summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java2079
1 files changed, 965 insertions, 1114 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index f57d12e2..ba8aa448 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.admin;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
@@ -83,11 +82,10 @@ import com.netscape.cmsutil.util.Cert;
import com.netscape.symkey.SessionKey;
/**
- * A class representings an administration servlet. This
- * servlet is responsible to serve Certificate Server
- * level administrative operations such as configuration
- * parameter updates.
- *
+ * A class representings an administration servlet. This servlet is responsible
+ * to serve Certificate Server level administrative operations such as
+ * configuration parameter updates.
+ *
* @version $Revision$, $Date$
*/
public final class CMSAdminServlet extends AdminServlet {
@@ -108,16 +106,11 @@ public final class CMSAdminServlet extends AdminServlet {
private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
private final static byte EOL[] = { Character.LINE_SEPARATOR };
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION =
- "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
- private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY =
- "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
- private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC =
- "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
- private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION =
- "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
- private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION =
- "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
+ private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
+ private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
+ private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
+ private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
// CMS must be instantiated before this admin servlet.
@@ -146,13 +139,13 @@ public final class CMSAdminServlet extends AdminServlet {
* Serves HTTP request.
*/
public void service(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
+ throws ServletException, IOException {
super.service(req, resp);
try {
super.authenticate(req);
} catch (IOException e) {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp);
return;
}
@@ -164,9 +157,8 @@ public final class CMSAdminServlet extends AdminServlet {
if (scope.equals(ScopeDef.SC_PLATFORM)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
getEnv(req, resp);
@@ -175,9 +167,8 @@ public final class CMSAdminServlet extends AdminServlet {
if (op.equals(OpDef.OP_READ)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP))
@@ -199,14 +190,13 @@ public final class CMSAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_MODIFY)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_LDAP))
setDBConfig(req, resp);
- else if (scope.equals(ScopeDef.SC_SMTP))
+ else if (scope.equals(ScopeDef.SC_SMTP))
modifySMTPConfig(req, resp);
else if (scope.equals(ScopeDef.SC_TASKS))
performTasks(req, resp);
@@ -214,9 +204,9 @@ public final class CMSAdminServlet extends AdminServlet {
modifyEncryption(req, resp);
else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT))
issueImportCert(req, resp);
- else if (scope.equals(ScopeDef.SC_INSTALL_CERT))
+ else if (scope.equals(ScopeDef.SC_INSTALL_CERT))
installCert(req, resp);
- else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT))
+ else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT))
importXCert(req, resp);
else if (scope.equals(ScopeDef.SC_DELETE_CERTS))
deleteCerts(req, resp);
@@ -229,9 +219,8 @@ public final class CMSAdminServlet extends AdminServlet {
} else if (op.equals(OpDef.OP_SEARCH)) {
mOp = "read";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_SUBSYSTEM))
@@ -240,33 +229,31 @@ public final class CMSAdminServlet extends AdminServlet {
getCACerts(req, resp);
else if (scope.equals(ScopeDef.SC_ALL_CERTLIST))
getAllCertsManage(req, resp);
- else if (scope.equals(ScopeDef.SC_USERCERTSLIST))
+ else if (scope.equals(ScopeDef.SC_USERCERTSLIST))
getUserCerts(req, resp);
- else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
+ else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
getTKSKeys(req, resp);
- else if (scope.equals(ScopeDef.SC_TOKEN))
+ else if (scope.equals(ScopeDef.SC_TOKEN))
getAllTokenNames(req, resp);
else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST))
getRootCerts(req, resp);
} else if (op.equals(OpDef.OP_DELETE)) {
mOp = "delete";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) {
deleteRootCert(req, resp);
} else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) {
- deleteUserCert(req,resp);
+ deleteUserCert(req, resp);
}
} else if (op.equals(OpDef.OP_PROCESS)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_CERT_REQUEST))
@@ -283,14 +270,13 @@ public final class CMSAdminServlet extends AdminServlet {
checkTokenStatus(req, resp);
else if (scope.equals(ScopeDef.SC_SELFTESTS))
runSelfTestsOnDemand(req, resp);
- else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
+ else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
createMasterKey(req, resp);
} else if (op.equals(OpDef.OP_VALIDATE)) {
mOp = "modify";
if ((mToken = super.authorize(req)) == null) {
- sendResponse(ERROR,
- CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp);
return;
}
if (scope.equals(ScopeDef.SC_SUBJECT_NAME))
@@ -303,8 +289,7 @@ public final class CMSAdminServlet extends AdminServlet {
validateCurveName(req, resp);
}
} catch (EBaseException e) {
- sendResponse(ERROR, e.toString(getLocale(req)),
- null, resp);
+ sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
return;
} catch (Exception e) {
StringWriter sw = new StringWriter();
@@ -316,25 +301,24 @@ public final class CMSAdminServlet extends AdminServlet {
}
}
- private void getEnv(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getEnv(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
if (File.separator.equals("\\"))
params.add(Constants.PR_NT, Constants.TRUE);
else
params.add(Constants.PR_NT, Constants.FALSE);
-
+
sendResponse(SUCCESS, null, params, resp);
}
private void getAllTokenNames(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs params = new NameValuePairs();
params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList());
@@ -343,15 +327,15 @@ public final class CMSAdminServlet extends AdminServlet {
}
private void getAllNicknames(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts());
-
+
sendResponse(SUCCESS, null, params, resp);
}
@@ -362,27 +346,26 @@ public final class CMSAdminServlet extends AdminServlet {
String type = "";
ISubsystem sys = (ISubsystem) e.nextElement();
- //get subsystem type
- if ((sys instanceof IKeyRecoveryAuthority) &&
- subsystem.equals("kra"))
+ // get subsystem type
+ if ((sys instanceof IKeyRecoveryAuthority)
+ && subsystem.equals("kra"))
return true;
- else if ((sys instanceof IRegistrationAuthority) &&
- subsystem.equals("ra"))
+ else if ((sys instanceof IRegistrationAuthority)
+ && subsystem.equals("ra"))
return true;
- else if ((sys instanceof ICertificateAuthority) &&
- subsystem.equals("ca"))
+ else if ((sys instanceof ICertificateAuthority)
+ && subsystem.equals("ca"))
return true;
- else if ((sys instanceof IOCSPAuthority) &&
- subsystem.equals("ocsp"))
+ else if ((sys instanceof IOCSPAuthority)
+ && subsystem.equals("ocsp"))
return true;
}
return false;
}
- private void readEncryption(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void readEncryption(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
Enumeration e = CMS.getSubsystems();
boolean isCAInstalled = false;
@@ -395,7 +378,7 @@ public final class CMSAdminServlet extends AdminServlet {
String type = "";
ISubsystem sys = (ISubsystem) e.nextElement();
- //get subsystem type
+ // get subsystem type
if (sys instanceof IKeyRecoveryAuthority)
isKRAInstalled = true;
else if (sys instanceof IRegistrationAuthority)
@@ -406,19 +389,20 @@ public final class CMSAdminServlet extends AdminServlet {
isOCSPInstalled = true;
else if (sys instanceof ITKSAuthority)
isTKSInstalled = true;
-
- }
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ }
+
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String caTokenName = "";
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_CIPHER_VERSION,
- jssSubSystem.getCipherVersion());
- params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza());
- params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences());
+ params.add(Constants.PR_CIPHER_VERSION, jssSubSystem.getCipherVersion());
+ params.add(Constants.PR_CIPHER_FORTEZZA,
+ jssSubSystem.isCipherFortezza());
+ params.add(Constants.PR_CIPHER_PREF,
+ jssSubSystem.getCipherPreferences());
String tokenList = jssSubSystem.getTokenList();
@@ -428,7 +412,7 @@ public final class CMSAdminServlet extends AdminServlet {
while (tokenizer.hasMoreElements()) {
String tokenName = (String) tokenizer.nextElement();
String certs = jssSubSystem.getCertListWithoutTokenName(tokenName);
-
+
if (certs.equals(""))
continue;
if (tokenNewList.equals(""))
@@ -442,7 +426,8 @@ public final class CMSAdminServlet extends AdminServlet {
params.add(Constants.PR_TOKEN_LIST, tokenNewList);
if (isCAInstalled) {
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
caTokenName = signingUnit.getTokenName();
@@ -452,31 +437,31 @@ public final class CMSAdminServlet extends AdminServlet {
String caNickName = signingUnit.getNickname();
- //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName);
+ // params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName);
params.add(Constants.PR_CERT_CA, getCertNickname(caNickName));
}
if (isRAInstalled) {
- IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
String raNickname = ra.getNickname();
params.add(Constants.PR_CERT_RA, getCertNickname(raNickname));
}
if (isKRAInstalled) {
- IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
String kraNickname = kra.getNickname();
params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname));
}
if (isTKSInstalled) {
- ITKSAuthority tks = (ITKSAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
+ ITKSAuthority tks = (ITKSAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_TKS);
}
String nickName = CMS.getServerCertNickname();
-
+
params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName));
sendResponse(SUCCESS, null, params, resp);
@@ -518,18 +503,19 @@ public final class CMSAdminServlet extends AdminServlet {
/**
* Modify encryption configuration
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when
* configuring encryption (cert settings and SSL cipher preferences)
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to modify encryption configuration
*/
private void modifyEncryption(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -539,8 +525,8 @@ public final class CMSAdminServlet extends AdminServlet {
try {
Enumeration enum1 = req.getParameterNames();
NameValuePairs params = new NameValuePairs();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.getInternalTokenName();
Enumeration e = CMS.getSubsystems();
@@ -554,7 +540,7 @@ public final class CMSAdminServlet extends AdminServlet {
String type = "";
ISubsystem sys = (ISubsystem) e.nextElement();
- //get subsystem type
+ // get subsystem type
if (sys instanceof IKeyRecoveryAuthority)
isKRAInstalled = true;
else if (sys instanceof IRegistrationAuthority)
@@ -563,21 +549,23 @@ public final class CMSAdminServlet extends AdminServlet {
isCAInstalled = true;
else if (sys instanceof IOCSPAuthority)
isOCSPInstalled = true;
- else if (sys instanceof ITKSAuthority)
+ else if (sys instanceof ITKSAuthority)
isTKSInstalled = true;
}
- ICertificateAuthority ca = null;
+ ICertificateAuthority ca = null;
IRegistrationAuthority ra = null;
IKeyRecoveryAuthority kra = null;
- ITKSAuthority tks = null;
+ ITKSAuthority tks = null;
if (isCAInstalled)
ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
if (isRAInstalled)
- ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
if (isKRAInstalled)
- kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
if (isTKSInstalled)
tks = (ITKSAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
@@ -593,19 +581,20 @@ public final class CMSAdminServlet extends AdminServlet {
ISigningUnit signingUnit = ca.getSigningUnit();
if ((val != null) && (!val.equals(""))) {
- StringTokenizer tokenizer = new StringTokenizer(val, ",");
+ StringTokenizer tokenizer = new StringTokenizer(val,
+ ",");
if (tokenizer.countTokens() != 2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- throw new EBaseException(CMS.getLogMessage("BASE_INVALID_UI_INFO"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_UI_INFO"));
}
String tokenName = (String) tokenizer.nextElement();
@@ -623,14 +612,14 @@ public final class CMSAdminServlet extends AdminServlet {
} else
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
- throw new EBaseException(CMS.getLogMessage("BASE_NOT_CA_CERT"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_NOT_CA_CERT"));
}
} else if (name.equals(Constants.PR_CERT_RA)) {
if ((val != null) && (!val.equals(""))) {
@@ -660,10 +649,8 @@ public final class CMSAdminServlet extends AdminServlet {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -672,10 +659,8 @@ public final class CMSAdminServlet extends AdminServlet {
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -684,28 +669,26 @@ public final class CMSAdminServlet extends AdminServlet {
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID,
+ ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
private String getCertConfigNickname(String val) throws EBaseException {
@@ -727,9 +710,9 @@ public final class CMSAdminServlet extends AdminServlet {
CMS.setServerCertNickname(nickName);
/*
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- HTTPService httpsService = raAdmin.getHttpsService();
- httpsService.setNickName(nickName);
+ * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+ * HTTPService httpsService = raAdmin.getHttpsService();
+ * httpsService.setNickName(nickName);
*/
}
@@ -737,9 +720,9 @@ public final class CMSAdminServlet extends AdminServlet {
CMS.setServerCertNickname(nickName);
/*
- AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
- HTTPService httpsService = gateway.getHttpsService();
- httpsService.setNickName(nickName);
+ * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
+ * HTTPService httpsService = gateway.getHttpsService();
+ * httpsService.setNickName(nickName);
*/
}
@@ -747,9 +730,9 @@ public final class CMSAdminServlet extends AdminServlet {
CMS.setServerCertNickname(nickName);
/*
- HTTPSubsystem eeGateway = ra.getHTTPSubsystem();
- HTTPService httpsService = eeGateway.getHttpsService();
- httpsService.setNickName(nickName);
+ * HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); HTTPService
+ * httpsService = eeGateway.getHttpsService();
+ * httpsService.setNickName(nickName);
*/
}
@@ -757,31 +740,30 @@ public final class CMSAdminServlet extends AdminServlet {
CMS.setServerCertNickname(nickName);
/*
- HTTPSubsystem caGateway = ca.getHTTPSubsystem();
- HTTPService httpsService = caGateway.getHttpsService();
- httpsService.setNickName(nickName);
+ * HTTPSubsystem caGateway = ca.getHTTPSubsystem(); HTTPService
+ * httpsService = caGateway.getHttpsService();
+ * httpsService.setNickName(nickName);
*/
}
/**
* Performs Server Tasks: RESTART/STOP operation
*/
- private void performTasks(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void performTasks(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String restart = req.getParameter(Constants.PR_SERVER_RESTART);
String stop = req.getParameter(Constants.PR_SERVER_STOP);
NameValuePairs params = new NameValuePairs();
if (restart != null) {
- //XXX Uncommented afetr watchdog is implemented
+ // XXX Uncommented afetr watchdog is implemented
sendResponse(SUCCESS, null, params, resp);
- //mServer.restart();
+ // mServer.restart();
return;
}
if (stop != null) {
- //XXX Send response first then shutdown
+ // XXX Send response first then shutdown
sendResponse(SUCCESS, null, params, resp);
CMS.shutdown();
return;
@@ -794,9 +776,8 @@ public final class CMSAdminServlet extends AdminServlet {
/**
* Reads subsystems that server has loaded with.
*/
- private void readSubsystem(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void readSubsystem(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = CMS.getSubsystems();
StringBuffer buff = new StringBuffer();
@@ -805,7 +786,7 @@ public final class CMSAdminServlet extends AdminServlet {
String type = "";
ISubsystem sys = (ISubsystem) e.nextElement();
- //get subsystem type
+ // get subsystem type
if (sys instanceof IKeyRecoveryAuthority)
type = Constants.PR_KRA_INSTANCE;
if (sys instanceof IRegistrationAuthority)
@@ -814,7 +795,7 @@ public final class CMSAdminServlet extends AdminServlet {
type = Constants.PR_CA_INSTANCE;
if (sys instanceof IOCSPAuthority)
type = Constants.PR_OCSP_INSTANCE;
- if (sys instanceof ITKSAuthority)
+ if (sys instanceof ITKSAuthority)
type = Constants.PR_TKS_INSTANCE;
if (!type.trim().equals(""))
params.add(sys.getId(), type);
@@ -826,13 +807,13 @@ public final class CMSAdminServlet extends AdminServlet {
/**
* Reads server statistics.
*/
- private void readStat(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void readStat(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
IConfigStore cs = CMS.getConfigStore();
try {
- String installdate = cs.getString(Constants.PR_STAT_INSTALLDATE, "");
+ String installdate = cs
+ .getString(Constants.PR_STAT_INSTALLDATE, "");
params.add(Constants.PR_STAT_INSTALLDATE, installdate);
} catch (Exception e) {
}
@@ -850,9 +831,9 @@ public final class CMSAdminServlet extends AdminServlet {
}
params.add(Constants.PR_STAT_STARTUP,
- (new Date(CMS.getStartupTime())).toString());
+ (new Date(CMS.getStartupTime())).toString());
params.add(Constants.PR_STAT_TIME,
- (new Date(System.currentTimeMillis())).toString());
+ (new Date(System.currentTimeMillis())).toString());
sendResponse(SUCCESS, null, params, resp);
}
@@ -860,127 +841,105 @@ public final class CMSAdminServlet extends AdminServlet {
* Modifies network information.
*/
private void modifyNetworkConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
/*
- HTTPSubsystem eeGateway = (HTTPSubsystem)
- SubsystemRegistry.getInstance().get("eeGateway");
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID);
-
- Enumeration enum1 = req.getParameterNames();
-
- String eeHTTPportString = null;
- String eeHTTPSportString = null;
- String agentHTTPSportString = null;
- String radminHTTPSportString = null;
-
- String gatewayBacklog = "15";
-
- // eeHTTPEnabled corresponds to the checkbox which enables the
- // HTTP EE port
- String eeHTTPEnabled = Constants.FALSE;
-
- while (enum1.hasMoreElements()) {
- String key = (String)enum1.nextElement();
- String value = (String)req.getParameter(key);
-
- if (key.equals(Constants.PR_AGENT_S_BACKLOG)) {
- agent.setHTTPSBacklog(value);
- } else if (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) {
- eeGateway.setHTTPSBacklog(value);
- } else if (key.equals(Constants.PR_ADMIN_S_BACKLOG)) {
- raAdmin.setHTTPSBacklog(value);
- } else if (key.equals(Constants.PR_GATEWAY_BACKLOG)) {
- gatewayBacklog = value;
- } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) {
- eeHTTPEnabled = value;
- }
- }
-
-
- eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT);
- eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT);
- agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT);
- radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT);
-
-
- int eeHTTPport=0;
- int eeHTTPSport=0;
- int agentHTTPSport=0;
- int radminHTTPSport=0;
- if (eeHTTPportString != null) eeHTTPport = Integer.parseInt(eeHTTPportString);
- if (eeHTTPSportString != null) eeHTTPSport = Integer.parseInt(eeHTTPSportString);
- if (agentHTTPSportString != null) agentHTTPSport = Integer.parseInt(agentHTTPSportString);
- if (radminHTTPSportString != null) radminHTTPSport = Integer.parseInt(radminHTTPSportString);
-
-
- String portName="";
- int portnum;
- try {
-
- // EE HTTP is special, since it has it's own checkbox for enabling/disabling
- if (eeHTTPEnabled.equals(Constants.TRUE) &&
- eeHTTPport != 0 &&
- eeHTTPport != eeGateway.getHTTPPort())
- {
- portName = "End-entity";
- checkPortAvailable(eeHTTPport);
- }
-
- if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) {
- portName = "SSL End-entity";
- checkPortAvailable(eeHTTPSport);
- }
- if (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) {
- portName = "Agent";
- checkPortAvailable(agentHTTPSport);
- }
- if (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) {
- portName = "Remote Admin";
- checkPortAvailable(radminHTTPSport);
- }
-
- // If any of the above ports are not available, an exception
- // will be thrown and these methods below will not be called
-
- if (eeHTTPEnabled.equals(Constants.TRUE)) {
- eeGateway.setHTTPPort(eeHTTPport);
- }
- eeGateway.setHTTPSPort(eeHTTPSport);
- agent.setHTTPSPort(agentHTTPSport);
- raAdmin.setHTTPSPort(radminHTTPSport);
-
- } catch (IOException e) {
- // send 'port in use' error
- sendResponse(ERROR, portName+" "+e.getMessage(), null, resp);
- // we do not want to save the config in this case
- return;
- }
-
- eeGateway.setHTTPBacklog(gatewayBacklog);
- eeGateway.setHTTPPortEnable(eeHTTPEnabled);
-
- mConfig.commit(true);
- sendResponse(RESTART, null, null, resp);
- */
+ * HTTPSubsystem eeGateway = (HTTPSubsystem)
+ * SubsystemRegistry.getInstance().get("eeGateway"); RemoteAdmin raAdmin
+ * = (RemoteAdmin)RemoteAdmin.getInstance(); AgentGateway agent =
+ * (AgentGateway)mReg.get(AgentGateway.ID);
+ *
+ * Enumeration enum1 = req.getParameterNames();
+ *
+ * String eeHTTPportString = null; String eeHTTPSportString = null;
+ * String agentHTTPSportString = null; String radminHTTPSportString =
+ * null;
+ *
+ * String gatewayBacklog = "15";
+ *
+ * // eeHTTPEnabled corresponds to the checkbox which enables the //
+ * HTTP EE port String eeHTTPEnabled = Constants.FALSE;
+ *
+ * while (enum1.hasMoreElements()) { String key =
+ * (String)enum1.nextElement(); String value =
+ * (String)req.getParameter(key);
+ *
+ * if (key.equals(Constants.PR_AGENT_S_BACKLOG)) {
+ * agent.setHTTPSBacklog(value); } else if
+ * (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) {
+ * eeGateway.setHTTPSBacklog(value); } else if
+ * (key.equals(Constants.PR_ADMIN_S_BACKLOG)) {
+ * raAdmin.setHTTPSBacklog(value); } else if
+ * (key.equals(Constants.PR_GATEWAY_BACKLOG)) { gatewayBacklog = value;
+ * } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) {
+ * eeHTTPEnabled = value; } }
+ *
+ *
+ * eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT);
+ * eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT);
+ * agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT);
+ * radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT);
+ *
+ *
+ * int eeHTTPport=0; int eeHTTPSport=0; int agentHTTPSport=0; int
+ * radminHTTPSport=0; if (eeHTTPportString != null) eeHTTPport =
+ * Integer.parseInt(eeHTTPportString); if (eeHTTPSportString != null)
+ * eeHTTPSport = Integer.parseInt(eeHTTPSportString); if
+ * (agentHTTPSportString != null) agentHTTPSport =
+ * Integer.parseInt(agentHTTPSportString); if (radminHTTPSportString !=
+ * null) radminHTTPSport = Integer.parseInt(radminHTTPSportString);
+ *
+ *
+ * String portName=""; int portnum; try {
+ *
+ * // EE HTTP is special, since it has it's own checkbox for
+ * enabling/disabling if (eeHTTPEnabled.equals(Constants.TRUE) &&
+ * eeHTTPport != 0 && eeHTTPport != eeGateway.getHTTPPort()) { portName
+ * = "End-entity"; checkPortAvailable(eeHTTPport); }
+ *
+ * if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) {
+ * portName = "SSL End-entity"; checkPortAvailable(eeHTTPSport); } if
+ * (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) {
+ * portName = "Agent"; checkPortAvailable(agentHTTPSport); } if
+ * (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) {
+ * portName = "Remote Admin"; checkPortAvailable(radminHTTPSport); }
+ *
+ * // If any of the above ports are not available, an exception // will
+ * be thrown and these methods below will not be called
+ *
+ * if (eeHTTPEnabled.equals(Constants.TRUE)) {
+ * eeGateway.setHTTPPort(eeHTTPport); }
+ * eeGateway.setHTTPSPort(eeHTTPSport);
+ * agent.setHTTPSPort(agentHTTPSport);
+ * raAdmin.setHTTPSPort(radminHTTPSport);
+ *
+ * } catch (IOException e) { // send 'port in use' error
+ * sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); // we
+ * do not want to save the config in this case return; }
+ *
+ * eeGateway.setHTTPBacklog(gatewayBacklog);
+ * eeGateway.setHTTPPortEnable(eeHTTPEnabled);
+ *
+ * mConfig.commit(true); sendResponse(RESTART, null, null, resp);
+ */
}
/**
* Check if the port is available for binding.
+ *
* @throws IOException if not available
*/
- private void checkPortAvailable(int port)
- throws IOException {
+ private void checkPortAvailable(int port) throws IOException {
try {
// see if the port is being used by somebody else
ServerSocket ss = new ServerSocket(port);
ss.close();
} catch (Exception e) {
- throw new IOException("port " + port + " is in use. Please select another port");
+ throw new IOException("port " + port
+ + " is in use. Please select another port");
}
}
@@ -988,8 +947,8 @@ public final class CMSAdminServlet extends AdminServlet {
* Reads network information.
*/
private void readNetworkConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
@@ -1000,58 +959,52 @@ public final class CMSAdminServlet extends AdminServlet {
sendResponse(SUCCESS, null, params, resp);
}
- private void getEENetworkConfig(NameValuePairs params)
- throws EBaseException {
+ private void getEENetworkConfig(NameValuePairs params)
+ throws EBaseException {
/*
- HTTPSubsystem eeGateway =
- (HTTPSubsystem)mReg.get("eeGateway");
- if (eeGateway == null) {
- // i.e. standalone DRM
- params.add(Constants.PR_GATEWAY_S_PORT, "-1");
- params.add(Constants.PR_GATEWAY_PORT, "-1");
- params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1");
- params.add(Constants.PR_GATEWAY_BACKLOG,"-1");
- params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false");
- } else {
- params.add(Constants.PR_GATEWAY_S_PORT,
- ""+eeGateway.getHTTPSPort());
- params.add(Constants.PR_GATEWAY_PORT,
- ""+eeGateway.getHTTPPort());
- params.add(Constants.PR_GATEWAY_S_BACKLOG,
- ""+eeGateway.getHTTPBacklog());
- params.add(Constants.PR_GATEWAY_BACKLOG,
- ""+eeGateway.getHTTPSBacklog());
- params.add(Constants.PR_GATEWAY_PORT_ENABLED,
- eeGateway.getHTTPPortEnable());
- }
- */
+ * HTTPSubsystem eeGateway = (HTTPSubsystem)mReg.get("eeGateway"); if
+ * (eeGateway == null) { // i.e. standalone DRM
+ * params.add(Constants.PR_GATEWAY_S_PORT, "-1");
+ * params.add(Constants.PR_GATEWAY_PORT, "-1");
+ * params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1");
+ * params.add(Constants.PR_GATEWAY_BACKLOG,"-1");
+ * params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); } else {
+ * params.add(Constants.PR_GATEWAY_S_PORT, ""+eeGateway.getHTTPSPort());
+ * params.add(Constants.PR_GATEWAY_PORT, ""+eeGateway.getHTTPPort());
+ * params.add(Constants.PR_GATEWAY_S_BACKLOG,
+ * ""+eeGateway.getHTTPBacklog());
+ * params.add(Constants.PR_GATEWAY_BACKLOG,
+ * ""+eeGateway.getHTTPSBacklog());
+ * params.add(Constants.PR_GATEWAY_PORT_ENABLED,
+ * eeGateway.getHTTPPortEnable()); }
+ */
}
private void getAdminConfig(NameValuePairs params) throws EBaseException {
/*
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort());
- params.add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog());
+ * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+ * params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort());
+ * params
+ * .add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog());
*/
}
private void getAgentConfig(NameValuePairs params) throws EBaseException {
/*
- AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID);
- params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort());
- params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog());
+ * AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID);
+ * params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort());
+ * params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog());
*/
}
/**
* Modifies database information.
*/
- private void setDBConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void setDBConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB);
Enumeration enum1 = req.getParameterNames();
@@ -1065,56 +1018,53 @@ public final class CMSAdminServlet extends AdminServlet {
continue;
if (key.equals(Constants.OP_SCOPE))
continue;
-
- dbConfig.putString(key, req.getParameter(key));
+
+ dbConfig.putString(key, req.getParameter(key));
}
sendResponse(RESTART, null, null, resp);
mConfig.commit(true);
}
- /**
+
+ /**
* Create Master Key
*/
-private void createMasterKey(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void createMasterKey(HttpServletRequest req,
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
- String newKeyName = null, selectedToken = null;
+ String newKeyName = null, selectedToken = null;
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- if (name.equals(Constants.PR_KEY_LIST))
- {
- newKeyName = req.getParameter(name);
- }
- if (name.equals(Constants.PR_TOKEN_LIST))
- {
- selectedToken = req.getParameter(name);
- }
-
+ if (name.equals(Constants.PR_KEY_LIST)) {
+ newKeyName = req.getParameter(name);
+ }
+ if (name.equals(Constants.PR_TOKEN_LIST)) {
+ selectedToken = req.getParameter(name);
+ }
}
- if(selectedToken!=null && newKeyName!=null)
- {
- String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName);
- CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
- String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
-
- SessionKey.SetDefaultPrefix(masterKeyPrefix);
- params.add(Constants.PR_KEY_LIST, newKeyName);
- params.add(Constants.PR_TOKEN_LIST, selectedToken);
- }
- sendResponse(SUCCESS, null, params, resp);
-}
+ if (selectedToken != null && newKeyName != null) {
+ String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName);
+ CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
+ String masterKeyPrefix = CMS.getConfigStore().getString(
+ "tks.master_key_prefix", null);
+
+ SessionKey.SetDefaultPrefix(masterKeyPrefix);
+ params.add(Constants.PR_KEY_LIST, newKeyName);
+ params.add(Constants.PR_TOKEN_LIST, selectedToken);
+ }
+ sendResponse(SUCCESS, null, params, resp);
+ }
- /**
+ /**
* Reads secmod.db
*/
- private void getTKSKeys(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getTKSKeys(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
@@ -1122,57 +1072,56 @@ private void createMasterKey(HttpServletRequest req,
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
- if (name.equals(Constants.PR_TOKEN_LIST))
- {
- String selectedToken = req.getParameter(name);
-
- int count = 0;
- int keys_found = 0;
-
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-
- CryptoToken token = null;
- CryptoManager mCryptoManager = null;
- try {
- mCryptoManager = CryptoManager.getInstance();
- } catch (Exception e2) {
- }
-
- if(!jssSubSystem.isTokenLoggedIn(selectedToken))
- {
- PasswordCallback cpcb = new ConsolePasswordCallback();
- while (true) {
+ if (name.equals(Constants.PR_TOKEN_LIST)) {
+ String selectedToken = req.getParameter(name);
+
+ int count = 0;
+ int keys_found = 0;
+
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+
+ CryptoToken token = null;
+ CryptoManager mCryptoManager = null;
+ try {
+ mCryptoManager = CryptoManager.getInstance();
+ } catch (Exception e2) {
+ }
+
+ if (!jssSubSystem.isTokenLoggedIn(selectedToken)) {
+ PasswordCallback cpcb = new ConsolePasswordCallback();
+ while (true) {
try {
- token = mCryptoManager.getTokenByName(selectedToken);
- token.login(cpcb);
+ token = mCryptoManager
+ .getTokenByName(selectedToken);
+ token.login(cpcb);
break;
} catch (Exception e3) {
- //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD"));
+ // log(ILogger.LL_FAILURE,
+ // CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD"));
continue;
}
- }
- }
- // String symKeys = new String("key1,key2");
- String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
- params.add(Constants.PR_TOKEN_LIST, symKeys);
+ }
+ }
+ // String symKeys = new String("key1,key2");
+ String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
+ params.add(Constants.PR_TOKEN_LIST, symKeys);
- }
+ }
}
sendResponse(SUCCESS, null, params, resp);
}
-
-
+
/**
* Reads database information.
*/
- private void getDBConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getDBConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
IConfigStore dbConfig = mConfig.getSubStore(PROP_DB);
IConfigStore ldapConfig = dbConfig.getSubStore("ldap");
NameValuePairs params = new NameValuePairs();
Enumeration e = req.getParameterNames();
-
+
while (e.hasMoreElements()) {
String name = (String) e.nextElement();
@@ -1184,7 +1133,7 @@ private void createMasterKey(HttpServletRequest req,
continue;
if (name.equals(Constants.PR_SECURE_PORT_ENABLED))
params.add(name, ldapConfig.getString(name, "Constants.FALSE"));
- else
+ else
params.add(name, ldapConfig.getString(name, ""));
}
sendResponse(SUCCESS, null, params, resp);
@@ -1194,8 +1143,8 @@ private void createMasterKey(HttpServletRequest req,
* Modifies SMTP configuration.
*/
private void modifySMTPConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
// XXX
IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP);
@@ -1208,7 +1157,7 @@ private void createMasterKey(HttpServletRequest req,
if (port != null)
sConfig.putString("port", port);
-
+
commit(true);
sendResponse(SUCCESS, null, null, resp);
@@ -1217,22 +1166,18 @@ private void createMasterKey(HttpServletRequest req,
/**
* Reads SMTP configuration.
*/
- private void readSMTPConfig(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void readSMTPConfig(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP);
NameValuePairs params = new NameValuePairs();
- params.add(Constants.PR_SERVER_NAME,
- dbConfig.getString("host"));
- params.add(Constants.PR_PORT,
- dbConfig.getString("port"));
+ params.add(Constants.PR_SERVER_NAME, dbConfig.getString("host"));
+ params.add(Constants.PR_PORT, dbConfig.getString("port"));
sendResponse(SUCCESS, null, params, resp);
}
- private void loggedInToken(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void loggedInToken(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
Enumeration enum1 = req.getParameterNames();
String tokenName = "";
String pwd = "";
@@ -1248,8 +1193,8 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.loggedInToken(tokenName, pwd);
@@ -1259,8 +1204,8 @@ private void createMasterKey(HttpServletRequest req,
}
private void checkTokenStatus(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
String key = "";
String value = "";
@@ -1273,8 +1218,8 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
boolean status = jssSubSystem.isTokenLoggedIn(value);
NameValuePairs params = new NameValuePairs();
@@ -1287,18 +1232,18 @@ private void createMasterKey(HttpServletRequest req,
/**
* Retrieve a certificate request
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when
* asymmetric keys are generated
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to retrieve certificate request
*/
- private void getCertRequest(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getCertRequest(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String auditPublicKey = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -1346,11 +1291,11 @@ private void createMasterKey(HttpServletRequest req,
}
}
- pathname = mConfig.getString("instanceRoot", "")
- + File.separator + "conf" + File.separator;
+ pathname = mConfig.getString("instanceRoot", "") + File.separator
+ + "conf" + File.separator;
dir = pathname;
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
KeyPair keypair = null;
PQGParams pqgParams = null;
@@ -1376,10 +1321,8 @@ private void createMasterKey(HttpServletRequest req,
if (nickname.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- auditSubjectID,
- ILogger.FAILURE,
- auditPublicKey);
+ LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
+ auditSubjectID, ILogger.FAILURE, auditPublicKey);
audit(auditMessage);
@@ -1390,11 +1333,13 @@ private void createMasterKey(HttpServletRequest req,
} else {
if (keyType.equals("ECC")) {
// get ECC keypair
- keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType);
- } else { //DSA or RSA
+ keypair = jssSubSystem.getECCKeyPair(tokenName,
+ keyCurveName, certType);
+ } else { // DSA or RSA
if (keyType.equals("DSA"))
- pqgParams = jssSubSystem.getPQG(keyLength);
- keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams);
+ pqgParams = jssSubSystem.getPQG(keyLength);
+ keypair = jssSubSystem.getKeyPair(tokenName, keyType,
+ keyLength, pqgParams);
}
}
@@ -1439,10 +1384,8 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- auditSubjectID,
- ILogger.SUCCESS,
- auditPublicKey);
+ LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID,
+ ILogger.SUCCESS, auditPublicKey);
audit(auditMessage);
@@ -1451,10 +1394,8 @@ private void createMasterKey(HttpServletRequest req,
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- auditSubjectID,
- ILogger.FAILURE,
- auditPublicKey);
+ LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID,
+ ILogger.FAILURE, auditPublicKey);
audit(auditMessage);
@@ -1463,34 +1404,32 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- auditSubjectID,
- ILogger.FAILURE,
- auditPublicKey);
+ LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID,
+ ILogger.FAILURE, auditPublicKey);
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditPublicKey );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
- }
-
- private void setCANewnickname(String tokenName, String nickname)
- throws EBaseException {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditPublicKey );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
+ }
+
+ private void setCANewnickname(String tokenName, String nickname)
+ throws EBaseException {
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1504,17 +1443,17 @@ private void createMasterKey(HttpServletRequest req,
}
private String getCANewnickname() throws EBaseException {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
- return signingUnit.getNewNickName();
+ return signingUnit.getNewNickName();
}
private void setRANewnickname(String tokenName, String nickname)
- throws EBaseException {
- IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ throws EBaseException {
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
ra.setNewNickName(nickname);
@@ -1527,15 +1466,16 @@ private void createMasterKey(HttpServletRequest req,
}
private String getRANewnickname() throws EBaseException {
- IRegistrationAuthority ra = (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
return ra.getNewNickName();
}
private void setOCSPNewnickname(String tokenName, String nickname)
- throws EBaseException {
- IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ throws EBaseException {
+ IOCSPAuthority ocsp = (IOCSPAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp != null) {
ISigningUnit signingUnit = ocsp.getSigningUnit();
@@ -1549,8 +1489,8 @@ private void createMasterKey(HttpServletRequest req,
signingUnit.setNewNickName(tokenName + ":" + nickname);
}
} else {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1565,25 +1505,26 @@ private void createMasterKey(HttpServletRequest req,
}
private String getOCSPNewnickname() throws EBaseException {
- IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ IOCSPAuthority ocsp = (IOCSPAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp != null) {
ISigningUnit signingUnit = ocsp.getSigningUnit();
- return signingUnit.getNewNickName();
+ return signingUnit.getNewNickName();
} else {
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
- return signingUnit.getNewNickName();
+ return signingUnit.getNewNickName();
}
}
- private void setKRANewnickname(String tokenName, String nickname)
- throws EBaseException {
- IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ private void setKRANewnickname(String tokenName, String nickname)
+ throws EBaseException {
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
kra.setNewNickName(nickname);
@@ -1596,87 +1537,81 @@ private void createMasterKey(HttpServletRequest req,
}
private String getKRANewnickname() throws EBaseException {
- IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
return kra.getNewNickName();
}
- private void setRADMNewnickname(String tokenName, String nickName)
- throws EBaseException {
+ private void setRADMNewnickname(String tokenName, String nickName)
+ throws EBaseException {
CMS.setServerCertNickname(tokenName, nickName);
/*
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- HTTPService httpsService = raAdmin.getHttpsService();
- if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
- httpsService.setNewNickName(nickName);
- else {
- if (tokenName.equals("") && nickName.equals(""))
- httpsService.setNewNickName("");
- else
- httpsService.setNewNickName(tokenName+":"+nickName);
- }
+ * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+ * HTTPService httpsService = raAdmin.getHttpsService(); if
+ * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
+ * httpsService.setNewNickName(nickName); else { if
+ * (tokenName.equals("") && nickName.equals(""))
+ * httpsService.setNewNickName(""); else
+ * httpsService.setNewNickName(tokenName+":"+nickName); }
*/
}
- private String getRADMNewnickname()
- throws EBaseException {
+ private String getRADMNewnickname() throws EBaseException {
// assuming the nickname does not change.
return CMS.getServerCertNickname();
/*
- RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
- HTTPService httpsService = raAdmin.getHttpsService();
- return httpsService.getNewNickName();
+ * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+ * HTTPService httpsService = raAdmin.getHttpsService(); return
+ * httpsService.getNewNickName();
*/
}
private void setAgentNewnickname(String tokenName, String nickName)
- throws EBaseException {
+ throws EBaseException {
CMS.setServerCertNickname(tokenName, nickName);
/*
- AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
- HTTPService httpsService = gateway.getHttpsService();
- if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
- httpsService.setNewNickName(nickName);
- else {
- if (tokenName.equals("") && nickName.equals(""))
- httpsService.setNewNickName("");
- else
- httpsService.setNewNickName(tokenName+":"+nickName);
- }
+ * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
+ * HTTPService httpsService = gateway.getHttpsService(); if
+ * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
+ * httpsService.setNewNickName(nickName); else { if
+ * (tokenName.equals("") && nickName.equals(""))
+ * httpsService.setNewNickName(""); else
+ * httpsService.setNewNickName(tokenName+":"+nickName); }
*/
}
- private String getAgentNewnickname()
- throws EBaseException {
+ private String getAgentNewnickname() throws EBaseException {
// assuming the nickname does not change.
return CMS.getServerCertNickname();
/*
- AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
- HTTPService httpsService = gateway.getHttpsService();
- return httpsService.getNewNickName();
+ * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
+ * HTTPService httpsService = gateway.getHttpsService(); return
+ * httpsService.getNewNickName();
*/
}
/**
* Issue import certificate
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Certificate Setup Wizard" is used to import CA certs into the
+ * "Certificate Setup Wizard" is used to import CA certs into the
* certificate database
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to issue an import certificate
*/
private void issueImportCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -1700,9 +1635,9 @@ private void createMasterKey(HttpServletRequest req,
String key = (String) enum1.nextElement();
String value = req.getParameter(key);
- if (key.equals("pathname")) {
+ if (key.equals("pathname")) {
configPath = mConfig.getString("instanceRoot", "")
- + File.separator + "conf" + File.separator;
+ + File.separator + "conf" + File.separator;
pathname = configPath + value;
} else {
if (key.equals(Constants.PR_TOKEN_NAME))
@@ -1713,17 +1648,17 @@ private void createMasterKey(HttpServletRequest req,
String certType = (String) properties.get(Constants.RS_ID);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
- IDBSubsystem dbs = (IDBSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_DBS);
- ICertificateAuthority ca = (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
- ICertificateRepository repository =
- (ICertificateRepository) ca.getCertificateRepository();
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ IDBSubsystem dbs = (IDBSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_DBS);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateRepository repository = (ICertificateRepository) ca
+ .getCertificateRepository();
ISigningUnit signingUnit = ca.getSigningUnit();
String oldtokenname = null;
- //this is the old nick name
+ // this is the old nick name
String nickname = getNickname(certType);
String nicknameWithoutTokenName = "";
String oldcatokenname = signingUnit.getTokenName();
@@ -1741,15 +1676,13 @@ private void createMasterKey(HttpServletRequest req,
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new
- EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
if (newtokenname == null)
@@ -1762,39 +1695,34 @@ private void createMasterKey(HttpServletRequest req,
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new
- EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
- //xxx renew ca ,use old issuer?
- properties.setIssuerName(
- jssSubSystem.getCertSubjectName(oldcatokenname,
- canicknameWithoutTokenName));
+ // xxx renew ca ,use old issuer?
+ properties.setIssuerName(jssSubSystem.getCertSubjectName(
+ oldcatokenname, canicknameWithoutTokenName));
KeyPair pair = null;
if (nickname.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- throw new
- EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ throw new EBaseException(
+ CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
- //xxx set to old nickname?
+ // xxx set to old nickname?
properties.setCertNickname(nickname);
if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) {
CertificateExtensions exts = jssSubSystem.getExtensions(
@@ -1815,25 +1743,25 @@ private void createMasterKey(HttpServletRequest req,
defaultOCSPSigningAlg = properties.getHashType();
}
}
-
+
// create a new CA certificate or ssl server cert
- if (properties.getKeyCurveName() != null) { //new ECC
+ if (properties.getKeyCurveName() != null) { // new ECC
CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys");
pair = jssSubSystem.getECCKeyPair(properties);
- if (certType.equals(Constants.PR_CA_SIGNING_CERT))
+ if (certType.equals(Constants.PR_CA_SIGNING_CERT))
caKeyPair = pair;
- } else if (properties.getKeyLength() != null) { //new RSA or DSA
+ } else if (properties.getKeyLength() != null) { // new RSA or DSA
keyType = properties.getKeyType();
String keyLen = properties.getKeyLength();
PQGParams pqgParams = null;
if (keyType.equals("DSA")) {
pqgParams = jssSubSystem.getCAPQG(Integer.parseInt(keyLen),
- mConfig);
- //properties.put(Constants.PR_PQGPARAMS, pqgParams);
+ mConfig);
+ // properties.put(Constants.PR_PQGPARAMS, pqgParams);
}
pair = jssSubSystem.getKeyPair(properties);
- if (certType.equals(Constants.PR_CA_SIGNING_CERT))
+ if (certType.equals(Constants.PR_CA_SIGNING_CERT))
caKeyPair = pair;
// renew the CA certificate or ssl server cert
} else {
@@ -1846,11 +1774,12 @@ private void createMasterKey(HttpServletRequest req,
}
/*
- String alg = jssSubSystem.getSignatureAlgorithm(nickname);
- SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg);
- properties.setSignatureAlgorithm(sigAlg);
- properties.setAlgorithmId(
- jssSubSystem.getAlgorithmId(alg, mConfig));
+ * String alg = jssSubSystem.getSignatureAlgorithm(nickname);
+ * SignatureAlgorithm sigAlg =
+ * SigningUnit.mapAlgorithmToJss(alg);
+ * properties.setSignatureAlgorithm(sigAlg);
+ * properties.setAlgorithmId( jssSubSystem.getAlgorithmId(alg,
+ * mConfig));
*/
}
@@ -1863,10 +1792,11 @@ private void createMasterKey(HttpServletRequest req,
// value provided for signedBy
SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg);
properties.setSignatureAlgorithm(sigAlg);
- properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig));
+ properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg,
+ mConfig));
}
- if (pair == null)
+ if (pair == null)
CMS.debug("CMSAdminServlet: issueImportCert: key pair is null");
BigInteger nextSerialNo = repository.getNextSerialNumber();
@@ -1874,42 +1804,40 @@ private void createMasterKey(HttpServletRequest req,
properties.setSerialNumber(nextSerialNo);
properties.setKeyPair(pair);
properties.setConfigFile(mConfig);
- // properties.put(Constants.PR_CA_KEYPAIR, pair);
+ // properties.put(Constants.PR_CA_KEYPAIR, pair);
properties.put(Constants.PR_CA_KEYPAIR, caKeyPair);
- X509CertImpl signedCert =
- jssSubSystem.getSignedCert(properties, certType,
- caKeyPair.getPrivate());
+ X509CertImpl signedCert = jssSubSystem.getSignedCert(properties,
+ certType, caKeyPair.getPrivate());
- if (signedCert == null)
- CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null");
+ if (signedCert == null)
+ CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null");
- /* bug 600124
- try {
- jssSubSystem.deleteTokenCertificate(nickname, pathname);
- } catch (Throwable e) {
- //skip it
- }
+ /*
+ * bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname,
+ * pathname); } catch (Throwable e) { //skip it }
*/
boolean nicknameChanged = false;
- //xxx import cert with nickname without token name?
- //jss adds the token prefix!!!
- //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName);
+ // xxx import cert with nickname without token name?
+ // jss adds the token prefix!!!
+ // log(ILogger.LL_DEBUG,"import as alias"+
+ // nicknameWithoutTokenName);
try {
- CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName);
+ CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: "
+ + nicknameWithoutTokenName);
jssSubSystem.importCert(signedCert, nicknameWithoutTokenName,
- certType);
+ certType);
} catch (EBaseException e) {
// if it fails, let use a different nickname to try
- Date now = new Date();
- String newNickname = nicknameWithoutTokenName
- + "-" + now.getTime();
+ Date now = new Date();
+ String newNickname = nicknameWithoutTokenName + "-"
+ + now.getTime();
- CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + newNickname);
- jssSubSystem.importCert(signedCert, newNickname,
- certType);
+ CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: "
+ + newNickname);
+ jssSubSystem.importCert(signedCert, newNickname, certType);
nicknameWithoutTokenName = newNickname;
nicknameChanged = true;
if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
@@ -1920,28 +1848,26 @@ private void createMasterKey(HttpServletRequest req,
}
ICertRecord certRecord = repository.createCertRecord(
- signedCert.getSerialNumber(),
- signedCert, null);
+ signedCert.getSerialNumber(), signedCert, null);
repository.addCertificateRecord(certRecord);
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
try {
- X509CertInfo certInfo = (X509CertInfo) signedCert.get(
- X509CertImpl.NAME + "." + X509CertImpl.INFO);
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ X509CertInfo certInfo = (X509CertInfo) signedCert
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
if (extensions != null) {
- BasicConstraintsExtension basic =
- (BasicConstraintsExtension)
- extensions.get(BasicConstraintsExtension.NAME);
+ BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions
+ .get(BasicConstraintsExtension.NAME);
if (basic == null)
log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
else {
- Integer pathlen = (Integer)
- basic.get(BasicConstraintsExtension.PATH_LEN);
+ Integer pathlen = (Integer) basic
+ .get(BasicConstraintsExtension.PATH_LEN);
int num = pathlen.intValue();
if (num == 0)
@@ -1958,34 +1884,32 @@ private void createMasterKey(HttpServletRequest req,
}
}
- CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
+ CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
+ " newtoken:" + newtokenname + " nickname:" + nickname);
- if ((newtokenname != null &&
- !newtokenname.equals(oldtokenname)) || nicknameChanged) {
+ if ((newtokenname != null && !newtokenname.equals(oldtokenname))
+ || nicknameChanged) {
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
signingUnit.updateConfig(nicknameWithoutTokenName,
- newtokenname);
+ newtokenname);
} else {
- signingUnit.updateConfig(newtokenname + ":" +
- nicknameWithoutTokenName,
- newtokenname);
+ signingUnit.updateConfig(newtokenname + ":"
+ + nicknameWithoutTokenName, newtokenname);
}
- } else if (certType.equals(Constants.PR_SERVER_CERT)) {
+ } else if (certType.equals(Constants.PR_SERVER_CERT)) {
if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
nickname = nicknameWithoutTokenName;
} else {
nickname = newtokenname + ":"
- + nicknameWithoutTokenName;
+ + nicknameWithoutTokenName;
}
- //setRADMNewnickname("","");
- //modifyRADMCert(nickname);
+ // setRADMNewnickname("","");
+ // modifyRADMCert(nickname);
modifyAgentGatewayCert(nickname);
if (isSubsystemInstalled("ra")) {
- IRegistrationAuthority ra =
- (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
modifyEEGatewayCert(ra, nickname);
}
@@ -1997,28 +1921,28 @@ private void createMasterKey(HttpServletRequest req,
nickname = nicknameWithoutTokenName;
} else {
nickname = newtokenname + ":"
- + nicknameWithoutTokenName;
+ + nicknameWithoutTokenName;
}
modifyRADMCert(nickname);
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
- if (ca != null) {
+ if (ca != null) {
ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit();
- if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
+ if (newtokenname
+ .equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
ocspSigningUnit.updateConfig(
- nicknameWithoutTokenName, newtokenname);
+ nicknameWithoutTokenName, newtokenname);
} else {
- ocspSigningUnit.updateConfig(newtokenname + ":" +
- nicknameWithoutTokenName,
- newtokenname);
+ ocspSigningUnit.updateConfig(newtokenname + ":"
+ + nicknameWithoutTokenName, newtokenname);
}
}
}
}
-
+
// set signing algorithms if needed
- if (certType.equals(Constants.PR_CA_SIGNING_CERT))
+ if (certType.equals(Constants.PR_CA_SIGNING_CERT))
signingUnit.setDefaultAlgorithm(defaultSigningAlg);
if (defaultOCSPSigningAlg != null) {
@@ -2031,54 +1955,50 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
mConfig.commit(true);
sendResponse(SUCCESS, null, null, resp);
} catch (EBaseException eAudit1) {
- CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + eAudit1.toString());
+ CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: "
+ + eAudit1.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit1;
} catch (IOException eAudit2) {
- CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + eAudit2.toString());
+ CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: "
+ + eAudit2.toString());
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
private String getDefaultSigningAlg(String keyType, String messageDigest) {
@@ -2087,7 +2007,7 @@ private void createMasterKey(HttpServletRequest req,
return "MD2withRSA";
} else if (messageDigest.equals("MD5")) {
return "MD5withRSA";
- } else if (messageDigest.equals("SHA1")) {
+ } else if (messageDigest.equals("SHA1")) {
return "SHA1withRSA";
} else if (messageDigest.equals("SHA256")) {
return "SHA256withRSA";
@@ -2098,7 +2018,7 @@ private void createMasterKey(HttpServletRequest req,
if (messageDigest.equals("SHA1")) {
return "SHA1withDSA";
}
- } else /* EC */ {
+ } else /* EC */{
if (messageDigest.equals("SHA1")) {
return "SHA1withEC";
} else if (messageDigest.equals("SHA256")) {
@@ -2112,32 +2032,31 @@ private void createMasterKey(HttpServletRequest req,
return null;
}
- private void updateCASignature(String nickname, KeyCertData properties,
- ICryptoSubsystem jssSubSystem) throws EBaseException {
+ private void updateCASignature(String nickname, KeyCertData properties,
+ ICryptoSubsystem jssSubSystem) throws EBaseException {
String alg = jssSubSystem.getSignatureAlgorithm(nickname);
SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg);
properties.setSignatureAlgorithm(sigAlg);
- properties.setAlgorithmId(
- jssSubSystem.getAlgorithmId(alg, mConfig));
+ properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig));
}
/**
* Install certificates
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Certificate Setup Wizard" is used to import CA certs into the
+ * "Certificate Setup Wizard" is used to import CA certs into the
* certificate database
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to install a certificate
*/
- private void installCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void installCert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2158,31 +2077,30 @@ private void createMasterKey(HttpServletRequest req,
String key = (String) enum1.nextElement();
String value = req.getParameter(key);
- if (key.equals(Constants.PR_PKCS10))
+ if (key.equals(Constants.PR_PKCS10))
pkcs = value;
else if (key.equals(Constants.RS_ID))
certType = value;
else if (key.equals(Constants.PR_NICKNAME))
nickname = value;
- else if (key.equals("pathname"))
+ else if (key.equals("pathname"))
pathname = value;
else if (key.equals(Constants.PR_SERVER_ROOT))
serverRoot = value;
- else if (key.equals(Constants.PR_SERVER_ID))
+ else if (key.equals(Constants.PR_SERVER_ID))
serverID = value;
- else if (key.equals(Constants.PR_CERT_FILEPATH))
+ else if (key.equals(Constants.PR_CERT_FILEPATH))
certpath = value;
}
-
+
try {
if (pkcs == null || pkcs.equals("")) {
if (certpath == null || certpath.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
@@ -2192,8 +2110,8 @@ private void createMasterKey(HttpServletRequest req,
throw ex;
} else {
FileInputStream in = new FileInputStream(certpath);
- BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ BufferedReader d = new BufferedReader(
+ new InputStreamReader(in));
String content = "";
pkcs = "";
@@ -2213,24 +2131,22 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException ee) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
throw new EBaseException(
- CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+ CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
}
pkcs = pkcs.trim();
- pathname = serverRoot + File.separator + serverID
- + File.separator + "config" + File.separator + pathname;
+ pathname = serverRoot + File.separator + serverID + File.separator
+ + "config" + File.separator + pathname;
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
- //String nickname = getNickname(certType);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ // String nickname = getNickname(certType);
String nicknameWithoutTokenName = "";
int index = nickname.indexOf(":");
@@ -2243,98 +2159,93 @@ private void createMasterKey(HttpServletRequest req,
} else {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
throw new EBaseException(
- CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+ CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
}
/*
- if (certType.equals(Constants.PR_CA_SIGNING_CERT) ||
- certType.equals(Constants.PR_RA_SIGNING_CERT) ||
- certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
- certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
- certType.equals(Constants.PR_SERVER_CERT) ||
- certType.equals(Constants.PR_SERVER_CERT_RADM)) {
- String oldnickname = getNickname(certType);
- try {
- jssSubsystem.deleteTokenCertificate(oldnickname,
- pathname);
- //jssSubsystem.deleteTokenCertificate(nickname,
- pathname);
- } catch (EBaseException e) {
- // skip it
- }
- } else {
- try {
- jssSubsystem.deleteTokenCertificate(nickname, pathname);
- } catch (EBaseException e) {
- // skip it
- }
- }
- */
+ * if (certType.equals(Constants.PR_CA_SIGNING_CERT) ||
+ * certType.equals(Constants.PR_RA_SIGNING_CERT) ||
+ * certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
+ * certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
+ * certType.equals(Constants.PR_SERVER_CERT) ||
+ * certType.equals(Constants.PR_SERVER_CERT_RADM)) { String
+ * oldnickname = getNickname(certType); try {
+ * jssSubsystem.deleteTokenCertificate(oldnickname, pathname);
+ * //jssSubsystem.deleteTokenCertificate(nickname, pathname); }
+ * catch (EBaseException e) { // skip it } } else { try {
+ * jssSubsystem.deleteTokenCertificate(nickname, pathname); } catch
+ * (EBaseException e) { // skip it } }
+ */
// 600124 - renewal of SSL crash the server
// we now do not delete previously installed certificates.
- // Same Subject | Same Nickname | Same Key | Legal
- // -----------------------------------------------------------
- // 1. Yes Yes No Yes
- // 2. Yes Yes Yes Yes
- // 3. No No Yes Yes
- // 4. No No No Yes
- // 5. No Yes Yes No
- // 6. No Yes No No
- // 7. Yes No Yes No
- // 8. Yes No No No
+ // Same Subject | Same Nickname | Same Key | Legal
+ // -----------------------------------------------------------
+ // 1. Yes Yes No Yes
+ // 2. Yes Yes Yes Yes
+ // 3. No No Yes Yes
+ // 4. No No No Yes
+ // 5. No Yes Yes No
+ // 6. No Yes No No
+ // 7. Yes No Yes No
+ // 8. Yes No No No
// Based on above table, the following cases are permitted:
// Existing Key:
- // (a) Same Subject & Same Nickname --- (2)
- // (b) Different Subject & Different Nickname --- (3)
- // (In order to support Case b., we need to use a different
- // nickname).
+ // (a) Same Subject & Same Nickname --- (2)
+ // (b) Different Subject & Different Nickname --- (3)
+ // (In order to support Case b., we need to use a different
+ // nickname).
// New Key:
- // (c) Same Subject & Same Nickname --- (1)
- // (d) Different Subject & Different Nickname --- (4)
- // (In order to support Case b., we need to use a different
- // nickname).
+ // (c) Same Subject & Same Nickname --- (1)
+ // (d) Different Subject & Different Nickname --- (4)
+ // (In order to support Case b., we need to use a different
+ // nickname).
//
- CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName);
+ CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "
+ + nicknameWithoutTokenName);
try {
- jssSubSystem.importCert(pkcs, nicknameWithoutTokenName,
- certType);
+ jssSubSystem.importCert(pkcs, nicknameWithoutTokenName,
+ certType);
} catch (EBaseException e) {
boolean certFound = false;
String eString = e.toString();
- if(eString.contains("Failed to find certificate that was just imported")) {
- CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString);
+ if (eString
+ .contains("Failed to find certificate that was just imported")) {
+ CMS.debug("CMSAdminServlet.installCert(): nickname="
+ + nicknameWithoutTokenName + " TokenException: "
+ + eString);
X509Certificate cert = null;
try {
- cert = CryptoManager.getInstance().findCertByNickname(nickname);
+ cert = CryptoManager.getInstance().findCertByNickname(
+ nickname);
if (cert != null) {
certFound = true;
}
- CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " + nickname);
+ CMS.debug("CMSAdminServlet.installCert() Found cert just imported: "
+ + nickname);
} catch (Exception ex) {
- CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString());
+ CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: "
+ + ex.toString());
}
- }
+ }
if (!certFound) {
// if it fails, let use a different nickname to try
- Date now = new Date();
- String newNickname = nicknameWithoutTokenName + "-" +
- now.getTime();
+ Date now = new Date();
+ String newNickname = nicknameWithoutTokenName + "-"
+ + now.getTime();
jssSubSystem.importCert(pkcs, newNickname, certType);
nicknameWithoutTokenName = newNickname;
@@ -2343,16 +2254,17 @@ private void createMasterKey(HttpServletRequest req,
} else {
nickname = tokenName + ":" + newNickname;
}
- CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname);
- }
+ CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="
+ + nickname);
+ }
}
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
- ICertificateAuthority ca =
- (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
- String signatureAlg =
- jssSubSystem.getSignatureAlgorithm(nickname);
+ String signatureAlg = jssSubSystem
+ .getSignatureAlgorithm(nickname);
signingUnit.setDefaultAlgorithm(signatureAlg);
setCANewnickname("", "");
@@ -2361,26 +2273,25 @@ private void createMasterKey(HttpServletRequest req,
if (nickname.equals(nicknameWithoutTokenName)) {
signingUnit.updateConfig(nickname,
- Constants.PR_INTERNAL_TOKEN_NAME);
+ Constants.PR_INTERNAL_TOKEN_NAME);
extensions = jssSubSystem.getExtensions(
- Constants.PR_INTERNAL_TOKEN_NAME, nickname);
+ Constants.PR_INTERNAL_TOKEN_NAME, nickname);
} else {
String tokenname1 = nickname.substring(0, index);
signingUnit.updateConfig(nickname, tokenname1);
extensions = jssSubSystem.getExtensions(tokenname1,
- nicknameWithoutTokenName);
+ nicknameWithoutTokenName);
}
if (extensions != null) {
- BasicConstraintsExtension basic =
- (BasicConstraintsExtension)
- extensions.get(BasicConstraintsExtension.NAME);
+ BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions
+ .get(BasicConstraintsExtension.NAME);
if (basic == null)
log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
else {
- Integer pathlen = (Integer)
- basic.get(BasicConstraintsExtension.PATH_LEN);
+ Integer pathlen = (Integer) basic
+ .get(BasicConstraintsExtension.PATH_LEN);
int num = pathlen.intValue();
if (num == 0)
@@ -2398,35 +2309,34 @@ private void createMasterKey(HttpServletRequest req,
}
} else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
setRANewnickname("", "");
- IRegistrationAuthority ra =
- (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
ra.setNickname(nickname);
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
setOCSPNewnickname("", "");
- IOCSPAuthority ocsp =
- (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ IOCSPAuthority ocsp = (IOCSPAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp != null) {
ISigningUnit signingUnit = ocsp.getSigningUnit();
if (nickname.equals(nicknameWithoutTokenName)) {
signingUnit.updateConfig(nickname,
- Constants.PR_INTERNAL_TOKEN_NAME);
+ Constants.PR_INTERNAL_TOKEN_NAME);
} else {
String tokenname1 = nickname.substring(0, index);
signingUnit.updateConfig(nickname, tokenname1);
}
- } else {
- ICertificateAuthority ca =
- (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ } else {
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
if (nickname.equals(nicknameWithoutTokenName)) {
signingUnit.updateConfig(nickname,
- Constants.PR_INTERNAL_TOKEN_NAME);
+ Constants.PR_INTERNAL_TOKEN_NAME);
} else {
String tokenname1 = nickname.substring(0, index);
@@ -2435,25 +2345,23 @@ private void createMasterKey(HttpServletRequest req,
}
} else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
setKRANewnickname("", "");
- IKeyRecoveryAuthority kra =
- (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
kra.setNickname(nickname);
} else if (certType.equals(Constants.PR_SERVER_CERT)) {
setAgentNewnickname("", "");
- //modifyRADMCert(nickname);
+ // modifyRADMCert(nickname);
modifyAgentGatewayCert(nickname);
if (isSubsystemInstalled("ra")) {
- IRegistrationAuthority ra =
- (IRegistrationAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
modifyEEGatewayCert(ra, nickname);
}
if (isSubsystemInstalled("ca")) {
- ICertificateAuthority ca =
- (ICertificateAuthority)
- CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
modifyCAGatewayCert(ca, nickname);
}
@@ -2464,47 +2372,41 @@ private void createMasterKey(HttpServletRequest req,
boolean verified = CMS.verifySystemCertByNickname(nickname, null);
if (verified == true) {
- CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname);
+ CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"
+ + nickname);
auditMessage = CMS.getLogMessage(
LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- auditSubjectID,
- ILogger.SUCCESS,
- nickname);
+ auditSubjectID, ILogger.SUCCESS, nickname);
audit(auditMessage);
} else {
- CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname);
+ CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"
+ + nickname);
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
- auditSubjectID,
- ILogger.FAILURE,
- nickname);
+ LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+ auditSubjectID, ILogger.FAILURE, nickname);
audit(auditMessage);
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
mConfig.commit(true);
- if(verified == true) {
+ if (verified == true) {
sendResponse(SUCCESS, null, null, resp);
} else {
- sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"),
- null, resp);
+ sendResponse(ERROR, CMS.getUserMessage(getLocale(req),
+ "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), null, resp);
}
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2513,47 +2415,45 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
/**
- * For "importing" cross-signed cert into internal db for further
- * cross pair matching and publishing
+ * For "importing" cross-signed cert into internal db for further cross pair
+ * matching and publishing
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
* "Certificate Setup Wizard" is used to import a CA cross-signed
* certificate into the database
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to import a cross-certificate pair
*/
- private void importXCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void importXCert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -2574,29 +2474,28 @@ private void createMasterKey(HttpServletRequest req,
String value = req.getParameter(key);
// really should be PR_CERT_CONTENT
- if (key.equals(Constants.PR_PKCS10))
+ if (key.equals(Constants.PR_PKCS10))
b64Cert = value;
else if (key.equals(Constants.RS_ID))
certType = value;
- else if (key.equals("pathname"))
+ else if (key.equals("pathname"))
pathname = value;
else if (key.equals(Constants.PR_SERVER_ROOT))
serverRoot = value;
- else if (key.equals(Constants.PR_SERVER_ID))
+ else if (key.equals(Constants.PR_SERVER_ID))
serverID = value;
- else if (key.equals(Constants.PR_CERT_FILEPATH))
+ else if (key.equals(Constants.PR_CERT_FILEPATH))
certpath = value;
}
-
+
try {
if (b64Cert == null || b64Cert.equals("")) {
if (certpath == null || certpath.equals("")) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE,
+ auditParams(req));
audit(auditMessage);
@@ -2606,8 +2505,8 @@ private void createMasterKey(HttpServletRequest req,
throw ex;
} else {
FileInputStream in = new FileInputStream(certpath);
- BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ BufferedReader d = new BufferedReader(
+ new InputStreamReader(in));
String content = "";
b64Cert = "";
@@ -2626,15 +2525,13 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException ee) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
throw new EBaseException(
- CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+ CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
}
CMS.debug("CMSAdminServlet: got b64Cert");
b64Cert = Cert.stripBrackets(b64Cert.trim());
@@ -2648,27 +2545,25 @@ private void createMasterKey(HttpServletRequest req,
CMS.debug("CMSAdminServlet: exception: " + e.toString());
}
- pathname = serverRoot + File.separator + serverID
- + File.separator + "config" + File.separator + pathname;
+ pathname = serverRoot + File.separator + serverID + File.separator
+ + "config" + File.separator + pathname;
- ICrossCertPairSubsystem ccps =
- (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
+ ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS
+ .getSubsystem("CrossCertPair");
try {
- //this will import into internal ldap crossCerts entry
+ // this will import into internal ldap crossCerts entry
ccps.importCert(bCert);
} catch (Exception e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
sendResponse(1, "xcert importing failure:" + e.toString(),
- null, resp);
+ null, resp);
return;
}
@@ -2679,20 +2574,19 @@ private void createMasterKey(HttpServletRequest req,
} catch (EBaseException e) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
- sendResponse(1, "xcerts publishing failure:" + e.toString(), null, resp);
+ sendResponse(1, "xcerts publishing failure:" + e.toString(),
+ null, resp);
return;
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
- String content = jssSubSystem.getCertPrettyPrint(b64Cert,
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ String content = jssSubSystem.getCertPrettyPrint(b64Cert,
super.getLocale(req));
results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert");
@@ -2700,10 +2594,8 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -2711,10 +2603,8 @@ private void createMasterKey(HttpServletRequest req,
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -2723,46 +2613,45 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
private String getNickname(String certType) throws EBaseException {
String nickname = "";
if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
- ICertificateAuthority ca =
- (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getSigningUnit();
nickname = signingUnit.getNickname();
} else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
- IOCSPAuthority ocsp =
- (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+ IOCSPAuthority ocsp = (IOCSPAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_OCSP);
if (ocsp == null) {
// this is a local CA service
- ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+ ICertificateAuthority ca = (ICertificateAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CA);
ISigningUnit signingUnit = ca.getOCSPSigningUnit();
nickname = signingUnit.getNickname();
@@ -2772,27 +2661,26 @@ private void createMasterKey(HttpServletRequest req,
nickname = signingUnit.getNickname();
}
} else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
- IRegistrationAuthority ra =
- (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+ IRegistrationAuthority ra = (IRegistrationAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_RA);
nickname = ra.getNickname();
} else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
- IKeyRecoveryAuthority kra =
- (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+ IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS
+ .getSubsystem(CMS.SUBSYSTEM_KRA);
nickname = kra.getNickname();
} else if (certType.equals(Constants.PR_SERVER_CERT)) {
nickname = CMS.getServerCertNickname();
} else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
nickname = CMS.getServerCertNickname();
- }
+ }
return nickname;
}
- private void getCertInfo(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getCertInfo(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
Enumeration enum1 = req.getParameterNames();
NameValuePairs results = new NameValuePairs();
String pkcs = "";
@@ -2825,8 +2713,8 @@ private void createMasterKey(HttpServletRequest req,
throw ex;
} else {
FileInputStream in = new FileInputStream(path);
- BufferedReader d =
- new BufferedReader(new InputStreamReader(in));
+ BufferedReader d = new BufferedReader(
+ new InputStreamReader(in));
String content = "";
pkcs = "";
@@ -2849,9 +2737,10 @@ private void createMasterKey(HttpServletRequest req,
pkcs = pkcs.trim();
int totalLen = pkcs.length();
- if (pkcs.indexOf(BEGIN_HEADER) != 0 ||
- pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
- throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")));
+ if (pkcs.indexOf(BEGIN_HEADER) != 0
+ || pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
+ throw (new EBaseException(
+ CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")));
}
String nickname = "";
@@ -2874,25 +2763,25 @@ private void createMasterKey(HttpServletRequest req,
if (nickname.equals(""))
nickname = getNickname(certType);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String content = jssSubSystem.getCertPrettyPrint(pkcs,
super.getLocale(req));
if (nickname != null && !nickname.equals(""))
results.add(Constants.PR_NICKNAME, nickname);
results.add(Constants.PR_CERT_CONTENT, content);
- //results = jssSubSystem.getCertInfo(value);
+ // results = jssSubSystem.getCertInfo(value);
sendResponse(SUCCESS, null, results, resp);
}
private void getCertPrettyPrint(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String nickname = "";
String serialno = "";
String issuername = "";
@@ -2912,7 +2801,7 @@ private void createMasterKey(HttpServletRequest req,
if (key.equals(Constants.PR_NICK_NAME)) {
nickname = value;
continue;
- }
+ }
if (key.equals(Constants.PR_SERIAL_NUMBER)) {
serialno = value;
continue;
@@ -2923,19 +2812,19 @@ private void createMasterKey(HttpServletRequest req,
}
}
- String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname,
- serialno, issuername, locale);
+ String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname,
+ serialno, issuername, locale);
pairs.add(nickname, print);
sendResponse(SUCCESS, null, pairs, resp);
}
private void getRootCertTrustBit(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String nickname = "";
String serialno = "";
String issuername = "";
@@ -2966,92 +2855,86 @@ private void createMasterKey(HttpServletRequest req,
}
}
- String trustbit = jssSubSystem.getRootCertTrustBit(nickname,
- serialno, issuername);
+ String trustbit = jssSubSystem.getRootCertTrustBit(nickname, serialno,
+ issuername);
pairs.add(nickname, trustbit);
sendResponse(SUCCESS, null, pairs, resp);
}
- private void getCACerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ private void getCACerts(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getCACerts();
sendResponse(SUCCESS, null, pairs, resp);
}
- private void deleteRootCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void deleteRootCert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
int mindex = id.indexOf(":SERIAL#<");
String nickname = id.substring(0, mindex);
String sstr1 = id.substring(mindex);
int lindex = sstr1.indexOf(">");
String serialno = sstr1.substring(9, lindex);
- String issuername = sstr1.substring(lindex+1);
+ String issuername = sstr1.substring(lindex + 1);
jssSubSystem.deleteRootCert(nickname, serialno, issuername);
sendResponse(SUCCESS, null, null, resp);
}
- private void deleteUserCert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void deleteUserCert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String id = req.getParameter(Constants.RS_ID);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
int mindex = id.indexOf(":SERIAL#<");
String nickname = id.substring(0, mindex);
String sstr1 = id.substring(mindex);
int lindex = sstr1.indexOf(">");
String serialno = sstr1.substring(9, lindex);
- String issuername = sstr1.substring(lindex+1);
+ String issuername = sstr1.substring(lindex + 1);
jssSubSystem.deleteUserCert(nickname, serialno, issuername);
sendResponse(SUCCESS, null, null, resp);
}
- private void getRootCerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ private void getRootCerts(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getRootCerts();
sendResponse(SUCCESS, null, pairs, resp);
}
private void getAllCertsManage(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getAllCertsManage();
sendResponse(SUCCESS, null, pairs, resp);
}
- private void getUserCerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ private void getUserCerts(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
NameValuePairs pairs = jssSubSystem.getUserCerts();
sendResponse(SUCCESS, null, pairs, resp);
}
- private void deleteCerts(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void deleteCerts(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
Enumeration enum1 = req.getParameterNames();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String nickname = "";
String date = "";
@@ -3069,18 +2952,18 @@ private void createMasterKey(HttpServletRequest req,
nickname = value.substring(0, index);
date = value.substring(index + 1);
- // cant use this one now since jss doesnt have the interface to
+ // cant use this one now since jss doesnt have the interface to
// do it.
jssSubSystem.deleteCert(nickname, date);
- // jssSubsystem.deleteCACert(nickname, date);
+ // jssSubsystem.deleteCACert(nickname, date);
}
sendResponse(SUCCESS, null, null, resp);
}
private void validateSubjectName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
@@ -3089,19 +2972,19 @@ private void createMasterKey(HttpServletRequest req,
String value = req.getParameter(key);
if (key.equals(Constants.PR_SUBJECT_NAME)) {
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.isX500DN(value);
}
}
sendResponse(SUCCESS, null, null, resp);
- }
+ }
private void validateKeyLength(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
String keyType = "RSA";
String keyLen = "512";
@@ -3120,18 +3003,18 @@ private void createMasterKey(HttpServletRequest req,
}
}
int keyLength = Integer.parseInt(keyLen);
- int minKey = mConfig.getInteger(
- ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512);
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ int minKey = mConfig.getInteger(ConfigConstants.PR_RSA_MIN_KEYLENGTH,
+ 512);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
// jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey);
sendResponse(SUCCESS, null, null, resp);
}
private void validateCurveName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
String curveName = null;
@@ -3147,21 +3030,22 @@ private void createMasterKey(HttpServletRequest req,
String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521");
String[] curves = curveList.split(",");
boolean match = false;
- for (int i=0; i<curves.length; i++) {
+ for (int i = 0; i < curves.length; i++) {
if (curves[i].equals(curveName)) {
match = true;
}
}
if (!match) {
- throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME"));
+ throw new EBaseException(
+ CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME"));
}
sendResponse(SUCCESS, null, null, resp);
}
private void validateCertExtension(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
Enumeration enum1 = req.getParameterNames();
String certExt = "";
@@ -3175,19 +3059,18 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
jssSubSystem.checkCertificateExt(certExt);
sendResponse(SUCCESS, null, null, resp);
}
- private void getSubjectName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void getSubjectName(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration enum1 = req.getParameterNames();
-
+
String nickname = "";
String keyType = "RSA";
String keyLen = "512";
@@ -3205,8 +3088,8 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String subjectName = jssSubSystem.getSubjectDN(nickname);
params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3214,8 +3097,8 @@ private void createMasterKey(HttpServletRequest req,
}
private void processSubjectName(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
NameValuePairs params = new NameValuePairs();
Enumeration enum1 = req.getParameterNames();
@@ -3234,8 +3117,8 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String subjectName = jssSubSystem.getSubjectDN(nickname);
params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3243,8 +3126,8 @@ private void createMasterKey(HttpServletRequest req,
}
public void setRootCertTrust(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ HttpServletResponse resp) throws ServletException, IOException,
+ EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
String nickname = req.getParameter(Constants.PR_NICK_NAME);
@@ -3254,16 +3137,15 @@ private void createMasterKey(HttpServletRequest req,
CMS.debug("CMSAdminServlet: setRootCertTrust()");
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
try {
- jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust);
- } catch (EBaseException e) {
+ jssSubSystem
+ .setRootCertTrust(nickname, serialno, issuername, trust);
+ } catch (EBaseException e) {
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
@@ -3272,10 +3154,8 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, auditSubjectID,
+ ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
@@ -3285,19 +3165,19 @@ private void createMasterKey(HttpServletRequest req,
/**
* Establish trust of a CA certificate
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
- * "Manage Certificate" is used to edit the trustness of certs and
- * deletion of certs
+ * "Manage Certificate" is used to edit the trustness of certs and deletion
+ * of certs
* </ul>
+ *
* @exception ServletException a servlet error has occurred
* @exception IOException an input/output error has occurred
* @exception EBaseException failed to establish CA certificate trust
*/
- private void trustCACert(HttpServletRequest req,
- HttpServletResponse resp) throws ServletException,
- IOException, EBaseException {
+ private void trustCACert(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException, EBaseException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -3307,8 +3187,8 @@ private void createMasterKey(HttpServletRequest req,
// to the signed audit log and stored as failures
try {
Enumeration enum1 = req.getParameterNames();
- ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+ ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_CRYPTO);
String trust = "";
while (enum1.hasMoreElements()) {
@@ -3328,22 +3208,18 @@ private void createMasterKey(HttpServletRequest req,
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.SUCCESS,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.SUCCESS, auditParams(req));
audit(auditMessage);
- //sendResponse(SUCCESS, null, null, resp);
+ // sendResponse(SUCCESS, null, null, resp);
sendResponse(RESTART, null, null, resp);
} catch (EBaseException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
@@ -3352,50 +3228,46 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- auditSubjectID,
- ILogger.FAILURE,
- auditParams(req));
+ LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ auditSubjectID, ILogger.FAILURE, auditParams(req));
audit(auditMessage);
// rethrow the specific exception to be handled later
throw eAudit2;
- // } catch( ServletException eAudit3 ) {
- // // store a message in the signed audit log file
- // auditMessage = CMS.getLogMessage(
- // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
- // auditSubjectID,
- // ILogger.FAILURE,
- // auditParams( req ) );
- //
- // audit( auditMessage );
- //
- // // rethrow the specific exception to be handled later
- // throw eAudit3;
- }
+ // } catch( ServletException eAudit3 ) {
+ // // store a message in the signed audit log file
+ // auditMessage = CMS.getLogMessage(
+ // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+ // auditSubjectID,
+ // ILogger.FAILURE,
+ // auditParams( req ) );
+ //
+ // audit( auditMessage );
+ //
+ // // rethrow the specific exception to be handled later
+ // throw eAudit3;
+ }
}
/**
* Execute all self tests specified to be run on demand.
* <P>
- *
+ *
* <ul>
* <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self
* tests are run on demand
* </ul>
- * @exception EMissingSelfTestException a self test plugin instance
- * property name was missing
+ *
+ * @exception EMissingSelfTestException a self test plugin instance property
+ * name was missing
* @exception ESelfTestException a self test is missing a required
- * configuration parameter
+ * configuration parameter
* @exception IOException an input/output error has occurred
*/
- private synchronized void
- runSelfTestsOnDemand(HttpServletRequest req,
- HttpServletResponse resp)
- throws EMissingSelfTestException,
- ESelfTestException,
- IOException {
+ private synchronized void runSelfTestsOnDemand(HttpServletRequest req,
+ HttpServletResponse resp) throws EMissingSelfTestException,
+ ESelfTestException, IOException {
String auditMessage = null;
String auditSubjectID = auditSubjectID();
@@ -3404,7 +3276,7 @@ private void createMasterKey(HttpServletRequest req,
try {
if (CMS.debugOn()) {
CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
- + " ENTERING . . .");
+ + " ENTERING . . .");
}
Enumeration enum1 = req.getParameterNames();
@@ -3424,32 +3296,28 @@ private void createMasterKey(HttpServletRequest req,
}
}
- ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem)
- CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
+ ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) CMS
+ .getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
- if ((request == null) ||
- (request.equals(""))) {
+ if ((request == null) || (request.equals(""))) {
// self test plugin run on demand request parameter was missing
// log the error
- logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST",
- getServletInfo(),
- Constants.PR_RUN_SELFTESTS_ON_DEMAND
- );
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_RUN_ON_DEMAND_REQUEST", getServletInfo(),
+ Constants.PR_RUN_SELFTESTS_ON_DEMAND);
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+ auditSubjectID, ILogger.FAILURE);
audit(auditMessage);
// notify console of FAILURE
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
sendResponse(ERROR, content, null, resp);
// raise an exception
@@ -3457,83 +3325,77 @@ private void createMasterKey(HttpServletRequest req,
}
// run all self test plugin instances (designated on-demand)
- String[] selftests = mSelfTestSubsystem.listSelfTestsEnabledOnDemand();
+ String[] selftests = mSelfTestSubsystem
+ .listSelfTestsEnabledOnDemand();
if (selftests != null && selftests.length > 0) {
// log that execution of on-demand self tests has begun
logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND",
- getServletInfo());
+ getServletInfo());
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store this information for console notification
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
for (int i = 0; i < selftests.length; i++) {
if (selftests[i] != null) {
instanceName = selftests[i].trim();
- instanceFullName = ISelfTestSubsystem.ID
- + "."
- + ISelfTestSubsystem.PROP_CONTAINER
- + "."
- + ISelfTestSubsystem.PROP_INSTANCE
- + "."
+ instanceFullName = ISelfTestSubsystem.ID + "."
+ + ISelfTestSubsystem.PROP_CONTAINER + "."
+ + ISelfTestSubsystem.PROP_INSTANCE + "."
+ instanceName;
} else {
// self test plugin instance property name was missing
// log the error
logMessage = CMS.getLogMessage(
- "SELFTESTS_PARAMETER_WAS_NULL",
- getServletInfo());
+ "SELFTESTS_PARAMETER_WAS_NULL",
+ getServletInfo());
mSelfTestSubsystem.log(
- mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ mSelfTestSubsystem.getSelfTestLogger(),
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+ auditSubjectID, ILogger.FAILURE);
audit(auditMessage);
// notify console of FAILURE
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
sendResponse(ERROR, content, null, resp);
// raise an exception
throw new EMissingSelfTestException();
}
- ISelfTest test = (ISelfTest)
- mSelfTestSubsystem.getSelfTest(instanceName);
+ ISelfTest test = (ISelfTest) mSelfTestSubsystem
+ .getSelfTest(instanceName);
if (test == null) {
- // self test plugin instance property name is not present
+ // self test plugin instance property name is not
+ // present
// log the error
- logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME",
- getServletInfo(),
- instanceFullName);
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_MISSING_NAME", getServletInfo(),
+ instanceFullName);
mSelfTestSubsystem.log(
- mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ mSelfTestSubsystem.getSelfTestLogger(),
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+ auditSubjectID, ILogger.FAILURE);
audit(auditMessage);
// notify console of FAILURE
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
sendResponse(ERROR, content, null, resp);
// raise an exception
@@ -3543,15 +3405,14 @@ private void createMasterKey(HttpServletRequest req,
try {
if (CMS.debugOn()) {
CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
- + " running \""
- + test.getSelfTestName()
- + "\"");
+ + " running \""
+ + test.getSelfTestName()
+ + "\"");
}
// store this information for console notification
content += "CMSAdminServlet::runSelfTestsOnDemand():"
- + " running \""
- + test.getSelfTestName()
+ + " running \"" + test.getSelfTestName()
+ "\" . . .\n";
test.runSelfTest(mSelfTestSubsystem.getSelfTestLogger());
@@ -3560,30 +3421,27 @@ private void createMasterKey(HttpServletRequest req,
content += "COMPLETED SUCCESSFULLY\n";
} catch (ESelfTestException e) {
// Check to see if the self test was critical:
- if (mSelfTestSubsystem.isSelfTestCriticalOnDemand(
- instanceName)) {
+ if (mSelfTestSubsystem
+ .isSelfTestCriticalOnDemand(instanceName)) {
// log the error
logMessage = CMS.getLogMessage(
- "SELFTESTS_RUN_ON_DEMAND_FAILED",
- getServletInfo(),
- instanceFullName);
+ "SELFTESTS_RUN_ON_DEMAND_FAILED",
+ getServletInfo(), instanceFullName);
mSelfTestSubsystem.log(
- mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ mSelfTestSubsystem.getSelfTestLogger(),
+ logMessage);
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
+ auditSubjectID, ILogger.FAILURE);
audit(auditMessage);
// notify console of FAILURE
content += "FAILED WITH CRITICAL ERROR\n";
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
sendResponse(ERROR, content, null, resp);
// shutdown the system gracefully
@@ -3599,52 +3457,47 @@ private void createMasterKey(HttpServletRequest req,
// log that execution of all "critical" on-demand self tests
// has completed "successfully"
- logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED",
- getServletInfo());
+ logMessage = CMS.getLogMessage(
+ "SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", getServletInfo());
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store this information for console notification
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
} else {
// log this fact
logMessage = CMS.getLogMessage("SELFTESTS_NOT_RUN_ON_DEMAND",
- getServletInfo());
+ getServletInfo());
mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
- logMessage);
+ logMessage);
// store this information for console notification
- content += logMessage
- + "\n";
+ content += logMessage + "\n";
}
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.SUCCESS);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID,
+ ILogger.SUCCESS);
audit(auditMessage);
// notify console of SUCCESS
results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS,
- CMSAdminServlet.class.getName());
- results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT,
- content);
+ CMSAdminServlet.class.getName());
+ results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, content);
sendResponse(SUCCESS, null, results, resp);
if (CMS.debugOn()) {
CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
- + " EXITING.");
+ + " EXITING.");
}
} catch (EMissingSelfTestException eAudit1) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID,
+ ILogger.FAILURE);
audit(auditMessage);
@@ -3653,9 +3506,8 @@ private void createMasterKey(HttpServletRequest req,
} catch (ESelfTestException eAudit2) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID,
+ ILogger.FAILURE);
audit(auditMessage);
@@ -3664,9 +3516,8 @@ private void createMasterKey(HttpServletRequest req,
} catch (IOException eAudit3) {
// store a message in the signed audit log file
auditMessage = CMS.getLogMessage(
- LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION,
- auditSubjectID,
- ILogger.FAILURE);
+ LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID,
+ ILogger.FAILURE);
audit(auditMessage);
@@ -3676,16 +3527,17 @@ private void createMasterKey(HttpServletRequest req,
}
public void log(int level, String msg) {
- mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
+ "CMSAdminServlet: " + msg);
}
/**
* Signed Audit Log Public Key
- *
+ *
* This method is called to obtain the public key from the passed in
* "KeyPair" object for a signed audit log message.
* <P>
- *
+ *
* @param object a Key Pair Object
* @return key string containing the public key
*/
@@ -3734,4 +3586,3 @@ private void createMasterKey(HttpServletRequest req,
}
}
}
-
generated by cgit (git 2.34.1) at 2024-05-05 12:50:39 +0000