summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java171
1 files changed, 81 insertions, 90 deletions
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
index 75726730..8f1e57c4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.servlet.cert;
-
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.StringReader;
@@ -58,25 +57,25 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
import com.netscape.cms.servlet.common.ECMSGWException;
import com.netscape.cms.servlet.common.ICMSTemplateFiller;
-
/**
* Set up HTTP response to import certificate into browsers
*
- * The result must have been populate with the set of certificates
- * to return.
+ * The result must have been populate with the set of certificates to return.
+ *
* <pre>
* inputs: certtype.
* outputs:
- * - cert type from http input (if any)
+ * - cert type from http input (if any)
* - CA chain
- * - authority name (RM, CM, DRM)
+ * - authority name (RM, CM, DRM)
* - scheme:host:port of server.
- * array of one or more
+ * array of one or more
* - cert serial number
* - cert pretty print
- * - cert in base 64 encoding.
- * - cmmf blob to import
+ * - cert in base 64 encoding.
+ * - cmmf blob to import
* </pre>
+ *
* @version $Revision$, $Date$
*/
public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
@@ -88,7 +87,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco
public static final String CERT_NICKNAME = "certNickname";
public static final String CMMF_RESP = "cmmfResponse";
- public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
+ public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
public ImportCertsTemplateFiller() {
}
@@ -99,33 +98,31 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
* @param locale locale of template.
* @param e unexpected exception e. ignored.
*/
- public CMSTemplateParams getTemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+ public CMSTemplateParams getTemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) throws Exception {
Certificate[] certs = (Certificate[]) cmsReq.getResult();
if (certs instanceof X509CertImpl[])
- return getX509TemplateParams(cmsReq, authority, locale, e);
+ return getX509TemplateParams(cmsReq, authority, locale, e);
else
return null;
}
-
- public CMSTemplateParams getX509TemplateParams(
- CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
- throws Exception {
+
+ public CMSTemplateParams getX509TemplateParams(CMSRequest cmsReq,
+ IAuthority authority, Locale locale, Exception e) throws Exception {
IArgBlock header = CMS.createArgBlock();
IArgBlock fixed = CMS.createArgBlock();
CMSTemplateParams params = new CMSTemplateParams(header, fixed);
- // set host name and port.
+ // set host name and port.
HttpServletRequest httpReq = cmsReq.getHttpReq();
String host = httpReq.getServerName();
int port = httpReq.getServerPort();
String scheme = httpReq.getScheme();
String format = httpReq.getParameter("format");
- if(format!=null && format.equals("cmc"))
+ if (format != null && format.equals("cmc"))
fixed.set("importCMC", "false");
- String agentPort = ""+port;
+ String agentPort = "" + port;
fixed.set("agentHost", host);
fixed.set("agentPort", agentPort);
fixed.set(ICMSTemplateFiller.HOST, host);
@@ -134,7 +131,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
IRequest r = cmsReq.getIRequest();
if (r != null) {
- fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId().toString());
+ fixed.set(ICMSTemplateFiller.REQUEST_ID, r.getRequestId()
+ .toString());
}
// set key record (if KRA enabled)
@@ -142,53 +140,53 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
BigInteger keyRecSerialNo = r.getExtDataInBigInteger("keyRecord");
if (keyRecSerialNo != null) {
- fixed.set(ICMSTemplateFiller.KEYREC_ID, keyRecSerialNo.toString());
+ fixed.set(ICMSTemplateFiller.KEYREC_ID,
+ keyRecSerialNo.toString());
}
}
// set cert type.
IArgBlock httpParams = cmsReq.getHttpParams();
- String certType =
- httpParams.getValueAsString(CERT_TYPE, null);
+ String certType = httpParams.getValueAsString(CERT_TYPE, null);
- if (certType != null)
+ if (certType != null)
fixed.set(CERT_TYPE, certType);
- // this authority
- fixed.set(ICMSTemplateFiller.AUTHORITY,
- (String) authority.getOfficialName());
+ // this authority
+ fixed.set(ICMSTemplateFiller.AUTHORITY,
+ (String) authority.getOfficialName());
// CA chain.
- CertificateChain cachain =
- ((ICertAuthority) authority).getCACertChain();
+ CertificateChain cachain = ((ICertAuthority) authority)
+ .getCACertChain();
X509Certificate[] cacerts = cachain.getChain();
String replyTo = httpParams.getValueAsString("replyTo", null);
- if (replyTo != null) fixed.set("replyTo", replyTo);
+ if (replyTo != null)
+ fixed.set("replyTo", replyTo);
- // set user + CA cert chain and pkcs7 for MSIE.
+ // set user + CA cert chain and pkcs7 for MSIE.
X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
int m = 1, n = 0;
- for (; n < cacerts.length; m++, n++)
+ for (; n < cacerts.length; m++, n++)
userChain[m] = (X509CertImpl) cacerts[n];
- // certs.
+ // certs.
X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult();
// expose CRMF request id
String crmfReqId = cmsReq.getExtData(IRequest.CRMF_REQID);
if (crmfReqId == null) {
- crmfReqId = (String) cmsReq.getResult(
- IRequest.CRMF_REQID);
+ crmfReqId = (String) cmsReq.getResult(IRequest.CRMF_REQID);
}
if (crmfReqId != null) {
fixed.set(CRMF_REQID, crmfReqId);
}
- // set CA certs in cmmf, initialize CertRepContent
+ // set CA certs in cmmf, initialize CertRepContent
// note cartman can't trust ca certs yet but it'll import them.
// also set cert nickname for cartman.
CertRepContent certRepContent = null;
@@ -196,33 +194,31 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
if (CMSServlet.doCMMFResponse(httpParams)) {
byte[][] caPubs = new byte[cacerts.length][];
- for (int j = 0; j < cacerts.length; j++)
+ for (int j = 0; j < cacerts.length; j++)
caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
certRepContent = new CertRepContent(caPubs);
- String certnickname =
- cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
+ String certnickname = cmsReq.getHttpParams().getValueAsString(
+ CERT_NICKNAME, null);
// if nickname is not requested set to subject name by default.
- if (certnickname == null)
+ if (certnickname == null)
fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString());
else
fixed.set(CERT_NICKNAME, certnickname);
}
- // make pkcs7 for MSIE
- if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) &&
- (certType == null || certType.equals("client"))) {
+ // make pkcs7 for MSIE
+ if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq())
+ && (certType == null || certType.equals("client"))) {
userChain[0] = certs[0];
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]),
- userChain,
- new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
+ new byte[0]), userChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
p7.encodeSignedData(bos);
byte[] p7Bytes = bos.toByteArray();
- // String p7Str = encoder.encodeBuffer(p7Bytes);
+ // String p7Str = encoder.encodeBuffer(p7Bytes);
String p7Str = CMS.BtoA(p7Bytes);
header.set(PKCS7_RESP, p7Str);
@@ -234,24 +230,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
X509CertImpl cert = certs[i];
// set serial number.
- BigInteger serialNo =
- ((X509Certificate) cert).getSerialNumber();
+ BigInteger serialNo = ((X509Certificate) cert).getSerialNumber();
repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16);
// set base64 encoded blob.
byte[] certEncoded = cert.getEncoded();
- // String b64 = encoder.encodeBuffer(certEncoded);
+ // String b64 = encoder.encodeBuffer(certEncoded);
String b64 = CMS.BtoA(certEncoded);
- String b64cert = "-----BEGIN CERTIFICATE-----\n" +
- b64 + "\n-----END CERTIFICATE-----";
+ String b64cert = "-----BEGIN CERTIFICATE-----\n" + b64
+ + "\n-----END CERTIFICATE-----";
repeat.set(BASE64_CERT, b64cert);
-
+
// set cert pretty print.
-
- String prettyPrintRequested =
- cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
+
+ String prettyPrintRequested = cmsReq.getHttpParams()
+ .getValueAsString(CERT_PRETTYPRINT, null);
if (prettyPrintRequested == null) {
prettyPrintRequested = "true";
@@ -266,21 +261,21 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
repeat.set(CERT_PRETTYPRINT, ppStr);
// Now formulate a PKCS#7 blob
- X509CertImpl[] certsInChain = new X509CertImpl[1];;
+ X509CertImpl[] certsInChain = new X509CertImpl[1];
+ ;
if (cacerts != null) {
for (int j = 0; j < cacerts.length; j++) {
if (cert.equals(cacerts[j])) {
- certsInChain = new
- X509CertImpl[cacerts.length];
+ certsInChain = new X509CertImpl[cacerts.length];
break;
}
certsInChain = new X509CertImpl[cacerts.length + 1];
}
}
-
+
// Set the EE cert
certsInChain[0] = cert;
-
+
// Set the Ca certificate chain
if (cacerts != null) {
for (int j = 0; j < cacerts.length; j++) {
@@ -292,23 +287,21 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
String p7Str;
try {
- PKCS7 p7 = new PKCS7(new AlgorithmId[0],
- new ContentInfo(new byte[0]),
- certsInChain,
- new SignerInfo[0]);
+ PKCS7 p7 = new PKCS7(new AlgorithmId[0], new ContentInfo(
+ new byte[0]), certsInChain, new SignerInfo[0]);
ByteArrayOutputStream bos = new ByteArrayOutputStream();
p7.encodeSignedData(bos);
byte[] p7Bytes = bos.toByteArray();
- //p7Str = encoder.encodeBuffer(p7Bytes);
+ // p7Str = encoder.encodeBuffer(p7Bytes);
p7Str = CMS.BtoA(p7Bytes);
repeat.addStringValue("pkcs7ChainBase64", p7Str);
} catch (Exception ex) {
- //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString()
- //+ "; Please contact your administrator";
+ // p7Str = "PKCS#7 B64 Encoding error - " + ex.toString()
+ // + "; Please contact your administrator";
throw new ECMSGWException(
- CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+ CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
}
// set cert fingerprint (for Cisco routers)
@@ -318,25 +311,24 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
fingerprint = CMS.getFingerPrints(cert);
} catch (CertificateEncodingException ex) {
// should never happen
- throw new EBaseException(
- CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
+ throw new EBaseException(CMS.getUserMessage(locale,
+ "CMS_BASE_INTERNAL_ERROR", ex.toString()));
} catch (NoSuchAlgorithmException ex) {
// should never happen
- throw new EBaseException(
- CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
+ throw new EBaseException(CMS.getUserMessage(locale,
+ "CMS_BASE_INTERNAL_ERROR", ex.toString()));
}
- if (fingerprint != null && fingerprint.length() > 0)
+ if (fingerprint != null && fingerprint.length() > 0)
repeat.set(CERT_FINGERPRINT, fingerprint);
- // cmmf response for this cert.
- if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null &&
- (certType == null || certType.equals("client"))) {
+ // cmmf response for this cert.
+ if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null
+ && (certType == null || certType.equals("client"))) {
PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
- CertifiedKeyPair certifiedKP =
- new CertifiedKeyPair(new CertOrEncCert(certEncoded));
- CertResponse resp =
- new CertResponse(new INTEGER(crmfReqId), status,
- certifiedKP);
+ CertifiedKeyPair certifiedKP = new CertifiedKeyPair(
+ new CertOrEncCert(certEncoded));
+ CertResponse resp = new CertResponse(new INTEGER(crmfReqId),
+ status, certifiedKP);
certRepContent.addCertResponse(resp);
}
@@ -352,19 +344,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
byte[] certRepBytes = certRepOut.toByteArray();
String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes);
// add CR to each return as required by cartman
- BufferedReader certRepB64lines =
- new BufferedReader(new StringReader(certRepB64));
+ BufferedReader certRepB64lines = new BufferedReader(
+ new StringReader(certRepB64));
StringWriter certRepStringOut = new StringWriter();
String oneLine = null;
boolean first = true;
while ((oneLine = certRepB64lines.readLine()) != null) {
if (first) {
- //certRepStringOut.write("\""+oneLine+"\"");
+ // certRepStringOut.write("\""+oneLine+"\"");
certRepStringOut.write(oneLine);
first = false;
} else {
- //certRepStringOut.write("+\"\\n"+oneLine+"\"");
+ // certRepStringOut.write("+\"\\n"+oneLine+"\"");
certRepStringOut.write("\n" + oneLine);
}
}
@@ -376,4 +368,3 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
return params;
}
}
-
generated by cgit (git 2.34.1) at 2024-05-05 17:17:36 +0000