""); - // modifyRADMCert(nickname); + //modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = + (IRegistrationAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } if (isSubsystemInstalled("ca")) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = + (ICertificateAuthority) + CMS.getSubsystem(CMS.SUBSYSTEM_CA); modifyCAGatewayCert(ca, nickname); } @@ -2372,41 +2464,47 @@ public final class CMSAdminServlet extends AdminServlet { boolean verified = CMS.verifySystemCertByNickname(nickname, null); if (verified == true) { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" - + nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - auditSubjectID, ILogger.SUCCESS, nickname); + auditSubjectID, + ILogger.SUCCESS, + nickname); audit(auditMessage); } else { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" - + nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - auditSubjectID, ILogger.FAILURE, nickname); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + auditSubjectID, + ILogger.FAILURE, + nickname); audit(auditMessage); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); mConfig.commit(true); - if (verified == true) { + if(verified == true) { sendResponse(SUCCESS, null, null, resp); } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), - "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), + null, resp); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2415,45 +2513,47 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** - * For "importing" cross-signed cert into internal db for further cross pair - * matching and publishing + * For "importing" cross-signed cert into internal db for further + * cross pair matching and publishing * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when * "Certificate Setup Wizard" is used to import a CA cross-signed * certificate into the database * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to import a cross-certificate pair */ - private void importXCert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void importXCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2474,28 +2574,29 @@ public final class CMSAdminServlet extends AdminServlet { String value = req.getParameter(key); // really should be PR_CERT_CONTENT - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) b64Cert = value; else if (key.equals(Constants.RS_ID)) certType = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (b64Cert == null || b64Cert.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2505,8 +2606,8 @@ public final class CMSAdminServlet extends AdminServlet { throw ex; } else { FileInputStream in = new FileInputStream(certpath); - BufferedReader d = new BufferedReader( - new InputStreamReader(in)); + BufferedReader d = + new BufferedReader(new InputStreamReader(in)); String content = ""; b64Cert = ""; @@ -2525,13 +2626,15 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException ee) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } CMS.debug("CMSAdminServlet: got b64Cert"); b64Cert = Cert.stripBrackets(b64Cert.trim()); @@ -2545,25 +2648,27 @@ public final class CMSAdminServlet extends AdminServlet { CMS.debug("CMSAdminServlet: exception: " + e.toString()); } - pathname = serverRoot + File.separator + serverID + File.separator - + "config" + File.separator + pathname; + pathname = serverRoot + File.separator + serverID + + File.separator + "config" + File.separator + pathname; - ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS - .getSubsystem("CrossCertPair"); + ICrossCertPairSubsystem ccps = + (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); try { - // this will import into internal ldap crossCerts entry + //this will import into internal ldap crossCerts entry ccps.importCert(bCert); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); sendResponse(1, "xcert importing failure:" + e.toString(), - null, resp); + null, resp); return; } @@ -2574,19 +2679,20 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - sendResponse(1, "xcerts publishing failure:" + e.toString(), - null, resp); + sendResponse(1, "xcerts publishing failure:" + e.toString(), null, resp); return; } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); - String content = jssSubSystem.getCertPrettyPrint(b64Cert, + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + String content = jssSubSystem.getCertPrettyPrint(b64Cert, super.getLocale(req)); results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert"); @@ -2594,8 +2700,10 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -2603,8 +2711,10 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2613,45 +2723,46 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getNickname(String certType) throws EBaseException { String nickname = ""; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = + (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); nickname = signingUnit.getNickname(); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = + (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp == null) { // this is a local CA service - ICertificateAuthority ca = (ICertificateAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); nickname = signingUnit.getNickname(); @@ -2661,26 +2772,27 @@ public final class CMSAdminServlet extends AdminServlet { nickname = signingUnit.getNickname(); } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { - IRegistrationAuthority ra = (IRegistrationAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = + (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); nickname = ra.getNickname(); } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS - .getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = + (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); nickname = kra.getNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT)) { nickname = CMS.getServerCertNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) { nickname = CMS.getServerCertNickname(); - } + } return nickname; } - private void getCertInfo(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getCertInfo(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); String pkcs = ""; @@ -2713,8 +2825,8 @@ public final class CMSAdminServlet extends AdminServlet { throw ex; } else { FileInputStream in = new FileInputStream(path); - BufferedReader d = new BufferedReader( - new InputStreamReader(in)); + BufferedReader d = + new BufferedReader(new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2737,10 +2849,9 @@ public final class CMSAdminServlet extends AdminServlet { pkcs = pkcs.trim(); int totalLen = pkcs.length(); - if (pkcs.indexOf(BEGIN_HEADER) != 0 - || pkcs.indexOf(END_HEADER) != (totalLen - 25)) { - throw (new EBaseException( - CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); + if (pkcs.indexOf(BEGIN_HEADER) != 0 || + pkcs.indexOf(END_HEADER) != (totalLen - 25)) { + throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); } String nickname = ""; @@ -2763,25 +2874,25 @@ public final class CMSAdminServlet extends AdminServlet { if (nickname.equals("")) nickname = getNickname(certType); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String content = jssSubSystem.getCertPrettyPrint(pkcs, super.getLocale(req)); if (nickname != null && !nickname.equals("")) results.add(Constants.PR_NICKNAME, nickname); results.add(Constants.PR_CERT_CONTENT, content); - // results = jssSubSystem.getCertInfo(value); + //results = jssSubSystem.getCertInfo(value); sendResponse(SUCCESS, null, results, resp); } private void getCertPrettyPrint(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2801,7 +2912,7 @@ public final class CMSAdminServlet extends AdminServlet { if (key.equals(Constants.PR_NICK_NAME)) { nickname = value; continue; - } + } if (key.equals(Constants.PR_SERIAL_NUMBER)) { serialno = value; continue; @@ -2812,19 +2923,19 @@ public final class CMSAdminServlet extends AdminServlet { } } - String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, - serialno, issuername, locale); + String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, + serialno, issuername, locale); pairs.add(nickname, print); sendResponse(SUCCESS, null, pairs, resp); } private void getRootCertTrustBit(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2855,86 +2966,92 @@ public final class CMSAdminServlet extends AdminServlet { } } - String trustbit = jssSubSystem.getRootCertTrustBit(nickname, serialno, - issuername); + String trustbit = jssSubSystem.getRootCertTrustBit(nickname, + serialno, issuername); pairs.add(nickname, trustbit); sendResponse(SUCCESS, null, pairs, resp); } - private void getCACerts(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getCACerts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getCACerts(); sendResponse(SUCCESS, null, pairs, resp); } - private void deleteRootCert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void deleteRootCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex + 1); + String issuername = sstr1.substring(lindex+1); jssSubSystem.deleteRootCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } - private void deleteUserCert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void deleteUserCert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex + 1); + String issuername = sstr1.substring(lindex+1); jssSubSystem.deleteUserCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } - private void getRootCerts(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getRootCerts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getRootCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void getAllCertsManage(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getAllCertsManage(); sendResponse(SUCCESS, null, pairs, resp); } - private void getUserCerts(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getUserCerts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getUserCerts(); sendResponse(SUCCESS, null, pairs, resp); } - private void deleteCerts(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void deleteCerts(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String date = ""; @@ -2952,18 +3069,18 @@ public final class CMSAdminServlet extends AdminServlet { nickname = value.substring(0, index); date = value.substring(index + 1); - // cant use this one now since jss doesnt have the interface to + // cant use this one now since jss doesnt have the interface to // do it. jssSubSystem.deleteCert(nickname, date); - // jssSubsystem.deleteCACert(nickname, date); + // jssSubsystem.deleteCACert(nickname, date); } sendResponse(SUCCESS, null, null, resp); } private void validateSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); @@ -2972,19 +3089,19 @@ public final class CMSAdminServlet extends AdminServlet { String value = req.getParameter(key); if (key.equals(Constants.PR_SUBJECT_NAME)) { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.isX500DN(value); } } sendResponse(SUCCESS, null, null, resp); - } + } private void validateKeyLength(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String keyType = "RSA"; String keyLen = "512"; @@ -3003,18 +3120,18 @@ public final class CMSAdminServlet extends AdminServlet { } } int keyLength = Integer.parseInt(keyLen); - int minKey = mConfig.getInteger(ConfigConstants.PR_RSA_MIN_KEYLENGTH, - 512); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + int minKey = mConfig.getInteger( + ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); // jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey); sendResponse(SUCCESS, null, null, resp); } private void validateCurveName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String curveName = null; @@ -3030,22 +3147,21 @@ public final class CMSAdminServlet extends AdminServlet { String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521"); String[] curves = curveList.split(","); boolean match = false; - for (int i = 0; i < curves.length; i++) { + for (int i=0; i<curves.length; i++) { if (curves[i].equals(curveName)) { match = true; } } if (!match) { - throw new EBaseException( - CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME")); + throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME")); } sendResponse(SUCCESS, null, null, resp); } private void validateCertExtension(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String certExt = ""; @@ -3059,18 +3175,19 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.checkCertificateExt(certExt); sendResponse(SUCCESS, null, null, resp); } - private void getSubjectName(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void getSubjectName(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration enum1 = req.getParameterNames(); - + String nickname = ""; String keyType = "RSA"; String keyLen = "512"; @@ -3088,8 +3205,8 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3097,8 +3214,8 @@ public final class CMSAdminServlet extends AdminServlet { } private void processSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration enum1 = req.getParameterNames(); @@ -3117,8 +3234,8 @@ public final class CMSAdminServlet extends AdminServlet { } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3126,8 +3243,8 @@ public final class CMSAdminServlet extends AdminServlet { } public void setRootCertTrust(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, IOException, - EBaseException { + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String nickname = req.getParameter(Constants.PR_NICK_NAME); @@ -3137,15 +3254,16 @@ public final class CMSAdminServlet extends AdminServlet { CMS.debug("CMSAdminServlet: setRootCertTrust()"); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); try { - jssSubSystem - .setRootCertTrust(nickname, serialno, issuername, trust); - } catch (EBaseException e) { + jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust); + } catch (EBaseException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later @@ -3154,8 +3272,10 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, auditSubjectID, - ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); @@ -3165,19 +3285,19 @@ public final class CMSAdminServlet extends AdminServlet { /** * Establish trust of a CA certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Manage Certificate" is used to edit the trustness of certs and deletion - * of certs + * "Manage Certificate" is used to edit the trustness of certs and + * deletion of certs * </ul> - * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to establish CA certificate trust */ - private void trustCACert(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException, EBaseException { + private void trustCACert(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, + IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3187,8 +3307,8 @@ public final class CMSAdminServlet extends AdminServlet { // to the signed audit log and stored as failures try { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); String trust = ""; while (enum1.hasMoreElements()) { @@ -3208,18 +3328,22 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.SUCCESS, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.SUCCESS, + auditParams(req)); audit(auditMessage); - // sendResponse(SUCCESS, null, null, resp); + //sendResponse(SUCCESS, null, null, resp); sendResponse(RESTART, null, null, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -3228,46 +3352,50 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, ILogger.FAILURE, auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, + ILogger.FAILURE, + auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** * Execute all self tests specified to be run on demand. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self * tests are run on demand * </ul> - * - * @exception EMissingSelfTestException a self test plugin instance property - * name was missing + * @exception EMissingSelfTestException a self test plugin instance + * property name was missing * @exception ESelfTestException a self test is missing a required - * configuration parameter + * configuration parameter * @exception IOException an input/output error has occurred */ - private synchronized void runSelfTestsOnDemand(HttpServletRequest req, - HttpServletResponse resp) throws EMissingSelfTestException, - ESelfTestException, IOException { + private synchronized void + runSelfTestsOnDemand(HttpServletRequest req, + HttpServletResponse resp) + throws EMissingSelfTestException, + ESelfTestException, + IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3276,7 +3404,7 @@ public final class CMSAdminServlet extends AdminServlet { try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " ENTERING . . ."); + + " ENTERING . . ."); } Enumeration enum1 = req.getParameterNames(); @@ -3296,28 +3424,32 @@ public final class CMSAdminServlet extends AdminServlet { } } - ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) CMS - .getSubsystem(CMS.SUBSYSTEM_SELFTESTS); + ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) + CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); - if ((request == null) || (request.equals(""))) { + if ((request == null) || + (request.equals(""))) { // self test plugin run on demand request parameter was missing // log the error - logMessage = CMS.getLogMessage( - "SELFTESTS_RUN_ON_DEMAND_REQUEST", getServletInfo(), - Constants.PR_RUN_SELFTESTS_ON_DEMAND); + logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST", + getServletInfo(), + Constants.PR_RUN_SELFTESTS_ON_DEMAND + ); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage + "\n"; + content += logMessage + + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception @@ -3325,77 +3457,83 @@ public final class CMSAdminServlet extends AdminServlet { } // run all self test plugin instances (designated on-demand) - String[] selftests = mSelfTestSubsystem - .listSelfTestsEnabledOnDemand(); + String[] selftests = mSelfTestSubsystem.listSelfTestsEnabledOnDemand(); if (selftests != null && selftests.length > 0) { // log that execution of on-demand self tests has begun logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND", - getServletInfo()); + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage + "\n"; + content += logMessage + + "\n"; for (int i = 0; i < selftests.length; i++) { if (selftests[i] != null) { instanceName = selftests[i].trim(); - instanceFullName = ISelfTestSubsystem.ID + "." - + ISelfTestSubsystem.PROP_CONTAINER + "." - + ISelfTestSubsystem.PROP_INSTANCE + "." + instanceFullName = ISelfTestSubsystem.ID + + "." + + ISelfTestSubsystem.PROP_CONTAINER + + "." + + ISelfTestSubsystem.PROP_INSTANCE + + "." + instanceName; } else { // self test plugin instance property name was missing // log the error logMessage = CMS.getLogMessage( - "SELFTESTS_PARAMETER_WAS_NULL", - getServletInfo()); + "SELFTESTS_PARAMETER_WAS_NULL", + getServletInfo()); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage + "\n"; + content += logMessage + + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception throw new EMissingSelfTestException(); } - ISelfTest test = (ISelfTest) mSelfTestSubsystem - .getSelfTest(instanceName); + ISelfTest test = (ISelfTest) + mSelfTestSubsystem.getSelfTest(instanceName); if (test == null) { - // self test plugin instance property name is not - // present + // self test plugin instance property name is not present // log the error - logMessage = CMS.getLogMessage( - "SELFTESTS_MISSING_NAME", getServletInfo(), - instanceFullName); + logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME", + getServletInfo(), + instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage + "\n"; + content += logMessage + + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception @@ -3405,14 +3543,15 @@ public final class CMSAdminServlet extends AdminServlet { try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" - + test.getSelfTestName() - + "\""); + + " running \"" + + test.getSelfTestName() + + "\""); } // store this information for console notification content += "CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" + test.getSelfTestName() + + " running \"" + + test.getSelfTestName() + "\" . . .\n"; test.runSelfTest(mSelfTestSubsystem.getSelfTestLogger()); @@ -3421,27 +3560,30 @@ public final class CMSAdminServlet extends AdminServlet { content += "COMPLETED SUCCESSFULLY\n"; } catch (ESelfTestException e) { // Check to see if the self test was critical: - if (mSelfTestSubsystem - .isSelfTestCriticalOnDemand(instanceName)) { + if (mSelfTestSubsystem.isSelfTestCriticalOnDemand( + instanceName)) { // log the error logMessage = CMS.getLogMessage( - "SELFTESTS_RUN_ON_DEMAND_FAILED", - getServletInfo(), instanceFullName); + "SELFTESTS_RUN_ON_DEMAND_FAILED", + getServletInfo(), + instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE content += "FAILED WITH CRITICAL ERROR\n"; - content += logMessage + "\n"; + content += logMessage + + "\n"; sendResponse(ERROR, content, null, resp); // shutdown the system gracefully @@ -3457,47 +3599,52 @@ public final class CMSAdminServlet extends AdminServlet { // log that execution of all "critical" on-demand self tests // has completed "successfully" - logMessage = CMS.getLogMessage( - "SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", getServletInfo()); + logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage + "\n"; + content += logMessage + + "\n"; } else { // log this fact logMessage = CMS.getLogMessage("SELFTESTS_NOT_RUN_ON_DEMAND", - getServletInfo()); + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage + "\n"; + content += logMessage + + "\n"; } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, - ILogger.SUCCESS); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.SUCCESS); audit(auditMessage); // notify console of SUCCESS results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS, - CMSAdminServlet.class.getName()); - results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, content); + CMSAdminServlet.class.getName()); + results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, + content); sendResponse(SUCCESS, null, results, resp); if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " EXITING."); + + " EXITING."); } } catch (EMissingSelfTestException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3506,8 +3653,9 @@ public final class CMSAdminServlet extends AdminServlet { } catch (ESelfTestException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3516,8 +3664,9 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit3) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3527,17 +3676,16 @@ public final class CMSAdminServlet extends AdminServlet { } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, - "CMSAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); } /** * Signed Audit Log Public Key - * + * * This method is called to obtain the public key from the passed in * "KeyPair" object for a signed audit log message. * <P> - * + * * @param object a Key Pair Object * @return key string containing the public key */ @@ -3586,3 +3734,4 @@ public final class CMSAdminServlet extends AdminServlet { } } } + |