diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java | 2079 |
1 files changed, 965 insertions, 1114 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java index f57d12e2..ba8aa448 100644 --- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java +++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.servlet.admin; - import java.io.BufferedReader; import java.io.File; import java.io.FileInputStream; @@ -83,11 +82,10 @@ import com.netscape.cmsutil.util.Cert; import com.netscape.symkey.SessionKey; /** - * A class representings an administration servlet. This - * servlet is responsible to serve Certificate Server - * level administrative operations such as configuration - * parameter updates. - * + * A class representings an administration servlet. This servlet is responsible + * to serve Certificate Server level administrative operations such as + * configuration parameter updates. + * * @version $Revision$, $Date$ */ public final class CMSAdminServlet extends AdminServlet { @@ -108,16 +106,11 @@ public final class CMSAdminServlet extends AdminServlet { private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger(); private final static byte EOL[] = { Character.LINE_SEPARATOR }; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = - "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; - private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = - "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; - private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = - "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; - private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = - "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; - private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = - "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION = "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3"; + private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY = "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3"; + private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC = "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3"; + private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION = "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2"; + private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION = "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3"; // CMS must be instantiated before this admin servlet. @@ -146,13 +139,13 @@ public final class CMSAdminServlet extends AdminServlet { * Serves HTTP request. */ public void service(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { + throws ServletException, IOException { super.service(req, resp); try { super.authenticate(req); } catch (IOException e) { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHS_FAILED"), null, resp); return; } @@ -164,9 +157,8 @@ public final class CMSAdminServlet extends AdminServlet { if (scope.equals(ScopeDef.SC_PLATFORM)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } getEnv(req, resp); @@ -175,9 +167,8 @@ public final class CMSAdminServlet extends AdminServlet { if (op.equals(OpDef.OP_READ)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) @@ -199,14 +190,13 @@ public final class CMSAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_MODIFY)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_LDAP)) setDBConfig(req, resp); - else if (scope.equals(ScopeDef.SC_SMTP)) + else if (scope.equals(ScopeDef.SC_SMTP)) modifySMTPConfig(req, resp); else if (scope.equals(ScopeDef.SC_TASKS)) performTasks(req, resp); @@ -214,9 +204,9 @@ public final class CMSAdminServlet extends AdminServlet { modifyEncryption(req, resp); else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT)) issueImportCert(req, resp); - else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) + else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) installCert(req, resp); - else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) + else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) importXCert(req, resp); else if (scope.equals(ScopeDef.SC_DELETE_CERTS)) deleteCerts(req, resp); @@ -229,9 +219,8 @@ public final class CMSAdminServlet extends AdminServlet { } else if (op.equals(OpDef.OP_SEARCH)) { mOp = "read"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_SUBSYSTEM)) @@ -240,33 +229,31 @@ public final class CMSAdminServlet extends AdminServlet { getCACerts(req, resp); else if (scope.equals(ScopeDef.SC_ALL_CERTLIST)) getAllCertsManage(req, resp); - else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) + else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) getUserCerts(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) getTKSKeys(req, resp); - else if (scope.equals(ScopeDef.SC_TOKEN)) + else if (scope.equals(ScopeDef.SC_TOKEN)) getAllTokenNames(req, resp); else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) getRootCerts(req, resp); } else if (op.equals(OpDef.OP_DELETE)) { mOp = "delete"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) { deleteRootCert(req, resp); } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) { - deleteUserCert(req,resp); + deleteUserCert(req, resp); } } else if (op.equals(OpDef.OP_PROCESS)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_CERT_REQUEST)) @@ -283,14 +270,13 @@ public final class CMSAdminServlet extends AdminServlet { checkTokenStatus(req, resp); else if (scope.equals(ScopeDef.SC_SELFTESTS)) runSelfTestsOnDemand(req, resp); - else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) + else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) createMasterKey(req, resp); } else if (op.equals(OpDef.OP_VALIDATE)) { mOp = "modify"; if ((mToken = super.authorize(req)) == null) { - sendResponse(ERROR, - CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return; } if (scope.equals(ScopeDef.SC_SUBJECT_NAME)) @@ -303,8 +289,7 @@ public final class CMSAdminServlet extends AdminServlet { validateCurveName(req, resp); } } catch (EBaseException e) { - sendResponse(ERROR, e.toString(getLocale(req)), - null, resp); + sendResponse(ERROR, e.toString(getLocale(req)), null, resp); return; } catch (Exception e) { StringWriter sw = new StringWriter(); @@ -316,25 +301,24 @@ public final class CMSAdminServlet extends AdminServlet { } } - private void getEnv(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getEnv(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); if (File.separator.equals("\\")) params.add(Constants.PR_NT, Constants.TRUE); else params.add(Constants.PR_NT, Constants.FALSE); - + sendResponse(SUCCESS, null, params, resp); } private void getAllTokenNames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs params = new NameValuePairs(); params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList()); @@ -343,15 +327,15 @@ public final class CMSAdminServlet extends AdminServlet { } private void getAllNicknames(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts()); - + sendResponse(SUCCESS, null, params, resp); } @@ -362,27 +346,26 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type - if ((sys instanceof IKeyRecoveryAuthority) && - subsystem.equals("kra")) + // get subsystem type + if ((sys instanceof IKeyRecoveryAuthority) + && subsystem.equals("kra")) return true; - else if ((sys instanceof IRegistrationAuthority) && - subsystem.equals("ra")) + else if ((sys instanceof IRegistrationAuthority) + && subsystem.equals("ra")) return true; - else if ((sys instanceof ICertificateAuthority) && - subsystem.equals("ca")) + else if ((sys instanceof ICertificateAuthority) + && subsystem.equals("ca")) return true; - else if ((sys instanceof IOCSPAuthority) && - subsystem.equals("ocsp")) + else if ((sys instanceof IOCSPAuthority) + && subsystem.equals("ocsp")) return true; } return false; } - private void readEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void readEncryption(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration e = CMS.getSubsystems(); boolean isCAInstalled = false; @@ -395,7 +378,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -406,19 +389,20 @@ public final class CMSAdminServlet extends AdminServlet { isOCSPInstalled = true; else if (sys instanceof ITKSAuthority) isTKSInstalled = true; - - } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + } + + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String caTokenName = ""; NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_CIPHER_VERSION, - jssSubSystem.getCipherVersion()); - params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza()); - params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences()); + params.add(Constants.PR_CIPHER_VERSION, jssSubSystem.getCipherVersion()); + params.add(Constants.PR_CIPHER_FORTEZZA, + jssSubSystem.isCipherFortezza()); + params.add(Constants.PR_CIPHER_PREF, + jssSubSystem.getCipherPreferences()); String tokenList = jssSubSystem.getTokenList(); @@ -428,7 +412,7 @@ public final class CMSAdminServlet extends AdminServlet { while (tokenizer.hasMoreElements()) { String tokenName = (String) tokenizer.nextElement(); String certs = jssSubSystem.getCertListWithoutTokenName(tokenName); - + if (certs.equals("")) continue; if (tokenNewList.equals("")) @@ -442,7 +426,8 @@ public final class CMSAdminServlet extends AdminServlet { params.add(Constants.PR_TOKEN_LIST, tokenNewList); if (isCAInstalled) { - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); caTokenName = signingUnit.getTokenName(); @@ -452,31 +437,31 @@ public final class CMSAdminServlet extends AdminServlet { String caNickName = signingUnit.getNickname(); - //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); + // params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName); params.add(Constants.PR_CERT_CA, getCertNickname(caNickName)); } if (isRAInstalled) { - IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); String raNickname = ra.getNickname(); params.add(Constants.PR_CERT_RA, getCertNickname(raNickname)); } if (isKRAInstalled) { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); String kraNickname = kra.getNickname(); params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname)); } if (isTKSInstalled) { - ITKSAuthority tks = (ITKSAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_TKS); + ITKSAuthority tks = (ITKSAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_TKS); } String nickName = CMS.getServerCertNickname(); - + params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName)); sendResponse(SUCCESS, null, params, resp); @@ -518,18 +503,19 @@ public final class CMSAdminServlet extends AdminServlet { /** * Modify encryption configuration * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when * configuring encryption (cert settings and SSL cipher preferences) * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to modify encryption configuration */ private void modifyEncryption(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -539,8 +525,8 @@ public final class CMSAdminServlet extends AdminServlet { try { Enumeration enum1 = req.getParameterNames(); NameValuePairs params = new NameValuePairs(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.getInternalTokenName(); Enumeration e = CMS.getSubsystems(); @@ -554,7 +540,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) isKRAInstalled = true; else if (sys instanceof IRegistrationAuthority) @@ -563,21 +549,23 @@ public final class CMSAdminServlet extends AdminServlet { isCAInstalled = true; else if (sys instanceof IOCSPAuthority) isOCSPInstalled = true; - else if (sys instanceof ITKSAuthority) + else if (sys instanceof ITKSAuthority) isTKSInstalled = true; } - ICertificateAuthority ca = null; + ICertificateAuthority ca = null; IRegistrationAuthority ra = null; IKeyRecoveryAuthority kra = null; - ITKSAuthority tks = null; + ITKSAuthority tks = null; if (isCAInstalled) ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); if (isRAInstalled) - ra = (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); if (isKRAInstalled) - kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); if (isTKSInstalled) tks = (ITKSAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_TKS); @@ -593,19 +581,20 @@ public final class CMSAdminServlet extends AdminServlet { ISigningUnit signingUnit = ca.getSigningUnit(); if ((val != null) && (!val.equals(""))) { - StringTokenizer tokenizer = new StringTokenizer(val, ","); + StringTokenizer tokenizer = new StringTokenizer(val, + ","); if (tokenizer.countTokens() != 2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException(CMS.getLogMessage("BASE_INVALID_UI_INFO")); + throw new EBaseException( + CMS.getLogMessage("BASE_INVALID_UI_INFO")); } String tokenName = (String) tokenizer.nextElement(); @@ -623,14 +612,14 @@ public final class CMSAdminServlet extends AdminServlet { } else // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); - throw new EBaseException(CMS.getLogMessage("BASE_NOT_CA_CERT")); + throw new EBaseException( + CMS.getLogMessage("BASE_NOT_CA_CERT")); } } else if (name.equals(Constants.PR_CERT_RA)) { if ((val != null) && (!val.equals(""))) { @@ -660,10 +649,8 @@ public final class CMSAdminServlet extends AdminServlet { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -672,10 +659,8 @@ public final class CMSAdminServlet extends AdminServlet { } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -684,28 +669,26 @@ public final class CMSAdminServlet extends AdminServlet { } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, auditSubjectID, + ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getCertConfigNickname(String val) throws EBaseException { @@ -727,9 +710,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - httpsService.setNickName(nickName); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -737,9 +720,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - httpsService.setNickName(nickName); + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -747,9 +730,9 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); - HTTPService httpsService = eeGateway.getHttpsService(); - httpsService.setNickName(nickName); + * HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); HTTPService + * httpsService = eeGateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } @@ -757,31 +740,30 @@ public final class CMSAdminServlet extends AdminServlet { CMS.setServerCertNickname(nickName); /* - HTTPSubsystem caGateway = ca.getHTTPSubsystem(); - HTTPService httpsService = caGateway.getHttpsService(); - httpsService.setNickName(nickName); + * HTTPSubsystem caGateway = ca.getHTTPSubsystem(); HTTPService + * httpsService = caGateway.getHttpsService(); + * httpsService.setNickName(nickName); */ } /** * Performs Server Tasks: RESTART/STOP operation */ - private void performTasks(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void performTasks(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String restart = req.getParameter(Constants.PR_SERVER_RESTART); String stop = req.getParameter(Constants.PR_SERVER_STOP); NameValuePairs params = new NameValuePairs(); if (restart != null) { - //XXX Uncommented afetr watchdog is implemented + // XXX Uncommented afetr watchdog is implemented sendResponse(SUCCESS, null, params, resp); - //mServer.restart(); + // mServer.restart(); return; } if (stop != null) { - //XXX Send response first then shutdown + // XXX Send response first then shutdown sendResponse(SUCCESS, null, params, resp); CMS.shutdown(); return; @@ -794,9 +776,8 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads subsystems that server has loaded with. */ - private void readSubsystem(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void readSubsystem(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = CMS.getSubsystems(); StringBuffer buff = new StringBuffer(); @@ -805,7 +786,7 @@ public final class CMSAdminServlet extends AdminServlet { String type = ""; ISubsystem sys = (ISubsystem) e.nextElement(); - //get subsystem type + // get subsystem type if (sys instanceof IKeyRecoveryAuthority) type = Constants.PR_KRA_INSTANCE; if (sys instanceof IRegistrationAuthority) @@ -814,7 +795,7 @@ public final class CMSAdminServlet extends AdminServlet { type = Constants.PR_CA_INSTANCE; if (sys instanceof IOCSPAuthority) type = Constants.PR_OCSP_INSTANCE; - if (sys instanceof ITKSAuthority) + if (sys instanceof ITKSAuthority) type = Constants.PR_TKS_INSTANCE; if (!type.trim().equals("")) params.add(sys.getId(), type); @@ -826,13 +807,13 @@ public final class CMSAdminServlet extends AdminServlet { /** * Reads server statistics. */ - private void readStat(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void readStat(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); IConfigStore cs = CMS.getConfigStore(); try { - String installdate = cs.getString(Constants.PR_STAT_INSTALLDATE, ""); + String installdate = cs + .getString(Constants.PR_STAT_INSTALLDATE, ""); params.add(Constants.PR_STAT_INSTALLDATE, installdate); } catch (Exception e) { } @@ -850,9 +831,9 @@ public final class CMSAdminServlet extends AdminServlet { } params.add(Constants.PR_STAT_STARTUP, - (new Date(CMS.getStartupTime())).toString()); + (new Date(CMS.getStartupTime())).toString()); params.add(Constants.PR_STAT_TIME, - (new Date(System.currentTimeMillis())).toString()); + (new Date(System.currentTimeMillis())).toString()); sendResponse(SUCCESS, null, params, resp); } @@ -860,127 +841,105 @@ public final class CMSAdminServlet extends AdminServlet { * Modifies network information. */ private void modifyNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { /* - HTTPSubsystem eeGateway = (HTTPSubsystem) - SubsystemRegistry.getInstance().get("eeGateway"); - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); - - Enumeration enum1 = req.getParameterNames(); - - String eeHTTPportString = null; - String eeHTTPSportString = null; - String agentHTTPSportString = null; - String radminHTTPSportString = null; - - String gatewayBacklog = "15"; - - // eeHTTPEnabled corresponds to the checkbox which enables the - // HTTP EE port - String eeHTTPEnabled = Constants.FALSE; - - while (enum1.hasMoreElements()) { - String key = (String)enum1.nextElement(); - String value = (String)req.getParameter(key); - - if (key.equals(Constants.PR_AGENT_S_BACKLOG)) { - agent.setHTTPSBacklog(value); - } else if (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) { - eeGateway.setHTTPSBacklog(value); - } else if (key.equals(Constants.PR_ADMIN_S_BACKLOG)) { - raAdmin.setHTTPSBacklog(value); - } else if (key.equals(Constants.PR_GATEWAY_BACKLOG)) { - gatewayBacklog = value; - } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) { - eeHTTPEnabled = value; - } - } - - - eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT); - eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT); - agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT); - radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT); - - - int eeHTTPport=0; - int eeHTTPSport=0; - int agentHTTPSport=0; - int radminHTTPSport=0; - if (eeHTTPportString != null) eeHTTPport = Integer.parseInt(eeHTTPportString); - if (eeHTTPSportString != null) eeHTTPSport = Integer.parseInt(eeHTTPSportString); - if (agentHTTPSportString != null) agentHTTPSport = Integer.parseInt(agentHTTPSportString); - if (radminHTTPSportString != null) radminHTTPSport = Integer.parseInt(radminHTTPSportString); - - - String portName=""; - int portnum; - try { - - // EE HTTP is special, since it has it's own checkbox for enabling/disabling - if (eeHTTPEnabled.equals(Constants.TRUE) && - eeHTTPport != 0 && - eeHTTPport != eeGateway.getHTTPPort()) - { - portName = "End-entity"; - checkPortAvailable(eeHTTPport); - } - - if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) { - portName = "SSL End-entity"; - checkPortAvailable(eeHTTPSport); - } - if (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) { - portName = "Agent"; - checkPortAvailable(agentHTTPSport); - } - if (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) { - portName = "Remote Admin"; - checkPortAvailable(radminHTTPSport); - } - - // If any of the above ports are not available, an exception - // will be thrown and these methods below will not be called - - if (eeHTTPEnabled.equals(Constants.TRUE)) { - eeGateway.setHTTPPort(eeHTTPport); - } - eeGateway.setHTTPSPort(eeHTTPSport); - agent.setHTTPSPort(agentHTTPSport); - raAdmin.setHTTPSPort(radminHTTPSport); - - } catch (IOException e) { - // send 'port in use' error - sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); - // we do not want to save the config in this case - return; - } - - eeGateway.setHTTPBacklog(gatewayBacklog); - eeGateway.setHTTPPortEnable(eeHTTPEnabled); - - mConfig.commit(true); - sendResponse(RESTART, null, null, resp); - */ + * HTTPSubsystem eeGateway = (HTTPSubsystem) + * SubsystemRegistry.getInstance().get("eeGateway"); RemoteAdmin raAdmin + * = (RemoteAdmin)RemoteAdmin.getInstance(); AgentGateway agent = + * (AgentGateway)mReg.get(AgentGateway.ID); + * + * Enumeration enum1 = req.getParameterNames(); + * + * String eeHTTPportString = null; String eeHTTPSportString = null; + * String agentHTTPSportString = null; String radminHTTPSportString = + * null; + * + * String gatewayBacklog = "15"; + * + * // eeHTTPEnabled corresponds to the checkbox which enables the // + * HTTP EE port String eeHTTPEnabled = Constants.FALSE; + * + * while (enum1.hasMoreElements()) { String key = + * (String)enum1.nextElement(); String value = + * (String)req.getParameter(key); + * + * if (key.equals(Constants.PR_AGENT_S_BACKLOG)) { + * agent.setHTTPSBacklog(value); } else if + * (key.equals(Constants.PR_GATEWAY_S_BACKLOG)) { + * eeGateway.setHTTPSBacklog(value); } else if + * (key.equals(Constants.PR_ADMIN_S_BACKLOG)) { + * raAdmin.setHTTPSBacklog(value); } else if + * (key.equals(Constants.PR_GATEWAY_BACKLOG)) { gatewayBacklog = value; + * } else if (key.equals(Constants.PR_GATEWAY_PORT_ENABLED)) { + * eeHTTPEnabled = value; } } + * + * + * eeHTTPportString = req.getParameter(Constants.PR_GATEWAY_PORT); + * eeHTTPSportString = req.getParameter(Constants.PR_GATEWAY_S_PORT); + * agentHTTPSportString= req.getParameter(Constants.PR_AGENT_S_PORT); + * radminHTTPSportString= req.getParameter(Constants.PR_ADMIN_S_PORT); + * + * + * int eeHTTPport=0; int eeHTTPSport=0; int agentHTTPSport=0; int + * radminHTTPSport=0; if (eeHTTPportString != null) eeHTTPport = + * Integer.parseInt(eeHTTPportString); if (eeHTTPSportString != null) + * eeHTTPSport = Integer.parseInt(eeHTTPSportString); if + * (agentHTTPSportString != null) agentHTTPSport = + * Integer.parseInt(agentHTTPSportString); if (radminHTTPSportString != + * null) radminHTTPSport = Integer.parseInt(radminHTTPSportString); + * + * + * String portName=""; int portnum; try { + * + * // EE HTTP is special, since it has it's own checkbox for + * enabling/disabling if (eeHTTPEnabled.equals(Constants.TRUE) && + * eeHTTPport != 0 && eeHTTPport != eeGateway.getHTTPPort()) { portName + * = "End-entity"; checkPortAvailable(eeHTTPport); } + * + * if (eeHTTPSport != 0 && eeHTTPSport != eeGateway.getHTTPSPort()) { + * portName = "SSL End-entity"; checkPortAvailable(eeHTTPSport); } if + * (agentHTTPSport != 0 && agentHTTPSport != agent.getHTTPSPort()) { + * portName = "Agent"; checkPortAvailable(agentHTTPSport); } if + * (radminHTTPSport != 0 && radminHTTPSport != raAdmin.getHTTPSPort()) { + * portName = "Remote Admin"; checkPortAvailable(radminHTTPSport); } + * + * // If any of the above ports are not available, an exception // will + * be thrown and these methods below will not be called + * + * if (eeHTTPEnabled.equals(Constants.TRUE)) { + * eeGateway.setHTTPPort(eeHTTPport); } + * eeGateway.setHTTPSPort(eeHTTPSport); + * agent.setHTTPSPort(agentHTTPSport); + * raAdmin.setHTTPSPort(radminHTTPSport); + * + * } catch (IOException e) { // send 'port in use' error + * sendResponse(ERROR, portName+" "+e.getMessage(), null, resp); // we + * do not want to save the config in this case return; } + * + * eeGateway.setHTTPBacklog(gatewayBacklog); + * eeGateway.setHTTPPortEnable(eeHTTPEnabled); + * + * mConfig.commit(true); sendResponse(RESTART, null, null, resp); + */ } /** * Check if the port is available for binding. + * * @throws IOException if not available */ - private void checkPortAvailable(int port) - throws IOException { + private void checkPortAvailable(int port) throws IOException { try { // see if the port is being used by somebody else ServerSocket ss = new ServerSocket(port); ss.close(); } catch (Exception e) { - throw new IOException("port " + port + " is in use. Please select another port"); + throw new IOException("port " + port + + " is in use. Please select another port"); } } @@ -988,8 +947,8 @@ public final class CMSAdminServlet extends AdminServlet { * Reads network information. */ private void readNetworkConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); @@ -1000,58 +959,52 @@ public final class CMSAdminServlet extends AdminServlet { sendResponse(SUCCESS, null, params, resp); } - private void getEENetworkConfig(NameValuePairs params) - throws EBaseException { + private void getEENetworkConfig(NameValuePairs params) + throws EBaseException { /* - HTTPSubsystem eeGateway = - (HTTPSubsystem)mReg.get("eeGateway"); - if (eeGateway == null) { - // i.e. standalone DRM - params.add(Constants.PR_GATEWAY_S_PORT, "-1"); - params.add(Constants.PR_GATEWAY_PORT, "-1"); - params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1"); - params.add(Constants.PR_GATEWAY_BACKLOG,"-1"); - params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); - } else { - params.add(Constants.PR_GATEWAY_S_PORT, - ""+eeGateway.getHTTPSPort()); - params.add(Constants.PR_GATEWAY_PORT, - ""+eeGateway.getHTTPPort()); - params.add(Constants.PR_GATEWAY_S_BACKLOG, - ""+eeGateway.getHTTPBacklog()); - params.add(Constants.PR_GATEWAY_BACKLOG, - ""+eeGateway.getHTTPSBacklog()); - params.add(Constants.PR_GATEWAY_PORT_ENABLED, - eeGateway.getHTTPPortEnable()); - } - */ + * HTTPSubsystem eeGateway = (HTTPSubsystem)mReg.get("eeGateway"); if + * (eeGateway == null) { // i.e. standalone DRM + * params.add(Constants.PR_GATEWAY_S_PORT, "-1"); + * params.add(Constants.PR_GATEWAY_PORT, "-1"); + * params.add(Constants.PR_GATEWAY_S_BACKLOG, "-1"); + * params.add(Constants.PR_GATEWAY_BACKLOG,"-1"); + * params.add(Constants.PR_GATEWAY_PORT_ENABLED,"false"); } else { + * params.add(Constants.PR_GATEWAY_S_PORT, ""+eeGateway.getHTTPSPort()); + * params.add(Constants.PR_GATEWAY_PORT, ""+eeGateway.getHTTPPort()); + * params.add(Constants.PR_GATEWAY_S_BACKLOG, + * ""+eeGateway.getHTTPBacklog()); + * params.add(Constants.PR_GATEWAY_BACKLOG, + * ""+eeGateway.getHTTPSBacklog()); + * params.add(Constants.PR_GATEWAY_PORT_ENABLED, + * eeGateway.getHTTPPortEnable()); } + */ } private void getAdminConfig(NameValuePairs params) throws EBaseException { /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort()); - params.add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog()); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * params.add(Constants.PR_ADMIN_S_PORT, ""+raAdmin.getHTTPSPort()); + * params + * .add(Constants.PR_ADMIN_S_BACKLOG,""+raAdmin.getHTTPSBacklog()); */ } private void getAgentConfig(NameValuePairs params) throws EBaseException { /* - AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); - params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort()); - params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog()); + * AgentGateway agent = (AgentGateway)mReg.get(AgentGateway.ID); + * params.add(Constants.PR_AGENT_S_PORT, ""+agent.getHTTPSPort()); + * params.add(Constants.PR_AGENT_S_BACKLOG,""+agent.getHTTPSBacklog()); */ } /** * Modifies database information. */ - private void setDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void setDBConfig(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB); Enumeration enum1 = req.getParameterNames(); @@ -1065,56 +1018,53 @@ public final class CMSAdminServlet extends AdminServlet { continue; if (key.equals(Constants.OP_SCOPE)) continue; - - dbConfig.putString(key, req.getParameter(key)); + + dbConfig.putString(key, req.getParameter(key)); } sendResponse(RESTART, null, null, resp); mConfig.commit(true); } - /** + + /** * Create Master Key */ -private void createMasterKey(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void createMasterKey(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - String newKeyName = null, selectedToken = null; + String newKeyName = null, selectedToken = null; while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_KEY_LIST)) - { - newKeyName = req.getParameter(name); - } - if (name.equals(Constants.PR_TOKEN_LIST)) - { - selectedToken = req.getParameter(name); - } - + if (name.equals(Constants.PR_KEY_LIST)) { + newKeyName = req.getParameter(name); + } + if (name.equals(Constants.PR_TOKEN_LIST)) { + selectedToken = req.getParameter(name); + } } - if(selectedToken!=null && newKeyName!=null) - { - String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName); - CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); - String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null); - - SessionKey.SetDefaultPrefix(masterKeyPrefix); - params.add(Constants.PR_KEY_LIST, newKeyName); - params.add(Constants.PR_TOKEN_LIST, selectedToken); - } - sendResponse(SUCCESS, null, params, resp); -} + if (selectedToken != null && newKeyName != null) { + String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName); + CMS.getConfigStore().putString("tks.defaultSlot", selectedToken); + String masterKeyPrefix = CMS.getConfigStore().getString( + "tks.master_key_prefix", null); + + SessionKey.SetDefaultPrefix(masterKeyPrefix); + params.add(Constants.PR_KEY_LIST, newKeyName); + params.add(Constants.PR_TOKEN_LIST, selectedToken); + } + sendResponse(SUCCESS, null, params, resp); + } - /** + /** * Reads secmod.db */ - private void getTKSKeys(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getTKSKeys(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); @@ -1122,57 +1072,56 @@ private void createMasterKey(HttpServletRequest req, while (e.hasMoreElements()) { String name = (String) e.nextElement(); - if (name.equals(Constants.PR_TOKEN_LIST)) - { - String selectedToken = req.getParameter(name); - - int count = 0; - int keys_found = 0; - - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - - CryptoToken token = null; - CryptoManager mCryptoManager = null; - try { - mCryptoManager = CryptoManager.getInstance(); - } catch (Exception e2) { - } - - if(!jssSubSystem.isTokenLoggedIn(selectedToken)) - { - PasswordCallback cpcb = new ConsolePasswordCallback(); - while (true) { + if (name.equals(Constants.PR_TOKEN_LIST)) { + String selectedToken = req.getParameter(name); + + int count = 0; + int keys_found = 0; + + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + + CryptoToken token = null; + CryptoManager mCryptoManager = null; + try { + mCryptoManager = CryptoManager.getInstance(); + } catch (Exception e2) { + } + + if (!jssSubSystem.isTokenLoggedIn(selectedToken)) { + PasswordCallback cpcb = new ConsolePasswordCallback(); + while (true) { try { - token = mCryptoManager.getTokenByName(selectedToken); - token.login(cpcb); + token = mCryptoManager + .getTokenByName(selectedToken); + token.login(cpcb); break; } catch (Exception e3) { - //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); + // log(ILogger.LL_FAILURE, + // CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD")); continue; } - } - } - // String symKeys = new String("key1,key2"); - String symKeys = SessionKey.ListSymmetricKeys(selectedToken); - params.add(Constants.PR_TOKEN_LIST, symKeys); + } + } + // String symKeys = new String("key1,key2"); + String symKeys = SessionKey.ListSymmetricKeys(selectedToken); + params.add(Constants.PR_TOKEN_LIST, symKeys); - } + } } sendResponse(SUCCESS, null, params, resp); } - - + /** * Reads database information. */ - private void getDBConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getDBConfig(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_DB); IConfigStore ldapConfig = dbConfig.getSubStore("ldap"); NameValuePairs params = new NameValuePairs(); Enumeration e = req.getParameterNames(); - + while (e.hasMoreElements()) { String name = (String) e.nextElement(); @@ -1184,7 +1133,7 @@ private void createMasterKey(HttpServletRequest req, continue; if (name.equals(Constants.PR_SECURE_PORT_ENABLED)) params.add(name, ldapConfig.getString(name, "Constants.FALSE")); - else + else params.add(name, ldapConfig.getString(name, "")); } sendResponse(SUCCESS, null, params, resp); @@ -1194,8 +1143,8 @@ private void createMasterKey(HttpServletRequest req, * Modifies SMTP configuration. */ private void modifySMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { // XXX IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP); @@ -1208,7 +1157,7 @@ private void createMasterKey(HttpServletRequest req, if (port != null) sConfig.putString("port", port); - + commit(true); sendResponse(SUCCESS, null, null, resp); @@ -1217,22 +1166,18 @@ private void createMasterKey(HttpServletRequest req, /** * Reads SMTP configuration. */ - private void readSMTPConfig(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void readSMTPConfig(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP); NameValuePairs params = new NameValuePairs(); - params.add(Constants.PR_SERVER_NAME, - dbConfig.getString("host")); - params.add(Constants.PR_PORT, - dbConfig.getString("port")); + params.add(Constants.PR_SERVER_NAME, dbConfig.getString("host")); + params.add(Constants.PR_PORT, dbConfig.getString("port")); sendResponse(SUCCESS, null, params, resp); } - private void loggedInToken(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void loggedInToken(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); String tokenName = ""; String pwd = ""; @@ -1248,8 +1193,8 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.loggedInToken(tokenName, pwd); @@ -1259,8 +1204,8 @@ private void createMasterKey(HttpServletRequest req, } private void checkTokenStatus(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); String key = ""; String value = ""; @@ -1273,8 +1218,8 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); boolean status = jssSubSystem.isTokenLoggedIn(value); NameValuePairs params = new NameValuePairs(); @@ -1287,18 +1232,18 @@ private void createMasterKey(HttpServletRequest req, /** * Retrieve a certificate request * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when * asymmetric keys are generated * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to retrieve certificate request */ - private void getCertRequest(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getCertRequest(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String auditPublicKey = ILogger.SIGNED_AUDIT_EMPTY_VALUE; @@ -1346,11 +1291,11 @@ private void createMasterKey(HttpServletRequest req, } } - pathname = mConfig.getString("instanceRoot", "") - + File.separator + "conf" + File.separator; + pathname = mConfig.getString("instanceRoot", "") + File.separator + + "conf" + File.separator; dir = pathname; - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); KeyPair keypair = null; PQGParams pqgParams = null; @@ -1376,10 +1321,8 @@ private void createMasterKey(HttpServletRequest req, if (nickname.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, - ILogger.FAILURE, - auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + auditSubjectID, ILogger.FAILURE, auditPublicKey); audit(auditMessage); @@ -1390,11 +1333,13 @@ private void createMasterKey(HttpServletRequest req, } else { if (keyType.equals("ECC")) { // get ECC keypair - keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType); - } else { //DSA or RSA + keypair = jssSubSystem.getECCKeyPair(tokenName, + keyCurveName, certType); + } else { // DSA or RSA if (keyType.equals("DSA")) - pqgParams = jssSubSystem.getPQG(keyLength); - keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams); + pqgParams = jssSubSystem.getPQG(keyLength); + keypair = jssSubSystem.getKeyPair(tokenName, keyType, + keyLength, pqgParams); } } @@ -1439,10 +1384,8 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, - ILogger.SUCCESS, - auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, + ILogger.SUCCESS, auditPublicKey); audit(auditMessage); @@ -1451,10 +1394,8 @@ private void createMasterKey(HttpServletRequest req, } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, - ILogger.FAILURE, - auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, + ILogger.FAILURE, auditPublicKey); audit(auditMessage); @@ -1463,34 +1404,32 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - auditSubjectID, - ILogger.FAILURE, - auditPublicKey); + LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, auditSubjectID, + ILogger.FAILURE, auditPublicKey); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, - // auditSubjectID, - // ILogger.FAILURE, - // auditPublicKey ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } - } - - private void setCANewnickname(String tokenName, String nickname) - throws EBaseException { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC, + // auditSubjectID, + // ILogger.FAILURE, + // auditPublicKey ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } + } + + private void setCANewnickname(String tokenName, String nickname) + throws EBaseException { + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1504,17 +1443,17 @@ private void createMasterKey(HttpServletRequest req, } private String getCANewnickname() throws EBaseException { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } private void setRANewnickname(String tokenName, String nickname) - throws EBaseException { - IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + throws EBaseException { + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) ra.setNewNickName(nickname); @@ -1527,15 +1466,16 @@ private void createMasterKey(HttpServletRequest req, } private String getRANewnickname() throws EBaseException { - IRegistrationAuthority ra = (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); return ra.getNewNickName(); } private void setOCSPNewnickname(String tokenName, String nickname) - throws EBaseException { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + throws EBaseException { + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); @@ -1549,8 +1489,8 @@ private void createMasterKey(HttpServletRequest req, signingUnit.setNewNickName(tokenName + ":" + nickname); } } else { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) @@ -1565,25 +1505,26 @@ private void createMasterKey(HttpServletRequest req, } private String getOCSPNewnickname() throws EBaseException { - IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } else { - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); - return signingUnit.getNewNickName(); + return signingUnit.getNewNickName(); } } - private void setKRANewnickname(String tokenName, String nickname) - throws EBaseException { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + private void setKRANewnickname(String tokenName, String nickname) + throws EBaseException { + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) kra.setNewNickName(nickname); @@ -1596,87 +1537,81 @@ private void createMasterKey(HttpServletRequest req, } private String getKRANewnickname() throws EBaseException { - IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); return kra.getNewNickName(); } - private void setRADMNewnickname(String tokenName, String nickName) - throws EBaseException { + private void setRADMNewnickname(String tokenName, String nickName) + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - httpsService.setNewNickName(nickName); - else { - if (tokenName.equals("") && nickName.equals("")) - httpsService.setNewNickName(""); - else - httpsService.setNewNickName(tokenName+":"+nickName); - } + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); if + * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + * httpsService.setNewNickName(nickName); else { if + * (tokenName.equals("") && nickName.equals("")) + * httpsService.setNewNickName(""); else + * httpsService.setNewNickName(tokenName+":"+nickName); } */ } - private String getRADMNewnickname() - throws EBaseException { + private String getRADMNewnickname() throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); - HTTPService httpsService = raAdmin.getHttpsService(); - return httpsService.getNewNickName(); + * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance(); + * HTTPService httpsService = raAdmin.getHttpsService(); return + * httpsService.getNewNickName(); */ } private void setAgentNewnickname(String tokenName, String nickName) - throws EBaseException { + throws EBaseException { CMS.setServerCertNickname(tokenName, nickName); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) - httpsService.setNewNickName(nickName); - else { - if (tokenName.equals("") && nickName.equals("")) - httpsService.setNewNickName(""); - else - httpsService.setNewNickName(tokenName+":"+nickName); - } + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); if + * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) + * httpsService.setNewNickName(nickName); else { if + * (tokenName.equals("") && nickName.equals("")) + * httpsService.setNewNickName(""); else + * httpsService.setNewNickName(tokenName+":"+nickName); } */ } - private String getAgentNewnickname() - throws EBaseException { + private String getAgentNewnickname() throws EBaseException { // assuming the nickname does not change. return CMS.getServerCertNickname(); /* - AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); - HTTPService httpsService = gateway.getHttpsService(); - return httpsService.getNewNickName(); + * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID); + * HTTPService httpsService = gateway.getHttpsService(); return + * httpsService.getNewNickName(); */ } /** * Issue import certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to issue an import certificate */ private void issueImportCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -1700,9 +1635,9 @@ private void createMasterKey(HttpServletRequest req, String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals("pathname")) { + if (key.equals("pathname")) { configPath = mConfig.getString("instanceRoot", "") - + File.separator + "conf" + File.separator; + + File.separator + "conf" + File.separator; pathname = configPath + value; } else { if (key.equals(Constants.PR_TOKEN_NAME)) @@ -1713,17 +1648,17 @@ private void createMasterKey(HttpServletRequest req, String certType = (String) properties.get(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - IDBSubsystem dbs = (IDBSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_DBS); - ICertificateAuthority ca = (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); - ICertificateRepository repository = - (ICertificateRepository) ca.getCertificateRepository(); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + IDBSubsystem dbs = (IDBSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_DBS); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateRepository repository = (ICertificateRepository) ca + .getCertificateRepository(); ISigningUnit signingUnit = ca.getSigningUnit(); String oldtokenname = null; - //this is the old nick name + // this is the old nick name String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; String oldcatokenname = signingUnit.getTokenName(); @@ -1741,15 +1676,13 @@ private void createMasterKey(HttpServletRequest req, } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException( + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } if (newtokenname == null) @@ -1762,39 +1695,34 @@ private void createMasterKey(HttpServletRequest req, } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException( + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - //xxx renew ca ,use old issuer? - properties.setIssuerName( - jssSubSystem.getCertSubjectName(oldcatokenname, - canicknameWithoutTokenName)); + // xxx renew ca ,use old issuer? + properties.setIssuerName(jssSubSystem.getCertSubjectName( + oldcatokenname, canicknameWithoutTokenName)); KeyPair pair = null; if (nickname.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - throw new - EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + throw new EBaseException( + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } - //xxx set to old nickname? + // xxx set to old nickname? properties.setCertNickname(nickname); if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) { CertificateExtensions exts = jssSubSystem.getExtensions( @@ -1815,25 +1743,25 @@ private void createMasterKey(HttpServletRequest req, defaultOCSPSigningAlg = properties.getHashType(); } } - + // create a new CA certificate or ssl server cert - if (properties.getKeyCurveName() != null) { //new ECC + if (properties.getKeyCurveName() != null) { // new ECC CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys"); pair = jssSubSystem.getECCKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; - } else if (properties.getKeyLength() != null) { //new RSA or DSA + } else if (properties.getKeyLength() != null) { // new RSA or DSA keyType = properties.getKeyType(); String keyLen = properties.getKeyLength(); PQGParams pqgParams = null; if (keyType.equals("DSA")) { pqgParams = jssSubSystem.getCAPQG(Integer.parseInt(keyLen), - mConfig); - //properties.put(Constants.PR_PQGPARAMS, pqgParams); + mConfig); + // properties.put(Constants.PR_PQGPARAMS, pqgParams); } pair = jssSubSystem.getKeyPair(properties); - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) caKeyPair = pair; // renew the CA certificate or ssl server cert } else { @@ -1846,11 +1774,12 @@ private void createMasterKey(HttpServletRequest req, } /* - String alg = jssSubSystem.getSignatureAlgorithm(nickname); - SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg); - properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId( - jssSubSystem.getAlgorithmId(alg, mConfig)); + * String alg = jssSubSystem.getSignatureAlgorithm(nickname); + * SignatureAlgorithm sigAlg = + * SigningUnit.mapAlgorithmToJss(alg); + * properties.setSignatureAlgorithm(sigAlg); + * properties.setAlgorithmId( jssSubSystem.getAlgorithmId(alg, + * mConfig)); */ } @@ -1863,10 +1792,11 @@ private void createMasterKey(HttpServletRequest req, // value provided for signedBy SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); + properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, + mConfig)); } - if (pair == null) + if (pair == null) CMS.debug("CMSAdminServlet: issueImportCert: key pair is null"); BigInteger nextSerialNo = repository.getNextSerialNumber(); @@ -1874,42 +1804,40 @@ private void createMasterKey(HttpServletRequest req, properties.setSerialNumber(nextSerialNo); properties.setKeyPair(pair); properties.setConfigFile(mConfig); - // properties.put(Constants.PR_CA_KEYPAIR, pair); + // properties.put(Constants.PR_CA_KEYPAIR, pair); properties.put(Constants.PR_CA_KEYPAIR, caKeyPair); - X509CertImpl signedCert = - jssSubSystem.getSignedCert(properties, certType, - caKeyPair.getPrivate()); + X509CertImpl signedCert = jssSubSystem.getSignedCert(properties, + certType, caKeyPair.getPrivate()); - if (signedCert == null) - CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); + if (signedCert == null) + CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); - /* bug 600124 - try { - jssSubSystem.deleteTokenCertificate(nickname, pathname); - } catch (Throwable e) { - //skip it - } + /* + * bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname, + * pathname); } catch (Throwable e) { //skip it } */ boolean nicknameChanged = false; - //xxx import cert with nickname without token name? - //jss adds the token prefix!!! - //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName); + // xxx import cert with nickname without token name? + // jss adds the token prefix!!! + // log(ILogger.LL_DEBUG,"import as alias"+ + // nicknameWithoutTokenName); try { - CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + + nicknameWithoutTokenName); jssSubSystem.importCert(signedCert, nicknameWithoutTokenName, - certType); + certType); } catch (EBaseException e) { // if it fails, let use a different nickname to try - Date now = new Date(); - String newNickname = nicknameWithoutTokenName - + "-" + now.getTime(); + Date now = new Date(); + String newNickname = nicknameWithoutTokenName + "-" + + now.getTime(); - CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + newNickname); - jssSubSystem.importCert(signedCert, newNickname, - certType); + CMS.debug("CMSAdminServlet: issueImportCert: Importing cert with nickname: " + + newNickname); + jssSubSystem.importCert(signedCert, newNickname, certType); nicknameWithoutTokenName = newNickname; nicknameChanged = true; if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { @@ -1920,28 +1848,26 @@ private void createMasterKey(HttpServletRequest req, } ICertRecord certRecord = repository.createCertRecord( - signedCert.getSerialNumber(), - signedCert, null); + signedCert.getSerialNumber(), signedCert, null); repository.addCertificateRecord(certRecord); if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { try { - X509CertInfo certInfo = (X509CertInfo) signedCert.get( - X509CertImpl.NAME + "." + X509CertImpl.INFO); - CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + X509CertInfo certInfo = (X509CertInfo) signedCert + .get(X509CertImpl.NAME + "." + X509CertImpl.INFO); + CertificateExtensions extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); if (extensions != null) { - BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions + .get(BasicConstraintsExtension.NAME); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { - Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + Integer pathlen = (Integer) basic + .get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -1958,34 +1884,32 @@ private void createMasterKey(HttpServletRequest req, } } - CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname + " newtoken:" + newtokenname + " nickname:" + nickname); - if ((newtokenname != null && - !newtokenname.equals(oldtokenname)) || nicknameChanged) { + if ((newtokenname != null && !newtokenname.equals(oldtokenname)) + || nicknameChanged) { if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { signingUnit.updateConfig(nicknameWithoutTokenName, - newtokenname); + newtokenname); } else { - signingUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, - newtokenname); + signingUnit.updateConfig(newtokenname + ":" + + nicknameWithoutTokenName, newtokenname); } - } else if (certType.equals(Constants.PR_SERVER_CERT)) { + } else if (certType.equals(Constants.PR_SERVER_CERT)) { if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { nickname = nicknameWithoutTokenName; } else { nickname = newtokenname + ":" - + nicknameWithoutTokenName; + + nicknameWithoutTokenName; } - //setRADMNewnickname("",""); - //modifyRADMCert(nickname); + // setRADMNewnickname("",""); + // modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { - IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } @@ -1997,28 +1921,28 @@ private void createMasterKey(HttpServletRequest req, nickname = nicknameWithoutTokenName; } else { nickname = newtokenname + ":" - + nicknameWithoutTokenName; + + nicknameWithoutTokenName; } modifyRADMCert(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - if (ca != null) { + if (ca != null) { ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit(); - if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { + if (newtokenname + .equals(Constants.PR_INTERNAL_TOKEN_NAME)) { ocspSigningUnit.updateConfig( - nicknameWithoutTokenName, newtokenname); + nicknameWithoutTokenName, newtokenname); } else { - ocspSigningUnit.updateConfig(newtokenname + ":" + - nicknameWithoutTokenName, - newtokenname); + ocspSigningUnit.updateConfig(newtokenname + ":" + + nicknameWithoutTokenName, newtokenname); } } } } - + // set signing algorithms if needed - if (certType.equals(Constants.PR_CA_SIGNING_CERT)) + if (certType.equals(Constants.PR_CA_SIGNING_CERT)) signingUnit.setDefaultAlgorithm(defaultSigningAlg); if (defaultOCSPSigningAlg != null) { @@ -2031,54 +1955,50 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); mConfig.commit(true); sendResponse(SUCCESS, null, null, resp); } catch (EBaseException eAudit1) { - CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + eAudit1.toString()); + CMS.debug("CMSAdminServlet: issueImportCert: EBaseException thrown: " + + eAudit1.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit1; } catch (IOException eAudit2) { - CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + eAudit2.toString()); + CMS.debug("CMSAdminServlet: issueImportCert: IOException thrown: " + + eAudit2.toString()); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getDefaultSigningAlg(String keyType, String messageDigest) { @@ -2087,7 +2007,7 @@ private void createMasterKey(HttpServletRequest req, return "MD2withRSA"; } else if (messageDigest.equals("MD5")) { return "MD5withRSA"; - } else if (messageDigest.equals("SHA1")) { + } else if (messageDigest.equals("SHA1")) { return "SHA1withRSA"; } else if (messageDigest.equals("SHA256")) { return "SHA256withRSA"; @@ -2098,7 +2018,7 @@ private void createMasterKey(HttpServletRequest req, if (messageDigest.equals("SHA1")) { return "SHA1withDSA"; } - } else /* EC */ { + } else /* EC */{ if (messageDigest.equals("SHA1")) { return "SHA1withEC"; } else if (messageDigest.equals("SHA256")) { @@ -2112,32 +2032,31 @@ private void createMasterKey(HttpServletRequest req, return null; } - private void updateCASignature(String nickname, KeyCertData properties, - ICryptoSubsystem jssSubSystem) throws EBaseException { + private void updateCASignature(String nickname, KeyCertData properties, + ICryptoSubsystem jssSubSystem) throws EBaseException { String alg = jssSubSystem.getSignatureAlgorithm(nickname); SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg); properties.setSignatureAlgorithm(sigAlg); - properties.setAlgorithmId( - jssSubSystem.getAlgorithmId(alg, mConfig)); + properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig)); } /** * Install certificates * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Certificate Setup Wizard" is used to import CA certs into the + * "Certificate Setup Wizard" is used to import CA certs into the * certificate database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to install a certificate */ - private void installCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void installCert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2158,31 +2077,30 @@ private void createMasterKey(HttpServletRequest req, String key = (String) enum1.nextElement(); String value = req.getParameter(key); - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) pkcs = value; else if (key.equals(Constants.RS_ID)) certType = value; else if (key.equals(Constants.PR_NICKNAME)) nickname = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (pkcs == null || pkcs.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2192,8 +2110,8 @@ private void createMasterKey(HttpServletRequest req, throw ex; } else { FileInputStream in = new FileInputStream(certpath); - BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + BufferedReader d = new BufferedReader( + new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2213,24 +2131,22 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException ee) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } pkcs = pkcs.trim(); - pathname = serverRoot + File.separator + serverID - + File.separator + "config" + File.separator + pathname; + pathname = serverRoot + File.separator + serverID + File.separator + + "config" + File.separator + pathname; - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - //String nickname = getNickname(certType); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + // String nickname = getNickname(certType); String nicknameWithoutTokenName = ""; int index = nickname.indexOf(":"); @@ -2243,98 +2159,93 @@ private void createMasterKey(HttpServletRequest req, } else { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_CERT_NOT_FOUND")); + CMS.getLogMessage("BASE_CERT_NOT_FOUND")); } /* - if (certType.equals(Constants.PR_CA_SIGNING_CERT) || - certType.equals(Constants.PR_RA_SIGNING_CERT) || - certType.equals(Constants.PR_OCSP_SIGNING_CERT) || - certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || - certType.equals(Constants.PR_SERVER_CERT) || - certType.equals(Constants.PR_SERVER_CERT_RADM)) { - String oldnickname = getNickname(certType); - try { - jssSubsystem.deleteTokenCertificate(oldnickname, - pathname); - //jssSubsystem.deleteTokenCertificate(nickname, - pathname); - } catch (EBaseException e) { - // skip it - } - } else { - try { - jssSubsystem.deleteTokenCertificate(nickname, pathname); - } catch (EBaseException e) { - // skip it - } - } - */ + * if (certType.equals(Constants.PR_CA_SIGNING_CERT) || + * certType.equals(Constants.PR_RA_SIGNING_CERT) || + * certType.equals(Constants.PR_OCSP_SIGNING_CERT) || + * certType.equals(Constants.PR_KRA_TRANSPORT_CERT) || + * certType.equals(Constants.PR_SERVER_CERT) || + * certType.equals(Constants.PR_SERVER_CERT_RADM)) { String + * oldnickname = getNickname(certType); try { + * jssSubsystem.deleteTokenCertificate(oldnickname, pathname); + * //jssSubsystem.deleteTokenCertificate(nickname, pathname); } + * catch (EBaseException e) { // skip it } } else { try { + * jssSubsystem.deleteTokenCertificate(nickname, pathname); } catch + * (EBaseException e) { // skip it } } + */ // 600124 - renewal of SSL crash the server // we now do not delete previously installed certificates. - // Same Subject | Same Nickname | Same Key | Legal - // ----------------------------------------------------------- - // 1. Yes Yes No Yes - // 2. Yes Yes Yes Yes - // 3. No No Yes Yes - // 4. No No No Yes - // 5. No Yes Yes No - // 6. No Yes No No - // 7. Yes No Yes No - // 8. Yes No No No + // Same Subject | Same Nickname | Same Key | Legal + // ----------------------------------------------------------- + // 1. Yes Yes No Yes + // 2. Yes Yes Yes Yes + // 3. No No Yes Yes + // 4. No No No Yes + // 5. No Yes Yes No + // 6. No Yes No No + // 7. Yes No Yes No + // 8. Yes No No No // Based on above table, the following cases are permitted: // Existing Key: - // (a) Same Subject & Same Nickname --- (2) - // (b) Different Subject & Different Nickname --- (3) - // (In order to support Case b., we need to use a different - // nickname). + // (a) Same Subject & Same Nickname --- (2) + // (b) Different Subject & Different Nickname --- (3) + // (In order to support Case b., we need to use a different + // nickname). // New Key: - // (c) Same Subject & Same Nickname --- (1) - // (d) Different Subject & Different Nickname --- (4) - // (In order to support Case b., we need to use a different - // nickname). + // (c) Same Subject & Same Nickname --- (1) + // (d) Different Subject & Different Nickname --- (4) + // (In order to support Case b., we need to use a different + // nickname). // - CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName); + CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + + nicknameWithoutTokenName); try { - jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, - certType); + jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, + certType); } catch (EBaseException e) { boolean certFound = false; String eString = e.toString(); - if(eString.contains("Failed to find certificate that was just imported")) { - CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString); + if (eString + .contains("Failed to find certificate that was just imported")) { + CMS.debug("CMSAdminServlet.installCert(): nickname=" + + nicknameWithoutTokenName + " TokenException: " + + eString); X509Certificate cert = null; try { - cert = CryptoManager.getInstance().findCertByNickname(nickname); + cert = CryptoManager.getInstance().findCertByNickname( + nickname); if (cert != null) { certFound = true; } - CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " + nickname); + CMS.debug("CMSAdminServlet.installCert() Found cert just imported: " + + nickname); } catch (Exception ex) { - CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString()); + CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + + ex.toString()); } - } + } if (!certFound) { // if it fails, let use a different nickname to try - Date now = new Date(); - String newNickname = nicknameWithoutTokenName + "-" + - now.getTime(); + Date now = new Date(); + String newNickname = nicknameWithoutTokenName + "-" + + now.getTime(); jssSubSystem.importCert(pkcs, newNickname, certType); nicknameWithoutTokenName = newNickname; @@ -2343,16 +2254,17 @@ private void createMasterKey(HttpServletRequest req, } else { nickname = tokenName + ":" + newNickname; } - CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname="+nickname); - } + CMS.debug("CMSAdminServlet: installCert(): After second install attempt following initial error: nickname=" + + nickname); + } } if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); - String signatureAlg = - jssSubSystem.getSignatureAlgorithm(nickname); + String signatureAlg = jssSubSystem + .getSignatureAlgorithm(nickname); signingUnit.setDefaultAlgorithm(signatureAlg); setCANewnickname("", ""); @@ -2361,26 +2273,25 @@ private void createMasterKey(HttpServletRequest req, if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); extensions = jssSubSystem.getExtensions( - Constants.PR_INTERNAL_TOKEN_NAME, nickname); + Constants.PR_INTERNAL_TOKEN_NAME, nickname); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); extensions = jssSubSystem.getExtensions(tokenname1, - nicknameWithoutTokenName); + nicknameWithoutTokenName); } if (extensions != null) { - BasicConstraintsExtension basic = - (BasicConstraintsExtension) - extensions.get(BasicConstraintsExtension.NAME); + BasicConstraintsExtension basic = (BasicConstraintsExtension) extensions + .get(BasicConstraintsExtension.NAME); if (basic == null) log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL")); else { - Integer pathlen = (Integer) - basic.get(BasicConstraintsExtension.PATH_LEN); + Integer pathlen = (Integer) basic + .get(BasicConstraintsExtension.PATH_LEN); int num = pathlen.intValue(); if (num == 0) @@ -2398,35 +2309,34 @@ private void createMasterKey(HttpServletRequest req, } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { setRANewnickname("", ""); - IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); ra.setNickname(nickname); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { setOCSPNewnickname("", ""); - IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp != null) { ISigningUnit signingUnit = ocsp.getSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); signingUnit.updateConfig(nickname, tokenname1); } - } else { - ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + } else { + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); if (nickname.equals(nicknameWithoutTokenName)) { signingUnit.updateConfig(nickname, - Constants.PR_INTERNAL_TOKEN_NAME); + Constants.PR_INTERNAL_TOKEN_NAME); } else { String tokenname1 = nickname.substring(0, index); @@ -2435,25 +2345,23 @@ private void createMasterKey(HttpServletRequest req, } } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { setKRANewnickname("", ""); - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); kra.setNickname(nickname); } else if (certType.equals(Constants.PR_SERVER_CERT)) { setAgentNewnickname("", ""); - //modifyRADMCert(nickname); + // modifyRADMCert(nickname); modifyAgentGatewayCert(nickname); if (isSubsystemInstalled("ra")) { - IRegistrationAuthority ra = - (IRegistrationAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); modifyEEGatewayCert(ra, nickname); } if (isSubsystemInstalled("ca")) { - ICertificateAuthority ca = - (ICertificateAuthority) - CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); modifyCAGatewayCert(ca, nickname); } @@ -2464,47 +2372,41 @@ private void createMasterKey(HttpServletRequest req, boolean verified = CMS.verifySystemCertByNickname(nickname, null); if (verified == true) { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + + nickname); auditMessage = CMS.getLogMessage( LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - auditSubjectID, - ILogger.SUCCESS, - nickname); + auditSubjectID, ILogger.SUCCESS, nickname); audit(auditMessage); } else { - CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname); + CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + + nickname); auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, - auditSubjectID, - ILogger.FAILURE, - nickname); + LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION, + auditSubjectID, ILogger.FAILURE, nickname); audit(auditMessage); } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); mConfig.commit(true); - if(verified == true) { + if (verified == true) { sendResponse(SUCCESS, null, null, resp); } else { - sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), - null, resp); + sendResponse(ERROR, CMS.getUserMessage(getLocale(req), + "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"), null, resp); } } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2513,47 +2415,45 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** - * For "importing" cross-signed cert into internal db for further - * cross pair matching and publishing + * For "importing" cross-signed cert into internal db for further cross pair + * matching and publishing * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when * "Certificate Setup Wizard" is used to import a CA cross-signed * certificate into the database * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to import a cross-certificate pair */ - private void importXCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void importXCert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -2574,29 +2474,28 @@ private void createMasterKey(HttpServletRequest req, String value = req.getParameter(key); // really should be PR_CERT_CONTENT - if (key.equals(Constants.PR_PKCS10)) + if (key.equals(Constants.PR_PKCS10)) b64Cert = value; else if (key.equals(Constants.RS_ID)) certType = value; - else if (key.equals("pathname")) + else if (key.equals("pathname")) pathname = value; else if (key.equals(Constants.PR_SERVER_ROOT)) serverRoot = value; - else if (key.equals(Constants.PR_SERVER_ID)) + else if (key.equals(Constants.PR_SERVER_ID)) serverID = value; - else if (key.equals(Constants.PR_CERT_FILEPATH)) + else if (key.equals(Constants.PR_CERT_FILEPATH)) certpath = value; } - + try { if (b64Cert == null || b64Cert.equals("")) { if (certpath == null || certpath.equals("")) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, + auditParams(req)); audit(auditMessage); @@ -2606,8 +2505,8 @@ private void createMasterKey(HttpServletRequest req, throw ex; } else { FileInputStream in = new FileInputStream(certpath); - BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + BufferedReader d = new BufferedReader( + new InputStreamReader(in)); String content = ""; b64Cert = ""; @@ -2626,15 +2525,13 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException ee) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); throw new EBaseException( - CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); + CMS.getLogMessage("BASE_OPEN_FILE_FAILED")); } CMS.debug("CMSAdminServlet: got b64Cert"); b64Cert = Cert.stripBrackets(b64Cert.trim()); @@ -2648,27 +2545,25 @@ private void createMasterKey(HttpServletRequest req, CMS.debug("CMSAdminServlet: exception: " + e.toString()); } - pathname = serverRoot + File.separator + serverID - + File.separator + "config" + File.separator + pathname; + pathname = serverRoot + File.separator + serverID + File.separator + + "config" + File.separator + pathname; - ICrossCertPairSubsystem ccps = - (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair"); + ICrossCertPairSubsystem ccps = (ICrossCertPairSubsystem) CMS + .getSubsystem("CrossCertPair"); try { - //this will import into internal ldap crossCerts entry + // this will import into internal ldap crossCerts entry ccps.importCert(bCert); } catch (Exception e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); sendResponse(1, "xcert importing failure:" + e.toString(), - null, resp); + null, resp); return; } @@ -2679,20 +2574,19 @@ private void createMasterKey(HttpServletRequest req, } catch (EBaseException e) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); - sendResponse(1, "xcerts publishing failure:" + e.toString(), null, resp); + sendResponse(1, "xcerts publishing failure:" + e.toString(), + null, resp); return; } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); - String content = jssSubSystem.getCertPrettyPrint(b64Cert, + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); + String content = jssSubSystem.getCertPrettyPrint(b64Cert, super.getLocale(req)); results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert"); @@ -2700,10 +2594,8 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -2711,10 +2603,8 @@ private void createMasterKey(HttpServletRequest req, } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -2723,46 +2613,45 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } private String getNickname(String certType) throws EBaseException { String nickname = ""; if (certType.equals(Constants.PR_CA_SIGNING_CERT)) { - ICertificateAuthority ca = - (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getSigningUnit(); nickname = signingUnit.getNickname(); } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) { - IOCSPAuthority ocsp = - (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP); + IOCSPAuthority ocsp = (IOCSPAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_OCSP); if (ocsp == null) { // this is a local CA service - ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA); + ICertificateAuthority ca = (ICertificateAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_CA); ISigningUnit signingUnit = ca.getOCSPSigningUnit(); nickname = signingUnit.getNickname(); @@ -2772,27 +2661,26 @@ private void createMasterKey(HttpServletRequest req, nickname = signingUnit.getNickname(); } } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) { - IRegistrationAuthority ra = - (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA); + IRegistrationAuthority ra = (IRegistrationAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_RA); nickname = ra.getNickname(); } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) { - IKeyRecoveryAuthority kra = - (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA); + IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS + .getSubsystem(CMS.SUBSYSTEM_KRA); nickname = kra.getNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT)) { nickname = CMS.getServerCertNickname(); } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) { nickname = CMS.getServerCertNickname(); - } + } return nickname; } - private void getCertInfo(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getCertInfo(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); NameValuePairs results = new NameValuePairs(); String pkcs = ""; @@ -2825,8 +2713,8 @@ private void createMasterKey(HttpServletRequest req, throw ex; } else { FileInputStream in = new FileInputStream(path); - BufferedReader d = - new BufferedReader(new InputStreamReader(in)); + BufferedReader d = new BufferedReader( + new InputStreamReader(in)); String content = ""; pkcs = ""; @@ -2849,9 +2737,10 @@ private void createMasterKey(HttpServletRequest req, pkcs = pkcs.trim(); int totalLen = pkcs.length(); - if (pkcs.indexOf(BEGIN_HEADER) != 0 || - pkcs.indexOf(END_HEADER) != (totalLen - 25)) { - throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); + if (pkcs.indexOf(BEGIN_HEADER) != 0 + || pkcs.indexOf(END_HEADER) != (totalLen - 25)) { + throw (new EBaseException( + CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"))); } String nickname = ""; @@ -2874,25 +2763,25 @@ private void createMasterKey(HttpServletRequest req, if (nickname.equals("")) nickname = getNickname(certType); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String content = jssSubSystem.getCertPrettyPrint(pkcs, super.getLocale(req)); if (nickname != null && !nickname.equals("")) results.add(Constants.PR_NICKNAME, nickname); results.add(Constants.PR_CERT_CONTENT, content); - //results = jssSubSystem.getCertInfo(value); + // results = jssSubSystem.getCertInfo(value); sendResponse(SUCCESS, null, results, resp); } private void getCertPrettyPrint(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2912,7 +2801,7 @@ private void createMasterKey(HttpServletRequest req, if (key.equals(Constants.PR_NICK_NAME)) { nickname = value; continue; - } + } if (key.equals(Constants.PR_SERIAL_NUMBER)) { serialno = value; continue; @@ -2923,19 +2812,19 @@ private void createMasterKey(HttpServletRequest req, } } - String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, - serialno, issuername, locale); + String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, + serialno, issuername, locale); pairs.add(nickname, print); sendResponse(SUCCESS, null, pairs, resp); } private void getRootCertTrustBit(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String serialno = ""; String issuername = ""; @@ -2966,92 +2855,86 @@ private void createMasterKey(HttpServletRequest req, } } - String trustbit = jssSubSystem.getRootCertTrustBit(nickname, - serialno, issuername); + String trustbit = jssSubSystem.getRootCertTrustBit(nickname, serialno, + issuername); pairs.add(nickname, trustbit); sendResponse(SUCCESS, null, pairs, resp); } - private void getCACerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getCACerts(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getCACerts(); sendResponse(SUCCESS, null, pairs, resp); } - private void deleteRootCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void deleteRootCert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteRootCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } - private void deleteUserCert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void deleteUserCert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String id = req.getParameter(Constants.RS_ID); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); int mindex = id.indexOf(":SERIAL#<"); String nickname = id.substring(0, mindex); String sstr1 = id.substring(mindex); int lindex = sstr1.indexOf(">"); String serialno = sstr1.substring(9, lindex); - String issuername = sstr1.substring(lindex+1); + String issuername = sstr1.substring(lindex + 1); jssSubSystem.deleteUserCert(nickname, serialno, issuername); sendResponse(SUCCESS, null, null, resp); } - private void getRootCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getRootCerts(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getRootCerts(); sendResponse(SUCCESS, null, pairs, resp); } private void getAllCertsManage(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getAllCertsManage(); sendResponse(SUCCESS, null, pairs, resp); } - private void getUserCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + private void getUserCerts(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); NameValuePairs pairs = jssSubSystem.getUserCerts(); sendResponse(SUCCESS, null, pairs, resp); } - private void deleteCerts(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void deleteCerts(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String nickname = ""; String date = ""; @@ -3069,18 +2952,18 @@ private void createMasterKey(HttpServletRequest req, nickname = value.substring(0, index); date = value.substring(index + 1); - // cant use this one now since jss doesnt have the interface to + // cant use this one now since jss doesnt have the interface to // do it. jssSubSystem.deleteCert(nickname, date); - // jssSubsystem.deleteCACert(nickname, date); + // jssSubsystem.deleteCACert(nickname, date); } sendResponse(SUCCESS, null, null, resp); } private void validateSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); @@ -3089,19 +2972,19 @@ private void createMasterKey(HttpServletRequest req, String value = req.getParameter(key); if (key.equals(Constants.PR_SUBJECT_NAME)) { - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.isX500DN(value); } } sendResponse(SUCCESS, null, null, resp); - } + } private void validateKeyLength(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); String keyType = "RSA"; String keyLen = "512"; @@ -3120,18 +3003,18 @@ private void createMasterKey(HttpServletRequest req, } } int keyLength = Integer.parseInt(keyLen); - int minKey = mConfig.getInteger( - ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + int minKey = mConfig.getInteger(ConfigConstants.PR_RSA_MIN_KEYLENGTH, + 512); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); // jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey); sendResponse(SUCCESS, null, null, resp); } private void validateCurveName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); String curveName = null; @@ -3147,21 +3030,22 @@ private void createMasterKey(HttpServletRequest req, String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521"); String[] curves = curveList.split(","); boolean match = false; - for (int i=0; i<curves.length; i++) { + for (int i = 0; i < curves.length; i++) { if (curves[i].equals(curveName)) { match = true; } } if (!match) { - throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME")); + throw new EBaseException( + CMS.getUserMessage("CMS_BASE_INVALID_ECC_CURVE_NAME")); } sendResponse(SUCCESS, null, null, resp); } private void validateCertExtension(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { Enumeration enum1 = req.getParameterNames(); String certExt = ""; @@ -3175,19 +3059,18 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); jssSubSystem.checkCertificateExt(certExt); sendResponse(SUCCESS, null, null, resp); } - private void getSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void getSubjectName(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration enum1 = req.getParameterNames(); - + String nickname = ""; String keyType = "RSA"; String keyLen = "512"; @@ -3205,8 +3088,8 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3214,8 +3097,8 @@ private void createMasterKey(HttpServletRequest req, } private void processSubjectName(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { NameValuePairs params = new NameValuePairs(); Enumeration enum1 = req.getParameterNames(); @@ -3234,8 +3117,8 @@ private void createMasterKey(HttpServletRequest req, } } - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String subjectName = jssSubSystem.getSubjectDN(nickname); params.add(Constants.PR_SUBJECT_NAME, subjectName); @@ -3243,8 +3126,8 @@ private void createMasterKey(HttpServletRequest req, } public void setRootCertTrust(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + HttpServletResponse resp) throws ServletException, IOException, + EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); String nickname = req.getParameter(Constants.PR_NICK_NAME); @@ -3254,16 +3137,15 @@ private void createMasterKey(HttpServletRequest req, CMS.debug("CMSAdminServlet: setRootCertTrust()"); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); try { - jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust); - } catch (EBaseException e) { + jssSubSystem + .setRootCertTrust(nickname, serialno, issuername, trust); + } catch (EBaseException e) { auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later @@ -3272,10 +3154,8 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, auditSubjectID, + ILogger.SUCCESS, auditParams(req)); audit(auditMessage); @@ -3285,19 +3165,19 @@ private void createMasterKey(HttpServletRequest req, /** * Establish trust of a CA certificate * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when - * "Manage Certificate" is used to edit the trustness of certs and - * deletion of certs + * "Manage Certificate" is used to edit the trustness of certs and deletion + * of certs * </ul> + * * @exception ServletException a servlet error has occurred * @exception IOException an input/output error has occurred * @exception EBaseException failed to establish CA certificate trust */ - private void trustCACert(HttpServletRequest req, - HttpServletResponse resp) throws ServletException, - IOException, EBaseException { + private void trustCACert(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException, EBaseException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3307,8 +3187,8 @@ private void createMasterKey(HttpServletRequest req, // to the signed audit log and stored as failures try { Enumeration enum1 = req.getParameterNames(); - ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO); + ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_CRYPTO); String trust = ""; while (enum1.hasMoreElements()) { @@ -3328,22 +3208,18 @@ private void createMasterKey(HttpServletRequest req, // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.SUCCESS, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.SUCCESS, auditParams(req)); audit(auditMessage); - //sendResponse(SUCCESS, null, null, resp); + // sendResponse(SUCCESS, null, null, resp); sendResponse(RESTART, null, null, resp); } catch (EBaseException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); @@ -3352,50 +3228,46 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - auditSubjectID, - ILogger.FAILURE, - auditParams(req)); + LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + auditSubjectID, ILogger.FAILURE, auditParams(req)); audit(auditMessage); // rethrow the specific exception to be handled later throw eAudit2; - // } catch( ServletException eAudit3 ) { - // // store a message in the signed audit log file - // auditMessage = CMS.getLogMessage( - // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, - // auditSubjectID, - // ILogger.FAILURE, - // auditParams( req ) ); - // - // audit( auditMessage ); - // - // // rethrow the specific exception to be handled later - // throw eAudit3; - } + // } catch( ServletException eAudit3 ) { + // // store a message in the signed audit log file + // auditMessage = CMS.getLogMessage( + // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY, + // auditSubjectID, + // ILogger.FAILURE, + // auditParams( req ) ); + // + // audit( auditMessage ); + // + // // rethrow the specific exception to be handled later + // throw eAudit3; + } } /** * Execute all self tests specified to be run on demand. * <P> - * + * * <ul> * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self * tests are run on demand * </ul> - * @exception EMissingSelfTestException a self test plugin instance - * property name was missing + * + * @exception EMissingSelfTestException a self test plugin instance property + * name was missing * @exception ESelfTestException a self test is missing a required - * configuration parameter + * configuration parameter * @exception IOException an input/output error has occurred */ - private synchronized void - runSelfTestsOnDemand(HttpServletRequest req, - HttpServletResponse resp) - throws EMissingSelfTestException, - ESelfTestException, - IOException { + private synchronized void runSelfTestsOnDemand(HttpServletRequest req, + HttpServletResponse resp) throws EMissingSelfTestException, + ESelfTestException, IOException { String auditMessage = null; String auditSubjectID = auditSubjectID(); @@ -3404,7 +3276,7 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " ENTERING . . ."); + + " ENTERING . . ."); } Enumeration enum1 = req.getParameterNames(); @@ -3424,32 +3296,28 @@ private void createMasterKey(HttpServletRequest req, } } - ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) - CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS); + ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem) CMS + .getSubsystem(CMS.SUBSYSTEM_SELFTESTS); - if ((request == null) || - (request.equals(""))) { + if ((request == null) || (request.equals(""))) { // self test plugin run on demand request parameter was missing // log the error - logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST", - getServletInfo(), - Constants.PR_RUN_SELFTESTS_ON_DEMAND - ); + logMessage = CMS.getLogMessage( + "SELFTESTS_RUN_ON_DEMAND_REQUEST", getServletInfo(), + Constants.PR_RUN_SELFTESTS_ON_DEMAND); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage - + "\n"; + content += logMessage + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception @@ -3457,83 +3325,77 @@ private void createMasterKey(HttpServletRequest req, } // run all self test plugin instances (designated on-demand) - String[] selftests = mSelfTestSubsystem.listSelfTestsEnabledOnDemand(); + String[] selftests = mSelfTestSubsystem + .listSelfTestsEnabledOnDemand(); if (selftests != null && selftests.length > 0) { // log that execution of on-demand self tests has begun logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND", - getServletInfo()); + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage - + "\n"; + content += logMessage + "\n"; for (int i = 0; i < selftests.length; i++) { if (selftests[i] != null) { instanceName = selftests[i].trim(); - instanceFullName = ISelfTestSubsystem.ID - + "." - + ISelfTestSubsystem.PROP_CONTAINER - + "." - + ISelfTestSubsystem.PROP_INSTANCE - + "." + instanceFullName = ISelfTestSubsystem.ID + "." + + ISelfTestSubsystem.PROP_CONTAINER + "." + + ISelfTestSubsystem.PROP_INSTANCE + "." + instanceName; } else { // self test plugin instance property name was missing // log the error logMessage = CMS.getLogMessage( - "SELFTESTS_PARAMETER_WAS_NULL", - getServletInfo()); + "SELFTESTS_PARAMETER_WAS_NULL", + getServletInfo()); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage - + "\n"; + content += logMessage + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception throw new EMissingSelfTestException(); } - ISelfTest test = (ISelfTest) - mSelfTestSubsystem.getSelfTest(instanceName); + ISelfTest test = (ISelfTest) mSelfTestSubsystem + .getSelfTest(instanceName); if (test == null) { - // self test plugin instance property name is not present + // self test plugin instance property name is not + // present // log the error - logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME", - getServletInfo(), - instanceFullName); + logMessage = CMS.getLogMessage( + "SELFTESTS_MISSING_NAME", getServletInfo(), + instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE - content += logMessage - + "\n"; + content += logMessage + "\n"; sendResponse(ERROR, content, null, resp); // raise an exception @@ -3543,15 +3405,14 @@ private void createMasterKey(HttpServletRequest req, try { if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" - + test.getSelfTestName() - + "\""); + + " running \"" + + test.getSelfTestName() + + "\""); } // store this information for console notification content += "CMSAdminServlet::runSelfTestsOnDemand():" - + " running \"" - + test.getSelfTestName() + + " running \"" + test.getSelfTestName() + "\" . . .\n"; test.runSelfTest(mSelfTestSubsystem.getSelfTestLogger()); @@ -3560,30 +3421,27 @@ private void createMasterKey(HttpServletRequest req, content += "COMPLETED SUCCESSFULLY\n"; } catch (ESelfTestException e) { // Check to see if the self test was critical: - if (mSelfTestSubsystem.isSelfTestCriticalOnDemand( - instanceName)) { + if (mSelfTestSubsystem + .isSelfTestCriticalOnDemand(instanceName)) { // log the error logMessage = CMS.getLogMessage( - "SELFTESTS_RUN_ON_DEMAND_FAILED", - getServletInfo(), - instanceFullName); + "SELFTESTS_RUN_ON_DEMAND_FAILED", + getServletInfo(), instanceFullName); mSelfTestSubsystem.log( - mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + mSelfTestSubsystem.getSelfTestLogger(), + logMessage); // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, + auditSubjectID, ILogger.FAILURE); audit(auditMessage); // notify console of FAILURE content += "FAILED WITH CRITICAL ERROR\n"; - content += logMessage - + "\n"; + content += logMessage + "\n"; sendResponse(ERROR, content, null, resp); // shutdown the system gracefully @@ -3599,52 +3457,47 @@ private void createMasterKey(HttpServletRequest req, // log that execution of all "critical" on-demand self tests // has completed "successfully" - logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", - getServletInfo()); + logMessage = CMS.getLogMessage( + "SELFTESTS_RUN_ON_DEMAND_SUCCEEDED", getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage - + "\n"; + content += logMessage + "\n"; } else { // log this fact logMessage = CMS.getLogMessage("SELFTESTS_NOT_RUN_ON_DEMAND", - getServletInfo()); + getServletInfo()); mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(), - logMessage); + logMessage); // store this information for console notification - content += logMessage - + "\n"; + content += logMessage + "\n"; } // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.SUCCESS); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, + ILogger.SUCCESS); audit(auditMessage); // notify console of SUCCESS results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS, - CMSAdminServlet.class.getName()); - results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, - content); + CMSAdminServlet.class.getName()); + results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT, content); sendResponse(SUCCESS, null, results, resp); if (CMS.debugOn()) { CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():" - + " EXITING."); + + " EXITING."); } } catch (EMissingSelfTestException eAudit1) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3653,9 +3506,8 @@ private void createMasterKey(HttpServletRequest req, } catch (ESelfTestException eAudit2) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3664,9 +3516,8 @@ private void createMasterKey(HttpServletRequest req, } catch (IOException eAudit3) { // store a message in the signed audit log file auditMessage = CMS.getLogMessage( - LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, - auditSubjectID, - ILogger.FAILURE); + LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION, auditSubjectID, + ILogger.FAILURE); audit(auditMessage); @@ -3676,16 +3527,17 @@ private void createMasterKey(HttpServletRequest req, } public void log(int level, String msg) { - mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); + mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, + "CMSAdminServlet: " + msg); } /** * Signed Audit Log Public Key - * + * * This method is called to obtain the public key from the passed in * "KeyPair" object for a signed audit log message. * <P> - * + * * @param object a Key Pair Object * @return key string containing the public key */ @@ -3734,4 +3586,3 @@ private void createMasterKey(HttpServletRequest req, } } } - |