summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java226
1 files changed, 120 insertions, 106 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
index 5909bc4b..7dcec5cd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.IOException;
import java.util.Locale;
@@ -52,10 +51,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
- * Gets a issued certificate from a request id.
- *
+ * Gets a issued certificate from a request id.
+ *
* @version $Revision$, $Date$
*/
public class GetCertFromRequest extends CMSServlet {
@@ -64,27 +62,26 @@ public class GetCertFromRequest extends CMSServlet {
*/
private static final long serialVersionUID = 5310646832256611066L;
private final static String PROP_IMPORT = "importCert";
- protected static final String
- GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
- protected static final String
- DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
+ protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
+ protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
protected static final String REQUEST_ID = "requestId";
protected static final String CERT_TYPE = "certtype";
- protected String mCertFrReqSuccessTemplate = null;
+ protected String mCertFrReqSuccessTemplate = null;
protected ICMSTemplateFiller mCertFrReqFiller = null;
protected IRequestQueue mQueue = null;
protected boolean mImportCert = true;
- public GetCertFromRequest() {
+ public GetCertFromRequest() {
super();
}
/**
* initialize the servlet. This servlet uses the template files
- * "displayCertFromRequest.template" and "ImportCert.template"
+ * "displayCertFromRequest.template" and "ImportCert.template"
+ *
* @param sc servlet configuration, read from the web.xml file
*/
public void init(ServletConfig sc) throws ServletException {
@@ -92,8 +89,7 @@ public class GetCertFromRequest extends CMSServlet {
mTemplates.remove(CMSRequest.SUCCESS);
mQueue = mAuthority.getRequestQueue();
try {
- String tmp = sc.getInitParameter(
- PROP_IMPORT);
+ String tmp = sc.getInitParameter(PROP_IMPORT);
if (tmp != null && tmp.trim().equalsIgnoreCase("false"))
mImportCert = false;
@@ -102,46 +98,43 @@ public class GetCertFromRequest extends CMSServlet {
if (mImportCert)
defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE;
- else
+ else
defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE;
if (mAuthority instanceof IRegistrationAuthority)
defTemplate = "/ra/" + defTemplate;
- else
+ else
defTemplate = "/ca/" + defTemplate;
- mCertFrReqSuccessTemplate = sc.getInitParameter(
- PROP_SUCCESS_TEMPLATE);
+ mCertFrReqSuccessTemplate = sc
+ .getInitParameter(PROP_SUCCESS_TEMPLATE);
if (mCertFrReqSuccessTemplate == null)
mCertFrReqSuccessTemplate = defTemplate;
- String fillername =
- sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+ String fillername = sc
+ .getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
if (fillername != null) {
ICMSTemplateFiller filler = newFillerObject(fillername);
- if (filler != null)
+ if (filler != null)
mCertFrReqFiller = filler;
} else {
mCertFrReqFiller = new CertFrRequestFiller();
}
} catch (Exception e) {
// should never happen.
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
- mId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
}
}
-
/**
- * Process the HTTP request.
+ * Process the HTTP request.
* <ul>
- * <li>http.param requestId The request ID to search on
+ * <li>http.param requestId The request ID to search on
* </ul>
- *
+ *
* @param cmsReq the object holding the request and response information
*/
- protected void process(CMSRequest cmsReq)
- throws EBaseException {
+ protected void process(CMSRequest cmsReq) throws EBaseException {
IArgBlock httpParams = cmsReq.getHttpParams();
HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -150,14 +143,14 @@ public class GetCertFromRequest extends CMSServlet {
AuthzToken authzToken = null;
try {
- authzToken = authorize(mAclMethod, authToken,
- mAuthzResourceName, "read");
+ authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+ "read");
} catch (EAuthzAccessDenied e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
} catch (Exception e) {
log(ILogger.LL_FAILURE,
- CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+ CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
}
if (authzToken == null) {
@@ -165,96 +158,104 @@ public class GetCertFromRequest extends CMSServlet {
return;
}
- String requestId = httpParams.getValueAsString(REQUEST_ID, null);
+ String requestId = httpParams.getValueAsString(REQUEST_ID, null);
if (requestId == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
- throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
+ throw new ECMSGWException(
+ CMS.getUserMessage("CMS_GW_NO_REQUEST_ID_PROVIDED"));
}
// check if request Id is valid.
try {
Integer.parseInt(requestId);
} catch (NumberFormatException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId));
- throw new EBaseException(
- CMS.getUserMessage(getLocale(httpReq), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_INVALID_REQ_ID_FORMAT", requestId));
+ throw new EBaseException(CMS.getUserMessage(getLocale(httpReq),
+ "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
}
IRequest r = mQueue.findRequest(new RequestId(requestId));
if (r == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
}
if (authToken != null) {
- //if RA, group and requestOwner must match
- String group = authToken.getInString("group");
- if ((group != null) && (group != "") &&
- group.equals("Registration Manager Agents")) {
- boolean groupMatched = false;
- String reqOwner = r.getRequestOwner();
- if (reqOwner != null) {
- CMS.debug("GetCertFromRequest process: req owner="+reqOwner);
- if (reqOwner.equals(group))
- groupMatched = true;
- }
- if (groupMatched == false) {
- CMS.debug("RA group unmatched");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ // if RA, group and requestOwner must match
+ String group = authToken.getInString("group");
+ if ((group != null) && (group != "")
+ && group.equals("Registration Manager Agents")) {
+ boolean groupMatched = false;
+ String reqOwner = r.getRequestOwner();
+ if (reqOwner != null) {
+ CMS.debug("GetCertFromRequest process: req owner="
+ + reqOwner);
+ if (reqOwner.equals(group))
+ groupMatched = true;
+ }
+ if (groupMatched == false) {
+ CMS.debug("RA group unmatched");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_ID_NOT_FOUND", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+ }
}
- }
}
- if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId));
+ if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r
+ .getRequestType().equals(IRequest.RENEWAL_REQUEST)))) {
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_NOT_ENROLLMENT", requestId));
}
RequestStatus status = r.getRequestStatus();
if (!status.equals(RequestStatus.COMPLETE)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_NOT_COMPLETED", requestId));
}
Integer result = r.getExtDataInInteger(IRequest.RESULT);
if (result != null && !result.equals(IRequest.RES_SUCCESS)) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_HAD_ERROR", requestId));
}
Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (r.getExtDataInString("profile") != null) {
// handle profile-based request
- X509CertImpl cert = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+ X509CertImpl cert = r
+ .getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
X509CertImpl certs[] = new X509CertImpl[1];
certs[0] = cert;
o = certs;
}
if (o == null || !(o instanceof X509CertImpl[])) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
}
if (o instanceof X509CertImpl[]) {
X509CertImpl[] certs = (X509CertImpl[]) o;
if (certs == null || certs.length == 0 || certs[0] == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
- throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+ throw new ECMSGWException(CMS.getUserMessage(
+ "CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
}
// for importsCert to get the crmf_reqid.
@@ -262,58 +263,66 @@ public class GetCertFromRequest extends CMSServlet {
cmsReq.setStatus(CMSRequest.SUCCESS);
- if (mImportCert &&
- checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) {
+ if (mImportCert
+ && checkImportCertToNav(cmsReq.getHttpResp(), httpParams,
+ certs[0])) {
return;
}
try {
cmsReq.setResult(certs);
- renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller);
+ renderTemplate(cmsReq, mCertFrReqSuccessTemplate,
+ mCertFrReqFiller);
} catch (IOException e) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CMSGE_ERROR_DISPLAY_TEMPLATE_1",
mCertFrReqSuccessTemplate, e.toString()));
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+ CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
}
}
return;
}
}
-
class CertFrRequestFiller extends ImportCertsTemplateFiller {
public CertFrRequestFiller() {
}
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
- CMSTemplateParams tparams =
- super.getTemplateParams(cmsReq, authority, locale, e);
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) throws Exception {
+ CMSTemplateParams tparams = super.getTemplateParams(cmsReq, authority,
+ locale, e);
String reqId = cmsReq.getHttpParams().getValueAsString(
GetCertFromRequest.REQUEST_ID);
- tparams.getHeader().addStringValue(GetCertFromRequest.REQUEST_ID, reqId);
+ tparams.getHeader()
+ .addStringValue(GetCertFromRequest.REQUEST_ID, reqId);
if (reqId != null) {
- IRequest r = authority.getRequestQueue().findRequest(new RequestId(reqId));
+ IRequest r = authority.getRequestQueue().findRequest(
+ new RequestId(reqId));
if (r != null) {
boolean noCertImport = true;
- String certType = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+ String certType = r.getExtDataInString(IRequest.HTTP_PARAMS,
+ IRequest.CERT_TYPE);
if (certType != null && certType.equals(IRequest.CLIENT_CERT)) {
noCertImport = false;
}
- tparams.getHeader().addBooleanValue("noCertImport", noCertImport);
+ tparams.getHeader().addBooleanValue("noCertImport",
+ noCertImport);
- X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+ X509CertImpl[] certs = r
+ .getExtDataInCertArray(IRequest.ISSUED_CERTS);
if (certs != null) {
- X509CertInfo info = (X509CertInfo) certs[0].get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
- CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
+ X509CertInfo info = (X509CertInfo) certs[0]
+ .get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
+ CertificateExtensions extensions = (CertificateExtensions) info
+ .get(X509CertInfo.EXTENSIONS);
- tparams.getHeader().addStringValue(GetCertFromRequest.CERT_TYPE, "x509");
+ tparams.getHeader().addStringValue(
+ GetCertFromRequest.CERT_TYPE, "x509");
boolean emailCert = false;
@@ -324,16 +333,21 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller {
if (ext instanceof NSCertTypeExtension) {
NSCertTypeExtension type = (NSCertTypeExtension) ext;
- if (((Boolean) type.get(NSCertTypeExtension.EMAIL)).booleanValue())
+ if (((Boolean) type
+ .get(NSCertTypeExtension.EMAIL))
+ .booleanValue())
emailCert = true;
}
if (ext instanceof KeyUsageExtension) {
- KeyUsageExtension usage =
- (KeyUsageExtension) ext;
+ KeyUsageExtension usage = (KeyUsageExtension) ext;
try {
- if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
- ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+ if (((Boolean) usage
+ .get(KeyUsageExtension.DIGITAL_SIGNATURE))
+ .booleanValue()
+ || ((Boolean) usage
+ .get(KeyUsageExtension.DATA_ENCIPHERMENT))
+ .booleanValue())
emailCert = true;
} catch (ArrayIndexOutOfBoundsException e0) {
// bug356108:
generated by cgit (git 2.34.1) at 2024-05-05 09:57:03 +0000